November 26, 2003

Doomed to repeat history

Just when you thought people would've learned from the travesty that was formmail.pl...

Movable Type comes, by default, with a program mt-send-entry.cgi that's supposed to allow pretty much anyone to send a blog entry to pretty much anyone else. Except, interestingly, it allows anyone to send anything to just about anyone else. (With a little tag that says its from your blog, of course)

It would seem that deleting or chmod -xing mt-send-entry.cgi would be a good idea if you've got a Movable Type installation.

Posted by Dan at November 26, 2003 09:15 AM | TrackBack (2)
Comments

Wow. ;-)

I actually once edited an article where the author (for a respected PHP journal), made a formail copy for PHP, extolling its virtues. One of the things he claimed was brilliant about the script was that it allowed you to easily specify in the html, who to send the form too.

After two days of arguing "hey, you're creating a spam gateway" and many links to bugtraq, I finally had to threaten to not publish the article to get it changed.

It seems some folks *will* never learn.

Posted by: Sterling Hughes at November 27, 2003 04:18 AM