1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fixed Identities displayed in message user info do not adhere to privacy settings

Discussion in 'Resolved Bug Reports' started by Steve F, Oct 20, 2014.

  1. Steve F

    Steve F Well-Known Member

    As title. When the privacy settings are set to to Members Only or People You Follow Only, the identities can be viewed by everyone in the message user info when the option "Viewable in message user info" is checked.
  2. Mike

    Mike XenForo Developer Staff Member

    Given it's been like this since 1.1, I'm surprised this hasn't been mentioned before. There is an element of expectedness (code-wise), but equally it would be unexpected to the end user. I should note that the various other message element style properties don't take any permissions into account, though nothing is explicitly called out as a privacy entry for those values specifically.

    Logistically, I think this will probably end up going down the route of not showing the info at all when you only show it to followers (or no one) and showing it conditionally if you only show it to members only.
  3. Mike

    Mike XenForo Developer Staff Member

    I have now changed this as explained above: if you set your identify privacy to followed/none, it will not be shown in a message in any case; if you set it to members only, it will only be shown to members. This change has been applied to posts and conversations.

    Note that this requires joining the user_privacy table. I have folded this in to the user_profile join for posts to make it easier and it will be included when getting conversation messages, but if you have a custom content type that uses the message template, you will need to add this join or contact fields will no longer display below the user info.
    Steve F and Amaury like this.

Share This Page