[allura:tickets] #7378 RSS feeds shouldn't include comments held for moderation [ss7527]

[Chris Tsai <ct...@users.sf.net>]

---

** [tickets:#7378] RSS feeds shouldn't include comments held for moderation [ss7527]**

**Status:** open
**Milestone:** limbo
**Labels:** support p3 
**Created:** Wed May 07, 2014 07:03 PM UTC by Chris Tsai
**Last Updated:** Wed May 07, 2014 07:03 PM UTC
**Owner:** nobody

Ref: [forge:site-support:#7527]

>There is a serious bug releated to the RSS with the projects news on SF that allows anyone to post comments to a news, and have their posts published directly to the RSS news feed without any moderation. This can be easily exploited by spammers.
As an example, yesterday I received 3 spam comments on a news I posted. I never accepted those comments, and I marked them as spam. HOWEVER, they appeared anyway (and -worst of all- they still are present) in the RSS news feed.

>This is the news URL:
https://sourceforge.net/p/podcastgen/news/2014/05/podcast-generator-on-sourceforge-blog/
and this is the RSS feed that includes the SPAM comments that were never approved (I also attach a screenshot):
https://sourceforge.net/p/podcastgen/news/feed

>The consequences of having comments propagated to the RSS feed prior to moderation and even when they are deleted is the propagation of the content to other websites that read that feed.
In the official Podcast Generator project website, for example, I show automatically the latest 3 news from that RSS feed generated by Sourceforge: hence I had in the home page 3 spam news since yesterday (now I filtered them manually).
The worst consequence of this bug, however, is that my open source software retrieves the last entry from the official news RSS feed and displays it by default in the admin section, therefore thousands of users are currently seeing a SPAM message displayed in their admin section and I have no way to correct this (until you fix this issue).

>Thank you in advance,
best
Alberto

User also provided a [screenshot](https://sourceforge.net/p/forge/site-support/7527/attachment/Screen%20Shot%202014-05-04%20at%2014.27.57.png)


---

Sent from sourceforge.net because dev@allura.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #7378 RSS feeds shouldn't include comments held for moderation [ss7527]

[Alberto Betella <ye...@users.sf.net>]

I just did a quick test, and added a few "test comments" to my own news. These replaced the old spam comments in the feed. Then I deleted those comments, however they are still present in the RSS feed. So the issue is not completely solved. RSS feed and news should be always in sync. A comment should not appear forever in the RSS feed even if it's deleted from the news.


---

** [tickets:#7378] RSS feeds shouldn't include comments held for moderation [ss7527]**

**Status:** closed
**Milestone:** forge-jul-25
**Labels:** support p3 42cc 
**Created:** Wed May 07, 2014 07:03 PM UTC by Chris Tsai
**Last Updated:** Wed Aug 13, 2014 09:52 AM UTC
**Owner:** nobody

Ref: [forge:site-support:#7527]

>There is a serious bug releated to the RSS with the projects news on SF that allows anyone to post comments to a news, and have their posts published directly to the RSS news feed without any moderation. This can be easily exploited by spammers.
As an example, yesterday I received 3 spam comments on a news I posted. I never accepted those comments, and I marked them as spam. HOWEVER, they appeared anyway (and -worst of all- they still are present) in the RSS news feed.

>This is the news URL:
https://sourceforge.net/p/podcastgen/news/2014/05/podcast-generator-on-sourceforge-blog/
and this is the RSS feed that includes the SPAM comments that were never approved (I also attach a screenshot):
https://sourceforge.net/p/podcastgen/news/feed

>The consequences of having comments propagated to the RSS feed prior to moderation and even when they are deleted is the propagation of the content to other websites that read that feed.
In the official Podcast Generator project website, for example, I show automatically the latest 3 news from that RSS feed generated by Sourceforge: hence I had in the home page 3 spam news since yesterday (now I filtered them manually).
The worst consequence of this bug, however, is that my open source software retrieves the last entry from the official news RSS feed and displays it by default in the admin section, therefore thousands of users are currently seeing a SPAM message displayed in their admin section and I have no way to correct this (until you fix this issue).

