×
Kunena 5.1.14 Released - Security release (13 Aug 2019)

The Kunena team is proud to announce the arrival of Kunena 5.1.14 [K5.1.14] which is now available for download as a native Joomla extension for Joomla 3.9.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1.14. This update fixed 1 security issue.

Solved Editing/Disabling Open Graph Meta Tags [SOLVED]

More
8 months 2 weeks ago - 8 months 1 week ago #1 by OpenTexts
Hello, I have found a security hole with Open Graph tags.

When I set to show only display names (not logins), they work normally with Kunena. But if I open a page source, I can find there a real login as a meta tag (<meta property="og:author").

How can I completely disable generating this?

Thank you.
Last edit: 8 months 1 week ago by OpenTexts. Reason: Removing a forum report information. Setting a [SOLVED] status.

Please Log in or Create an account to join the conversation.

More
8 months 2 weeks ago #2 by ssh
Let's wait for a fix.

in the meanwhile, you can comment the line 453 in /components/com_kunena/controller/topic/item/display.php;

//$this->setMetaData('og:author', $this->topic->getAuthor()->username, 'property');
The following user(s) said Thank You: OpenTexts

Please Log in or Create an account to join the conversation.

More
8 months 2 weeks ago #3 by OpenTexts

ssh wrote: Let's wait for a fix.

in the meanwhile, you can comment the line 453 in /components/com_kunena/controller/topic/item/display.php;

//$this->setMetaData('og:author', $this->topic->getAuthor()->username, 'property');


Thank you! Partially it works. But I have found one more place in that code, which also displays a name:
"@type": "Person",
        "name": "LOGIN_NAME"

Please Log in or Create an account to join the conversation.

More
8 months 2 weeks ago #4 by ruud
Hi, og:author is a non-existing tag and should NOT be used.
see below the information from facebook when using the og:author tag:

sharing = caring
Attachments:

Please Log in or Create an account to join the conversation.

More
8 months 2 weeks ago - 8 months 2 weeks ago #5 by OpenTexts

ruud wrote: Hi, og:author is a non-existing tag and should NOT be used.
see below the information from facebook when using the og:author tag:

I have already disabled this tag as ssh wrote. But this "author" thing is more complicated than I thought before. At this Kunena official forum I don't see this mistake as I see on my site. IDK why.
Last edit: 8 months 2 weeks ago by OpenTexts.

Please Log in or Create an account to join the conversation.

More
8 months 1 week ago #6 by OpenTexts
I have found a temporary solution for this issue. As ssh wrote above about a file location, where we can disable Open Graph (site_root/components/com_kunena/controller/topic/item/display.php), we can comment another line to completely block any user login leaking there:
//$tmp->{'name'}                  = $this->topic->getLastPostAuthor()->username;

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to edit your message.
Time to create page: 0.145 seconds