113 posts
  • Has been part of the Envato Community for over 3 years
  • Has referred 50+ members
  • Has sold $40,000+ on Envato Market
  • Had an item featured in an Envato Bundle
+5 more
Sneek says

It appears they have found a solution…

http://imageshack.us/f/341/screenshot20120109at093.png/
1042 posts
  • Has sold $40,000+ on Envato Market
  • Made it to the Authors' Hall of Fame
  • Contributed a tutorial on Tuts+
  • Sells items exclusively on Envato Market
+6 more
survivor says

It appears they have found a solution… http://imageshack.us/f/341/screenshot20120109at093.png/

But when You click ok – You end up on blank page…

It would be nice if we have these important changes in our Dashboard, so noone miss it…

360 posts
  • Has referred 10+ members
  • Has sold $10,000+ on Envato Market
  • Has collected 50+ items on Envato Market
  • Member of the Envato Team
+8 more
Philo01 Envato team says

any chance you can redirect the url to take you to the users profile? Just so all those links that are now spread around the site can be utilized :)

+1 :)

1160 posts
  • Located in Brazil
  • Made it to the Authors' Hall of Fame
  • Had an item featured in a magazine
  • Won a Most Wanted contest
+8 more
RafaelOliveira says

Bad news :( I need to change about 85 descriptions….
Any chance to redirect the users to the profile page like was said?

2128 posts
  • Has been part of the Envato Community for over 4 years
  • Has referred 1+ members
  • Has sold $10,000+ on Envato Market
  • Interviewed on an Envato blog
+6 more
urbazon says

I don’t see how can anybody mislead somebody to follow them when there is pop-up message/alert (like shown on Sneek’s screenshot)??? I don’t get it…

2024 posts
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $250,000+ on Envato Market
  • Sells items exclusively on Envato Market
  • Contributed a free file of the month
+8 more
revaxarts says

I don’t see how can anybody mislead somebody to follow them when there is pop-up message/alert (like shown on Sneek’s screenshot)??? I don’t get it…

You’re not a coding dude I guess :P

4335 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has been a beta tester for an Envato feature
+11 more
Reaper-Media Volunteer moderator says

A good solution would be to do this:

if the POST variable authenticity_token is sent, continue as normal, otherwise:

load a webpage with some text which says “You are about to follow this user on the marketplaces, do you want to continue?” and display a form with its method as POST and target as the current page and a hidden input authenticity_token. and another one with something like display_page = true. (currently when authenticity_token is undefined it returns a blank page with a 404 header)

Then when the url is visited, and authenticity_token sent AND display_page is also sent via POST variables, instead of returning JSON data, it will return a page with a confirmation message.

sorted. All the old links work and there are no security holes! :-)

I am right in thinking the url which was disabled is: marketplace.net/user/someone/follow right? :P

1410 posts
  • Contributed a blog post
  • Has been part of the Envato Community for over 4 years
  • Located in Europe
  • Has been a beta tester for an Envato feature
+7 more
Stylius says

D’oh :S

Too bad for the people who have to change ALL the descriptions of their items. But devs, I’m sure you are that cool to find a solution to this instead of disabling it! right? ;)

3434 posts
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $500,000+ on Envato Market
  • Located in United States
  • Helps us moderate the forums
+10 more
sevenspark Volunteer moderator says

A good solution would be to do this:

if the POST variable authenticity_token is sent, continue as normal, otherwise:

load a webpage with some text which says “You are about to follow this user on the marketplaces, do you want to continue?” and display a form with its method as POST and target as the current page and a hidden input authenticity_token. and another one with something like display_page = true. (currently when authenticity_token is undefined it returns a blank page with a 404 header)

Then when the url is visited, and authenticity_token sent AND display_page is also sent via POST variables, instead of returning JSON data, it will return a page with a confirmation message.

sorted. All the old links work and there are no security holes! :-)

I am right in thinking the url which was disabled is: marketplace.net/user/someone/follow right? :P

+1

Either that or Adam’s idea (redirect to profile) in the short term at least, otherwise we’re going to have a lot of confused customers and authors.

I certainly understand the need to plug the security hole. It’s really too bad when a few immoral authors ruin things for everyone :x

938 posts
  • Has been part of the Envato Community for over 3 years
  • Has sold $5,000+ on Envato Market
  • Located in Canada
  • Has collected 10+ items on Envato Market
+3 more
graphicmind says

It appears they have found a solution… http://imageshack.us/f/341/screenshot20120109at093.png/

Wasn’t this there for some time?

by
by
by
by
by
by