>Thank you in advance,
best
Alberto

User also provided a [screenshot](https://sourceforge.net/p/forge/site-support/7527/attachment/Screen%20Shot%202014-05-04%20at%2014.27.57.png)


---

Sent from sourceforge.net because dev@allura.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #7378 RSS feeds shouldn't include comments held for moderation [ss7527]

[Alberto Betella <ye...@users.sf.net>]

Nice. So you won't delete the spam entries from the DB (at least manually)... And I have no option to delete them from the admin area either. I just have to "hope that someone else comments the news so the old spam comments drop off the feed". Such a technologically advanced solution... ;P
Anyway, I'm glad the bug is solved now, thanks.


---

** [tickets:#7378] RSS feeds shouldn't include comments held for moderation [ss7527]**

**Status:** closed
**Milestone:** forge-jul-25
**Labels:** support p3 42cc 
**Created:** Wed May 07, 2014 07:03 PM UTC by Chris Tsai
**Last Updated:** Tue Aug 12, 2014 05:23 PM UTC
**Owner:** nobody

Ref: [forge:site-support:#7527]

>There is a serious bug releated to the RSS with the projects news on SF that allows anyone to post comments to a news, and have their posts published directly to the RSS news feed without any moderation. This can be easily exploited by spammers.
As an example, yesterday I received 3 spam comments on a news I posted. I never accepted those comments, and I marked them as spam. HOWEVER, they appeared anyway (and -worst of all- they still are present) in the RSS news feed.

>This is the news URL:
https://sourceforge.net/p/podcastgen/news/2014/05/podcast-generator-on-sourceforge-blog/
and this is the RSS feed that includes the SPAM comments that were never approved (I also attach a screenshot):
https://sourceforge.net/p/podcastgen/news/feed

>The consequences of having comments propagated to the RSS feed prior to moderation and even when they are deleted is the propagation of the content to other websites that read that feed.
In the official Podcast Generator project website, for example, I show automatically the latest 3 news from that RSS feed generated by Sourceforge: hence I had in the home page 3 spam news since yesterday (now I filtered them manually).
The worst consequence of this bug, however, is that my open source software retrieves the last entry from the official news RSS feed and displays it by default in the admin section, therefore thousands of users are currently seeing a SPAM message displayed in their admin section and I have no way to correct this (until you fix this issue).

>Thank you in advance,
best
Alberto

User also provided a [screenshot](https://sourceforge.net/p/forge/site-support/7527/attachment/Screen%20Shot%202014-05-04%20at%2014.27.57.png)


---

Sent from sourceforge.net because dev@allura.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #7378 RSS feeds shouldn't include comments held for moderation [ss7527]

[Igor Bondarenko <je...@users.sf.net>]

- **status**: in-progress --> code-review
- **Comment**:

Closed #611. `je/42cc_7378`



---

** [tickets:#7378] RSS feeds shouldn't include comments held for moderation [ss7527]**

**Status:** code-review
**Milestone:** limbo
**Labels:** support p3 42cc 
**Created:** Wed May 07, 2014 07:03 PM UTC by Chris Tsai
**Last Updated:** Wed Jun 18, 2014 07:42 PM UTC
**Owner:** nobody

Ref: [forge:site-support:#7527]

>There is a serious bug releated to the RSS with the projects news on SF that allows anyone to post comments to a news, and have their posts published directly to the RSS news feed without any moderation. This can be easily exploited by spammers.
As an example, yesterday I received 3 spam comments on a news I posted. I never accepted those comments, and I marked them as spam. HOWEVER, they appeared anyway (and -worst of all- they still are present) in the RSS news feed.

>This is the news URL:
https://sourceforge.net/p/podcastgen/news/2014/05/podcast-generator-on-sourceforge-blog/
and this is the RSS feed that includes the SPAM comments that were never approved (I also attach a screenshot):
https://sourceforge.net/p/podcastgen/news/feed

>The consequences of having comments propagated to the RSS feed prior to moderation and even when they are deleted is the propagation of the content to other websites that read that feed.
In the official Podcast Generator project website, for example, I show automatically the latest 3 news from that RSS feed generated by Sourceforge: hence I had in the home page 3 spam news since yesterday (now I filtered them manually).
The worst consequence of this bug, however, is that my open source software retrieves the last entry from the official news RSS feed and displays it by default in the admin section, therefore thousands of users are currently seeing a SPAM message displayed in their admin section and I have no way to correct this (until you fix this issue).

>Thank you in advance,
best
Alberto

User also provided a [screenshot](https://sourceforge.net/p/forge/site-support/7527/attachment/Screen%20Shot%202014-05-04%20at%2014.27.57.png)


---

Sent from sourceforge.net because dev@allura.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #7378 RSS feeds shouldn't include comments held for moderation [ss7527]

[Alberto Betella <ye...@users.sf.net>]

Hello. This issue is marked as closed, when will it be applied to Allura on SF? (I still see the old spam comments in my RSS news feed). Thanks.


