allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alberto Betella" <yellow...@users.sf.net>
Subject [allura:tickets] #7378 RSS feeds shouldn't include comments held for moderation [ss7527]
Date Wed, 13 Aug 2014 10:01:47 GMT
I just did a quick test, and added a few "test comments" to my own news. These replaced the
old spam comments in the feed. Then I deleted those comments, however they are still present
in the RSS feed. So the issue is not completely solved. RSS feed and news should be always
in sync. A comment should not appear forever in the RSS feed even if it's deleted from the
news.


---

** [tickets:#7378] RSS feeds shouldn't include comments held for moderation [ss7527]**

**Status:** closed
**Milestone:** forge-jul-25
**Labels:** support p3 42cc 
**Created:** Wed May 07, 2014 07:03 PM UTC by Chris Tsai
**Last Updated:** Wed Aug 13, 2014 09:52 AM UTC
**Owner:** nobody

Ref: [forge:site-support:#7527]

>There is a serious bug releated to the RSS with the projects news on SF that allows anyone
to post comments to a news, and have their posts published directly to the RSS news feed without
any moderation. This can be easily exploited by spammers.
As an example, yesterday I received 3 spam comments on a news I posted. I never accepted those
comments, and I marked them as spam. HOWEVER, they appeared anyway (and -worst of all- they
still are present) in the RSS news feed.

>This is the news URL:
https://sourceforge.net/p/podcastgen/news/2014/05/podcast-generator-on-sourceforge-blog/
and this is the RSS feed that includes the SPAM comments that were never approved (I also
attach a screenshot):
https://sourceforge.net/p/podcastgen/news/feed

>The consequences of having comments propagated to the RSS feed prior to moderation and
even when they are deleted is the propagation of the content to other websites that read that
feed.
In the official Podcast Generator project website, for example, I show automatically the latest
3 news from that RSS feed generated by Sourceforge: hence I had in the home page 3 spam news
since yesterday (now I filtered them manually).
The worst consequence of this bug, however, is that my open source software retrieves the
last entry from the official news RSS feed and displays it by default in the admin section,
therefore thousands of users are currently seeing a SPAM message displayed in their admin
section and I have no way to correct this (until you fix this issue).

>Thank you in advance,
best
Alberto

User also provided a [screenshot](https://sourceforge.net/p/forge/site-support/7527/attachment/Screen%20Shot%202014-05-04%20at%2014.27.57.png)


---

Sent from sourceforge.net because dev@allura.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.
 Or, if this is a mailing list, you can unsubscribe from the mailing list.
Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message