Closed taunusweb closed 7 years ago
Hi!
this is standard behavior from the new version (also in the old T3 installation, check extension version) T3 security team forced the implementation, because otherwise it is possible to manipulate the user record with the static 8 character hash (###SYS_AUTHCODE###). Directmail don't offer another hash, so the extension has to resend a new hash. If you like you could disable this new feature for unsubscribing ( authcode_std = del ). Please write me again if you need this feature disabled...
Sorry, I have to ask again: I try to get a link in the Newsletter to this page:
Using "&u=###USER_uid###&t=###SYS_TABLE_NAME###&a=###SYS_AUTHCODE###" and "&u=###USER_uid###&t=###SYS_TABLE_NAME###&a=###SYS_AUTHCODE###&do=del"leads to
Any hint for me?
You have to set authcode_std = del in the typoscript setup, then it will work.
@bobosch: I did not understand clearly, so is it a direct mail problem? T3 security team forced the implementation of what?
Yes, directmail cannot generate secure authorisation links, needed to change User setting. Unsubscription is possible with the mentioned TS option. Perhaps ajaxmailsubscription should extend directmail to generate secure links, but I am not an active T3 developer since years and have no time for this. T3 security team disallowed the authorisation (done by ajaxmailsubscription) with the standard hash (used by directmail)
So that means this should be changed in direct_mail? Then I will make at least a feature request.
Here the original comment from the TYPO3 Security Team
- The links (auth code) should work only once.
- The links (auth code) should expire after a defined time.
Hi, in TYPO3 7.6 the Unsubscriblink is not working, a wrong Hash seems to be submitted with the Newsletter: I'm using https:/mydomain.de/index.php?id=[myid]&u=###USER_uid###&t=###SYS_TABLE_NAME###&a=###SYS_AUTHCODE###
If i send a newsletter, i get this Link for unsubscribing: https:/mydomain.de/index.php?id=[myid]&u=1045&t=t&a=5e0e8446 but I get this Error Message: "Der Link ist abgelaufen. Ein neuer Link wurde Ihnen zugesandt. Eine Bestätigungs-E-Mail wurde Ihnen zugesandt." I get another Link and then the Hash is correct: ...?t=t&u=1045&a=5902f7f7ae9a83e6
Any Ideas? In TYPO3 6.2 everything worked fine.