---

** [tickets:#7378] RSS feeds shouldn't include comments held for moderation [ss7527]**

**Status:** closed
**Milestone:** forge-jul-25
**Labels:** support p3 42cc 
**Created:** Wed May 07, 2014 07:03 PM UTC by Chris Tsai
**Last Updated:** Fri Jul 18, 2014 06:49 PM UTC
**Owner:** nobody

Ref: [forge:site-support:#7527]

>There is a serious bug releated to the RSS with the projects news on SF that allows anyone to post comments to a news, and have their posts published directly to the RSS news feed without any moderation. This can be easily exploited by spammers.
As an example, yesterday I received 3 spam comments on a news I posted. I never accepted those comments, and I marked them as spam. HOWEVER, they appeared anyway (and -worst of all- they still are present) in the RSS news feed.

>This is the news URL:
https://sourceforge.net/p/podcastgen/news/2014/05/podcast-generator-on-sourceforge-blog/
and this is the RSS feed that includes the SPAM comments that were never approved (I also attach a screenshot):
https://sourceforge.net/p/podcastgen/news/feed

>The consequences of having comments propagated to the RSS feed prior to moderation and even when they are deleted is the propagation of the content to other websites that read that feed.
In the official Podcast Generator project website, for example, I show automatically the latest 3 news from that RSS feed generated by Sourceforge: hence I had in the home page 3 spam news since yesterday (now I filtered them manually).
The worst consequence of this bug, however, is that my open source software retrieves the last entry from the official news RSS feed and displays it by default in the admin section, therefore thousands of users are currently seeing a SPAM message displayed in their admin section and I have no way to correct this (until you fix this issue).

>Thank you in advance,
best
Alberto

User also provided a [screenshot](https://sourceforge.net/p/forge/site-support/7527/attachment/Screen%20Shot%202014-05-04%20at%2014.27.57.png)


---

Sent from sourceforge.net because dev@allura.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #7378 RSS feeds shouldn't include comments held for moderation [ss7527]

[Dave Brondsema <br...@users.sf.net>]

- **status**: code-review --> closed
- **QA**: Dave Brondsema
- **Milestone**: limbo --> forge-jul-25



---

** [tickets:#7378] RSS feeds shouldn't include comments held for moderation [ss7527]**

**Status:** closed
**Milestone:** forge-jul-25
**Labels:** support p3 42cc 
**Created:** Wed May 07, 2014 07:03 PM UTC by Chris Tsai
**Last Updated:** Fri Jul 18, 2014 02:14 PM UTC
**Owner:** nobody

Ref: [forge:site-support:#7527]

>There is a serious bug releated to the RSS with the projects news on SF that allows anyone to post comments to a news, and have their posts published directly to the RSS news feed without any moderation. This can be easily exploited by spammers.
As an example, yesterday I received 3 spam comments on a news I posted. I never accepted those comments, and I marked them as spam. HOWEVER, they appeared anyway (and -worst of all- they still are present) in the RSS news feed.

>This is the news URL:
https://sourceforge.net/p/podcastgen/news/2014/05/podcast-generator-on-sourceforge-blog/
and this is the RSS feed that includes the SPAM comments that were never approved (I also attach a screenshot):
https://sourceforge.net/p/podcastgen/news/feed

>The consequences of having comments propagated to the RSS feed prior to moderation and even when they are deleted is the propagation of the content to other websites that read that feed.
In the official Podcast Generator project website, for example, I show automatically the latest 3 news from that RSS feed generated by Sourceforge: hence I had in the home page 3 spam news since yesterday (now I filtered them manually).
The worst consequence of this bug, however, is that my open source software retrieves the last entry from the official news RSS feed and displays it by default in the admin section, therefore thousands of users are currently seeing a SPAM message displayed in their admin section and I have no way to correct this (until you fix this issue).

