2014-09-02, 16:08:53
(2014-09-01, 03:41:10)kaborka Wrote: The plug-in works well, but it has a security problem: The admin email is exposed in a hidden input field in the page source:
Code:<input type="hidden" name="contact[q_email]" value="xxxxx@mydomain.com">
It exposes the address of the admin account. This makes the plug-in not useful when privacy is needed. Since the contact form is posted back to the server, why not look up the admin address after the postback? It would make more sense. I do not know PHP code, or I would do it.
Ok, you are right, I did not think about that....
In next version I will fix it.
Regards