Closed kriskorn closed 6 years ago
@Automattic/lannister Would this be something you folks be interested in?
@kriskorn does this show only to the author of the post or also to people who didn't write it? In other words, is this exposing the contents of a password-protected post to someone who hasn't already seen the content?
@dmsnell Correct. The content is seen by all (I would assume) users who are followers of a site and have the notifications turned on.
I currently tested with my two accounts, where one was a follower and the other published the post. The follower could see the password protected content.
Same happened when I followed my teammates' site and she published a post. I was able to see the password protected content being only a follower.
@daniloercoli is this coming from build_new_post
added in D2979-code?
@dmsnell D2979 it was just a POC - the revision abandoned, and code removed long time ago (2016).
I think @blowery and his team made new post notifications working recently.
I will take a look cc @bluefuton
@westi has prepared a patch to address this: D16833-code.
Resolved in r179135-wpcom via D16833-code
A user informed us in #1320038-zen that their password-protected content is fully shown in the Notifications panel.
I ran some test on several sites and can confirm that all of the content is shown in the Notifications panel. Although, the Reader and post itself show the password field and no content.
Screenshot:
If you go directly to the post, you will not see it - https://supsjavalmis.wordpress.com/2018/08/02/password-protected-post/
However, if you use the password
test
then you see the same content as in the Notifications panel.