May 5th, 2004, 03:14 PM
I wish I had a suggestion on how best to address this but so far I don't. Sendnotice.php does not require any kind of authentication so anyone knowing the file name can run it just by hitting it with their browser. That alone isn't that bad but it leaves the option open for abuse by repeatedly sending out mail each time the page is refreshed. With a busy classifieds section that could upset a lot of people in a hurry.