>Thank you in advance,
best
Alberto

User also provided a [screenshot](https://sourceforge.net/p/forge/site-support/7527/attachment/Screen%20Shot%202014-05-04%20at%2014.27.57.png)


---

Sent from sourceforge.net because dev@allura.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #7378 RSS feeds shouldn't include comments held for moderation [ss7527]

[Alberto Betella <ye...@users.sf.net>]

PS. Here is my feed:
https://sourceforge.net/p/podcastgen/news/feed
I used to parse it and include it in the official project website, and deliver it to all the users of the software, but now I've been dealing with those SPAM comments for months and there is no way for me to delete them from the Allura interface. Could you please help and clean my official news feed? Thanks


---

** [tickets:#7378] RSS feeds shouldn't include comments held for moderation [ss7527]**

**Status:** closed
**Milestone:** forge-jul-25
**Labels:** support p3 42cc 
**Created:** Wed May 07, 2014 07:03 PM UTC by Chris Tsai
**Last Updated:** Sun Jul 27, 2014 09:05 AM UTC
**Owner:** nobody

Ref: [forge:site-support:#7527]

>There is a serious bug releated to the RSS with the projects news on SF that allows anyone to post comments to a news, and have their posts published directly to the RSS news feed without any moderation. This can be easily exploited by spammers.
As an example, yesterday I received 3 spam comments on a news I posted. I never accepted those comments, and I marked them as spam. HOWEVER, they appeared anyway (and -worst of all- they still are present) in the RSS news feed.

>This is the news URL:
https://sourceforge.net/p/podcastgen/news/2014/05/podcast-generator-on-sourceforge-blog/
and this is the RSS feed that includes the SPAM comments that were never approved (I also attach a screenshot):
https://sourceforge.net/p/podcastgen/news/feed

>The consequences of having comments propagated to the RSS feed prior to moderation and even when they are deleted is the propagation of the content to other websites that read that feed.
In the official Podcast Generator project website, for example, I show automatically the latest 3 news from that RSS feed generated by Sourceforge: hence I had in the home page 3 spam news since yesterday (now I filtered them manually).
The worst consequence of this bug, however, is that my open source software retrieves the last entry from the official news RSS feed and displays it by default in the admin section, therefore thousands of users are currently seeing a SPAM message displayed in their admin section and I have no way to correct this (until you fix this issue).

>Thank you in advance,
best
Alberto

User also provided a [screenshot](https://sourceforge.net/p/forge/site-support/7527/attachment/Screen%20Shot%202014-05-04%20at%2014.27.57.png)


---

Sent from sourceforge.net because dev@allura.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #7378 RSS feeds shouldn't include comments held for moderation [ss7527]

[Alberto Betella <ye...@users.sf.net>]

I just received 6 more SPAM comments (from user herrextprec), and they are populating the news feed of Podcast Generator (even though I didn't accept them).
https://sourceforge.net/p/podcastgen/news/feed
Now everyone subscribed to the RSS is receiving them, along with all the users of PG that see them in their admin area by default. It's really annoying...


---

** [tickets:#7378] RSS feeds shouldn't include comments held for moderation [ss7527]**

**Status:** open
**Milestone:** limbo
**Labels:** support p3 
**Created:** Wed May 07, 2014 07:03 PM UTC by Chris Tsai
**Last Updated:** Wed May 07, 2014 07:03 PM UTC
**Owner:** nobody

Ref: [forge:site-support:#7527]

>There is a serious bug releated to the RSS with the projects news on SF that allows anyone to post comments to a news, and have their posts published directly to the RSS news feed without any moderation. This can be easily exploited by spammers.
As an example, yesterday I received 3 spam comments on a news I posted. I never accepted those comments, and I marked them as spam. HOWEVER, they appeared anyway (and -worst of all- they still are present) in the RSS news feed.

>This is the news URL:
https://sourceforge.net/p/podcastgen/news/2014/05/podcast-generator-on-sourceforge-blog/
and this is the RSS feed that includes the SPAM comments that were never approved (I also attach a screenshot):
https://sourceforge.net/p/podcastgen/news/feed

>The consequences of having comments propagated to the RSS feed prior to moderation and even when they are deleted is the propagation of the content to other websites that read that feed.
In the official Podcast Generator project website, for example, I show automatically the latest 3 news from that RSS feed generated by Sourceforge: hence I had in the home page 3 spam news since yesterday (now I filtered them manually).
The worst consequence of this bug, however, is that my open source software retrieves the last entry from the official news RSS feed and displays it by default in the admin section, therefore thousands of users are currently seeing a SPAM message displayed in their admin section and I have no way to correct this (until you fix this issue).

