Jump to content
Sign in to follow this  
Followers 15
Geocaching HQ

Release Notes (Website: User profiles) - November 8, 2018

Recommended Posts

17 minutes ago, on4bam said:

 

Works like a charm but it should be fixed at GS' side so it works for everyone.

 

 

 

Can't even get this to work my side. Such a shame as all my links go to mailchimp which encrypts them anyway. I spent a lot of time making badges for local series that link to a larger version (to see the detail) hosted on my mailchimp account. Now all for nothing :(

Share this post


Link to post
46 minutes ago, Kaarthuul said:

I get the popup and say OK but it just opens another profile page instead of the link. The post above talked about changing the HREF link to go via geocaching.com but I could not get it to work?

 

You might have a popup blocker enabled. The hijacked links are working, if you get the confirmation popup - but the link opens in a new tab. The same tab will stay in the same profile page*.  Try disabling popup blocking for geocaching.com. I tested your profile and the badge images do appear in a new tab after hitting OK.

 

* as a side note, clicking a link returns to the top of the page because the click event isn't canceled, and since the hash in the link isn't an anchor, it scrolls to the top of the page - another very annoying browser quirk

Share this post


Link to post
56 minutes ago, Kaarthuul said:

Such a shame as all my links go to mailchimp which encrypts them anyway. I spent a lot of time making badges for local series that link to a larger version (to see the detail) hosted on my mailchimp account. Now all for nothing :(

There you said it.

All the efforts put in by users, by paying customors, to create nice banners and profil pages making the game more beatuifull are disrespectfully destroyed or mutilated.

  • Upvote 1

Share this post


Link to post
17 minutes ago, DerDiedler said:

to create nice banners and profil pages making the game more beautiful

Actually better caches would make this game more beautiful. Banners and Statistic Pages are not the core part of this game. At least they are not even a minor part of serious geocaching.

But "Each to his own" or "Jeder Jeck ist anders". 😉

 

Hans

Edited by HHL
  • Upvote 4
  • Funny 1
  • Helpful 1
  • Love 2

Share this post


Link to post
On 11/13/2018 at 2:16 PM, DerDiedler said:

There you said it.

All the efforts put in by users, by paying customors, to create nice banners and profil pages making the game more beatuifull are disrespectfully destroyed or mutilated.

 

And what about the paying customers (and non-paying) that would rather have a secure website instead of a pretty profile? This isn't a social media site.

Edited by igator210
  • Upvote 4
  • Love 2

Share this post


Link to post
29 minutes ago, igator210 said:

 

And what about the paying customers (and non-paying) that would rather have a secure website instead of a pretty profile? This isn't a social media site.

Agreed, even speaking as someone who had a "pretty profile".

 

I completely understand why JavaScript has been disabled, and have no problem with that part. The part that doesn't sit quite right is the way it was done. The general public was given no notice of this upcoming change, and therefore couldn't prepare in advance. Apparently some official partners were notified in advance, but were told they could use the staging server to test when that seems to have been an unsuitable test environment. In the end, nobody was ready for the change.

 

As usual, poor communication has led to undesired yet completely avoidable issues. With a reasonable amount of advance notice (say, 2-3 weeks), users and partners could have prepared for the change and there would have been much lower impact. If TPTB were worried about broadcasting that there was a vulnerability that was going to be fixed and that this could lead to exploitation, they need to consider that JavaScript vulnerabilities aren't exactly secret or new, so anyone who was going to exploit it probably already had. The downsides of announcing the change would likely have been negligible.

  • Upvote 4

Share this post


Link to post

OK. 

 

I have just spent a couple of days researching FTP, have downloaded an FTP program, learned how to use it, communicated with my ISP regarding settings in the FTP program, uploaded my highly detailed statistics to my ISP's web site, changed my profile on this web site to provide a link to my, now hosted externally, statistics.

 

Excellent!

 

Except Groundspeak have stuffed the link so it loops back to my profile and doesn't connect to the ISP's site.

 

NOT HAPPY.

  • Upvote 1

Share this post


Link to post

Looking for the link you're referring to. But, if you use the left click or tap, the link should work (except that now they're not even opening the link in a new tab).  If you do any other action on the link (middle click, or right click and open in new tab or window, etc) then the link won't work as intended.

