Bug #11086
closedUsers clicking "unsubscribe" on a forwarded CAC group email can unsubscribe a another user from a group
0%
Description
Periodically over the years, we've seen strange events where I (and a few others) have found themselves mysteriously having their email notifications for a particular group set to "No Email."
I am wondering whether i just figured out part of the problem.
I forward a fair amount of email in my various capacities -- forwarding an email from one Commons group to MA/MS students, for instance, or forwarding an email from our NYCDH group to students.
I sometimes remember to delete some of the footer information (unsubscribe links, etc) from the emails before I forward them, but sometimes I don't.
I just tried an experiment with an email that I erroneously forwarded before deleting the unsubscribe link. I opened the link from my web-based email client (gmail) in a private window. I was brought to an option, even as a non-logged-in user, to unsubscribe from the group in question. I clicked "unsubscribe" and indeed, I was informed that I was now unsubscribed. The problem was that I was not logged into the account that was being unsubscribed from the group.
Please see if you can replicate this. If you can, I think we should put some checks in place to ensure that only people logged in to an account can unsubscribe that account from a particular group.
Files
Related issues
