Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
This post was updated on Feb 26, 2009; 5:33pm.
I saw ;cid= on more than a few occasions. I can't say how recently, and I can't recall the browsing environments, but I saw that string often enough to spark my curiosity long before I saw Steve Diamond quote a URL of this type. @ Nabble Where, if anywhere, is ;cid= most likely to appear inappropriately? I'm happy to test in a few browsers with some embedded and non-embedded forums created by me. Regards Graham Postscript: <http://n2.nabble.com/forum/Search.jtp?query=%3Bcid%3D&sort=date&local=y&forum=1> |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
This post was updated on Feb 26, 2009; 5:34pm.
1. make a forum private
2. embed the forum 3. force redirection 4. follow that direction 5. within the redirected embedded private forum: search for something that exists 6. observe the search results. Observation Links to found items include the ;cid= string. Whether the issue is reproducible without forced redirection, I don't know. Haven't tested. Screen shots Focus on the status bar of the Safari window; as I mouse over the search results, the ;cid= part of the URL is apparent: Background I read <http://n2.nabble.com/reference-from-embedded-search-result-fails-to-lead-to-the-required-post-tp950354p950354.html> and thought, Nabble in Plone … forced redirection. Regards Graham |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
The bug that included the cid parameter in permalinks for embedded forums has apparently been fixed. (That was the source of the links I had posted earlier.) But my results, like yours, Graham, also show the cid parameter present in the search results links. Notice, too, that cid is present not only in the links to the posts but also in the link to the forum (where it says in your example "Found 1 matching posts for xylophone in [link to forum] ...").
Steve |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
The cid value MUST be displayed in forum URLs when the browser blocks third-party cookies. This is not a bug. All you should know is that permalinks don't need this information.
Regards, Hugo Teixeira Nabble.com |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
FWIW, this makes perfect sense to me in the context of the search results screen, especially since those links are very unlikely to be used except by the current user who's doing the search. Steve |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
In reply to this post by Hugo <Nabble>
If a cid value is gained by a Nabble user other than the first user to whom the value was offered, then (for example) might a post by that second user be misinterpreted as a post by the first?
Aiming to understand this from a privacy/security perspective. Thanks again Graham Postscript: edited posts within this topic to use an alternative to the word bug. |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
No. The cid value is tied to the user IP and other variables that keep things secure. Regards, Hugo Teixeira Nabble.com |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Thanks - resolved :)
|
Free forum by Nabble | Edit this page |