Bug #10144
closedSubscription set to "no email"
0%
Description
Hi Boone,
On the CAC team group, my subscription seems to have been set to "No Email," which is a change I did not make. Any idea how this might have happened?
Files
Related issues
Updated by Boone Gorges over 6 years ago
Looking at your subscription levels in the database, you are subscribed to 'All Email' in all but a handful of your groups. The CAC group, along with "The GC Running Group", are the only ones where you have a 'No Email' setting.
I'm unsure how it could have been changed. Can you look back to see when you last received an email notification from the group?
Updated by Matt Gold over 6 years ago
the last one I see is from Mon, Jul 30, 2018 at 10:48 PM
Updated by Boone Gorges over 6 years ago
Thanks. According to the activity logs, the next activity item posted to the group after 2018-07-30 22:48 was at 2018-08-02 13:32:52. This would've been the first item from this group whose notification you missed. I've scoured the Apache access logs between those two times for the two different kinds of requests that might suggest a subscription change: 1. a POST to admin-ajax.php that has cac-community-team-project-planning as part of the referer string, and 2. a POST to your settings page. I didn't find anything. So I'm fairly sure this was not a manual settings change.
This means it must be some sort of bug, but without more information, I'm unsure that I have enough information to figure out where the bug might be. Ray, do you have any ideas?
I've collected all the data I think I can get from the current state of the database etc, so Matt, I think you can go ahead and change your subscription level back to All Email if you'd like.
Updated by Boone Gorges about 6 years ago
Recurred in #10359.
Matt, can you please look through your email to see when you last received an email from this group?
I have a suspicion that one of two things is happening:
1. The lack of nonce protection and proper permission checks in several of BPGES's subscription handlers is leaving open the possibility of accidental self-CSRF. See eg ass_user_unsubscribe_form(), ass_group_ajax_callback()
2. The fact that Matt's user ID is 1 is causing some sort of weirdness when a non-integer value is passed to ass_group_subscription(), where it gets cast to 1.
I'll dig through the code, but in the meantime it'd be helpful to have info about the last confirmed received email from Matt.
Updated by Boone Gorges about 6 years ago
(In the meantime, Matt, go ahead and resubscribe.)
Updated by Matt Gold about 6 years ago
- File Screen Shot 2018-09-20 at 3.46.16 PM.png Screen Shot 2018-09-20 at 3.46.16 PM.png added
- File Screen Shot 2018-09-20 at 3.45.01 PM.png Screen Shot 2018-09-20 at 3.45.01 PM.png added
- File Screen Shot 2018-09-20 at 3.44.46 PM.png Screen Shot 2018-09-20 at 3.44.46 PM.png added
Hi Boone,
I see two recent emails -- one from today (?!!) and one from Steve. Screenshots attached and please let me know whether you want the email source
Updated by Raymond Hoh about 6 years ago
- Related to Bug #9076: Email group subscription reset erroneously added
Updated by Raymond Hoh about 6 years ago
I linked #9076 to this ticket because Matt also described these problems on NYCDH, and forwarded me a NYCDH report last night.
I had previously set up some logs in Group Email Subscription to figure out what might be happening.
Here's the code that I am using to log what is happening, FWIW:
/**
* Log GES changes.
*/
add_filter( 'update_group_metadata', function( $retval, $object_id, $meta_key, $meta_value ) {
if ( 'ass_subscribed_users' !== $meta_key ) {
return $retval;
}
ray_log( 'group sub group ID: ' . $object_id );
ray_log( 'group sub update: ' . print_r( $meta_value, true ) );
ray_log( 'group sub backtrace: ' . wp_debug_backtrace_summary() );
return $retval;
}, 10, 4 );
add_action( 'ass_group_subscription', function( $user_id, $group_id, $action ) {
ray_log( "group sub change: user ID - {$user_id}, group ID - {$group_id}, action - {$action}" );
}, 10, 3 );
(Code above will need amending for GES 3.9.x. These logs were set up for 3.8.x in mind.)
What I discovered just now is the "Unsubscribe from this group" link, added by the Group Email Subscription plugin and located in the email footer, could be the cause of the problem.
What might be happening is some email clients could be auto-scanning email links and are following these links to confirm the safety of the link. If that happens, then a user can have their email notifications turned off for the group without prior warning.
Boone, we might have to do the same thing we did to BuddyPress activation emails, which is that the user needs to click on a button to confirm unsubscription from the group, instead of just auto-unsubscribing them as we do now.
Updated by Boone Gorges about 6 years ago
- Target version changed from Not tracked to 1.13.10
Thanks, Ray! That's almost certainly what's happening.
Is there a quick way we can remove the Unsubscribe link from Commons emails until we get this sorted out in BPGES?
Updated by Matt Gold about 6 years ago
this sounds like a likely possibility to me, too -- great thinking, Ray, and thanks!
Updated by Boone Gorges about 6 years ago
- Assignee changed from Boone Gorges to Raymond Hoh
Sounds like Ray is working on this. Thank you :-D
Updated by Raymond Hoh about 6 years ago
- Status changed from Assigned to Staged for Production Release
I've added a fix for this here - https://github.com/cuny-academic-commons/cac/commit/3f8c96214f82c6f7947a8989ea3ca5425092297a.
When someone clicks on the "Unsubscribe" link from the email footer, a form submission is now required before the actual email unsubscription takes place. This should hopefully take care of the problem.
I'll add a pull request for inclusion to the main Group Email Subscription plugin in a bit.
Updated by Boone Gorges about 6 years ago
- Status changed from Staged for Production Release to Resolved
Thanks, Ray! This looks good for the Commons. I think we should go further on the fix in the public plugin. I'll continue the conversation on GitHub. https://github.com/boonebgorges/buddypress-group-email-subscription/pull/154
Updated by Raymond Hoh almost 6 years ago
- Related to Bug #11086: Users clicking "unsubscribe" on a forwarded CAC group email can unsubscribe a another user from a group added