[mvandemar]

Quote:

Originally Posted by Simon

Oh, that means it should be a cross domain scripting issue. That could well mean we abandon the auto-voting alltogether. It's a security risk, and I don't think most new browsers will allow you to execute such code anyway.

Correct me if i'm wrong...

Doing it the standard way is in fact disallowed in most browsers, you are correct.

Quote:

Originally Posted by Simon

Can you show me an example where you can vote directly from the digg button?[/B]

Digg does not have this feature, no...

Quote:

Originally Posted by Simon

rather than remote voting via xmhttp, which is what I was unable to get working due to XSS issues

I have a way around the XSS issues if you are interested. I don't have time to code it myself at the moment, but can explain it to you if you think it is an important enough feature.

-Michael

[Simon]

Sure, as long as it is a secure way to do it I would be interested in how that works.

[mvandemar]

Quote:

Originally Posted by Simon

Sure, as long as it is a secure way to do it I would be interested in how that works.

Well, I'm not entirely sure what it is that makes cross browser scripting insecure in the first place, to be honest. PM'ing you how you can do what it is you want to accomplish though without using XMLHttp.

-Michael

[jrothra]

It seems like I'm the only one having trouble with the EVB... quite frustrating. Has any experienced the kind of problems I'm having and fixed them? What did they do? I've tried everything on this thread (I think). I must have missed something but not sure what.

[irsarahbean]

I'm having trouble with this... wordpress (i'm not sure about other blog programs) strips java from posts. So if someone wants to add this to their posts it does not work. Is there any way to call this EVB function without java? Or am I missing something obvious?

[Simon]

Quote:

Originally Posted by irsarahbean

I'm having trouble with this... wordpress (i'm not sure about other blog programs) strips java from posts. So if someone wants to add this to their posts it does not work. Is there any way to call this EVB function without java? Or am I missing something obvious?

I believe it only strips javascript if you use the admin template editor. I always edit templates directly via FTP, and have no problems.

I received the PM about a possible way around the inability to use xmlhttp, and I will try it out sometime, not sure when though...

[jrothra]

Quote:

Originally Posted by Simon

I received the PM about a possible way around the inability to use xmlhttp, and I will try it out sometime, not sure when though...

Forgive my ignorance, but what does "inability to use xmlhttp" mean? Is this related to this situation:
When someone votes on my site (www.faithtag.com), the link URL it sends them to is:

Code:

http://www.faithtag.com/login.php?return=http://www.faithtag.com/

This URL results in the following 406 error:

Quote:

Not Acceptable
An appropriate representation of the requested resource /login.php could not be found on this server.

Apache/1.3.37 Server at www.faithtag.com Port 80

However, when I take out the http:// and manually create the URL to read:

Code:

http://www.faithtag.com/login.php?return=www.faithtag.com/

Then it asks me to log in.

Is this what you mean by the inability to use xmlhttp?

[jrothra]

Quote:

Originally Posted by irsarahbean

I'm having trouble with this... wordpress (i'm not sure about other blog programs) strips java from posts. So if someone wants to add this to their posts it does not work. Is there any way to call this EVB function without java? Or am I missing something obvious?

Like Simon, I use an HTML editor to alter my blog page codes. Also, I do use Digg on the site which uses javascript and WordPress has no problem with it.

[Simon]

Just updated the EVB - see the first post for the new download. I added in a pliggit.php url, that checks whether a user is (a) logged in, (b) the url is in the database, (c) already voted, (d) if not voted, adds a vote and (e) returns you to the story page.

If story is not in the database you will be taken to the submit page, and if the user is not logged in you will be taken to the login page before anything else happens.

Demo here - would be helpful if you could check it for errors etc.

About the return issue...it should be nothing to do with xmlhttp, the return value should always be relative. So instead of return=http://www.faithtag.com/ it should be return=/ - at least that's the way I see it. I thought Pligg would do that for you automatically anyway when redirecting to a login page using the return value.

[jrothra]

Tested the new system, didn't work, same exact problem.

The EVB creates the same results... see here for my test.

Also, when I go to FaithTag, make sure I'm logged off, and click on the "Tag" (vote) button, it sends me to this URL:

Code:

http://www.faithtag.com/login.php?return=http://www.faithtag.com/

... and I get the same 406 error as earlier (see above post).

When I alter the URL to remove the http:// then it works fine.

When I upgraded, I completely deleted the old EVB diretory from my server and my PC... replaced both with the new one.

EDIT --
Forgot to include the code I used for putting the EVB on the blog page (it's WordPress 2.1).

Code:

<script type="text/javascript">submit_url = '<?php the_permalink() ?>';</script>
<script type="text/javascript" src="http://www.faithtag.com/evb/button.php"></script>