View Issue Details

IDProjectCategoryView StatusLast Update
0005717OXID eShop (all versions)1.05. Userspublic2015-12-01 10:40
Reportermartinwegele 
PrioritylowSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
Product Version4.8.4 / 5.1.4 
Target VersionFixed in Version 
Summary0005717: Link for newsletter subscription can be reused
DescriptionBecause of the way the confirmation code for the double opt-in for the newsletter is constructed it can be reused again and again: https://github.com/OXID-eSales/oxideshop_ce/blob/v4.8.4/source/application/controllers/newsletter.php#L183
I am not sure if this is an intended behaviour. I would expect this link to be usable only once.
Steps To ReproduceIn the demoshop go to "Newsletter" in the frontend (index.php?cl=newsletter), enter your e-mail address and click on subscribe. Open the e-mail you received for double opt-in and click on the link. Now check for your subscription status in the admin panel or the db. Next Unsubscribe on the same page you used before to subscribe for the newsletter. If you click on the link in the e-mail again you will be subscribed again.
TagsNewsletter
ThemeAll
BrowserAll
PHP VersionNot defined
MySQL VersionNot defined

Activities

There are no notes attached to this issue.