Kunena 6.3.0 released

The Kunena team has announce the arrival of Kunena 6.3.0 [K 6.3.0] in stable which is now available for download as a native Joomla extension for J! 4.4.x/5.0.x/5.1.x. This version addresses most of the issues that were discovered in K 6.2 and issues discovered during the last development stages of K 6.3

Solved Editing/Disabling Open Graph Meta Tags [SOLVED]

More
5 years 2 months ago - 5 years 2 months ago #1 by OpenTexts
Editing/Disabling Open Graph Meta Tags [SOLVED] was created by OpenTexts
Hello, I have found a security hole with Open Graph tags.

When I set to show only display names (not logins), they work normally with Kunena. But if I open a page source, I can find there a real login as a meta tag (<meta property="og:author").

How can I completely disable generating this?

Thank you.
Last edit: 5 years 2 months ago by OpenTexts. Reason: Removing a forum report information. Setting a [SOLVED] status.

Please Log in or Create an account to join the conversation.

More
5 years 2 months ago #2 by ssh
Replied by ssh on topic Editing/Disabling Open Graph Meta Tags
Let's wait for a fix.

in the meanwhile, you can comment the line 453 in /components/com_kunena/controller/topic/item/display.php;

Code:
//$this->setMetaData('og:author', $this->topic->getAuthor()->username, 'property');
The following user(s) said Thank You: OpenTexts

Please Log in or Create an account to join the conversation.

More
5 years 2 months ago #3 by OpenTexts
Replied by OpenTexts on topic Editing/Disabling Open Graph Meta Tags

ssh wrote: Let's wait for a fix.

in the meanwhile, you can comment the line 453 in /components/com_kunena/controller/topic/item/display.php;

Code:
//$this->setMetaData('og:author', $this->topic->getAuthor()->username, 'property');


Thank you! Partially it works. But I have found one more place in that code, which also displays a name:
Code:
"@type": "Person", "name": "LOGIN_NAME"

Please Log in or Create an account to join the conversation.

More
5 years 2 months ago #4 by ruud
Replied by ruud on topic Editing/Disabling Open Graph Meta Tags
Hi, og:author is a non-existing tag and should NOT be used.
see below the information from facebook when using the og:author tag:
sharing = caring
Attachments:

Please Log in or Create an account to join the conversation.

More
5 years 2 months ago - 5 years 2 months ago #5 by OpenTexts
Replied by OpenTexts on topic Editing/Disabling Open Graph Meta Tags

ruud wrote: Hi, og:author is a non-existing tag and should NOT be used.
see below the information from facebook when using the og:author tag:

I have already disabled this tag as ssh wrote. But this "author" thing is more complicated than I thought before. At this Kunena official forum I don't see this mistake as I see on my site. IDK why.
Last edit: 5 years 2 months ago by OpenTexts.

Please Log in or Create an account to join the conversation.

More
5 years 2 months ago #6 by OpenTexts
Replied by OpenTexts on topic Editing/Disabling Open Graph Meta Tags
I have found a temporary solution for this issue. As ssh wrote above about a file location, where we can disable Open Graph (site_root/components/com_kunena/controller/topic/item/display.php), we can comment another line to completely block any user login leaking there:
Code:
//$tmp->{'name'} = $this->topic->getLastPostAuthor()->username;

Please Log in or Create an account to join the conversation.

Time to create page: 0.531 seconds