About Topic reply notification

Lukas 1lukas1 at gmail.com
Sat Jun 4 14:07:18 UTC 2011 

Could a theme be hacked and if user come from email (by extra param in url),
Show the warning about not receiving further notifications + mini login box
*OR*
add a token (eg. $token =
$user_id.'-'.md5($user_name.$last_post_id.$secret)) to emails and mark
messages as read even if user is not loged. Since we knwo user ID from the
link, we can check if we can regenerate md5, if it matches, mark tread as
read. If user follows old link $last_post_id in DB doesn't mach expected by
the link, so doing nothing.

XSS won't work either due to secret :)

On 4 June 2011 16:40, Sayak Banerjee <sayakb at kde.org> wrote:

> Just found out that there is a reason why one needs to login to read a
> reply.
> Unless you read a topic while logged in, you will not receive any
> notifications for
> further replies on that topic. Hence, reverting my change.
>
> As a possible workaround, I'll think of a mobile theme that will aid
> loading the
> forum faster on mobile browsers.
>
> *
> Sayak Banerjee
> SE (Retail), Infosys Technologies Ltd.
> Webmaster, KDE Project
> Official: sayak_banerjee at infosys.com, sayakb at kde.org
> Personal: mail at sayakbanerjee.com
> *
>
>
>
> On Sat, Jun 4, 2011 at 7:03 PM, Sayak Banerjee <sayakb at kde.org> wrote:
>
>> Alright, this seems like a good workaround.
>> I've made the necessary changes so that the mails have #p<post_id> URLs.
>> Thanks for pointing this out.
>>
>> Regards,
>> *
>> Sayak Banerjee
>> SE (Retail), Infosys Technologies Ltd.
>> Webmaster, KDE Project
>> Official: sayak_banerjee at infosys.com, sayakb at kde.org
>> Personal: mail at sayakbanerjee.com
>> *
>>
>>
>> On Sat, Jun 4, 2011 at 2:29 AM, Lukas <1lukas1 at gmail.com> wrote:
>>
>>> Lets say you receive a notification with link like
>>> http://forum.kde.org/viewtopic.php?f=17&t=95178&p=197253&e=197253
>>> So it requires login. (on phone, logins is one of the TOP10 things annoys
>>> me the most. Its keyboard is just too small for that)
>>>
>>> But if the link gets trimmed like
>>> http://forum.kde.org/viewtopic.php?f=17&t=95178&p=197253
>>> No login is required.
>>>
>>> Or if you do something like *$new_link = str_replace('$e=', '#p',
>>> $old_link);* **it takes you to the exact message :)
>>> http://forum.kde.org/viewtopic.php?f=17&t=95178&p=197253#p197253
>>>
>>> Cheers,
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kde-www/attachments/20110604/d902e2e8/attachment.html>

More information about the kde-www mailing list