“Unsafe email config” when using selectable recipient

  • Resolved ynick

    (@ynick)


    1 year, 4 months ago

    Hi, I’ve been using the method described in the article below to let visitors choose between three different departments to direct their message to:
    https://contactform7.com/selectable-recipient-with-pipes/

    As far as I can tell, this method both hides the actual e-mail addresses from the visitors and prevents them from choosing any other address.

    However, I recently noticed the “Unsafe email config” warning appearing. Is this something to worry about or just an edge case the validator isn’t able to detect properly?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Takayuki Miyoshi

    (@takayukister)

    A drop-down menu doesn’t restrict that the user input must be identical with one of options that the menu provides. Still there is a risk of that a user can submit an arbitrary value. I recommend you follow the advice.

    Thread Starter ynick

    (@ynick)

    Alright, thanks for the information!

    I think it would be better if the plugin could be set to restrict the selection to one of the provided values (and generate a validation error when a different one is submitted). Or at least add a warning to the page (https://contactform7.com/selectable-recipient-with-pipes/) that this method doesn’t actually prevent arbitrary e-mail addresses.

    Hi,

    As I have an invalid email syntax error trying to use a select field (with pipes) to redirect the email to a specific service’s recipient, I can’t use the method mentioned above anymore.

    Is there a safer work-around that allow us to keep allowing selectable recipients with CF7 ?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘“Unsafe email config” when using selectable recipient’ is closed to new replies.