BuddyDev

Search

Activity Shortcode Plugin – Ajax Posts

  • Participant
    Level: Enlightened
    Posts: 53
    David Levi on #17993

    Hey Brajesh,

    Can we expect an update on this today?

    Thanks.

  • Keymaster
    (BuddyDev Team)
    Posts: 24706
    Brajesh Singh on #18004

    Hi David,
    I am sorry but I have decided to go against including it for now. I will explain why:-

    1. With shortcode, we don’t have any idea of state between requests.

    2. If we allow the hide_sitewide option it will expose the site data unless we force that load more will not work in case hide_sitewide is used.

    In case of load more, we maintain the state by keeping the shortcode options as hidden form fields. A user can easily manipulate the form fields and see the hidden activities of others.

    At the moment, even if a user manipulates the fields, they won’t be able to see private activities.

    There is a solution to this that we disable ajax loading and use paginated activities. In that case, the options are not dependent on user and will not be a security issue.

    If you want me to enable it with second option, Please let me know and I will enable it.

    Regards
    Brajesh

  • Participant
    Level: Enlightened
    Posts: 53
    David Levi on #18013

    I will see if there is an option that I can use the groups in a matter that is not hidden for now, and see if we can go from there.

    Maybe this is something you guys can put on the todo list to figure out how to approach this issue.

    We defiantly do not want to leak unwanted data.

    Thank you,

You must be logged in to reply to this topic.

This topic is: not resolved