Skip to:
Content
Pages
Categories
Search
Top
Bottom

Private group posts appearing in Activity Stream to non-members

  • Avatar of Peter vanDoorn
    Peter vanDoorn
    Participant

    @petervandoorn

    WP 3.5.1, BP 1.7 & bbPress 2.3.2 with a self-developed child theme of BP Default (which does not modify any BP functions, only adds additional pages for non-BP stuff). Have tried the usual trouble-shooting techniques of changing theme, turning off plugins, etc).

    Forum posts in a private group are being shown to all in the site-wide Activity Stream, even if they are not members of that particular group.

    If the user tries to visit the group or the group’s forum then they are prevented from doing so with the usual you are not a member of this group message.

    Anyone got any insights in to how to stop this, or is it a bug?

    Ta.

Viewing 13 replies - 1 through 13 (of 13 total)
  • Avatar of @mercime
    @mercime
    Keymaster

    @mercime

    Avatar of Peter vanDoorn
    Peter vanDoorn
    Participant

    @petervandoorn

    Thanks but, like kraigg there, I am running bbPress 2.3.2 so this issue is very much not fixed!

    Avatar of Peter vanDoorn
    Peter vanDoorn
    Participant

    @petervandoorn

    Will there ever be a resolution to this problem? BP 1.8 with bbPress 2.3.2 on WP 3.6 still sees forum posts in Private groups appearing in non-group members’ activity streams!

    Avatar of Peter vanDoorn
    Peter vanDoorn
    Participant

    @petervandoorn

    Update: bbPress 2.4 does not fix the bug!

    Avatar of deepwave
    deepwave
    Participant

    @deepwave

    Avatar of seamtv
    seamtv
    Participant

    @seamtv

    I’ve been having the same problem. It’s a huge security breach and I’d love to get to the bottom of it. I’m using buddypress 1.8.1 and bbpress 2.4.
    It’s actually really scary, since my private forums are having sensitive conversations that they believe to be private when, in fact, they are being broadcast in their entirety to everyone. This is horrendous.

    Avatar of seamtv
    seamtv
    Participant

    @seamtv

    I think the problem is coming from my caching scheme!
    I deactivated all cachine (except Varnish) and it looks like the hide_sitewide is being obeyed. Hmmm. I specifically told the caching plugin to NOT cache the /activity URI but it ignored this request, it seems!

    Avatar of seamtv
    seamtv
    Participant

    @seamtv

    Well, that sorta fixed it. The topic posts don’t show up but the replies to those posts still do.

    Avatar of Peter vanDoorn
    Peter vanDoorn
    Participant

    @petervandoorn

    Well, I’ve solved the problem – or, at least, what was causing MY problem – others may be having different issues.

    Background: I originally set up this site in BP 1.6. When 1.7 came along and the old built-in forum system was deprecated, I installed bbPress 2.3 as instructed and it migrated all of my forums over to the new system.

    So, I naturally assumed that all of the settings would be taken over too. I’ve just looked at the individual forums and have noticed that they have all had their Visibility set to Public, even though they are in Private or Hidden groups!

    So, setting the visibility to what it should be has solved the problem.

    HOWEVER, I do still consider there to be at least 3 bugs in the BuddyPress / bbPress software:
    1. When the forums were converted from bbPress 1.x to 2.x they should have had their visibility set correctly.
    2. The forums are all hosted within groups. Forums like this should respect the group’s Privacy settings.
    3. Even if you should set a Public forum within a Private group, the posts should not appear in non-members’ activity feeds. The forum itself is not visitable, neither are its individual posts.

    Peter

    Avatar of seamtv
    seamtv
    Participant

    @seamtv

    Actually, this problem is not resolved and appears to be pretty bad. Here’s my rundown:

    I think the problem has to do with buddypress – bbPress integration.
    The bbPress Group Forums appear to be set to ‘Open’ by default, even if they are hidden within buddypress. In fact, I cannot alter this. I tried changing my secret forum to ‘hidden’ within bbPress (2.4) and it won’t save the change – it always comes back as ‘open’.
    Therefore, it’s up to buddypress to manage the privacy of the forum. It seems to be doing this with new topic posts (I can confirm that hide_sitewide in the activity stream table is “1″ for new posts). The problem is that if someone replies to that post, the hide_sitewide for that reply is set to “0″, even though it’s inside of a ‘hidden’ group forum. To me, this is a serious security breach, as it exposes the forum name, the original topic name, and the contents of the reply in EVERYONE’s Activity stream, whether they are logged in or not, a member of the hidden forum or not.

    Avatar of deepwave
    deepwave
    Participant

    @deepwave

    Update: bbPress 2.4.1 does not fix the bug!

    Avatar of Apokh
    Apokh
    Participant

    @apokh

    With the actual BBPress +Buddypress releases it is STILL no solution there :/
    It´s a bit frustrating, for the “Activity Wall” should be a central function of a group driven community.

    Perhaps anyone has a solution meanwhile?

    Avatar of notpoppy
    notpoppy
    Participant

    @notpoppy

    @petervandoorn

    I also have this problem running WordPress 3.9.1, BuddyPress 2.0.1 and BBPress 2.5.4. It’s only been the case since I moved over to BBPress for forums.

    I’m happy to help anyone who’s trying to fix this apparent bug.

    These other threads appear to be relevant:

    http://buddypress.org/support/topic/private-group-topics-appearing-in-activity-stream-help/ (@kraigg)
    http://buddypress.org/support/topic/bugs-between-bbpress-and-buddypress/ (@jboye, @johnjamesjacoby)

Viewing 13 replies - 1 through 13 (of 13 total)

You must be logged in to reply to this topic.