Additional safeguards against abuses of the mail form

diff --git a/com.woltlab.wcf/package.xml b/com.woltlab.wcf/package.xml
index f934d0f32c24d1e91c9161f6aa54618f1d4247e3..7c2a3ceaaf81dde206c6a3bc8968d680ef0d1939 100644 (file)
--- a/com.woltlab.wcf/package.xml
+++ b/com.woltlab.wcf/package.xml
@@ -90,6 +90,7 @@
                <instruction type="style">defaultStyle.tar</instruction>
                
                <instruction type="script">acp/update_com.woltlab.wcf_3.0_post_sql.php</instruction>
+               <instruction type="script">acp/update_com.woltlab.wcf_preventMailAbuse.php</instruction>
        </instructions>
        <instructions type="update" fromversion="2.1.24 pl 1">
                <instruction type="file">files_pre_update.tar</instruction>
@@ -138,6 +139,7 @@
                <instruction type="style">defaultStyle.tar</instruction>
                
                <instruction type="script">acp/update_com.woltlab.wcf_3.0_post_sql.php</instruction>
+               <instruction type="script">acp/update_com.woltlab.wcf_preventMailAbuse.php</instruction>
        </instructions>
        <instructions type="update" fromversion="2.1.24 pl 2">
                <instruction type="file">files_pre_update.tar</instruction>
@@ -186,8 +188,11 @@
                <instruction type="style">defaultStyle.tar</instruction>
                
                <instruction type="script">acp/update_com.woltlab.wcf_3.0_post_sql.php</instruction>
+               <instruction type="script">acp/update_com.woltlab.wcf_preventMailAbuse.php</instruction>
        </instructions>
        
+       <!-- Include: <instruction type="script">acp/update_com.woltlab.wcf_preventMailAbuse.php</instruction> -->
+       
        <instructions type="update" fromversion="3.0.22">
                <instruction type="acpTemplate">acptemplates_update.tar</instruction>
                <instruction type="file">files_update.tar</instruction>

diff --git a/wcfsetup/install/files/acp/update_com.woltlab.wcf_preventMailAbuse.php b/wcfsetup/install/files/acp/update_com.woltlab.wcf_preventMailAbuse.php
new file mode 100644 (file)
index 0000000..dfc68f8
--- /dev/null
+++ b/wcfsetup/install/files/acp/update_com.woltlab.wcf_preventMailAbuse.php
@@ -0,0 +1,16 @@
+<?php
+namespace wcf\acp;
+use wcf\system\WCF;
+
+$sql = "UPDATE  wcf".WCF_N."_user_group_option_value
+       SET     optionValue = ?
+       WHERE   optionID = (
+               SELECT  optionID
+               FROM    wcf".WCF_N."_user_group_option
+               WHERE   optionName = ?
+       )";
+$statement = WCF::getDB()->prepareStatement($sql);
+$statement->execute([
+       0,
+       'user.profile.canMail',
+]);

diff --git a/wcfsetup/install/files/lib/form/MailForm.class.php b/wcfsetup/install/files/lib/form/MailForm.class.php
index 346155e030b4229518e3060ce303028e9ecad2d6..63d53aea582efee0a3c94c6168dab7601c4fdf04 100644 (file)
--- a/wcfsetup/install/files/lib/form/MailForm.class.php
+++ b/wcfsetup/install/files/lib/form/MailForm.class.php
@@ -31,6 +31,11 @@ class MailForm extends AbstractCaptchaForm {
         */
        public $useCaptcha = PROFILE_MAIL_USE_CAPTCHA;
        
+       /**
+        * @inheritDoc
+        */
+       public $forceCaptcha = true;
+       
        /**
         * recipient's user id
         * @var integer