Page MenuHomePhabricator

[WMDE-Fundraising] Watch amount of form submissions
Open, LowPublic15 Story Points

Description

Since the forms in T123043 and T123044 can be easily filled with bogus data and valid email addresses, we may need to watch how many times the forms have been submitted in a time frame of 30 minutes to protect against the forms being used as spam tools.

See also http://security.stackexchange.com/questions/110070/how-to-protect-contact-forms-against-being-misused-for-mass-mailing

Acceptance criteria:

  • The forms (donation, membership application, subscription, contact) implement a token mechanism against cross-site request forgery.