Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do you remove the contact-info page from a plone site?

Tags:

plone

Every new plone site as a /contact-info/ url with a generic email form on it.

Spambots can easily find this and use it spam the webmaster with malicious emails (specifically note that the 'subject' can be set in the email).

This old thread http://plone.293351.n2.nabble.com/modify-or-disable-site-contact-form-td7258555.html suggests that you can simply update the template so it is an empty page. However, this is not enough to prevent spam.

wget http://localhost:8080/contact-info --post-data "sender_fullname=d&[email protected]&subject=d&message=d&form.submitted=1"

Will still send email on the form handler.

How do you completely disable this form handler?

edit: I see you can modify the form handler script at:

/portal_skins/plone_form_scripts/send_feedback_site/manage_main 
/portal_skins/custom/contact-info

To generate a custom handler script and replace the default actions. However, this doesn't really remove the page, it just makes it do nothing.

like image 821
Doug Avatar asked Sep 16 '14 04:09

Doug


1 Answers

What you must customize is not the template but the end point the send_feedback_site script.

Replace the whole script code with:

from zExceptions import NotFound
raise NotFound()

Or probably Unauthorized is better.

like image 137
keul Avatar answered Nov 20 '22 02:11

keul