>Thank you in advance,
best
Alberto

User also provided a [screenshot](https://sourceforge.net/p/forge/site-support/7527/attachment/Screen%20Shot%202014-05-04%20at%2014.27.57.png)


---

Sent from sourceforge.net because dev@allura.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #7378 RSS feeds shouldn't include comments held for moderation [ss7527]

[Dave Brondsema <br...@users.sf.net>]

- **labels**: support, p3 --> support, p3, 42cc
- **status**: open --> in-progress



---

** [tickets:#7378] RSS feeds shouldn't include comments held for moderation [ss7527]**

**Status:** in-progress
**Milestone:** limbo
**Labels:** support p3 42cc 
**Created:** Wed May 07, 2014 07:03 PM UTC by Chris Tsai
**Last Updated:** Tue Jun 17, 2014 11:50 AM UTC
**Owner:** nobody

Ref: [forge:site-support:#7527]

>There is a serious bug releated to the RSS with the projects news on SF that allows anyone to post comments to a news, and have their posts published directly to the RSS news feed without any moderation. This can be easily exploited by spammers.
As an example, yesterday I received 3 spam comments on a news I posted. I never accepted those comments, and I marked them as spam. HOWEVER, they appeared anyway (and -worst of all- they still are present) in the RSS news feed.

>This is the news URL:
https://sourceforge.net/p/podcastgen/news/2014/05/podcast-generator-on-sourceforge-blog/
and this is the RSS feed that includes the SPAM comments that were never approved (I also attach a screenshot):
https://sourceforge.net/p/podcastgen/news/feed

>The consequences of having comments propagated to the RSS feed prior to moderation and even when they are deleted is the propagation of the content to other websites that read that feed.
In the official Podcast Generator project website, for example, I show automatically the latest 3 news from that RSS feed generated by Sourceforge: hence I had in the home page 3 spam news since yesterday (now I filtered them manually).
The worst consequence of this bug, however, is that my open source software retrieves the last entry from the official news RSS feed and displays it by default in the admin section, therefore thousands of users are currently seeing a SPAM message displayed in their admin section and I have no way to correct this (until you fix this issue).

>Thank you in advance,
best
Alberto

User also provided a [screenshot](https://sourceforge.net/p/forge/site-support/7527/attachment/Screen%20Shot%202014-05-04%20at%2014.27.57.png)


---

Sent from sourceforge.net because dev@allura.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #7378 RSS feeds shouldn't include comments held for moderation [ss7527]

[Dave Brondsema <br...@users.sf.net>]

The fix is applied to Allura on SF, but only affects new comments going forward, sorry.  Hope you get some new comments soon and the old spam comments will drop off the end of the rss feed.


---

** [tickets:#7378] RSS feeds shouldn't include comments held for moderation [ss7527]**

**Status:** closed
**Milestone:** forge-jul-25
**Labels:** support p3 42cc 
**Created:** Wed May 07, 2014 07:03 PM UTC by Chris Tsai
**Last Updated:** Tue Aug 05, 2014 10:12 PM UTC
**Owner:** nobody

Ref: [forge:site-support:#7527]

>There is a serious bug releated to the RSS with the projects news on SF that allows anyone to post comments to a news, and have their posts published directly to the RSS news feed without any moderation. This can be easily exploited by spammers.
As an example, yesterday I received 3 spam comments on a news I posted. I never accepted those comments, and I marked them as spam. HOWEVER, they appeared anyway (and -worst of all- they still are present) in the RSS news feed.

>This is the news URL:
https://sourceforge.net/p/podcastgen/news/2014/05/podcast-generator-on-sourceforge-blog/
and this is the RSS feed that includes the SPAM comments that were never approved (I also attach a screenshot):
https://sourceforge.net/p/podcastgen/news/feed

>The consequences of having comments propagated to the RSS feed prior to moderation and even when they are deleted is the propagation of the content to other websites that read that feed.
In the official Podcast Generator project website, for example, I show automatically the latest 3 news from that RSS feed generated by Sourceforge: hence I had in the home page 3 spam news since yesterday (now I filtered them manually).
The worst consequence of this bug, however, is that my open source software retrieves the last entry from the official news RSS feed and displays it by default in the admin section, therefore thousands of users are currently seeing a SPAM message displayed in their admin section and I have no way to correct this (until you fix this issue).

>Thank you in advance,
best
Alberto

User also provided a [screenshot](https://sourceforge.net/p/forge/site-support/7527/attachment/Screen%20Shot%202014-05-04%20at%2014.27.57.png)


---

Sent from sourceforge.net because dev@allura.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.