113 posts
  • 4 Years of Membership
  • Affiliate Level 3
  • Author Level 6
  • Bundle Boss
+6 more
Sneek
says

It appears they have found a solution…

http://imageshack.us/f/341/screenshot20120109at093.png/
1149 posts
  • Elite Author
  • Author Level 7
  • Weekly Top Seller
  • Top Monthly Author
+10 more
survivor
says

It appears they have found a solution… http://imageshack.us/f/341/screenshot20120109at093.png/

But when You click ok – You end up on blank page…

It would be nice if we have these important changes in our Dashboard, so noone miss it…

366 posts
  • Industrious API Inventor
  • Top Monthly Author
  • Weekly Top Seller
  • Envato Team
+11 more
Philo01
Envato team
says

any chance you can redirect the url to take you to the users profile? Just so all those links that are now spread around the site can be utilized :)

+1 :)

1162 posts
  • Weekly Top Seller
  • Featured Author
  • Front Page Master
  • Most Wanted Winner
+10 more
RafaelOliveira
says

Bad news :( I need to change about 85 descriptions….
Any chance to redirect the users to the profile page like was said?

2527 posts
  • 5 Years of Membership
  • Affiliate Level 2
  • Author Level 6
  • Beta Tester
+13 more
urbazon
says

I don’t see how can anybody mislead somebody to follow them when there is pop-up message/alert (like shown on Sneek’s screenshot)??? I don’t get it…

2280 posts
  • Top Monthly Author
  • Weekly Top Seller
  • Community Superstar
  • Industrious API Inventor
+15 more
revaxarts
says

I don’t see how can anybody mislead somebody to follow them when there is pop-up message/alert (like shown on Sneek’s screenshot)??? I don’t get it…

You’re not a coding dude I guess :P

4335 posts
  • 6 Years of Membership
  • Affiliate Level 1
  • Author Level 3
  • Beta Tester
+11 more
Reaper-Media
says

A good solution would be to do this:

if the POST variable authenticity_token is sent, continue as normal, otherwise:

load a webpage with some text which says “You are about to follow this user on the marketplaces, do you want to continue?” and display a form with its method as POST and target as the current page and a hidden input authenticity_token. and another one with something like display_page = true. (currently when authenticity_token is undefined it returns a blank page with a 404 header)

Then when the url is visited, and authenticity_token sent AND display_page is also sent via POST variables, instead of returning JSON data, it will return a page with a confirmation message.

sorted. All the old links work and there are no security holes! :-)

I am right in thinking the url which was disabled is: marketplace.net/user/someone/follow right? :P

1424 posts
  • Wordsmith
  • 5 Years of Membership
  • Beta Tester
  • Affiliate Level 2
+7 more
Stylius
says

D’oh :S

Too bad for the people who have to change ALL the descriptions of their items. But devs, I’m sure you are that cool to find a solution to this instead of disabling it! right? ;)

3535 posts
  • Power Elite Author
  • Author Level 12
  • Trendsetter
  • United States
+13 more
sevenspark
Moderator
says

A good solution would be to do this:

if the POST variable authenticity_token is sent, continue as normal, otherwise:

load a webpage with some text which says “You are about to follow this user on the marketplaces, do you want to continue?” and display a form with its method as POST and target as the current page and a hidden input authenticity_token. and another one with something like display_page = true. (currently when authenticity_token is undefined it returns a blank page with a 404 header)

Then when the url is visited, and authenticity_token sent AND display_page is also sent via POST variables, instead of returning JSON data, it will return a page with a confirmation message.

sorted. All the old links work and there are no security holes! :-)

I am right in thinking the url which was disabled is: marketplace.net/user/someone/follow right? :P

+1

Either that or Adam’s idea (redirect to profile) in the short term at least, otherwise we’re going to have a lot of confused customers and authors.

I certainly understand the need to plug the security hole. It’s really too bad when a few immoral authors ruin things for everyone :x

961 posts
  • 4 Years of Membership
  • Author Level 4
  • Canada
  • Collector Level 2
+3 more
graphicmind
says

It appears they have found a solution… http://imageshack.us/f/341/screenshot20120109at093.png/

Wasn’t this there for some time?

by
by
by
by
by
by