Add support for limiting allowed hosts OJS

Maybe this patch Add support for limiting allowed hosts should be listed there too. We missed the announcement and had to take the instance down . Thanks.

Hi @trace

The patch you’ve mentioned prevents HTTP header injection being used against your OJS , e.g., sending password reset emails with poisoned links and redirecting users to third-party sites for scamming.

Your OJS seems to have some issues with the current theme in use (or the footer template file), which is being used to spread URLs to be crawled by search engines. Could you please review your theme and/or your footer template file to double check that there isn’t any unwanted code on them?


1 Like