1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Don't use "www.YourDomain.com" in your addon options as an example

Discussion in 'Resource and Add-on Discussions' started by cclaerhout, Feb 14, 2013.

  1. cclaerhout

    cclaerhout Well-Known Member

    I thought a moment my dev server has been hacked after seeing some unsolicited redirection towards the host 1and1 with a affiliate id number:
    Code:
    http://www.1and1.com/?affiliate_id=322774
    But the problem was coming from an addon that had used in its options this kind of link as an example:
    Code:
    http://www.YourDomain.com/default/xenforo/gradients/
    The domain is valid and sends requests to 1and1. So the solution is simple: use another address as example.


    1and1.jpg
     
    ManOnDaMoon and Chris D like this.
  2. Dinh Thanh

    Dinh Thanh Well-Known Member

    Don't understand clearly how can they hack your site?
     
  3. cclaerhout

    cclaerhout Well-Known Member

    No no, I thought it was hacked but it wasn't. It was only a redirection from an admin option field that had used the given address as an example. I only tested the addon for some reasons and didn't modify the field. So it gives the above error & redirection in the console (see the screenshot).
     
  4. DRE

    DRE Well-Known Member

    What addon did that?

    Oh I see now. Yeah several of his addons does that. Kinda annoying.
     
    gordy likes this.
  5. cclaerhout

    cclaerhout Well-Known Member

    It's not the fault of the addon but only its example link inside its options, an option which I should have myself configured before. The purpose of this message is just an advice for addon developers. Nothing more.
     
  6. DRE

    DRE Well-Known Member

    That's nothing. I've installed his footer addon but he has nearly 20 links back to his own site pre-installed in the options. Was all that really necessary? Even Jaxel does that to some of his xenporta blocks.
     
    gordy and cclaerhout like this.
  7. lms

    lms Well-Known Member

    I'm really amazed. I do not understand this. But if it bothers you, I change by example links. It happens when I have configured the add-on on my server and exported to package and put it on XenForo.

    I will study this because I do not work or have worked with 1 & 1

    Salud2
     
  8. cclaerhout

    cclaerhout Well-Known Member

    Again, it's not your fault. Do a search on Internet and you will find many users have this problem. Someone registered the domain www.YourDomain.com and did a hidden redirection
     
  9. Chris D

    Chris D XenForo Developer Staff Member

  10. lms

    lms Well-Known Member

    Good idea.
    ./styles/default/xenforo/gradients or styles/default/xenforo/gradients ?

    Salud2
     
  11. lms

    lms Well-Known Member

    I will try to correct it. Thanks for noticing

    Salud2
     
  12. lms

    lms Well-Known Member

    If you go to web page "www.YourDomain.com" from spanish IP (like mine), get this image at top of page:
    2.png

    Translation: Sorry. If you are resident in Spain can't make purchases from this page.

    Curious, no?

    Salud2
     
  13. ManOnDaMoon

    ManOnDaMoon Well-Known Member

    Brandon Sheley and Chris D like this.
  14. Chris D

    Chris D XenForo Developer Staff Member

    Yeah Example.com is highly recommended over making up your own example as it is reserved (y)


    But... I still think wherever possible you should translate example URLs into the real board's URL.

    In my Friend Inviter add-on, for example, where I had instructions I could have said "In the box type http://yourUrl.com/google/callback as the redirect URL" Instead I used a templatePostRender on the template to replace the example URL with the site's REAL URL generated with the XenForo Link class. The benefit, of course, amongst other things, is it would always be the correct URL taking into consideration things like friendly URLs etc.

    It's also much easier for people to understand if they see their actual URL there.
     
    Mouth and Dan like this.

Share This Page