Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

No email to users if category is already established

edited April 2011 in Vanilla 2.0 - 2.8
Posted this as a reply to another question about this awesome addon - everything is working except when a category/question is already started, and a new user signs up to the forum and selects to receive email notifications about that category, nothing is sent out. It only seems to work for categories created AFTER a given user signs up. Any possibility of a fix for this, cd? Thanks - it's an awesome addition to Vanilla...

Comments

  • When you say:
    categories created AFTER a given user signs up
    do you mean discussions (aka questions) rather than categories?
  • judgejjudgej
    edited April 2011
    I can't say that is a problem I've ever encountered with this plugin. I wonder if there is something more specific in your setup?

    Ah, is this for users who subscribe to "All Discussion", i.e. all categories?

    If that is the case, and what I think is happening *is* happening, then subscribing to "All" will subscribe to all the categories that the user is able to view at that point. Adding new categories would not add to those subscriptions.

    Even worse, taking the privileges away from a user to view a given category will most likely also not remove the subscription from that user, so the user may be receiving notifications for categories they no longer have access to. We need to check that out.

    Edit: looking at the code, the plugin does not do any last-minute checks on whether a user is allowed to access a category before sending a notification. It also does not store "All Discussions" as a distinct setting separate from just subscribing to a list of categories defined at a point in time. So I think that is the problem.

    Another thing, looking at the code, is that I am not sure whether the plugin checks permissions on categories that a user subscribes to. It may limit the categories that are displayed on the subscription form, but it does not look like it checks what the form sends. What you don't want to happen is for a user to be able to inject into the form, category IDs for categories they do not otherwise have permission to look at. I've done this myself using Firebug to demonstrate similar flaws on some quite mainstream (i.e. expensive and important) products. I have not tested this here, so apologies in advance if there is a security check I did not spot - I know there is a lot of magic validation in the forms that Vanilla generates that I am not completely up-to-speed with. It just needs to be mentioned anyway.
  • @judgej,
    Appreciate the reply. Here's my scenario:

    1. Established forum with a bunch of discussions going on.
    2. New user applies and is confirmed.
    3. User goes to their preferences page and clicks "E-mail Subscriptions" option.
    4. By default - nothing is checked. User selects 1 of the categories.
    5. Saves settings and returns to the forum
    6. User reports that they are NOT receiving emails when things are posted to this discussion.
    7. If user starts a NEW discussion and goes to check e-mail subscriptions for that new discussion, they DO receive emails of future posts.

    Any thoughts?
  • I think I understand it now - I can simply use the bookmark tool to get emailed on current discussion comments. The Email addon automatically bookmarks NEW discussions for a given category as they are newly created...sorry about that :)
  • @judgej,
    Do you know of any addon (couldn't find on on this forum) that enables users to post to the forum via email (instead of logging in and posting via web)? Even through an encrypted address - or some other means?
    Thanks!
    John
  • No sorry. Once the web service API has been expanded to handle updates as well as simply reading data, I'm sure there will be a proliferation of such plugins and services.
  • Hey!

    Glad you solved this. The conclusion you reached is true... the plugin features only NEW discussions started after subscription. For the rest, the Bookmark feature should be enough.

    /cd
  • Regarding the email problem, I am also looking for a solution to that, no luck so far. Even with the new API, I'm not sure that will work, since you would still need HTTPS or some sort of authentication for who is sending the email ... which is hard to get via e-mail if not using GPG.

    /cd
  • Based on the fact that there's no "reply by email" feature, I'd suggest that the default mail sender be "noreply@domain.com".

Sign In or Register to comment.