Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
No email to users if category is already established
johngoodell
New
Posted this as a reply to another question about this awesome addon - everything is working except when a category/question is already started, and a new user signs up to the forum and selects to receive email notifications about that category, nothing is sent out. It only seems to work for categories created AFTER a given user signs up. Any possibility of a fix for this, cd? Thanks - it's an awesome addition to Vanilla...
Tagged:
0
Comments
Ah, is this for users who subscribe to "All Discussion", i.e. all categories?
If that is the case, and what I think is happening *is* happening, then subscribing to "All" will subscribe to all the categories that the user is able to view at that point. Adding new categories would not add to those subscriptions.
Even worse, taking the privileges away from a user to view a given category will most likely also not remove the subscription from that user, so the user may be receiving notifications for categories they no longer have access to. We need to check that out.
Edit: looking at the code, the plugin does not do any last-minute checks on whether a user is allowed to access a category before sending a notification. It also does not store "All Discussions" as a distinct setting separate from just subscribing to a list of categories defined at a point in time. So I think that is the problem.
Another thing, looking at the code, is that I am not sure whether the plugin checks permissions on categories that a user subscribes to. It may limit the categories that are displayed on the subscription form, but it does not look like it checks what the form sends. What you don't want to happen is for a user to be able to inject into the form, category IDs for categories they do not otherwise have permission to look at. I've done this myself using Firebug to demonstrate similar flaws on some quite mainstream (i.e. expensive and important) products. I have not tested this here, so apologies in advance if there is a security check I did not spot - I know there is a lot of magic validation in the forms that Vanilla generates that I am not completely up-to-speed with. It just needs to be mentioned anyway.
Appreciate the reply. Here's my scenario:
1. Established forum with a bunch of discussions going on.
2. New user applies and is confirmed.
3. User goes to their preferences page and clicks "E-mail Subscriptions" option.
4. By default - nothing is checked. User selects 1 of the categories.
5. Saves settings and returns to the forum
6. User reports that they are NOT receiving emails when things are posted to this discussion.
7. If user starts a NEW discussion and goes to check e-mail subscriptions for that new discussion, they DO receive emails of future posts.
Any thoughts?
Do you know of any addon (couldn't find on on this forum) that enables users to post to the forum via email (instead of logging in and posting via web)? Even through an encrypted address - or some other means?
Thanks!
John
Glad you solved this. The conclusion you reached is true... the plugin features only NEW discussions started after subscription. For the rest, the Bookmark feature should be enough.
/cd
/cd
Based on the fact that there's no "reply by email" feature, I'd suggest that the default mail sender be "noreply@domain.com".