Email subscription possible even when disabled in settings

[frank42hh]

Hi,

I know Cachet 2.x is already discontinued before a 3.x release is available. I think this bug should be noted anyway.

I'm running v2.4.0-dev on a debian 12 system with apache2. I disabled the Allow people to signup to email notifications? setting.

This setting removed the "Subscribe" button from the main page, which links to https://status.domain.com/subscribe, but it does NOT disable the /subscribe endpoint itself.

Calling it directly still allows submitting an email address for subscribing, which resulted in a quite massive spam attempt on my status page.

[jbrooksuk]

Thanks! If you'd like to make a PR for this, I can make a patch release.

[frank42hh]

Hi,
I'm sorry, I would like to, but I don't speak Laravel :-)
My programming skills are limited to bash, perl and some rudimentary PHP basics.