- Author had a File in an Envato Bundle
- Author was Featured
- Bought between 50 and 99 items
- Exclusive Author
- Has been a member for 2-3 years
- Item was Featured
- Referred between 50 and 99 users
- Sold between 50 000 and 100 000 dollars
- United Kingdom
It appears they have found a solution…
http://imageshack.us/f/341/screenshot20120109at093.png/
- Sold between 10 000 and 50 000 dollars
- Author was Featured
- Contributed a Tutorial to a Tuts+ Site
- Referred between 1000 and 1999 users
- Bought between 10 and 49 items
- Repeatedly Helped protect Envato Marketplaces against copyright violations
- Has been a member for 2-3 years
- Exclusive Author
- Czech Republic
Sneek said
It appears they have found a solution… http://imageshack.us/f/341/screenshot20120109at093.png/
But when You click ok – You end up on blank page…
It would be nice if we have these important changes in our Dashboard, so noone miss it…
- Envato Staff
- Reviewer
- Sold between 10 000 and 50 000 dollars
- Author was Featured
- Item was Featured
- Has been a member for 4-5 years
- Bought between 50 and 99 items
- Contributed a Tutorial to a Tuts+ Site
- Beta Tester
quickandeasy said
any chance you can redirect the url to take you to the users profile? Just so all those links that are now spread around the site can be utilized
+1
- Microlancer Beta Tester
- Brazil
- Exclusive Author
- Sold between 10 000 and 50 000 dollars
- Most Wanted Bounty Winner
- Referred between 100 and 199 users
- Bought between 1 and 9 items
- Has been a member for 2-3 years
Bad news 
I need to change about 85 descriptions….
Any chance to redirect the users to the profile page like was said?
- Author had a File in an Envato Bundle
- Author was Featured
- Contributed a Blog Post
- Exclusive Author
- Has been a member for 3-4 years
- Interviewed on the Envato Notes blog
- Referred between 1 and 9 users
- Serbia
- Sold between 10 000 and 50 000 dollars
I don’t see how can anybody mislead somebody to follow them when there is pop-up message/alert (like shown on Sneek’s screenshot)??? I don’t get it…
- Microlancer Beta Tester
- Author had a Free File of the Month
- Has been a member for 3-4 years
- Item was Featured
- Author was Featured
- Austria
- Exclusive Author
- Referred between 200 and 499 users
urbazon said
I don’t see how can anybody mislead somebody to follow them when there is pop-up message/alert (like shown on Sneek’s screenshot)??? I don’t get it…
You’re not a coding dude I guess 
- Author was Featured
- Beta Tester
- Bought between 10 and 49 items
- Community Moderator
- Contributed a Blog Post
- Contributed a Tutorial to a Tuts+ Site
- Exclusive Author
- Grew a moustache for the Envato Movember competition
- Has been a member for 4-5 years
A good solution would be to do this:
if the POST variable authenticity_token is sent, continue as normal, otherwise:
load a webpage with some text which says “You are about to follow this user on the marketplaces, do you want to continue?” and display a form with its method as POST and target as the current page and a hidden input authenticity_token. and another one with something like display_page = true. (currently when authenticity_token is undefined it returns a blank page with a 404 header)
Then when the url is visited, and authenticity_token sent AND display_page is also sent via POST variables, instead of returning JSON data, it will return a page with a confirmation message.
sorted. All the old links work and there are no security holes!
I am right in thinking the url which was disabled is: marketplace.net/user/someone/follow right?
- Microlancer Beta Tester
- Repeatedly Helped protect Envato Marketplaces against copyright violations
- Contributed a Blog Post
- Author had a Free File of the Month
- Has been a member for 3-4 years
- Europe
- Bought between 10 and 49 items
- Referred between 1 and 9 users
- Exclusive Author
D’oh 
Too bad for the people who have to change ALL the descriptions of their items. But devs, I’m sure you are that cool to find a solution to this instead of disabling it! right? 
- Sold between 250 000 and 1 000 000 dollars
- Community Moderator
- Author was Featured
- Item was Featured
- Bought between 50 and 99 items
- Referred between 1000 and 1999 users
- Has been a member for 3-4 years
- Repeatedly Helped protect Envato Marketplaces against copyright violations
Reaper-Media said
A good solution would be to do this:if the POST variable authenticity_token is sent, continue as normal, otherwise:
load a webpage with some text which says “You are about to follow this user on the marketplaces, do you want to continue?” and display a form with its method as POST and target as the current page and a hidden input authenticity_token. and another one with something like display_page = true. (currently when authenticity_token is undefined it returns a blank page with a 404 header)
Then when the url is visited, and authenticity_token sent AND display_page is also sent via POST variables, instead of returning JSON data, it will return a page with a confirmation message.
sorted. All the old links work and there are no security holes!
I am right in thinking the url which was disabled is: marketplace.net/user/someone/follow right?
+1
Either that or Adam’s idea (redirect to profile) in the short term at least, otherwise we’re going to have a lot of confused customers and authors.
I certainly understand the need to plug the security hole. It’s really too bad when a few immoral authors ruin things for everyone 
- Author had a Free File of the Month
- Bought between 10 and 49 items
- Canada
- Exclusive Author
- Has been a member for 2-3 years
- Most Wanted Bounty Winner
- Sold between 5 000 and 10 000 dollars
Sneek said
It appears they have found a solution… http://imageshack.us/f/341/screenshot20120109at093.png/
Wasn’t this there for some time?
