Jump to content

Suggestion: URLs containing "&mode={display_mode}"


Guest TCWT

Recommended Posts

Posted

Totally agreed. Countless members on our forums have been switched over and then post in feedback asking about fixing it.

To make things worse, when any other display mode but the standard is selected, a whole bunch of "IPB ERROR: division by zero in blahblahblah" errors show up in the headers of any topic and forum view. >_>

Posted

You guys have to understand the reason why it is set as a cookie... It's because guests do not have a place in the database to save settings, and this feature is usable to guests, provided that they can see a topic at all.

I don't see how someone could post a link to change someone's view unless they do it on purpose. The only time I see this happening is when a search engine picks up a link from the drop down... And with that you can prevent a search engine from indexing those links through robots.txt.

Posted

The only way to use POST without changing the interface (i.e link in drop down) would be to use javascript. Without javascript you would have to use a submit button, and in both instances you need a forum. Redirecting the page from a GET wouldn't make any difference... it would be the same thing.

As I said before... The only place that the link would be present is in a drop down or a search engine link. Your best option is use robots.txt to prevent 90% of the search engines out there, including the main ones, from indexing topics with that parameter.

Posted

The only way to use POST without changing the interface (i.e link in drop down) would be to use javascript. Without javascript you would have to use a submit button, and in both instances you need a forum. Redirecting the page from a GET wouldn't make any difference... it would be the same thing.


You need Javascript to open the menu anyway, so that shouldn't be a problem. Or just keep using GET, but add an unique md5 key like with the logout link.

Still, I don't really see why this setting has to be kept for guests at all. If they want to keep their display mode, they should just register. If you got rid of this setting for guests, you could also move it to the UCP, where it belongs. Showing a permanent setting in some Javascript menu somewhere is horribly unintuitive anyway...
Posted

I don't see how someone could post a link to change someone's view unless they do it on purpose.


Quite easily, when you select the option it appends the option to the URL. If you then copy that URL and paste it into another topic, say as a reference, anyone who follows it would have their view changed.

Redirecting the page from a GET wouldn't make any difference... it would be the same thing.


No it wouldn't, the user would end up with a plain URL without it and so if they sent it to someone they wouldn't accidently change their view.

I agree with the topic poster, this is wrong, IPB should strip its own settings from URLs to itself, the same can be said for the skin and language settings which are appended to the URL if you change them.

Changing it to POST would also be a good idea, which is actually quite a standard convention, anything that makes changes should be POST so you can't trick others into making the same change themselves.
Posted

The only way to use POST without changing the interface (i.e link in drop down) would be to use javascript. Without javascript you would have to use a submit button, and in both instances you need a forum. Redirecting the page from a GET wouldn't make any difference... it would be the same thing.



As I said before... The only place that the link would be present is in a drop down or a search engine link. Your best option is use robots.txt to prevent 90% of the search engines out there, including the main ones, from indexing topics with that parameter.


The point of redirecting would be to prevent the user from copying it in the first place. Attack the problem from the other end.
Posted

The only time I see this happening is when a search engine picks up a link from the drop down... And with that you can prevent a search engine from indexing those links through robots.txt.



But 90% of admins won't know how this may affect their boards. The ones that realize it will take the necessary steps in robotx.txt. It's better to cater to everyone and find another way to do this.
Posted

I would like to see this changed as well, I've had a lot of my members message me trying to explain the problem but most only get as far as saying "threads are messed up" and finally I figure out the problem is their display mode got changed somehow.

Display modes should be stored in the database like most user preferences or at least changing it to POST, Stephen is very right in saying "this is wrong, IPB should strip its own settings from URLs to itself, the same can be said for the skin and language settings which are appended to the URL if you change them."

Posted

Another thing you can do, you can require a 'hash key' created from something user specific (or session specific) and require this key for certain commands to be run.

Basically:
index.php?mode={display_mode}&hashkey={( 1/2 sessionkey )+ hashed }

It's what I'm doing with all system commands that can be executed with one GET query.

Posted

Another thing you can do, you can require a 'hash key' created from something user specific (or session specific) and require this key for certain commands to be run.



Basically:




It's what I'm doing with all system commands that can be executed with one GET query.


Yeah, that's what I meant by an "unique md5 key".

I'm still voting for "make setting registered users-only and save it in UCP" though.
Posted

Yeah, that's what I meant by an "unique md5 key".



I'm still voting for "make setting registered users-only and save it in UCP" though.


Sorry I thought it was mentioned before but I didn't see it in the last few posts. >>
  • 1 month later...
  • 1 year later...
Posted

This has already been changed to a setting in My Controls, rather than topic view. This means URL's can't be pasted to change the view mode, and also people visiting from Google results won't have their view changed unexpectedly either.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...