|
|
|
|
|
|
by alanh
5171 days ago
|
|
|
This looks great. I just signed up. However, I immediately noticed it seems anyone can add any content to anyone’s queue if they know or guess their username — since everyone sends mail to the same address (add@getpocket.com), you only have to forge the From: email header (which is, of course, trivially easy). |
|
|