discourse ver: 2.7.0.beta4
discourse-chat-integration ver: latest from git as @ 25/02/21
browser: firefox 85.0.1 (64-bit)
os: ubuntu 20.20 (latest patching)
bit off an interesting one.
we have a few discourse first post only to discord transfers which work a treat although the user’s name gets displayed which seems to be a security oversight.
i can’t find anywhere where this is configurable and have a suspicion it may be an oversight?
@Orzo is all it should be displaying
if i’ve had a boy look and there is an article here that i have not managed to find, feel free to point me to it.
Does the full name appear on the Discourse post on the forum, or just the username? (in other words, is the setting prioritize username in ux enabled on your Discourse site?)
i went and checked a couple of things, have not gotten to the specific discord element you mention (removed: brainfart)
checked exactly which attribute “James Mitchell” is contained in under Orzo’s discourse profile I have found that the name doesn’t actually appear anywhere in the user’s account.
I checked a few other posts into discord from discourse with similar string @profile and found the same thing.
that setting prioritize username in ux is enabled.
toggled the setting - did not alter behaviour
installed data browser and confirmed that users.name is what is finding its way to discord
interestingly users.name doesn’t appear editable through the discourse UI - am i having a muppet moment here?
Hola, esto todavía está sucediendo y parece provenir de la dirección de correo electrónico, pero solo de ciertos usuarios. ¿Podría estar obteniendo la dirección de correo electrónico y de alguna manera eliminando la puntuación y todo lo que está después del @?
Este es un problema de protección de datos bastante preocupante.
Lamento desenterrar esto, pero los usuarios están un poco preocupados. He tenido que deshabilitar la integración.
El nombre proviene del campo ‘name’ de Discourse, que se rellena durante el registro (ya sea escribiéndolo el usuario o recuperándolo de su sistema de inicio de sesión). Dependiendo de cómo esté configurado su foro, este valor podría estar oculto en la interfaz de usuario, por lo que definitivamente es confuso que aparezca a través de la integración de chat.
