Thanks but, like kraigg there, I am running bbPress 2.3.2 so this issue is very much not fixed!
Will there ever be a resolution to this problem? BP 1.8 with bbPress 2.3.2 on WP 3.6 still sees forum posts in Private groups appearing in non-group members’ activity streams!
Update: bbPress 2.4 does not fix the bug!
I’ve been having the same problem. It’s a huge security breach and I’d love to get to the bottom of it. I’m using buddypress 1.8.1 and bbpress 2.4.
It’s actually really scary, since my private forums are having sensitive conversations that they believe to be private when, in fact, they are being broadcast in their entirety to everyone. This is horrendous.
I think the problem is coming from my caching scheme!
I deactivated all cachine (except Varnish) and it looks like the hide_sitewide is being obeyed. Hmmm. I specifically told the caching plugin to NOT cache the /activity URI but it ignored this request, it seems!
Well, that sorta fixed it. The topic posts don’t show up but the replies to those posts still do.
Well, I’ve solved the problem – or, at least, what was causing MY problem – others may be having different issues.
Background: I originally set up this site in BP 1.6. When 1.7 came along and the old built-in forum system was deprecated, I installed bbPress 2.3 as instructed and it migrated all of my forums over to the new system.
So, I naturally assumed that all of the settings would be taken over too. I’ve just looked at the individual forums and have noticed that they have all had their Visibility set to Public, even though they are in Private or Hidden groups!
So, setting the visibility to what it should be has solved the problem.
HOWEVER, I do still consider there to be at least 3 bugs in the BuddyPress / bbPress software:
1. When the forums were converted from bbPress 1.x to 2.x they should have had their visibility set correctly.
2. The forums are all hosted within groups. Forums like this should respect the group’s Privacy settings.
3. Even if you should set a Public forum within a Private group, the posts should not appear in non-members’ activity feeds. The forum itself is not visitable, neither are its individual posts.
Peter
Actually, this problem is not resolved and appears to be pretty bad. Here’s my rundown:
I think the problem has to do with buddypress – bbPress integration.
The bbPress Group Forums appear to be set to ‘Open’ by default, even if they are hidden within buddypress. In fact, I cannot alter this. I tried changing my secret forum to ‘hidden’ within bbPress (2.4) and it won’t save the change – it always comes back as ‘open’.
Therefore, it’s up to buddypress to manage the privacy of the forum. It seems to be doing this with new topic posts (I can confirm that hide_sitewide in the activity stream table is “1” for new posts). The problem is that if someone replies to that post, the hide_sitewide for that reply is set to “0”, even though it’s inside of a ‘hidden’ group forum. To me, this is a serious security breach, as it exposes the forum name, the original topic name, and the contents of the reply in EVERYONE’s Activity stream, whether they are logged in or not, a member of the hidden forum or not.
Update: bbPress 2.4.1 does not fix the bug!
With the actual BBPress +Buddypress releases it is STILL no solution there :/
It´s a bit frustrating, for the “Activity Wall” should be a central function of a group driven community.
Perhaps anyone has a solution meanwhile?
@petervandoorn
I also have this problem running WordPress 3.9.1, BuddyPress 2.0.1 and BBPress 2.5.4. It’s only been the case since I moved over to BBPress for forums.
I’m happy to help anyone who’s trying to fix this apparent bug.
These other threads appear to be relevant:
https://buddypress.org/support/topic/private-group-topics-appearing-in-activity-stream-help/ (@kraigg)
https://buddypress.org/support/topic/bugs-between-bbpress-and-buddypress/ (@jboye, @johnjamesjacoby)
