Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(ras): prevent email address exposure via user login #3139

Merged
merged 2 commits into from
May 27, 2024
Merged

fix(ras): prevent email address exposure via user login #3139

merged 2 commits into from
May 27, 2024

Conversation

adekbadek
Copy link
Member

@adekbadek adekbadek commented May 24, 2024
edited
Loading

All Submissions:

Changes proposed in this Pull Request:

Fixes the possibility of reader email address exposure through comments.

How to test the changes in this Pull Request:

  1. On trunk,
  2. Install and activate woocommerce-memberships-for-teams plugin
  3. Register using the Registration block
  4. Find the new user in WP Admin Users view - observe the "Display name publicly as" field is set to the email address
  5. Switch to this branch, repeat, observe the publicly displayed name is set to the part of the email before the @

Other information:

  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you written new tests for your changes, as applicable?
  • Have you successfully ran tests with your changes locally?

@adekbadek adekbadek added the [Status] Needs Review The issue or pull request needs to be reviewed label May 24, 2024
@adekbadek adekbadek requested a review from a team as a code owner May 24, 2024 11:11
claudiulodro
claudiulodro approved these changes May 27, 2024
View reviewed changes
Copy link
Contributor

@claudiulodro claudiulodro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good and works well. I like that the logic is ported to Network also. I left one non-blocking note.

includes/reader-activation/class-reader-activation.php Show resolved Hide resolved
@github-actions github-actions bot added [Status] Approved The pull request has been reviewed and is ready to merge and removed [Status] Needs Review The issue or pull request needs to be reviewed labels May 27, 2024
@adekbadek adekbadek merged commit 9b534d3 into trunk May 27, 2024
8 checks passed
@adekbadek adekbadek deleted the fix/ras-display-name branch May 27, 2024 18:31
@matticbot
Copy link
Contributor

🎉 This PR is included in version 4.1.0-epic-ras-acc.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

matticbot pushed a commit that referenced this pull request May 31, 2024
@semantic-release-bot
chore(release): 4.2.0-alpha.1 [skip ci]
b6775c4 
# [4.2.0-alpha.1](v4.1.0...v4.2.0-alpha.1) (2024-05-31)

### Bug Fixes

* **newsletters:** missing UTM params passing ([#3145](#3145)) ([0688fa0](0688fa0))
* **ras-setup:** redirect to init screen after setup ([#3142](#3142)) ([b86580b](b86580b))
* **ras:** handle RAS disabled in newsletters signup handling ([3d70a1d](3d70a1d))
* **ras:** prevent email address exposure via user login ([#3139](#3139)) ([9b534d3](9b534d3))
* **reader-revenue:** prevent sending duplicate receipt emails ([aa91890](aa91890))
* **tracking:** handling user role in pixel ([#3137](#3137)) ([a041764](a041764))

### Features

* **cli:** enable running the setup with a site import ([#3122](#3122)) ([c6cc10e](c6cc10e))
* expand memberships perf to archives ([#3148](#3148)) ([bdbdf1d](bdbdf1d))
* **memberships:** remove content restriction handling on the homepage ([b63a3fa](b63a3fa))
* update donation landing page ([#3109](#3109)) ([96218c1](96218c1))
@matticbot
Copy link
Contributor

🎉 This PR is included in version 4.2.0-alpha.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@matticbot
Copy link
Contributor

🎉 This PR is included in version 4.2.0-epic-ras-acc.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@matticbot
Copy link
Contributor

🎉 This PR is included in version 4.2.0-epic-ia.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

dkoo pushed a commit that referenced this pull request Jun 11, 2024
@adekbadek @dkoo
fix(ras): prevent email address exposure via user login (#3139)
a1b08c3
matticbot pushed a commit that referenced this pull request Jun 12, 2024
@semantic-release-bot
chore(release): 4.3.0 [skip ci]
18274a7 
# [4.3.0](v4.2.0...v4.3.0) (2024-06-12)

### Bug Fixes

* **newsletters:** missing UTM params passing ([#3145](#3145)) ([0688fa0](0688fa0))
* **ras-setup:** redirect to init screen after setup ([#3142](#3142)) ([b86580b](b86580b))
* **ras:** handle RAS disabled in newsletters signup handling ([3d70a1d](3d70a1d))
* **ras:** prevent email address exposure via user login ([#3139](#3139)) ([9b534d3](9b534d3))
* **reader-revenue:** prevent sending duplicate receipt emails ([aa91890](aa91890))
* **tracking:** handling user role in pixel ([#3137](#3137)) ([a041764](a041764))

### Features

* **cli:** enable running the setup with a site import ([#3122](#3122)) ([c6cc10e](c6cc10e))
* expand memberships perf to archives ([#3148](#3148)) ([bdbdf1d](bdbdf1d))
* **memberships:** remove content restriction handling on the homepage ([b63a3fa](b63a3fa))
* update donation landing page ([#3109](#3109)) ([96218c1](96218c1))
@matticbot
Copy link
Contributor

🎉 This PR is included in version 4.3.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@claudiulodro claudiulodro claudiulodro approved these changes

Assignees
No one assigned
Labels
released on @alpha released on @epic/ia released on @epic/ras-acc released [Status] Approved The pull request has been reviewed and is ready to merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adekbadek @matticbot @claudiulodro