Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privacy/Security: Need ability to hide user emails in Notifications metabox #264

Open
jerclarke opened this issue Jul 4, 2014 · 1 comment · May be fixed by #577
Open

Privacy/Security: Need ability to hide user emails in Notifications metabox #264

jerclarke opened this issue Jul 4, 2014 · 1 comment · May be fixed by #577
Labels
Enhancement Module: Notifications [Status] Needs Patch

Comments

@jerclarke
Copy link
Contributor

I didn't notice this until we were about to launch but for us it's fundamentally a dealbreaker. When a user sees the Notifications box on a post editor they can not only see all users names (unnavoidable) but also their email addresses. I can see why this is the default (many users will be more idenfiable by email than display name) but in many cases it's a security problem.

In our case we have hundreds of authors from all over the world, and many are reporting from locations where their journalism could result in criminal investigation, harassment and arrest. In this context we try to maintain as much privacy for them as possible, and keeping their emails secret is part of it. In core WP only users with "edit_users" capability are able to see the emails of other users, which IMHO is reasonable compromise (since we need to trust and vet those people anyway).

I think EditFlow should offer a way to disable the display of emails in the Notifications box, as well as reconsidering the default behavior (maybe it could be display_name+user_name?)

Ideally a setting in Notifications would solve the problem completely for us, as well as reminding others to consider whether they want to make user emails visible in that way.

Alternately a filter to control the output would also work for me. Currently the output of the emails is completely hardcoded in EF_Module::users_select_form() in class-module.php, leaving me no way at all to stop the emails from being sent to the browser (though I can of course hide them with CSS or jQuery, that isn't actually removing them).

Here's some quickly tested code that adds a filter to control email display in users_select_form():

            <?php if (apply_filters('ef_users_select_form_display_user_email', true)) :?>
            <span class="ef-user_useremail"><?php echo esc_html( $user->user_email ); ?></span>
            <?php endif;?>

And the filter just for reference:

add_filter('ef_users_select_form_display_user_email', '__return_false');
@cojennin
Copy link
Contributor

A patch to filter the details (email, user name, display name, etc) of the User and User Groups makes sense to me.

Do you have some time to work on a patch for this? If not I can try taking a crack at it when I have some time.

@jerclarke jerclarke mentioned this issue Nov 9, 2018
Closed
@WPprodigy WPprodigy linked a pull request Jan 16, 2020 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement Module: Notifications [Status] Needs Patch
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow author email addresses to stay private Automattic/Edit-Flow
4 participants
@philipjohn @jerclarke @cojennin @htdat