Plugin leaks post content on password-locked posts
-
Hi! Great plugin, mostly, thanks for writing it. But there’s a fairly large problem if you use password-locked posts.
On WordPress proper, a password-locked post exposes the title, author, and so on, but none of the content.
This plugin, however, generates an excerpt of the post even if no such preview/summary is added by the author and federates that excerpt in the timeline, exposing the first 400 characters of the post. That can in fact be the entire post, rendering the password-protection de facto null and void.
I would expect the behaviour to be the same as WordPress proper, and show no excerpt.
(Private posts do not generate any of this behaviour and operate correctly.)
I hope you can adjust this. Until then, password-protected posts cannot be safely used and this should be strongly notated in installation documentation.
Thank you again for writing the plugin! Other than this – which I found in a pretty alarming/bad way – it’s been great.
-
I updated to the latest version and now it seems to be only sharing links ever, even on public posts. I’ve tried a variety of settings to get it to do anything else, all to no avail. I also tried deactivating and reactivating the plugin and that didn’t help.
Anyone else seeing this?
ETA: Okay. I’ve narrowed this down finally. It’s not in Post-Content, it’s in Activity-Object-Type, and the problem is showing up if you select WordPress Post-Format. I have been using that format because excerpts in that format display better with some of my posts than the default “Note” format, particularly posts with newlines and tables up front. But at the moment, with the latest drop, Activity-Object-Type of WordPress Post-Format federates only as a link, even on fully-public posts.
The ?WordPress post Typ“ tries to map the WordPress post type to an ActivityPub post type. That is in most of the cases ?Article“, some times ?Note“ (for status and aside) and sonetimes video, audio, … As far as I know, Mastodon only shows more than a link on the ?Note“ type. On every other type it shows the link. So if you chose WordPress post type, it depends on the post type you use.
But before 0.17 it wasn’t showing just the link with “WordPress post type.” I’ve had that selected since I installed ActivityPub and it was showing previews. And it was doing it in a way that looked slightly better in some cases than with the Note type.
Here’s an example as seen from Mastodon, posted two days ago, before 0.17, with “WordPress post type” selected in the plugin UI, but there are many more examples before and after that. Then with 0.17 you can see it changes to just URLs, until I set it back to Note type, where it starts working again.
I mean… maybe it was confused and actually using Note type the entire time but the UI said it wasn’t.
<time datetime=”2023-03-01T22:41:14.000Z”>2d</time>
{email removed by moderator}
still about twitter, but about terrible management, not fascism
Twitter used to be a really good and important tool for disaster management, before it was a disaster itself. This isn’t necessarily as well known outside of certain subsectors of twitter users, but it genuinely was important – not to gawkers, but actual emergency-management and disaster-response professionals.
That’s gone now, and it’s a real […]
No problem! And that has nothing to do with being dumb! The whole ActivityPub thing is so complex and it is so frustrating that every Plattform handles Activities differently! I am sorry for the bug before and the confusion! I hope it now works as expected! ??
- The topic ‘Plugin leaks post content on password-locked posts’ is closed to new replies.
