You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I run a blog where regular readers can post. They are, effectively, authors. I activated the auto-subscription for authors, in order to them get notified of new comments.
One of my readers noticed that, since he is the author, he can manage other readers' subscriptions in his posts, which exposes other readers emails to him. He considered this behavior, in this scenario, a privacy bug. I tend to agree.
Is it possible to implement an option that restricts access to a post's subscriptions management to admins?
The text was updated successfully, but these errors were encountered:
Hi!
I run a blog where regular readers can post. They are, effectively, authors. I activated the auto-subscription for authors, in order to them get notified of new comments.
One of my readers noticed that, since he is the author, he can manage other readers' subscriptions in his posts, which exposes other readers emails to him. He considered this behavior, in this scenario, a privacy bug. I tend to agree.
Is it possible to implement an option that restricts access to a post's subscriptions management to admins?
The text was updated successfully, but these errors were encountered: