HTTP Headers being included in mail sent from contact form

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
11/26/2008 9:05:05 AM
ldctaylor
Gravatar
Total Posts 88
View Posts

HTTP Headers being included in mail sent from contact form

I am getting the following message at the bottom of e-mails sent using the contact form in mojoportal:


HTTP_USER_AGENT: []
HTTP_HOST: []
REMOTE_HOST: []
REMOTE_ADDR: []
LOCAL_ADDR: 74.55.37.19
HTTP_REFERER: []

My site is hosted on webhostforasp.net and I use smartermail. However I think it looks like a problem on the mojoportal end, because when I send / receive e-mails direct from / yo the smartermail portal I don't get these messages.

I've left in the local IP address in the example because, interestingly, it links to a Microsoft IIS site.

Thks..

Leah

11/26/2008 9:16:41 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: HTTP Headers being included in mail sent from contact form

Hi Leah,

That's a feature not a bug. That info is appended to the message on purpose similar to blog comment emails. The idea is if some spam script manages to break the captcha and start spamming you, you can ban the ip address.

I could easily enough add a module setting if you want to be able to disable it.

Best,

Joe

11/26/2008 9:32:11 AM
ldctaylor
Gravatar
Total Posts 88
View Posts

Re: HTTP Headers being included in mail sent from contact form

Oh, I see... are there any security implications of displaying this information? Just thinking that some people might not be happy having their browser details etc displayed in the e-mails. Also this might be a daft question, but what does the remote host and remote ip addresses refer to - are they of the host (in my case webhostforasp.net)?

Would be good to have the ability to turn off this feature as people may, even if mistakenly, be worried about the security implications..

Thanks,

Leah

 

11/26/2008 9:42:16 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: HTTP Headers being included in mail sent from contact form

There are no security issues with it. The user posting a message doesn't know its being included, only the recipient sees it and if the recipient replies, he can chop that out of the reply. I will add a setting to disable it. Remote host and remote ip is the user who posted the message ip and hostname. Hostname isn't always present. Local address is the web server ip address.

Even if the user knew that his ip address was being captured, they should expect that every web site captures it, everything is in the web logs, so there is no privacy issue about ip addresses that isn't already there.

Best,

Joe

11/26/2008 9:52:20 AM
ldctaylor
Gravatar
Total Posts 88
View Posts

Re: HTTP Headers being included in mail sent from contact form

Thanks for explaining, it's clear to me now.

I'll await the next release for the enhancement,

thks,

Leah

1/19/2009 6:45:29 AM
ldctaylor
Gravatar
Total Posts 88
View Posts

Re: HTTP Headers being included in mail sent from contact form

Hi Joe,

I just had a look back at this as I noticed a new "Append Visitor IP Address to Message?" option on the contact forms. I have unticked it, and yet the IP address is still being displayed in the body of the e-mail message sent from the contact form. Is this a bug, or have I misunderstood the purpose of this function?

Thanks,

Leah

1/19/2009 6:47:17 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: HTTP Headers being included in mail sent from contact form

Sounds like a bug. I'll investigate it.

Best,

Joe

1/19/2009 7:01:36 AM
ldctaylor
Gravatar
Total Posts 88
View Posts

Re: HTTP Headers being included in mail sent from contact form

Hi, I've just tried it again and now it works i.e. the IP address is not appended. I suspect it may have been some sort of caching problem or something in my browser? Perhaps I needed to reload the page for it to take effect. Anyway, it seems to be working ok now. Apologies,

Leah

1/19/2009 7:03:39 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: HTTP Headers being included in mail sent from contact form

No worries, glad its not a bug!

Cheers,

Joe

You must sign in to post in the forums. This thread is closed to new posts.