View Issue Details

This bug affects 1 person(s).
 258
IDProjectCategoryView StatusLast Update
19918Feature requestsSecuritypublic2025-01-09 16:58
ReporterDeflator0677 Assigned Totibor.pacalat  
PrioritynoneSeverityfeature 
Status closedResolutionno change required 
Summary19918: Disable the possibility to abuse Limesurvey as email bomber
Description

In Limesurvey, it is possible to switch a survey to close mode and to allow the survey administrator to import a CSV file with email and name.
Problem : this feature could be abused by a malicious user in putting thousands of email address in the file.

To be more precise, we do not trust our users so we would like to avoid to them to send email with Limesurvey, they have to use a mailing list with a survey link inside.
Currently, it looks to be possible to enable email for all usages and disables it for all usage too. That means no password lost feature, for example.

Is it possible to have a global setting to disable the possibility for users to send email ?

Thank you

Steps To Reproduce
  • Create a survey
  • go to participants
  • import a CSV file with thousands of email
  • popcorn
TagsNo tags attached.
Bug heat258
Story point estimate
Users affected %

Users monitoring this issue

DenisChenu

Activities

tibor.pacalat

tibor.pacalat

2025-01-08 15:44

administrator   ~81768

We currently don't have this feature. @Deflator0677 would you like to sponsor this feature?

Deflator0677

Deflator0677

2025-01-08 15:59

reporter   ~81780

You didn't pay me for the time I spend to write several issues. If you want, you could pay me and I will use this money for this feature.

Nevertheless, I think it is security features, all Limesurvey instance could be abused.

tibor.pacalat

tibor.pacalat

2025-01-08 16:18

administrator   ~81783

We are going from the premise that admins are hand-picked and trustworthy. That is why we don't see this as a security issue. Every superadmin is responsible for their own application and how it is being used.
That being said, we are open source company, meaning that we provide most of our work for free to general public, you included. If anyone has an idea for a feature, we can work on it, but since we have limited man power, we rely on sponsoring of such new features. We appreciate you as a member of our open source community and your contributions in form of tickets you created!

Deflator0677

Deflator0677

2025-01-08 16:39

reporter   ~81785

I will be surprise if it is how Limesurvey is used in big company. The organisations I know open Limesurvey to their company users, even if they are trained, that means hundred of them, and users are not trustworthy. And even if they are trustworthy, they could in good faith sending a survey to thousands of email.

Is this feature is available in your public demo? Because if it is, that means even you didn't respect your premise...

Do you wait an abuse occurred on your platform to do something about this feature? I don't know allowing to disable it totally is the better way, it could be like to set a limit of recipient or something else.

DenisChenu

DenisChenu

2025-01-09 09:10

developer   ~81789

Last edited: 2025-01-09 09:12

My opinion : such situation must/can be fixed by plugin.

A lot of company allow sending a bunch of email by user with Survey create permission. When they don't want this : give less permission.

Then :

  1. it's something needed by some company, but not a lot (it's the 1st feature request like this)
  2. Each company can want something different (see smtpByUser for example)
  3. Current plugins events can limit or disable email sent by some specific user : https://www.limesurvey.org/manual/BeforeEmail

About :

Is this feature is available in your public demo? Because if it is, that means even you didn't respect your premise...

DemoMode https://www.limesurvey.org/manual/Optional_settings/en#Security

demoMode: If this option is set to 'true' in config.php, then LimeSurvey will go into demo mode. The demo mode changes the following things:

  • Disables admin user's details and password changing;
  • Disables the upload of files on the template editor;
  • Disables sending email invitations and reminders;
  • Disables the creation of a database dump;
  • Disables the ability to modify the following global settings: site name, default language, default HTML editor mode, XSS filter.
Deflator0677

Deflator0677

2025-01-09 10:40

reporter   ~81796

Thank you for your complete answer @DenisChenu, I understand the situation better.
I will look more closely at what is possible to do, I appreciate the tips. If you have more which could help me to write a plug-in to disable this feature for users, I am interested!

DenisChenu

DenisChenu

2025-01-09 10:45

developer   ~81797

Just disable (for token related) : https://www.limesurvey.org/manual/BeforeSurveyEmail

  1. Check current user https://github.com/LimeSurvey/LimeSurvey/blob/master/application/models/Permission.php#L782
  2. If the current user is not a superadmin (for example)
  3. event->set('error', true); event->set('message', "Email disable for you")

Something like this

Issue History

Date Modified Username Field Change
2025-01-07 12:23 Deflator0677 New Issue
2025-01-07 12:24 DenisChenu Issue Monitored: DenisChenu
2025-01-07 12:24 DenisChenu Bug heat 250 => 252
2025-01-08 15:41 c_schmitz Project Bug reports => Feature requests
2025-01-08 15:44 tibor.pacalat Note Added: 81768
2025-01-08 15:44 tibor.pacalat Bug heat 252 => 254
2025-01-08 15:44 tibor.pacalat Assigned To => tibor.pacalat
2025-01-08 15:44 tibor.pacalat Status new => feedback
2025-01-08 15:59 Deflator0677 Note Added: 81780
2025-01-08 15:59 Deflator0677 Bug heat 254 => 256
2025-01-08 15:59 Deflator0677 Status feedback => assigned
2025-01-08 16:18 tibor.pacalat Note Added: 81783
2025-01-08 16:39 Deflator0677 Note Added: 81785
2025-01-09 09:10 DenisChenu Note Added: 81789
2025-01-09 09:10 DenisChenu Bug heat 256 => 258
2025-01-09 09:12 DenisChenu Note Edited: 81789
2025-01-09 10:40 Deflator0677 Note Added: 81796
2025-01-09 10:45 DenisChenu Note Added: 81797
2025-01-09 16:58 tibor.pacalat Status assigned => closed
2025-01-09 16:58 tibor.pacalat Resolution open => no change required