Ticket #13180 (confirmed Bug)
"Use email as login" in combination with "Enable user folders" exposes users' e-mail addresses
Reported by: | khink | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | 4.x |
Component: | General | Version: | 4.3 |
Keywords: | security, registration, members | Cc: |
Description
Related to https://dev.plone.org/ticket/12351 but not the same thing:
If you have both use_email_as_login and enable_user_folders turned on, the url of the user's home folder will be something like /Members/john.smith-40example.com
If these home folders are published, anyone can see the mail addresses.
Change History
Note: See
TracTickets for help on using
tickets.