Email Address Issue
-
@aaronstuder said in Mangolassi is leaking everyone's email address!:
I was going to report it to @NodeBB but I didn't find the issue on there community site witch makes me think it is related to mangolassi directly.
We run vanilla NodeBB. We specifically do not modify it. If it is specific here, it's not because it was modified.
-
@aaronstuder said in Mangolassi is leaking everyone's email address!:
@scottalanmiller Is there a way to fix it for now? Disable a plugin maybe? or do we have to wait?
I was going to report it to @NodeBB but I didn't find the issue on there community site witch makes me think it is related to mangolassi directly.
Instead of looking to see if it was mentioned, did you look at their page source? I can see the emails exposed over there just as you described.
-
On their community, I mean.
-
@scottalanmiller I can't. but I am not logged in.....
view-source:https://community.nodebb.org/topic/8776/nodebb-email-exposure-bug
-
My guess is that they need the email address to generate the gravatar, but they should generate the hash before pushing to the frontend.
-
Yeah. Sadly I can't seem to reproduce the problem on there site.
-
@aaronstuder said in Mangolassi is leaking everyone's email address!:
@scottalanmiller Is there a way to fix it for now? Disable a plugin maybe? or do we have to wait?
Well we just disabled Gravatar. If that was it, it's gone. Check now.
-
@aaronstuder said in Mangolassi is leaking everyone's email address!:
Yeah. Sadly I can't seem to reproduce the problem on there site.
They appear to be pre-generating the page, probably some sort of caching, my guess is they do not have a vanilla install.
-
If Gravatar wasn't it, I'm not sure where to look next.
-
@tonyshowoff said in Mangolassi is leaking everyone's email address!:
@aaronstuder said in Mangolassi is leaking everyone's email address!:
Yeah. Sadly I can't seem to reproduce the problem on there site.
They appear to be pre-generating the page, probably some sort of caching, my guess is they do not have a vanilla install.
They run newer code at the very least. And they do a few different things because they use it for testing.
-
@scottalanmiller said in Mangolassi is leaking everyone's email address!:
If Gravatar wasn't it, I'm not sure where to look next.
Did not fix it, it's sent regardless, so re-enable it so people can seem my kickass gravatar.
-
Gravatars seem to be cached somehow. I'm still seeing them even though the plugin was removed.
-
I notice emoji's work on there site too........
-
Are you seeing them disappear?
-
@aaronstuder said in Mangolassi is leaking everyone's email address!:
I notice emoji's work on there site too........
That's always been known. They work for Jared, too.
-
This post is deleted! -
This post is deleted! -
@scottalanmiller said in Mangolassi is leaking everyone's email address!:
Gravatars seem to be cached somehow. I'm still seeing them even though the plugin was removed.
Cloudflare?
-
@aaronstuder said in Mangolassi is leaking everyone's email address!:
@scottalanmiller said in Mangolassi is leaking everyone's email address!:
Gravatars seem to be cached somehow. I'm still seeing them even though the plugin was removed.
Cloudflare?
Doesn't even see that that could be possible. What technology would allow that to happen?
-