![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
swaldmanI've been working on Bug 1723, and while doing that I've noticed something that I don't think is right.
The following information on tag usage is exposed to the style system (via the TagDetail class):
(2) seems like info that styles don't really need to know, but it can't hurt
(3) concerns me, because it exposes information that the current user shouldn't have.
For example, let's say that user A has not been granted access by user B. User B posts a lot with the tag "hatemyboss". Most of these posts are protected or private, but one of the posts is public. Because of the public post, user A is able to see the "hatemyboss" tag. If user A were to go away and write his own style that used the info in (3) above, he would be able to find out how often user B has used "hatemyboss" in protected, private and filtered posts.
I'm told that none of DW's official styles use the info in (3). This doesn't mean that a custom style doesn't use it somewhere, on DW or another site using the code.
I think that there are three options:
(a) Leave things as they are
(b) Stop exposing the security_counts variable to the styles system
(c) Keep the variable, but force all the values to zero
I prefer (c), because it deals with the privacy issue without totally breaking any custom styles that use this information. We could add a note in core2.s2 explaining what is going on, and maybe remove the variable totally in a year's time or something.
What are other peoples' opinions?
If anybody wants to have a look for themselves, search for:
The following information on tag usage is exposed to the style system (via the TagDetail class):
- use_count: The number of times that the tag in question is used in the journal (at present it's the total number of times, but bug 1723 will most likely change it to being an approximation of the number of times that it's used in posts that the current user can see. This isn't important now :-))
- visibility: The most-relaxed security level that the tag is ever used in.
- security_counts: How many times it is used at each security level, including security levels that the current user does not have access to.
(2) seems like info that styles don't really need to know, but it can't hurt
(3) concerns me, because it exposes information that the current user shouldn't have.
For example, let's say that user A has not been granted access by user B. User B posts a lot with the tag "hatemyboss". Most of these posts are protected or private, but one of the posts is public. Because of the public post, user A is able to see the "hatemyboss" tag. If user A were to go away and write his own style that used the info in (3) above, he would be able to find out how often user B has used "hatemyboss" in protected, private and filtered posts.
I'm told that none of DW's official styles use the info in (3). This doesn't mean that a custom style doesn't use it somewhere, on DW or another site using the code.
I think that there are three options:
(a) Leave things as they are
(b) Stop exposing the security_counts variable to the styles system
(c) Keep the variable, but force all the values to zero
I prefer (c), because it deals with the privacy issue without totally breaking any custom styles that use this information. We could add a note in core2.s2 explaining what is going on, and maybe remove the variable totally in a year's time or something.
What are other peoples' opinions?
If anybody wants to have a look for themselves, search for:
- "class TagDetail" in core2.s2
- "$t->{security_counts}" in S2.pm
