431 posts
  • Attended a Community Meetup
  • Australia
  • Author had a Free File of the Month
  • Beta Tester
  • Bought between 50 and 99 items
  • Exclusive Author
+4 more
john says

There’s been a forum thread or two around and a few support tickets mentioning that the follow an author link no longer works if you try and put it in a button in your item description or profile.

The short version: we’ve had to disable the link due to certain authors abusing it.

The long version (if you can be bothered):

The way we’d initially built the following system with Ajax didn’t follow security best practices. Usually when setting up a system like that you only allow the code on the other end of the URL to only accept POST requests. When you don’t you’re left with a bad situation where other people can trick you into visiting the URL and the action would be performed against your will. This blog post can give you a good overview of GET vs POST if you’re interested.

Anyways, by the time we’d figured out that we’d deployed something I’d describe as “not ideal” (perhaps a bit generous) it’d started being used in author profiles and item descriptions in a nice way, and no one was taking advantage of the security hole, so we decided to sit back and watch.

Unfortunately, some people started to abuse the feature and set things up to trap users into following them, and so we’ve had to disable the accidental feature we had.

In the longer term we’re hoping to build a little follow widget code you can put into item descriptions, but for right now we’re stuck in a nasty spot where we’re short staffed and can’t build the cool new feature to make up for it, but can’t leave a security hole wide open either when people know about it. Sorry we had to turn this off, and a bigger sorry for not actually writing this notice sooner (instead of waiting for complaints to come in), and hopefully we can do something nice for you all soon to make up for it.

719 posts All things are possible, for one who believes.
  • Elite Author
  • Canada
  • Sold between 250 000 and 1 000 000 dollars
  • Won a Competition
  • Referred between 1000 and 1999 users
  • Bought between 100 and 499 items
  • Author had a File in an Envato Bundle
+3 more
TimMcMorris says

Hm. Well I hope at least the problem authors were completely banned.

Looking forward to editing the item pages for my entire portfolio.

5542 posts
  • Exclusive Author
  • Author had a File in an Envato Bundle
  • Elite Author
  • Has been a member for 5-6 years
  • Sold between 100 000 and 250 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • India
+3 more
VF says

I remember in the past, after visiting some author’s profile and item ads, I was added to their follower list unintentionally. Observed it for more than an year with confusion.

2255 posts Small, but tough
  • Elite Author
  • Sold between 100 000 and 250 000 dollars
  • Author had a File in an Envato Bundle
  • Contributed a Tutorial to a Tuts+ Site
  • Author had a Free File of the Month
  • Bosnia and Herzegovina
  • Referred between 500 and 999 users
+4 more
EFEKT_Studio says

Looking forward to editing the item pages for my entire portfolio.

+1

893 posts
  • Author had a Free File of the Month
  • Microlancer Beta Tester
  • Has been a member for 3-4 years
  • Exclusive Author
  • Europe
  • Most Wanted Bounty Winner
  • Bought between 50 and 99 items
  • Referred between 50 and 99 users
  • Sold between 10 000 and 50 000 dollars
Smartik says

Maybe an idea would be to create an additional button on the sale page beside the “View Portfolio” ?

3699 posts Community Moderator
  • Author had a File in an Envato Bundle
  • Grew a moustache for the Envato Movember competition
  • Community Moderator
  • Referred more than 2000 users
  • Has been a member for 4-5 years
  • United Kingdom
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Contributed a Blog Post
+4 more
quickandeasy Volunteer moderator says

any chance you can redirect the url to take you to the users profile?

Just so all those links that are now spread around the site can be utilized :)

2255 posts Small, but tough
  • Elite Author
  • Sold between 100 000 and 250 000 dollars
  • Author had a File in an Envato Bundle
  • Contributed a Tutorial to a Tuts+ Site
  • Author had a Free File of the Month
  • Bosnia and Herzegovina
  • Referred between 500 and 999 users
+4 more
EFEKT_Studio says

any chance you can redirect the url to take you to the uses profile? Just so all those links that are now spread around the site can be utilized :)

Great idea.

147 posts
  • Elite Author
  • Sold between 250 000 and 1 000 000 dollars
  • Bought between 100 and 499 items
  • Has been a member for 2-3 years
  • Exclusive Author
MNKY says

Have already redirected links to profile page, but would be great to have this announcement on Dashboard for everyone to notice.

1312 posts
  • Elite Author
  • Sold between 50 000 and 100 000 dollars
  • Has been a member for 5-6 years
  • Microlancer Beta Tester
  • United Kingdom
  • Attended a Community Meetup
  • Referred between 200 and 499 users
+3 more
LGLab says

any chance you can redirect the url to take you to the users profile? Just so all those links that are now spread around the site can be utilized :)

+1 :-)

1657 posts
  • Exclusive Author
  • Author had a File in an Envato Bundle
  • Author had a Free File of the Month
  • Sold between 50 000 and 100 000 dollars
  • Has been a member for 4-5 years
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Europe
+2 more
flashedge says

Wait a minute. When you made this function you reccomended authors to build follow buttons and now it’s suddenly a bad thing? Do we have to remove our buttons now?

There are honest authors here, who didn’t trick anyone.

by
by
by
by
by
by