[bd] Social Share [Deleted]

[tohaitrieu]

The page source does not change after you edit the template or else? Please define "not work".

It mean Facebook Debug not reconize author meta tag for my site. And i can't fix this.

 

[xfrocks]

It mean Facebook Debug not reconize author meta tag for my site. And i can't fix this.

Were you able to follow the instruction?

 

[tohaitrieu]

Were you able to follow the instruction?

I remove https://facebook.com/ from author tag as your suggestion. When i debug, Facebook scrap my thread as article but author tag not work.

 

[xfrocks]

I remove https://facebook.com/ from author tag as your suggestion. When i debug, Facebook scrap my thread as article but author tag not work.

Facebook seems to stop complaining about invalid value of article:author after the change. If you try the Scrape API (link at the bottom of the debug tool), you will see that it does extract the author id successfully:


But it failed to resolve the profile name etc. Can you try to create thread by a different XenForo account, which connects to a different Facebook account?

 

[farang]

I've experienced quite a serious vulnerability on my site when using [bd] Social Share 2.3.0.

When [bd] Social Share 2.3.0 is enabled a guest without any permissions can enter the following URL

https://MYSITE.COM/threads/99999/

(99999 should be an exising thread ID, in a forum that the guest has no permissions for)

A XenForo error page will be displayed showing the text "You must be logged in to do that". That's expected but when When [bd] Social Share 2.3.0 is enabled, there is also a breadcrumb revealing the forum name, the thread starter and the posting time. The thread title is displayed in the URL so it's also revealed.

It's serious because unauthorized users or even guests can figure out if you have "hidden" forums, the name of those forums, who is participating and might even get a clue what the hidden discussion is about (judging from the thread title). It might be forum staff discussing individual members.

Now, the vulnerability that I've just described might be the result of a combination of add-ons or even by a mistake that I've done. It might also be so that it happens under certain conditions. So it might be so that [bd] Social Share 2.3.0 is not the cause of the vulnerability I've described above.

If You also have [bd] Social Share 2.3.0 please help me to check on your site if a guest by guessing the thread ID for a thread residing in one of your "secret/hidden" forums can reveal the information that I described above. Thanks!

 

[xfrocks]

I've experienced quite a serious vulnerability on my site when using [bd] Social Share 2.3.0.

When [bd] Social Share 2.3.0 is enabled a guest without any permissions can enter the following URL

https://MYSITE.COM/threads/99999/

(99999 should be an exising thread ID, in a forum that the guest has no permissions for)

A XenForo error page will be displayed showing the text "You must be logged in to do that". That's expected but when When [bd] Social Share 2.3.0 is enabled, there is also a breadcrumb revealing the forum name, the thread starter and the posting time. The thread title is displayed in the URL so it's also revealed.

It's serious because unauthorized users or even guests can figure out if you have "hidden" forums, the name of those forums, who is participating and might even get a clue what the hidden discussion is about (judging from the thread title). It might be forum staff discussing individual members.

Now, the vulnerability that I've just described might be the result of a combination of add-ons or even by a mistake that I've done. It might also be so that it happens under certain conditions. So it might be so that [bd] Social Share 2.3.0 is not the cause of the vulnerability I've described above.

If You also have [bd] Social Share 2.3.0 please help me to check on your site if a guest by guessing the thread ID for a thread residing in one of your "secret/hidden" forums can reveal the information that I described above. Thanks!

It's a feature and there is an option for that: "Custom Access Denied Rendering", you can disable it if you don't like to expose those information. The idea is to avoid blank Facebook preview for contents, those preview are cached for quite some time so it may cause issue if no information is available on the first hit.

 

[farang]

It's a feature and there is an option for that: "Custom Access Denied Rendering", you can disable it if you don't like to expose those information. The idea is to avoid blank Facebook preview for contents, those preview are cached for quite some time so it may cause issue if no information is available on the first hit.

Thanks. It works as You said. I see that the feature is enabled by default. I've disabled it now. I'm not sure though that all forum owners using this add-on have realized that secret information about hidden forums might be revealed as a result of not disabling "Custom Access Denied Rendering".

Cheers!

