Message 1433 - PSF Meta Tracker

Author	stephen
Recipients	admin, forsberg, loewis, pefu512, stephen
Date	2009-06-24.23:12:14
SpamBayes Score	6.23767e-10
Marked as misclassified	No

Martin v. Löwis writes:
 > 
 > Martin v. Löwis <martin@v.loewis.de> added the comment:
 > 
 > Unfortunately, the ?:action style of changing issues is insecure,
 > as it enables XSS attacks. So recent versions of roundup have
 > disabled this API to retiring, and require regular POSTs.
 > 
 > Instead of retiring the issue, one should use the "Mark as SPAM"
 > button, anyway (available to administrators only).

Would it be reasonable to make Mark as SPAM available to non
adminstrators in one or both of the following ways:

(a) the user whose address is abused should be allowed to Mark as SPAM

(b) (complex and possibly vulnerable to DoS) any user could be allowed
    to Mark as SPAM
    - admins would need a Mark as HAM command, and explicitly marked
      HAM is not possible to mark as SPAM without admin privileges
    - create a report which looks for recently Marked as SPAM events
      so that admins and/or volunteers could check for abuse of the
      system

History
Date	User	Action	Args
2009-06-24 23:12:15	stephen	set	recipients: + stephen, admin, forsberg, pefu512, loewis
2009-06-24 23:12:15	stephen	link	issue286 messages
2009-06-24 23:12:14	stephen	create

Message1433