Quote Originally Posted by mgmaik View Post
Whenever I want to add/whitelist a site on the ACP from Mr Happy, I need to fill in the site url, site name and email.

This is pretty annoying when a forum only gives the site url. There is nog way I can only add the site url without the email or site name.

Every time someone wants to get whitelisted, I need to contact them back for their submission email and site name.

I remember (without the ACP module) you just could only add the site url, and the rest goes filled in automatically when someone submits.

I hope you understand, I tried my best to explain.
Going by memory as I haven't looked as WCDDL in a month now it's a security issue and the way WCDDL works by default is a major security problem.

If you whitelist a site by adding the url... eg example.com then whoever is the next person to submit using example.com decides the default site name and email address for that site. If nobody has submitted before it records the email and site name.

You have a support thread on KWWH. Say the owner of example.com asks to be whitelisted and a few hours later you reply with your now whitelisted and I see your reply and the owner of example.com is asleep. I can then go to your site, submit using the url example.com with my own email address and whatever site name I want. I now have full control of that site. I have the default email, If you add a webmaster area I will have full control over it etc. I can then chose to submit my own urls to earn more downloads or submit malware and fake uploads to get example.com banned or just to fuck up your site.

By asking for an email address and site name when whitelisting this security issue is removed.

ALSO.....
I plan on releasing a WCP as mentioned above but this got delayed a bit. When it's released the webmaster will enter the email address, url and site name to register and get whitelisted. All you'll have to do is approve the site by clicking one button. Alternatively you can have them autoapproved. This will mean no inputting of information for you at all and is extremely secure.


In summary it's a security issue. All my modules are built to be 100% secure and therefore I won't be undoing this feature.