Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Warning: This Plugin reveals Private and Hidden posts in the RSS!

gharaldgharald
edited March 2014 in Vanilla 2.0 - 2.8

It would not be advisable to run this plugin on a site that has Private or Hidden categories.

If @jspautsch‌ or anyone else has a way to fix this, please post here. Thanks!

Tagged:

Comments

  • Any progress on this issue? temporary fix? anything? Its really quite concerning but there isnt really a good rss alternative out there that works as this one.

    (sorry for bumping this old topic)

  • vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited November 2014

    RSS can't be made private anyone with the link to the feed can access it. You must make your community private if you don't want the stuff to be accessed.

    The best way to make an RSS feed "private" is to password protect the RSS feed. Or set up a redirect is the user is not logged in, it will redirect them to login page if they try to access the feed url.

  • edited November 2014

    You misunderstood me or i didnt explain it well enough. I dont mind RSS at all but i do mind RSS showing hiden or private forum categories comments (like moderator/admin category only).

  • peregrineperegrine MVP
    edited November 2014

    @CrazyLemon said:
    You misunderstood me or i didnt explain it well enough. I dont mind RSS at all but i do mind RSS showing hiden or private forum categories comments (like moderator/admin category only).

    some suggestions:

    assuming its of importance to you, you can try contacting the author via pm and see if he would be willing to try to make it work the way you desire for a fee.

    or you could offer to sponsor another developer to see if they can program to meet your needs.

    the problem with plugins is they don't grow on trees, if a feature that someone requests isn't done, it is because either no one has the interest, or no one offered to pony up a contribution to defray the time spent by a developer.

    Expectations that all features, fixes, etc (of a particular user or group of users) by volunteers is kind of expecting alot. Or perhaps you can find a developer locally and hire them to program what you need.

    BTW, jspautsch switched to offering premium themes, presumably because no one (or very few) found it worth their while to send a donation for existing plugins.

    Developer supported plugin are best supported by supporting "the developer".

    One person in particular had opinions since a plugin was free they saw absolutely no reason why they should send a donation since it was free, that kind of mentality causes developers to drop out of the pipeline and neglect continued maintenance of plugins. Thank goodness there are some people willing to make donations, even though the plugin was freely downloadable.

    good luck and I hope you get a solution. either because someone decided to take on project free of change or because you decided to pay someone for the hours they expended meeting your needs.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

Sign In or Register to comment.