Project

General

Profile

Actions

Bug #11086

closed

Users clicking "unsubscribe" on a forwarded CAC group email can unsubscribe a another user from a group

Added by Matt Gold about 5 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Category name:
Email Notifications
Target version:
Start date:
2019-02-12
Due date:
% Done:

0%

Estimated time:
Deployment actions:

Description

Periodically over the years, we've seen strange events where I (and a few others) have found themselves mysteriously having their email notifications for a particular group set to "No Email."

I am wondering whether i just figured out part of the problem.

I forward a fair amount of email in my various capacities -- forwarding an email from one Commons group to MA/MS students, for instance, or forwarding an email from our NYCDH group to students.

I sometimes remember to delete some of the footer information (unsubscribe links, etc) from the emails before I forward them, but sometimes I don't.

I just tried an experiment with an email that I erroneously forwarded before deleting the unsubscribe link. I opened the link from my web-based email client (gmail) in a private window. I was brought to an option, even as a non-logged-in user, to unsubscribe from the group in question. I clicked "unsubscribe" and indeed, I was informed that I was now unsubscribed. The problem was that I was not logged into the account that was being unsubscribed from the group.

Please see if you can replicate this. If you can, I think we should put some checks in place to ensure that only people logged in to an account can unsubscribe that account from a particular group.


Files

unsubscribe.png (7.53 KB) unsubscribe.png Raymond Hoh, 2019-02-18 08:16 PM

Related issues

Related to CUNY Academic Commons - Bug #10144: Subscription set to "no email"ResolvedRaymond Hoh2018-08-13

Actions
Actions

Also available in: Atom PDF