PandemicSoul Posted August 8, 2021 Posted August 8, 2021 I just discovered that every single forum (including closed moderator forums that people rotate in and out of and shouldn't have access to after they leave) had an RSS feed turned on. Now, I knew that Invision had an RSS feature. I had set up some RSS feed before and retrieved them. And I assumed (because I had no reason to think otherwise) that when I when to retrieve that RSS feed, and saw an addition RSS feed for the forum, that was just because all the forums I did that for were already publicly accessible so they also got an RSS feed by default. I never had any reason to click on the RSS button in a private forum to check if there was a feed for that forum, because I never had any reason to retrieve an RSS feed for a private forum. But today I just happened to be clicking around looking for the correct RSS feed for a project and it turns out, lo-and-behold, every forum had a feed, no matter how public or privately accessible it was the world. I couldn't figure out why, since – in the "RSS feeds" menu – I only had a few specific forum feeds set up. But then I searched for "rss" in the search box in Admin and it brought me to a Forums > Settings > option called "RSS feeds?" that toggled a feed on for every single forum. I've had an Invision forum for over 15 years now. I have no idea when this toggle to turn an RSS feed on for every forum was implemented. I don't ever recall turning it on, so I assume at some point it was implemented and I didn't read the release notes closely enough and didn't realize I had to turn it off? Or maybe it was off by default and at some point I turned it on not understanding what I was going? Either way, we have a warning/alert for when we give someone access to the AdminCP. Wouldn't it make sense to have a warning/alert that said something like, "A forum that has limited access has an RSS feed available – is that correct?"
Recommended Posts