Dear all,
I have installed the Newsletter Plugin on my Website in order to set up a simple newsletter sign-up page. I am legally required to use a double opt-in, however, a number of customers have been facing problems with that double opt-in. The link included in the e-mail for confirmation looks like this:
https://domain.com/?na=c&nk=64-503aa54hgh3
However, a number of E-Mail service providers employ some kind of link-masking which will cause any link in any email to look like this:
https://deref-web.de/mail/client/yjgke3k-k38/dereferrer/?redirectUrl=https://domain.com/?na=c&nk=64-503aa54hgh3
This redirection causes a short warning message that one is leaving the e-mail service provider’s page to be displayed when clicking on the link in the email before the actual redirection to the link destination takes place. However, this redirection causes the confirmation link of the Newsletter plugin to be broken, and instead of the “Confirmation successful” message, an error message is displayed. I have tracked the error to the antibot_form_check() method in the module.php file located in the includes folder of the plugin. Once I edit that function to something like
if (strtolower($_SERVER['REQUEST_METHOD']) != 'post' && strtolower($_SERVER['REQUEST_METHOD']) != 'get') {
return false;
}
/*
if (!isset($_POST['ts']) || time() - $_POST['ts'] > 60) {
return false;
}
*/
instead of
if (strtolower($_SERVER['REQUEST_METHOD']) != 'post') {
return false;
}
if (!isset($_POST['ts']) || time() - $_POST['ts'] > 60) {
return false;
}
then the confirmation works perfectly even after the redirection. However, I am afraid that I am reducing the security of the site and the Newsletter plugin itself. Could you provide any fix to this issue? It actually concerns a number of german e-mail providers like web.de, gmx.net and t-online.de which all employ this kind of link masking and therefore cause problems with the Newsletter plugin’s confirmation e-mails.
Thanks for your time and kind regards!