113 posts
  • Has been part of the Envato Community for over 4 years
  • Has referred 50+ members
  • Has sold $40,000+ on Envato Market
  • Had an item featured in an Envato Bundle
+5 more
Sneek
says

It appears they have found a solution…

http://imageshack.us/f/341/screenshot20120109at093.png/
1120 posts
  • Elite Author: Sold more than $75,000 on Envato Market
  • Became a Top 20 Author of the Month
  • Has sold $75,000+ on Envato Market and is now an Elite Author
  • Made it to the Authors' Hall of Fame
+8 more
survivor
says

It appears they have found a solution… http://imageshack.us/f/341/screenshot20120109at093.png/

But when You click ok – You end up on blank page…

It would be nice if we have these important changes in our Dashboard, so noone miss it…

366 posts
  • Became a Top 20 Author of the Month
  • Member of the Envato Team
  • Has been part of the Envato Community for over 6 years
  • Has sold $10,000+ on Envato Market
+9 more
Philo01
Envato team
says

any chance you can redirect the url to take you to the users profile? Just so all those links that are now spread around the site can be utilized :)

+1 :)

1162 posts
  • Made it to the Authors' Hall of Fame
  • Had an item featured in a magazine
  • Won a Most Wanted contest
  • Helped several times protecting Envato Market against copyright violations
+9 more
RafaelOliveira
says

Bad news :( I need to change about 85 descriptions….
Any chance to redirect the users to the profile page like was said?

2485 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 10+ members
  • Has sold $40,000+ on Envato Market
  • Interviewed on an Envato blog
+8 more
urbazon
says

I don’t see how can anybody mislead somebody to follow them when there is pop-up message/alert (like shown on Sneek’s screenshot)??? I don’t get it…

2261 posts
  • Became a Top 20 Author of the Month
  • Created a helpful tool/app using the Envato API
  • Created a helpful tool/app for Envato Market users
  • Had an item that was trending
+14 more
revaxarts
says

I don’t see how can anybody mislead somebody to follow them when there is pop-up message/alert (like shown on Sneek’s screenshot)??? I don’t get it…

You’re not a coding dude I guess :P

4335 posts
  • Has been part of the Envato Community for over 6 years
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has been a beta tester for an Envato feature
+10 more
Reaper-Media
says

A good solution would be to do this:

if the POST variable authenticity_token is sent, continue as normal, otherwise:

load a webpage with some text which says “You are about to follow this user on the marketplaces, do you want to continue?” and display a form with its method as POST and target as the current page and a hidden input authenticity_token. and another one with something like display_page = true. (currently when authenticity_token is undefined it returns a blank page with a 404 header)

Then when the url is visited, and authenticity_token sent AND display_page is also sent via POST variables, instead of returning JSON data, it will return a page with a confirmation message.

sorted. All the old links work and there are no security holes! :-)

I am right in thinking the url which was disabled is: marketplace.net/user/someone/follow right? :P

1420 posts
  • Contributed a blog post
  • Has been part of the Envato Community for over 5 years
  • Has been a beta tester for an Envato feature
  • Has referred 10+ members
+7 more
Stylius
says

D’oh :S

Too bad for the people who have to change ALL the descriptions of their items. But devs, I’m sure you are that cool to find a solution to this instead of disabling it! right? ;)

3532 posts
  • Became a Top 20 Author of the Month
  • Had an item that was trending
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $750,000+ on Envato Market
+12 more
sevenspark
Moderator
says

A good solution would be to do this:

if the POST variable authenticity_token is sent, continue as normal, otherwise:

load a webpage with some text which says “You are about to follow this user on the marketplaces, do you want to continue?” and display a form with its method as POST and target as the current page and a hidden input authenticity_token. and another one with something like display_page = true. (currently when authenticity_token is undefined it returns a blank page with a 404 header)

Then when the url is visited, and authenticity_token sent AND display_page is also sent via POST variables, instead of returning JSON data, it will return a page with a confirmation message.

sorted. All the old links work and there are no security holes! :-)

I am right in thinking the url which was disabled is: marketplace.net/user/someone/follow right? :P

+1

Either that or Adam’s idea (redirect to profile) in the short term at least, otherwise we’re going to have a lot of confused customers and authors.

I certainly understand the need to plug the security hole. It’s really too bad when a few immoral authors ruin things for everyone :x

961 posts
  • Has been part of the Envato Community for over 4 years
  • Has sold $5,000+ on Envato Market
  • Located in Canada
  • Has collected 10+ items on Envato Market
+2 more
graphicmind
says

It appears they have found a solution… http://imageshack.us/f/341/screenshot20120109at093.png/

Wasn’t this there for some time?

by
by
by
by
by
by