Email Address Issue

Alex Sage

@scottalanmiller I can't. but I am not logged in.....

view-source:https://community.nodebb.org/topic/8776/nodebb-email-exposure-bug

tonyshowoff

My guess is that they need the email address to generate the gravatar, but they should generate the hash before pushing to the frontend.

Alex Sage

Yeah. Sadly I can't seem to reproduce the problem on there site.

scottalanmiller

@aaronstuder said in Mangolassi is leaking everyone's email address!:

@scottalanmiller Is there a way to fix it for now? Disable a plugin maybe? or do we have to wait?

Well we just disabled Gravatar. If that was it, it's gone. Check now.

tonyshowoff

@aaronstuder said in Mangolassi is leaking everyone's email address!:

Yeah. Sadly I can't seem to reproduce the problem on there site.

They appear to be pre-generating the page, probably some sort of caching, my guess is they do not have a vanilla install.

scottalanmiller

If Gravatar wasn't it, I'm not sure where to look next.

scottalanmiller

@tonyshowoff said in Mangolassi is leaking everyone's email address!:

@aaronstuder said in Mangolassi is leaking everyone's email address!:

Yeah. Sadly I can't seem to reproduce the problem on there site.

They appear to be pre-generating the page, probably some sort of caching, my guess is they do not have a vanilla install.

They run newer code at the very least. And they do a few different things because they use it for testing.

tonyshowoff

@scottalanmiller said in Mangolassi is leaking everyone's email address!:

If Gravatar wasn't it, I'm not sure where to look next.

Did not fix it, it's sent regardless, so re-enable it so people can seem my kickass gravatar.

scottalanmiller

Gravatars seem to be cached somehow. I'm still seeing them even though the plugin was removed.

Alex Sage

I notice emoji's work on there site too........

scottalanmiller

Are you seeing them disappear?

scottalanmiller

@aaronstuder said in Mangolassi is leaking everyone's email address!:

I notice emoji's work on there site too........

That's always been known. They work for Jared, too.

Alex Sage

This post is deleted!

Alex Sage

This post is deleted!

Alex Sage

@scottalanmiller said in Mangolassi is leaking everyone's email address!:

Gravatars seem to be cached somehow. I'm still seeing them even though the plugin was removed.

Cloudflare?

scottalanmiller

@aaronstuder said in Mangolassi is leaking everyone's email address!:

@scottalanmiller said in Mangolassi is leaking everyone's email address!:

Gravatars seem to be cached somehow. I'm still seeing them even though the plugin was removed.

Cloudflare?

Doesn't even see that that could be possible. What technology would allow that to happen?

Alex Sage

@scottalanmiller https://support.cloudflare.com/hc/en-us/articles/200169556-How-can-I-tell-if-CloudFlare-is-caching-my-site-or-a-specific-file-

scottalanmiller

@aaronstuder said in Mangolassi is leaking everyone's email address!:

@scottalanmiller https://support.cloudflare.com/hc/en-us/articles/200169556-How-can-I-tell-if-CloudFlare-is-caching-my-site-or-a-specific-file-

How is that related? We are talking about dynamic content. It cannot be cached by a caching service. you could not see the posts if that were the case.

scottalanmiller

We got it.... it appears to be something wrong with NodeBB, reload was saying that it worked but failing. Did a full forced restart and it appaers to have dropped Gravatar.

Check now on the emails.

scottalanmiller

Looks like that cleaned up the stupid issue with the notifications too. We removed that plugin a month ago.