• Don't save unfinished message sent by guest

    From Nigel Reed@1:103/705 to GitLab issue in main/sbbs on Mon Feb 6 18:38:37 2023
    open https://gitlab.synchro.net/main/sbbs/-/issues/508

    When using Nightfox's login matrix I went to send an email to sysop and found that an email by a previous guest was still hanging around. This could be abused by two users wishing to exchange messages by way of logging in, leaving a message and then dropping the call and another one dialing in to pick it up.Also, since guest is user 0000 then if it's using 0000.draft.mail.msg then two guests could possibly be creating the same draft message. I propose that guest messages are checked and deleted before a new message is sent and that appending the node number to the filename will stop guests stomping on each others messages.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Eric Oulashin@1:103/705 to GitLab note in main/sbbs on Mon Feb 6 19:56:09 2023
    https://gitlab.synchro.net/main/sbbs/-/issues/508#note_3172

    I don't think this is specific to my login matrix. From what I remember, this is a standard feature of Synchronet allowing a user to resume editing a message in case that user had been disconnected.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nigel Reed@1:103/705 to GitLab note in main/sbbs on Mon Feb 6 21:28:16 2023
    https://gitlab.synchro.net/main/sbbs/-/issues/508#note_3173

    Resume editing a post is fine, but not as a guest user, for reasons detailed above and more. Especially if user is inputting personal information for password recovery purposes. A guest should never be able to recover another guests posts.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab note in main/sbbs on Tue Feb 7 12:00:09 2023
    https://gitlab.synchro.net/main/sbbs/-/issues/508#note_3175

    User #0 is not guest (it's "no one"). This is still an issue, but not related to draft messages from guest accounts, which I believe are already auto-ignored/purged/not-saved, but I'll confirm that too.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nigel Reed@1:103/705 to GitLab note in main/sbbs on Tue Feb 7 12:05:28 2023
    https://gitlab.synchro.net/main/sbbs/-/issues/508#note_3176

    Yes, you're right, my bad on the user 0. I guess before someone logs into the login matrix they are "no one" so any email to sysop is going to be written to the user 0 temp file.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab issue in main/sbbs on Tue Feb 7 18:11:56 2023
    close https://gitlab.synchro.net/main/sbbs/-/issues/508
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)