Built-in chat (comment system) leaks "recent comments" on standard theme

betterangels / better-angels

The Better Angels are a group of anarchists committed to feminist, anti-racist, anti-capitalist struggle who use direct action software development as a technique of liberatory resistance.

https://betterangels.github.io/

55 stars 12 forks source link

Built-in chat (comment system) leaks "recent comments" on standard theme #157

Closed fabacab closed 8 years ago

fabacab commented 8 years ago

Using the built-in commenting system, messages are treated as comments on posts and so they appear as "Recent comments" in various parts of the default theme (and probably others, too) despite being attached to a custom post type.

This is a privacy leak because while the comment itself is not visible, the user name, comment time, and Alert title (custom or default message) are all exposed.

fabacab commented 8 years ago

Looks like this is fixable by using the get_comments action, see source code of WP_Comment_Query::get_comments().