1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How To Disable 'Please Confirm' Style Switch?

Discussion in 'XenForo Questions and Support' started by DRE, May 27, 2012.

  1. DRE

    DRE Well-Known Member

  2. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

  3. DRE

    DRE Well-Known Member

    Don't know what a csrf attack is but if you click that link while viewing it as a guest, it does not give you a confirmation page. It just automatically takes you to the style. What's wrong with that while being logged in?
     
  4. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    For example, some one could put an IMG tag in their signature that loads the "style switch" URL, thereby changing the style preference of all registered users who view their sig.
     
  5. DRE

    DRE Well-Known Member

    Lmaooo i remember there being similiar tricks in vb3 where peeps would lose all of their thread subscriptions cause of a deceptive link.
     

Share This Page