Provide better controls when emailing files to recipient #1203
Comments
|
We have a project enhancement where we can, for each recipient, set whether they should get a link to the uploaded file or not, and whether the file should be attached to the email. When the checkbox to hide all user data is checked, we also make sure even files that would normally be attached due to their smaller size are excluded from attachments. Currently we're doing this through an extension and class overrides, but can make it as an enhancement for the module. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This was initially analysed as a security issue, but we concluded it wasn't worth treating it as one.
Basically, you can set up "recipients" who should received an email when a user form is submitted. If the user form contains a file field, the CMS will send the file along as well if the recipient'se email matches a CMS account. That will occur even if the CMS user doesn't have access to the file.
It's not clear what the expected behaviour should be here. Minimally, we should provide more explicit control on what to do when emailing those files.
The text was updated successfully, but these errors were encountered: