[RFC] Mass HTML email option in ACP

Note: We are moving the topics of this forum and it will be deleted at some point

Publish your own request for comments/change or patches for the next version of phpBB. Discuss the contributions and proposals of others. Upcoming releases are 3.2/Rhea and 3.3.
Post Reply
User avatar
Master_Cylinder
Registered User
Posts: 361
Joined: Wed Jul 31, 2013 9:54 pm

Re: [RFC] Mass HTML email option in ACP

Post by Master_Cylinder »

Ger wrote:It also doesn't mean that PHP should be the platform to use when sending spam... All hosting providers should ask for a certificate of good conduct before selling web space.

Look, nobody is saying that the sender is in danger. All we say is that a bad admin already has numerous tools to harm his visitors (no matter what (forum) software he uses). One extra tool doesn't make a difference.
Have you *seen* how large the blacklists are? While it would be nice if hosting providers and ISPs would do more to stop spam/hackers/etc, they don't, so lets get back to the real world where html email is a bad thing and phpBB isn't newsletter SW.

Of course there are other tools, there's no reason to turn phpBB into another easy one. While the spammers and admins would LIKE one extra tool, we shouldn't give them an easy one. Of course one more can make a difference, do you remember when "one extra" DOS script got released (smurf) to the public and it changed the internet? I do. :roll:

phpBB != newsletters
These kids today...
Buy them books, send them to school and what do they do?

They eat the paste. :lol:
keith10456
Registered User
Posts: 523
Joined: Sat Apr 22, 2006 10:29 pm
Contact:

Re: [RFC] Mass HTML email option in ACP

Post by keith10456 »

Pony99CA wrote:
keith10456 wrote:Couldn't the devs design it so the bbcode editor is used and when sent the bbcode is converted to HTML? I think that should suffice...
That does seem like a good compromise, but I don't have a problem with admins using HTML. They can already use it in Custom BBCodes (they pretty much have to).

There are other places that could use HTML, too, like ranks and forum titles, for example.

Steve
Good point ;)
User avatar
Kamahl19
Registered User
Posts: 161
Joined: Thu Dec 27, 2007 10:31 am

Re: [RFC] Mass HTML email option in ACP

Post by Kamahl19 »

Why are you even talking with him? I would go crazy after two posts.. He clearly does not understand the problematic, he has no idea how exactly can html be dangerous, and he does not want to learn something else and change his mind. So there is no point in further discussion with him. He made his point, so now, can we discuss if there is anyone willing to do this and how exactly this can be implemented?
User avatar
Master_Cylinder
Registered User
Posts: 361
Joined: Wed Jul 31, 2013 9:54 pm

Re: [RFC] Mass HTML email option in ACP

Post by Master_Cylinder »

Kamahl19 wrote:Why are you even talking with him? I would go crazy after two posts.. He clearly does not understand the problematic, he has no idea how exactly can html be dangerous, and he does not want to learn something else and change his mind. So there is no point in further discussion with him. He made his point, so now, can we discuss if there is anyone willing to do this and how exactly this can be implemented?
I know I shouldn't bother with people who fail to understand that html email is a security issue, some people refuse to read links or understand simple concepts. However, security is important to me so I will continue until the RFC is merged or rejected. Some people might only want to hear from people that agree but that's not how the real world works. :D

Good luck... ;)
These kids today...
Buy them books, send them to school and what do they do?

They eat the paste. :lol:
User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC] Mass HTML email option in ACP

Post by Pony99CA »

Master_Cylinder wrote:I know I shouldn't bother with people who fail to understand that html email is a security issue, some people refuse to read links or understand simple concepts.
You're missing the point. Any HTML is a security issue -- thus the whole Web is a security issue. Should we shut that down?

Allowing phpBB to send HTML E-mail won't be used by spammers. They'd have to install phpBB, get people to come and register on their board (or register people themselves) and then use the relatively obscure Mass E-mail feature. It would be far easier to either make your forum contain malicious HTML thus obviating the need for E-mail at all, or, if you want to spam, get some freeware mass E-mail program that allows sending HTML E-mail.

The point is that users won't be at any more risk than they would be visiting any unknown Web site or opening any unknown HTML E-mail.

As for your previous points about sending RTFs or PDFs, are you serious? How many security flaws have been discovered in Microsoft Office and Adobe Reader? :shock:

Steve

P.S. Wasn't Master Cylinder evil? ;)
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1862
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: [RFC] Mass HTML email option in ACP

Post by DavidIQ »

The suggestion that this should be an extension is overkill. There would only ever be two options here: use HTML or not.

And continuing to say that allowing HTML in emails that the administrator sends and that this would be ignoring a security issue is giving this idea too much credit. To send the email out as HTML would take a single change anyways :roll:

I think a ticket should be created. Are BBCode buttons and/or smileys or other items needed? (Color swatch?)
Image
Danielx64
Registered User
Posts: 304
Joined: Mon Feb 08, 2010 3:42 am

Re: [RFC] Mass HTML email option in ACP

Post by Danielx64 »

Pony99CA wrote: P.S. Wasn't Master Cylinder evil? ;)
LMAO, that is so funny.

I would rather see this as an extension and whoever does write one better put in the option for members to select plain text version if they want it. I read a lot of my emails on my phone and that can't display HTML or anything like that due to the way gmail works.

In fact I just dropped out of a newsletter not long ago because they went to HTML only and not providing a plain text version.
Danielx64
Registered User
Posts: 304
Joined: Mon Feb 08, 2010 3:42 am

Re: [RFC] Mass HTML email option in ACP

Post by Danielx64 »

DavidIQ wrote:The suggestion that this should be an extension is overkill. There would only ever be two options here: use HTML or not.

And continuing to say that allowing HTML in emails that the administrator sends and that this would be ignoring a security issue is giving this idea too much credit. To send the email out as HTML would take a single change anyways :roll:

I think a ticket should be created. Are BBCode buttons and/or smileys or other items needed? (Color swatch?)
Would this be for admins only and not any other member who use the email function?
User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1862
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: [RFC] Mass HTML email option in ACP

Post by DavidIQ »

*Daniel wrote:Would this be for admins only and not any other member who use the email function?
Only for admins of course.
Image
Danielx64
Registered User
Posts: 304
Joined: Mon Feb 08, 2010 3:42 am

Re: [RFC] Mass HTML email option in ACP

Post by Danielx64 »

DavidIQ wrote:
*Daniel wrote:Would this be for admins only and not any other member who use the email function?
Only for admins of course.
And will members get the choice in what email format they want to get?
Post Reply