southp
commented
6 years ago @Automattic/lannister Would this be something you folks be interested in?
Closed kriskorn closed 6 years ago
southp
commented
6 years ago @Automattic/lannister Would this be something you folks be interested in?
dmsnell
commented
6 years ago @kriskorn does this show only to the author of the post or also to people who didn't write it? In other words, is this exposing the contents of a password-protected post to someone who hasn't already seen the content?
kriskorn
commented
6 years ago @dmsnell Correct. The content is seen by all (I would assume) users who are followers of a site and have the notifications turned on.
I currently tested with my two accounts, where one was a follower and the other published the post. The follower could see the password protected content.
Same happened when I followed my teammates' site and she published a post. I was able to see the password protected content being only a follower.
dmsnell
commented
6 years ago @daniloercoli is this coming from build_new_post added in D2979-code?
daniloercoli
commented
6 years ago @dmsnell D2979 it was just a POC - the revision abandoned, and code removed long time ago (2016).
I think @blowery and his team made new post notifications working recently.
westi
commented
6 years ago I will take a look cc @bluefuton
bluefuton
commented
6 years ago @westi has prepared a patch to address this: D16833-code.
westi
commented
6 years ago Resolved in r179135-wpcom via D16833-code
A user informed us in #1320038-zen that their password-protected content is fully shown in the Notifications panel.
I ran some test on several sites and can confirm that all of the content is shown in the Notifications panel. Although, the Reader and post itself show the password field and no content.
Screenshot:
If you go directly to the post, you will not see it - https://supsjavalmis.wordpress.com/2018/08/02/password-protected-post/
However, if you use the password
testthen you see the same content as in the Notifications panel.