Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set default RSS setting to display email address to OFF #7411

Merged
merged 1 commit into from
Oct 12, 2015
Merged

Set default RSS setting to display email address to OFF #7411

merged 1 commit into from
Oct 12, 2015

Conversation

pe7er
Copy link
Contributor

@pe7er pe7er commented Jul 11, 2015

A default installation of Joomla leaks email addresses of the website & authors via RSS & ATOM feeds.
Even when you have RSS not enabled (via Content > Article Manager > [Options] button (on the right) > "Integration" tab > Show Feed Link: set to Hide) visitors can see the RSS/ATOM feeds of Category Blog items & Contact items by adding ?format=feed&type=rss or ?format=feed&type=atom behind the URL.

The default setting of Joomla is to show the "Author" email address in tag for every RSS feed
and the general site admin address in tag.
(via System > Global Configuration > Feed Email Address > default = Author Email)

This PR sets the default to "No Email".

@brianteeman
Copy link
Contributor

If I remember correctly when this issue was first brought up it is not a
valid RSS field without an email address

That was why we introduced the site email as an option for the RSS field
instead of the Author email which is the norm

On 11 July 2015 at 15:49, Peter Martin notifications@github.com wrote:

A default installation of Joomla leaks email addresses of the website &
authors via RSS & ATOM feeds.
Even when you have RSS not enabled (via Content > Article Manager >
[Options] button (on the right) > "Integration" tab > Show Feed Link: set
to Hide) visitors can see the RSS/ATOM feeds of Category Blog items &
Contact items by adding ?format=feed&type=rss or ?format=feed&type=atom
behind the URL.

The default setting of Joomla is to show the "Author" email address in tag
for every RSS feed
and the general site admin address in tag.
(via System > Global Configuration > Feed Email Address > default = Author
Email)

This PR sets the default to "No Email".

You can view, comment on, or merge this pull request online at:

#7411
Commit Summary

  • Set default RSS setting to display email address to OFF

File Changes

Patch Links:


Reply to this email directly or view it on GitHub
#7411.

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
http://brian.teeman.net/

@brianteeman
Copy link
Contributor

This is the discussion etc from before - I have no idea/opinion if it is correct
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=25295&start=0

@pe7er
Copy link
Contributor Author

pe7er commented Jul 11, 2015

IMHO it's an option that should be switched OFF by default. If people want to publish their email address via RSS feeds, than that should be an informed choice.

From the following information I think that an RSS feed without email address information is still valid.
Please see the RSS 2 specification at https://validator.w3.org/feed/docs/rss2.html#sampleFiles

Required channel elements

title + link + description

Optional channel elements

managingEditor - Email address for person responsible for editorial content.

Elements of

A channel may contain any number of items. An item may represent a "story" -- much like a story in a newspaper or magazine; if so its description is a synopsis of the story, and the link points to the full story. An item may also be complete in itself, if so, the description contains the text (entity-encoded HTML is allowed), and the link and title may be omitted. All elements of an item are optional, however at least one of title or description must be present.

author = Email address of the author of the item
author is an optional sub-element of item.

@pe7er pe7er closed this Jul 11, 2015
@pe7er pe7er reopened this Jul 11, 2015
@pe7er
Copy link
Contributor Author

pe7er commented Sep 19, 2015

I just checked the specs for Atom feeds at https://validator.w3.org/feed/docs/atom.html
and the email address is also optional for this kind of feeds.

@brianteeman
Copy link
Contributor

I stand corrected 🙇

@wojsmol wojsmol mentioned this pull request Sep 19, 2015
Merged
@pe7er
Copy link
Contributor Author

pe7er commented Sep 21, 2015

👍 And thanks @brianteeman for the remove configuration.php tip to test the patch with settings that need to be set during installation.

The settings are configured during installation and therefore it's not possible to test this PR in a normal way using the Patch Testing Component.

Test Procedure

Before the Patch

  • in System > Global Configuration > Feed Email Address > default setting displays "Author" or "Site".
  • The front-end should leaks the email address, even if RSS is not used. You can see that by visiting a menu item of Category Blog type, add ?format=feed&type=rss or ?format=feed&type=atom behind the URL and see the RSS or ATOM output. It will display an email address.

After the Patch

  • Install the patch using Patch Testing Component
  • remove configuration.php
  • start new installation procedure (to set the corrected settings via the PR)
  • test if the new settings are correct
    • in System > Global Configuration > Feed Email Address > default setting should be "No Email"
    • The front-end should not display any email address in RSS or Atom feeds. Test a menu item with Category Blog, add ?format=feed&type=rss or ?format=feed&type=atom behind the URL and analyse the RSS or ATOM output. It should not display an email address.

How to remove the patch

  • Install Patch Testing Component
  • Install the Patch again via Patch Testing Component (the code of this PR is still there, the database reference needs to be recreated so that it can be removed)
  • Remove the Patch via Patch Testing Component
  • remove configuration.php
  • start new installation procedure (to get back the original settings)
  • Install Patch Testing Component

@hans2103
Copy link
Contributor

I have tested this item ✅ successfully on 0e45609

thank you for the clear test instructions.

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7411.

@slibbe
Copy link

slibbe commented Oct 11, 2015

I have tested this item ✅ successfully on 0e45609

Works as described in clear test script.

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7411.

@zero-24
Copy link
Contributor

zero-24 commented Oct 11, 2015

RTC :) 👍

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7411.

@joomla-cms-bot joomla-cms-bot added the RTC This Pull Request is Ready To Commit label Oct 11, 2015
@zero-24 zero-24 added this to the Joomla! 3.4.5 milestone Oct 11, 2015
rdeutz added a commit that referenced this pull request Oct 12, 2015
@rdeutz
Merge pull request #7411 from pe7er/rss-email-default-off
89f00ad 
Set default RSS setting to display email address to OFF
@rdeutz rdeutz merged commit 89f00ad into joomla:staging Oct 12, 2015
@joomla-cms-bot joomla-cms-bot removed the RTC This Pull Request is Ready To Commit label Oct 12, 2015
@zero-24 zero-24 modified the milestones: Joomla! 3.4.6, Joomla! 3.5.0 Oct 28, 2015
@pe7er pe7er deleted the rss-email-default-off branch November 5, 2015 00:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Joomla! 3.5.0
Development

Successfully merging this pull request may close these issues.
7 participants
@pe7er @brianteeman @hans2103 @slibbe @zero-24 @rdeutz @joomla-cms-bot