Default subject exposes email address of sender

(Steve Combs) #1

If a user posts a new topic via email but forgets to include a subject, the default subject posted on the site and in email notifications is Incoming email from %{email} This exposes a user’s email to everyone.

Proposed solutions

  • Changing the default text for the subject to This topic needs a subject or
  • Reject email with an error message to user

Work around

  • Modify the text Admin > Customize > Text Content for “emails.incoming.default_subject” from Incoming email from %{email} to This topic needs a subject

I honestly thought we had a user who just liked announcing his email address to everyone, until I accidentally posted via email with no subject line :slight_smile:

(Jeff Atwood) #2

We should fix this @tgxworld perhaps just edit the default string.

(Jeff Atwood) #4

Ok changed to

default_subject: "This topic needs a title"

great suggestion, thanks!

(Jeff Atwood) #5