Open kanow opened 4 years ago
lsascha
commented
4 years ago i think it should not be that complicated. either we only approve if it is no longer setHidden, or we add a new field just for that. Since we consider not hidden entries as approved somewhat anyway.
So maybe have a look at #70
(I haven't tested it though)
kanow
commented
4 years ago I think that is ok but not enough. If the user doesn't approve his invitation and stopping the process after loading the info page for approving and doesn't click on the really last "confirm button", the page are indexed and another user can get those link in the search result. The user see the email address and can confirm those registration if he want. Maybe a second check of the crdate is helpful. But then it should be possible to re-subscribe with the same email address if the user didn't confirm the first subscription/registration process.
Hi,
our setup: TYPO3 8.7.32, registeraddress 2.0.1
Today we had a problem with old approved links. They are indexed by indexed_search and user can approve an old (already appproved) email address. They click on those (in search result) link, confirm the data privacy with click on the button and then the registration success with the other email address is showing.
I think it's important that the approve link just working once. The indexing in generally is not really good but for this I haven't a good idea at the moment ;-).