See past first post

Cathas9lives

could this use in particular tags?

clarkwinkelmann

Cathas9lives could this use in particular tags?

As said in the README, yes. But there might be some edge cases when a discussion has multiple tags:

The permission can be applied to individual top-level tags. Due to limitations in the Flarum tag system, if the discussion possesses any tag that isn't explicitly restricted, the user will be able to see the posts.

Cathas9lives The extension seems to affect seo

You mean affect your rankings or is there an incompatibility the extension called "SEO" ? I believe the two should work fine together.

Obviously search engines will also be unable to read the replies, so they will have less content to index.

luceos

This is so awesome, why didn't I see this pop up? Great job @clarkwinkelmann !

tankerkiller125

This is really awesome for communities that want SEO but don't want all their content being released to non-members. This is awesome!

Cathas9lives

tankerkiller125 The extension seems to affect seo

[deleted]

I must say - it is in top 5 extensions!

Cathas9lives

clarkwinkelmann Thanks for the reply, I want to restrict special tags to members only, other tags are visible to everyone. Is it achievable?

clarkwinkelmann

Cathas9lives it should be. Try it out and let me know if it doesn't work.

Cathas9lives

clarkwinkelmann It seems that there is no way for everyone to see

Cathas9lives

clarkwinkelmann Is there a solution？

clarkwinkelmann

Cathas9lives It seems that there is no way for everyone to see

Indeed, it seems I should add the "everyone" option there. I'll do some tests and release a new version.

[deleted] this doesn't seem to respect any of the WordPress Integration extension settings

I'll see what I can do for that. The problem is, there's no single method being called to trigger login. The Wordpress extension manually replaces each login button with its own logic. It would require a special case for this extension as well.

clarkwinkelmann

Cathas9lives It seems that there is no way for everyone to see

Sorry I kind of forgot about that until I read the discussion again today. I have tagged an additional release 1.0.3 which allows choosing "Everyone" in the permission. I think this solves the issue. Let me know if this needs further investigation!

[deleted]

@clarkwinkelmann this doesn't seem to respect any of the WordPress Integration extension settings. For example, it fires the login form for the forum itself which in my case is disabled in favour of the WordPress login.

clarkwinkelmann

[deleted] it fires the login form for the forum itself which in my case is disabled in favour of the WordPress login

This has been fixed in version 1.0.2 of See Past First Post that I just released.

I also added an export for the CantSeePastFirstPost component so that other extensions can extend it. Links can be changed by extending the ItemList via extend(flarum.extensions['clarkwinkelmann-see-past-first-post'].components.CantSeePastFirstPost.prototype, 'links', items => {})

[deleted]

clarkwinkelmann Ok. The issue I have is confusion at this point for those logging in and getting unexpected results.

Cathas9lives

clarkwinkelmann Thanks，this does work, but there are have a new issue. When I create a discussion with the restricted and unrestricted tags at the same time, they do not work properly.

clarkwinkelmann

Cathas9lives there is this information in the first post:

clarkwinkelmann The permission can be applied to individual top-level tags.
Due to limitations in the Flarum tag system, if the discussion possesses any tag that isn't explicitly restricted, the user will be able to see the posts.

Sadly there's nothing I can do about it.

teletubbie

Hello, this extension will avoid Google to index all the comments of discussions with restricted tags?

clarkwinkelmann

teletubbie Google will index what guests can see. If guests can't see the posts of a discussion, Google will also be unable to index them.

clarkwinkelmann

A note regarding Flarum's Tags extension vulnerability

This message is meant for those that might be subscribed to this thread. If you visited the forum/Discord yesterday you should already be aware of the vulnerability that was discovered and patched in Flarum's Tags extension.

If you haven't already updated your forum, I urge you to apply the update as described in the official announcement https://discuss.flarum.org/d/25059 . This extension doesn't need an update to benefit from the fix, only the Tags extension must be updated.

There is a very specific case where the vulnerability found in Tags can expose private data if you also use See Past First Post. It might apply to very few of you.

If you only use a global setting for See Past First Post and have not applied any per-tag restriction, there is no additional impact outside of what's described in the Flarum announcement.

If you use per-tag permission to restrict content to logged in users under some tags, an attacker could exploit the vulnerability to move discussions to a tag that's visible to guests. This has limited impact since anyone could already register to gain access to the content, and you need an account to perform the attack.

If you use per-tag permission to restrict replies to private groups under only some of the tags, this is where the vulnerability is dangerous. An attacker with no groups could move such a discussion to a tag where they then gain the ability to read (and possibly post) replies.

If the attacker performs the attack then reverts back to the original tags without anybody posting in the discussion during this time, the attack will leave effectively no trace since Flarum deletes the "change post" event posts when tags are changed back to what they were previously.

I strongly recommend installing my Audit Log extension which will keep traces of such actions if they were to happen.

There is currently no indication that the vulnerability has been exploited in the wild.

[deleted]

clarkwinkelmann Will you be updating this, plus

clarkwinkelmann/flarum-ext-bookmarks                 0.1.0           requires          flarum/core (>=0.1.0-beta.13 <0.1.0-beta14)       
clarkwinkelmann/flarum-ext-popular-discussion-badge  0.2.0           requires          flarum/core (>=0.1.0-beta.13 <0.1.0-beta.14)      
clarkwinkelmann/flarum-ext-see-past-first-post       1.0.3           requires          flarum/core (>=0.1.0-beta.11 <0.1.0-beta.14)      
clarkwinkelmann/flarum-ext-who-read                  1.2.0           requires          flarum/core (>=0.1.0-beta.11 <0.1.0-beta.14)

To Beta14 ? Apologies if I missed something here, but

composer why-not flarum/core v0.1.0-beta.14

Lists these extensions as not compatible ?

EDIT - just seen here - https://discuss.flarum.org/d/25287-clarks-extensions
Either I need to remove them (which I don't want to do, but will if necessary) or sponsor an update for them to be Beta 14 compatible (or fork and update myself)