@mattab opened this Issue on May 23rd 2019 Member

-> Goal of this issue is to make sure we only send email reports once to a given email address.

Initial security report

When creating/editing an email report, if you enter the same email address multiple times, like 100 or 1000 times in the field "Send report to", the email reports are sent 100 or 1000 times. This could create problems where the Matomo server sending emails is marked as spam. This could affect Cloud customers if some security tester is sending hundreds of email reports (they are not allowed it as per our bug bounty rules, but some who don't read still do it anyway...).

Suggested steps

  1. Deduplicate email addresses when saving a scheduled email reports (only save the email once). So even if you enter many times the same email it won't be saved anyway.
  2. When sending emails in the scheduled task (or via the UI "Send report now" button), then deduplicate emails and only send the email report once to each email address. (this is useful if for some reason an existing email report contains the same email multiple times and wasn't "fixed" by step 1. above yet)
This Issue was closed on June 24th 2019
Powered by GitHub Issue Mirror