If I remember correctly when this issue was first brought up it is not a
valid RSS field without an email address

That was why we introduced the site email as an option for the RSS field
instead of the Author email which is the norm

On 11 July 2015 at 15:49, Peter Martin notifications@github.com wrote:

A default installation of Joomla leaks email addresses of the website &
authors via RSS & ATOM feeds.
Even when you have RSS not enabled (via Content > Article Manager >
[Options] button (on the right) > "Integration" tab > Show Feed Link: set
to Hide) visitors can see the RSS/ATOM feeds of Category Blog items &
Contact items by adding ?format=feed&type=rss or ?format=feed&type=atom
behind the URL.

The default setting of Joomla is to show the "Author" email address in tag
for every RSS feed
and the general site admin address in tag.
(via System > Global Configuration > Feed Email Address > default = Author
Email)

This PR sets the default to "No Email".

You can view, comment on, or merge this pull request online at:

#7411
Commit Summary

• Set default RSS setting to display email address to OFF

File Changes

• M administrator/components/com_config/model/form/application.xml https://github.com/joomla/joomla-cms/pull/7411/files#diff-0 (2)
• M components/com_content/views/featured/view.feed.php https://github.com/joomla/joomla-cms/pull/7411/files#diff-1 (2)
• M components/com_tags/views/tag/view.feed.php https://github.com/joomla/joomla-cms/pull/7411/files#diff-2 (2)
• M components/com_tags/views/tags/view.feed.php https://github.com/joomla/joomla-cms/pull/7411/files#diff-3 (2)
• M installation/configuration.php-dist https://github.com/joomla/joomla-cms/pull/7411/files#diff-4 (2)
• M libraries/legacy/view/categoryfeed.php https://github.com/joomla/joomla-cms/pull/7411/files#diff-5 (2)

Patch Links:

• https://github.com/joomla/joomla-cms/pull/7411.patch
• https://github.com/joomla/joomla-cms/pull/7411.diff

—
Reply to this email directly or view it on GitHub
#7411.

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
http://brian.teeman.net/

This is the discussion etc from before - I have no idea/opinion if it is correct
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=25295&start=0

IMHO it's an option that should be switched OFF by default. If people want to publish their email address via RSS feeds, than that should be an informed choice.

From the following information I think that an RSS feed without email address information is still valid.
Please see the RSS 2 specification at https://validator.w3.org/feed/docs/rss2.html#sampleFiles

Required channel elements

title + link + description

Optional channel elements

managingEditor - Email address for person responsible for editorial content.

Elements of

A channel may contain any number of items. An item may represent a "story" -- much like a story in a newspaper or magazine; if so its description is a synopsis of the story, and the link points to the full story. An item may also be complete in itself, if so, the description contains the text (entity-encoded HTML is allowed), and the link and title may be omitted. All elements of an item are optional, however at least one of title or description must be present.

author = Email address of the author of the item
author is an optional sub-element of item.

I just checked the specs for Atom feeds at https://validator.w3.org/feed/docs/atom.html
and the email address is also optional for this kind of feeds.

I stand corrected

And thanks @brianteeman for the remove configuration.php tip to test the patch with settings that need to be set during installation.

The settings are configured during installation and therefore it's not possible to test this PR in a normal way using the Patch Testing Component.

Test Procedure

Before the Patch

• in System > Global Configuration > Feed Email Address > default setting displays "Author" or "Site".
• The front-end should leaks the email address, even if RSS is not used. You can see that by visiting a menu item of Category Blog type, add ?format=feed&type=rss or ?format=feed&type=atom behind the URL and see the RSS or ATOM output. It will display an email address.

After the Patch

• Install the patch using Patch Testing Component
• remove configuration.php
• start new installation procedure (to set the corrected settings via the PR)
• test if the new settings are correct
  • in System > Global Configuration > Feed Email Address > default setting should be "No Email"
  • The front-end should not display any email address in RSS or Atom feeds. Test a menu item with Category Blog, add ?format=feed&type=rss or ?format=feed&type=atom behind the URL and analyse the RSS or ATOM output. It should not display an email address.

How to remove the patch

• Install Patch Testing Component
• Install the Patch again via Patch Testing Component (the code of this PR is still there, the database reference needs to be recreated so that it can be removed)
• Remove the Patch via Patch Testing Component
• remove configuration.php
• start new installation procedure (to get back the original settings)
• Install Patch Testing Component

I have tested this item successfully on 0e45609

thank you for the clear test instructions.

I have tested this item successfully on 0e45609

Works as described in clear test script.

RTC :)