ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Email Address Issue

    IT Discussion
    7
    53
    8650
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmiller
      scottalanmiller last edited by

      https://community.nodebb.org/topic/8776/nodebb-email-exposure-bug

      JaredBusch 1 Reply Last reply Reply Quote 0
      • scottalanmiller
        scottalanmiller @Alex Sage last edited by

        @aaronstuder said in Mangolassi is leaking everyone's email address!:

        I was going to report it to @NodeBB but I didn't find the issue on there community site witch makes me think it is related to mangolassi directly.

        We run vanilla NodeBB. We specifically do not modify it. If it is specific here, it's not because it was modified.

        1 Reply Last reply Reply Quote 0
        • scottalanmiller
          scottalanmiller @Alex Sage last edited by

          @aaronstuder said in Mangolassi is leaking everyone's email address!:

          @scottalanmiller Is there a way to fix it for now? Disable a plugin maybe? or do we have to wait?

          I was going to report it to @NodeBB but I didn't find the issue on there community site witch makes me think it is related to mangolassi directly.

          Instead of looking to see if it was mentioned, did you look at their page source? I can see the emails exposed over there just as you described.

          A 1 Reply Last reply Reply Quote 0
          • scottalanmiller
            scottalanmiller last edited by

            On their community, I mean.

            1 Reply Last reply Reply Quote 0
            • A
              Alex Sage @scottalanmiller last edited by

              @scottalanmiller I can't. but I am not logged in.....

              view-source:https://community.nodebb.org/topic/8776/nodebb-email-exposure-bug

              1 Reply Last reply Reply Quote 0
              • tonyshowoff
                tonyshowoff last edited by

                My guess is that they need the email address to generate the gravatar, but they should generate the hash before pushing to the frontend.

                1 Reply Last reply Reply Quote 0
                • A
                  Alex Sage last edited by

                  Yeah. Sadly I can't seem to reproduce the problem on there site.

                  tonyshowoff 1 Reply Last reply Reply Quote 0
                  • scottalanmiller
                    scottalanmiller @Alex Sage last edited by

                    @aaronstuder said in Mangolassi is leaking everyone's email address!:

                    @scottalanmiller Is there a way to fix it for now? Disable a plugin maybe? or do we have to wait?

                    Well we just disabled Gravatar. If that was it, it's gone. Check now.

                    1 Reply Last reply Reply Quote 0
                    • tonyshowoff
                      tonyshowoff @Alex Sage last edited by

                      @aaronstuder said in Mangolassi is leaking everyone's email address!:

                      Yeah. Sadly I can't seem to reproduce the problem on there site.

                      They appear to be pre-generating the page, probably some sort of caching, my guess is they do not have a vanilla install.

                      scottalanmiller 1 Reply Last reply Reply Quote 0
                      • scottalanmiller
                        scottalanmiller last edited by

                        If Gravatar wasn't it, I'm not sure where to look next.

                        tonyshowoff 1 Reply Last reply Reply Quote 0
                        • scottalanmiller
                          scottalanmiller @tonyshowoff last edited by

                          @tonyshowoff said in Mangolassi is leaking everyone's email address!:

                          @aaronstuder said in Mangolassi is leaking everyone's email address!:

                          Yeah. Sadly I can't seem to reproduce the problem on there site.

                          They appear to be pre-generating the page, probably some sort of caching, my guess is they do not have a vanilla install.

                          They run newer code at the very least. And they do a few different things because they use it for testing.

                          1 Reply Last reply Reply Quote 0
                          • tonyshowoff
                            tonyshowoff @scottalanmiller last edited by

                            @scottalanmiller said in Mangolassi is leaking everyone's email address!:

                            If Gravatar wasn't it, I'm not sure where to look next.

                            Did not fix it, it's sent regardless, so re-enable it so people can seem my kickass gravatar.

                            1 Reply Last reply Reply Quote 0
                            • scottalanmiller
                              scottalanmiller last edited by

                              Gravatars seem to be cached somehow. I'm still seeing them even though the plugin was removed.

                              A 2 Replies Last reply Reply Quote 0
                              • A
                                Alex Sage last edited by

                                I notice emoji's work on there site too........

                                scottalanmiller A 2 Replies Last reply Reply Quote 0
                                • scottalanmiller
                                  scottalanmiller last edited by

                                  Are you seeing them disappear?

                                  1 Reply Last reply Reply Quote 0
                                  • scottalanmiller
                                    scottalanmiller @Alex Sage last edited by

                                    @aaronstuder said in Mangolassi is leaking everyone's email address!:

                                    I notice emoji's work on there site too........

                                    That's always been known. They work for Jared, too.

                                    1 Reply Last reply Reply Quote 0
                                    • A
                                      Alex Sage @scottalanmiller last edited by Alex Sage

                                      This post is deleted!
                                      1 Reply Last reply Reply Quote 0
                                      • A
                                        Alex Sage @Alex Sage last edited by Alex Sage

                                        This post is deleted!
                                        1 Reply Last reply Reply Quote 0
                                        • A
                                          Alex Sage @scottalanmiller last edited by

                                          @scottalanmiller said in Mangolassi is leaking everyone's email address!:

                                          Gravatars seem to be cached somehow. I'm still seeing them even though the plugin was removed.

                                          Cloudflare?

                                          scottalanmiller 1 Reply Last reply Reply Quote 0
                                          • scottalanmiller
                                            scottalanmiller @Alex Sage last edited by

                                            @aaronstuder said in Mangolassi is leaking everyone's email address!:

                                            @scottalanmiller said in Mangolassi is leaking everyone's email address!:

                                            Gravatars seem to be cached somehow. I'm still seeing them even though the plugin was removed.

                                            Cloudflare?

                                            Doesn't even see that that could be possible. What technology would allow that to happen?

                                            A 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post