• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

How To Disable 'Please Confirm' Style Switch?

DRE

Well-known member
#3
Don't know what a csrf attack is but if you click that link while viewing it as a guest, it does not give you a confirmation page. It just automatically takes you to the style. What's wrong with that while being logged in?
 

Jake Bunce

XenForo moderator
Staff member
#4
For example, some one could put an IMG tag in their signature that loads the "style switch" URL, thereby changing the style preference of all registered users who view their sig.
 

DRE

Well-known member
#5
Lmaooo i remember there being similiar tricks in vb3 where peeps would lose all of their thread subscriptions cause of a deceptive link.