 

[xfrocks]

Thanks. It works as You said. I see that the feature is enabled by default. I've disabled it now. I'm not sure though that all forum owners using this add-on have realized that secret information about hidden forums might be revealed as a result of not disabling "Custom Access Denied Rendering".

Cheers!

That's true, this is an overlook from our part. Future release will have this feature turned off by default.

 

[thenashy]

Will this post an image with an update sent to the page?

Eg. Is this achievable with this add-on?

 

[Daniel-SP]

Hello, how can I add the prefit to the shared text?

I know that I need to update the template bdsocialshare_user_text_thread_auto but idk how to use it.

 

[xfrocks]

Hello, how can I add the prefit to the shared text?

I know that I need to update the template bdsocialshare_user_text_thread_auto but idk how to use it.

Yes, edit that one and insert this in front of it

{xen:helper threadPrefix, $thread, escaped}

 

[rdn]

@xfrocks any update on this addon regarding FB API?

Facebook Graph API 2.4 EOL on 09/10/17

 

[Daniel-SP]

Hello mate @xfrocks,

Just upgraded to 1.5.15 and got the following error into File Health Check option:

library/bdSocialShare/ShippableHelper/TempFile.php
File does not contain expected contents.

 

[OakleyForum]

Would love to see this support Pinterest - i.e a new thread is created, it auto posts any attached images with the URL linking back using the thread title as the post title.

 

[LurkerLou]

Any word on XenForo 2.0 compatible version?

 

[LurkerLou]

Any word on XenForo 2.0 compatible version?

 

[rdn]

@xfrocks ?
I always have this error every hour:

Server Error Log

Error Info
bdSocialShare_Exception_HttpClient: Read timed out after 10 seconds - library/bdSocialShare/Model/Facebook.php:115
Generated By: Unknown Account, A moment ago

Stack Trace
#0 /public/library/bdSocialShare/Model/Publisher.php(97): bdSocialShare_Model_Facebook->publish('193315974056473', Object(bdSocialShare_Shareable_Post), 'CAAHDZB8o5U1wBA...')
#1 /public/library/bdSocialShare/Model/Publisher.php(22): bdSocialShare_Model_Publisher->facebookPublish('Pinoy Latest Te...', Object(bdSocialShare_Shareable_Post), Array)
#2 /public/library/bdSocialShare/Model/ShareQueue.php(70): bdSocialShare_Model_Publisher->publish('facebook', 'Pinoy Latest Te...', Object(bdSocialShare_Shareable_Post), Array)
#3 /public/library/bdSocialShare/Model/ShareQueue.php(172): bdSocialShare_Model_ShareQueue->publish(Object(bdSocialShare_Shareable_Post), Array, false, Array)
#4 /public/library/bdSocialShare/Deferred/ShareQueue.php(10): bdSocialShare_Model_ShareQueue->runQueue(7.9999988079071)
#5 /public/library/XenForo/Model/Deferred.php(295): bdSocialShare_Deferred_ShareQueue->execute(Array, Array, 7.9999988079071, '')
#6 /public/library/XenForo/Model/Deferred.php(429): XenForo_Model_Deferred->runDeferred(Array, 7.9999988079071, '', false)
#7 /public/library/XenForo/Model/Deferred.php(374): XenForo_Model_Deferred->_runInternal(Array, NULL, '', false)
#8 /public/deferred.php(23): XenForo_Model_Deferred->run(false)
#9 {main}

Request State
array(3) {
  ["url"] => string(37) "https://www.xenforo.com/deferred.php"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(4) {
    ["_xfRequestUri"] => string(18) "/f/-/create-thread"
    ["_xfNoRedirect"] => string(1) "1"
    ["_xfToken"] => string(8) "********"
    ["_xfResponseType"] => string(4) "json"
  }
}

Any update on this @xfrocks ?
Only happens with FB Auto Sharing for `Thread Create`.

 

[Daniel-SP]

Any update on this @xfrocks ?
Only happens with FB Auto Sharing for `Thread Create`.

I get it every 20 minutes...

 

[xfrocks]

I get it every 20 minutes...

View attachment 165149

Looks like a connection issue between your server and Facebook. Have it stopped by now? Also, where do you place your server? How about you @RoldanLT?

 

[Daniel-SP]

Have it stopped by now?

I have a Linode VPS.

Yes, its been like 12 hours without any exception