Jump to content

Suggestion: URLs containing "&mode={display_mode}"

Guest TCWT

By Guest TCWT
in Feedback

Recommended Posts

uratoh Newbie

uratoh

Posted
Posted

Totally agreed. Countless members on our forums have been switched over and then post in feedback asking about fixing it.

To make things worse, when any other display mode but the standard is selected, a whole bunch of "IPB ERROR: division by zero in blahblahblah" errors show up in the headers of any topic and forum view. >_>

Link to comment
Share on other sites
Luke Mentor

Luke

Posted
Posted

You guys have to understand the reason why it is set as a cookie... It's because guests do not have a place in the database to save settings, and this feature is usable to guests, provided that they can see a topic at all.

I don't see how someone could post a link to change someone's view unless they do it on purpose. The only time I see this happening is when a search engine picks up a link from the drop down... And with that you can prevent a search engine from indexing those links through robots.txt.

Link to comment
Share on other sites
Luke Mentor

Luke

Posted
Posted

The only way to use POST without changing the interface (i.e link in drop down) would be to use javascript. Without javascript you would have to use a submit button, and in both instances you need a forum. Redirecting the page from a GET wouldn't make any difference... it would be the same thing.

As I said before... The only place that the link would be present is in a drop down or a search engine link. Your best option is use robots.txt to prevent 90% of the search engines out there, including the main ones, from indexing topics with that parameter.

Link to comment
Share on other sites
Nils Collaborator

Nils

Posted
Posted

The only way to use POST without changing the interface (i.e link in drop down) would be to use javascript. Without javascript you would have to use a submit button, and in both instances you need a forum. Redirecting the page from a GET wouldn't make any difference... it would be the same thing.


You need Javascript to open the menu anyway, so that shouldn't be a problem. Or just keep using GET, but add an unique md5 key like with the logout link.

Still, I don't really see why this setting has to be kept for guests at all. If they want to keep their display mode, they should just register. If you got rid of this setting for guests, you could also move it to the UCP, where it belongs. Showing a permanent setting in some Javascript menu somewhere is horribly unintuitive anyway...
Link to comment
Share on other sites
Stephen Collaborator

Stephen

Posted
Posted

I don't see how someone could post a link to change someone's view unless they do it on purpose.


Quite easily, when you select the option it appends the option to the URL. If you then copy that URL and paste it into another topic, say as a reference, anyone who follows it would have their view changed.

Redirecting the page from a GET wouldn't make any difference... it would be the same thing.


No it wouldn't, the user would end up with a plain URL without it and so if they sent it to someone they wouldn't accidently change their view.

I agree with the topic poster, this is wrong, IPB should strip its own settings from URLs to itself, the same can be said for the skin and language settings which are appended to the URL if you change them.

Changing it to POST would also be a good idea, which is actually quite a standard convention, anything that makes changes should be POST so you can't trick others into making the same change themselves.
Link to comment
Share on other sites
Strange_Will Apprentice

Strange_Will

Posted
Posted

The only way to use POST without changing the interface (i.e link in drop down) would be to use javascript. Without javascript you would have to use a submit button, and in both instances you need a forum. Redirecting the page from a GET wouldn't make any difference... it would be the same thing.



As I said before... The only place that the link would be present is in a drop down or a search engine link. Your best option is use robots.txt to prevent 90% of the search engines out there, including the main ones, from indexing topics with that parameter.


The point of redirecting would be to prevent the user from copying it in the first place. Attack the problem from the other end.
Link to comment
Share on other sites
TCWT Proficient

TCWT

Posted
Posted

The only time I see this happening is when a search engine picks up a link from the drop down... And with that you can prevent a search engine from indexing those links through robots.txt.



But 90% of admins won't know how this may affect their boards. The ones that realize it will take the necessary steps in robotx.txt. It's better to cater to everyone and find another way to do this.
Link to comment
Share on other sites
Logan Mentor

Logan

Posted
Posted

I would like to see this changed as well, I've had a lot of my members message me trying to explain the problem but most only get as far as saying "threads are messed up" and finally I figure out the problem is their display mode got changed somehow.

Display modes should be stored in the database like most user preferences or at least changing it to POST, Stephen is very right in saying "this is wrong, IPB should strip its own settings from URLs to itself, the same can be said for the skin and language settings which are appended to the URL if you change them."

Link to comment
Share on other sites
Strange_Will Apprentice

Strange_Will

Posted
Posted

Another thing you can do, you can require a 'hash key' created from something user specific (or session specific) and require this key for certain commands to be run.

Basically:
index.php?mode={display_mode}&hashkey={( 1/2 sessionkey )+ hashed }

It's what I'm doing with all system commands that can be executed with one GET query.

Link to comment
Share on other sites
Nils Collaborator

Nils

Posted
Posted

Another thing you can do, you can require a 'hash key' created from something user specific (or session specific) and require this key for certain commands to be run.



Basically:




It's what I'm doing with all system commands that can be executed with one GET query.


Yeah, that's what I meant by an "unique md5 key".

I'm still voting for "make setting registered users-only and save it in UCP" though.
Link to comment
Share on other sites
  • 1 month later...
  • 1 year later...

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...