Mahara

Anonymously placed comments end up with system user

Bug #1603206 reported by Kristina Hoeppner on 2016-07-14

This bug affects 2 people

	Status	Importance	Assigned to	Milestone
Mahara	Fix Released	High	Unassigned	Mahara 17.04.0
15.04	Won't Fix	High	Unassigned
15.10	Fix Released	High	Unassigned	Mahara 15.10.7
16.04	Fix Released	High	Unassigned	Mahara 16.04.5
16.10	Fix Released	High	Unassigned	Mahara 16.10.1

Bug Description

Seen on a 15.10 site for example, but possibly also 15.04 on mahara.org

Comments placed anonymously on a page send a notification to the "System User". The real person doesn't get notified and it's a way for spammers to leave comments that aren't seen.

Gregor for example reported that he didn't get informed about spam comments on https://mahara.org/user/anzeljg/windowslive-blocktype (or the artefact) and thus couldn't remove them unless he was on the page and saw the comments. I don't get System User emails, but suspect that this might be a similar issue.

Revision history for this message

Robert Lyon (robertl-9) wrote on 2016-08-30:

See also
https://bugs.launchpad.net/mahara/+bug/1540534
https://bugs.launchpad.net/mahara/+bug/1606509

Changed in mahara:
importance:	Medium → High

Revision history for this message

Robert Lyon (robertl-9) wrote on 2016-09-09:

From my simple test:

1) In config.php have
$cfg->sendemail = true;
$cfg->sendallemailto = '[an actual email address]';

2) On a clean site create a user 'User A'

3) Login as user A
4) Create page
5) Make page public
6) Logout

7) Go to page while logged out and leave comment (anonymous user comment)

In you email inbox you should receive two emails (well I did) one meant for User A and one meant for Root user

The one for Root user is not needed so should be fixed - but there was one sent for User A so I'm not sure why Gregor didn't get any email (unless his notification settings were different for comments)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-09: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/6951

Robert Lyon (robertl-9) on 2016-09-09

Changed in mahara:
status:	Confirmed → In Progress

Revision history for this message

Robert Lyon (robertl-9) wrote on 2016-09-09:

The comments should be sent to page owner

I wonder what happens if the owner of the page is not set eg group/institution page

Will have to look into that

Revision history for this message

Kevin Mueller (qq3dh7w-kevin-mm0v6n6) wrote on 2016-09-29:

Maybe related to "forum notification mails sent to system user" https://bugs.launchpad.net/mahara/+bug/1628839

Robert Lyon (robertl-9) on 2016-10-21

Changed in mahara:
milestone:	16.10.1 → 17.04.0

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-11-23: A change has been merged

Reviewed: https://reviews.mahara.org/6951
Committed: https://git.mahara.org/mahara/mahara/commit/19cbae54e23e762aa46112735e49a1a5a497363d
Submitter: Aaron Wells (<email address hidden>)
Branch: master

commit 19cbae54e23e762aa46112735e49a1a5a497363d
Author: Robert Lyon <email address hidden>
Date: Fri Sep 9 18:04:21 2016 +1200

Bug 1603206: Anonymous comments set watchlist for root user

When an anonymous comment was left it would set up a watchlist for the
view to sent to root user (user id = 0)

This patch stps that happening and removes any existing rows in
usr_watchlist_view for usr = 0

behatnotneeded

Change-Id: I8a560ac778359d2f4c398a318c7abac3573bb348
Signed-off-by: Robert Lyon <email address hidden>

Aaron Wells (u-aaronw) on 2016-11-23

Changed in mahara:
status:	In Progress → Fix Committed

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-11-23: A patch has been submitted for review

Patch for "15.10_STABLE" branch: https://reviews.mahara.org/7267

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-11-23:

Patch for "16.04_STABLE" branch: https://reviews.mahara.org/7268

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-11-23:

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7269

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-11-23: A change has been merged

#10

Reviewed: https://reviews.mahara.org/7268
Committed: https://git.mahara.org/mahara/mahara/commit/0c5b3e8ced5eaad4b8ab55bde3b8ea1a98aefc61
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.04_STABLE

commit 0c5b3e8ced5eaad4b8ab55bde3b8ea1a98aefc61
Author: Robert Lyon <email address hidden>
Date: Fri Sep 9 18:04:21 2016 +1200

Bug 1603206: Anonymous comments set watchlist for root user

When an anonymous comment was left it would set up a watchlist for the
view to sent to root user (user id = 0)

This patch stps that happening and removes any existing rows in
usr_watchlist_view for usr = 0

behatnotneeded

Change-Id: I8a560ac778359d2f4c398a318c7abac3573bb348
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-11-23:

#11

Reviewed: https://reviews.mahara.org/7267
Committed: https://git.mahara.org/mahara/mahara/commit/6f3b2509648112064944aa8fffe7517486f8d728
Submitter: Robert Lyon (<email address hidden>)
Branch: 15.10_STABLE

commit 6f3b2509648112064944aa8fffe7517486f8d728
Author: Robert Lyon <email address hidden>
Date: Fri Sep 9 18:04:21 2016 +1200

Bug 1603206: Anonymous comments set watchlist for root user

When an anonymous comment was left it would set up a watchlist for the
view to sent to root user (user id = 0)

This patch stps that happening and removes any existing rows in
usr_watchlist_view for usr = 0

behatnotneeded

Change-Id: I8a560ac778359d2f4c398a318c7abac3573bb348
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-11-23:

#12

Reviewed: https://reviews.mahara.org/7269
Committed: https://git.mahara.org/mahara/mahara/commit/1dd287446a7c103e1c45ad03bae593797bae54ad
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 1dd287446a7c103e1c45ad03bae593797bae54ad
Author: Robert Lyon <email address hidden>
Date: Fri Sep 9 18:04:21 2016 +1200

Bug 1603206: Anonymous comments set watchlist for root user

When an anonymous comment was left it would set up a watchlist for the
view to sent to root user (user id = 0)

This patch stps that happening and removes any existing rows in
usr_watchlist_view for usr = 0

behatnotneeded

Change-Id: I8a560ac778359d2f4c398a318c7abac3573bb348
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9) on 2017-04-27

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1555329

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.