This support ticket is created 4 years, 7 months ago. There's a good chance that you are reading advice that it now obsolete.
This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.
Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.
No supporters are available to work today on Toolset forum. Feel free to create tickets and we will handle it as soon as we are online. Thank you for your understanding.
I need to discuss a matter of security. At this point in time, I think this would be best dealt with either via private fields or outside the forum. Nigel, I believe you are "Team Leader"? Can you deal with this please and let me know how you wish to correspond? Thank you.
Currently Nigel is unavailable and won't be until next Tuesday. If this is something that I can assist with please let me know and I will be more than happy to help.
I kept the email in case you wanted to see it & have forwarded it (subject line = #1585351).
Yes, I have raised this issue previously but can't remember 100% how I did it. I've looked at my forum support tickets but can't find anything there (although perhaps it was removed??). I doubt I would have submitted it as a feature request so the only other avenue is directly by email. I've searched my emails and found nothing but may have deleted them of course. The only people I've had direct contact with in the past are Amir, Amit, Mohammed, Ana and Beda. I doubt I would have contacted Ana or Beda directly about the issue. Time-wise it would have been in the last 2 years (I recall referring to GDPR then too) and the email would have been sent from the address I used to first register with Toolset (I've changed it since).
I have a feeling BTW that this issue occurs randomly. I say this because the same thing hasn't happened on another ticket I'm currently following (I've supplied the post ID for that one in the forwarded email).
Let me know if you need anything else. In the meantime, stay safe.
Reviewing the internal tickets just a moment ago I see that it appears to happen when a user adds private information to the text area of the reply, rather than using the fields which are provided for username, password etc., which is why it would only seem to happen sometimes.
I can confirm that was the case with the email you forwarded.
The code for this has already been updated to allow for that eventuality and is currently undergoing testing, so it's not live on our system yet, but should be updated soon to prevent this happening again.
Thanks very much for bringing this to our attention. The update means that thread followers won't see private replies at all.
In the meantime, I've now discovered that links in public fields (hidden in the forum) are revealed in the notifications to thread followers. I think this ought to be addressed at the same time? I'm about to forward you another email so you can see what I mean (thread ID in the subject line is #1586741). The links in that thread are download links for duplicator packages. I've not touched them.