 

Seriously, this needs to be fixed asap. Ridiculous and unnecessary href link hijacking.

  • Upvote 2

Share this post


Link to post

I changed it all back, so it isn't there any more.

 

I left-clicked it, got a message about leaving GS, said OK or whatever, then just got my profile.

 

I'll change the profile back, so you can try it.  Give me a few minutes...

Share this post


Link to post

Ignore previous rant, for some reason my browser had a pop-up blocker set for grounspeak.    No idea why, I've never set any pop-up blocker.

 

Colour me embarrassed

  • Helpful 1

Share this post


Link to post

Ah, yep. Another reason why this link hijack is a Bad Idea.

  • Upvote 1

Share this post


Link to post
On 11/12/2018 at 1:41 PM, thebruce0 said:

Yes. Links were left as the user left them in the source html. They are now hijacked during HTML sanitizing for gc.com script interception. Now, "Open in new tab" opens the same GC profile page because the URL is the same as current - the profile page you're looking at. The hijack is in place by appending a hash to the URL which the GC script recognizes, so that it can intercept the link, prompt the confirmation, then follow through with the original URL (which can only be done via the GC script, not with standard browser behaviour).

 

Before the change, the link was just the destination URL. Browser actions on the link were normal. "Open in a new tab" would open the intended destination URL in a new tab. Not so now.

I'm not sure what is different, but the right-click "open in new tab" is giving me different results than a few days ago.  Still using the same version of Firefox (63.0.1).

 

On the 12th, if I did a "right-click->open in new tab" on the PGC section of someone's profile, then it would open a new tab with that cacher's geocaching.com profile.  And nothing on that profile would be clickable.

Now, on the 16th, if I do a "right-click->open in new tab" on the PGC section of someone's profile, then a new tab opens with that cacher's geocaching.com profile.  BUT, then the pop-up window about leaving the site appears, I click "OK", and then that tab opens to the cacher's PGC profile.

  • Upvote 1

Share this post


Link to post
2 hours ago, noncentric said:

I'm not sure what is different, but the right-click "open in new tab" is giving me different results than a few days ago.  Still using the same version of Firefox (63.0.1).

  

On the 12th, if I did a "right-click->open in new tab" on the PGC section of someone's profile, then it would open a new tab with that cacher's geocaching.com profile.  And nothing on that profile would be clickable.

Now, on the 16th, if I do a "right-click->open in new tab" on the PGC section of someone's profile, then a new tab opens with that cacher's geocaching.com profile.  BUT, then the pop-up window about leaving the site appears, I click "OK", and then that tab opens to the cacher's PGC profile.

Yep. Now everything but a simple left-click is broken. :( :cry:

Share this post


Link to post

"Hey wait! You’re about to leave Geocaching.com. Are you sure you want to do that?"

"( ) Allow dialogues from www.geocaching.com to take you to their tab"

(Or similar words.  I only saw it once.)

 

What is the meaning of the tortured English I've highlighted in bold?  Take you to their tab?  What?!?

 

(BTW, "dialog boxes" in Canadian English are spelt "dialog boxes", in case you're trying to translate.  No need to translate that word.  Dialogue isn't a computer term up here, it's when people talk.)

 

Why did this only appear once?  If that's intentional, shouldn't there be a "don't ask again" or similar gadget?

 

*** E161118: Parse Error - unable to detect Language ***

Share this post


Link to post

Popup blockers are having a hayday with this messup...  What's browser? What's website? What's normal?  *headdesk*

Share this post


Link to post
2 hours ago, niraD said:
4 hours ago, noncentric said:

I'm not sure what is different, but the right-click "open in new tab" is giving me different results than a few days ago.  Still using the same version of Firefox (63.0.1).

  

On the 12th, if I did a "right-click->open in new tab" on the PGC section of someone's profile, then it would open a new tab with that cacher's geocaching.com profile.  And nothing on that profile would be clickable.

Now, on the 16th, if I do a "right-click->open in new tab" on the PGC section of someone's profile, then a new tab opens with that cacher's geocaching.com profile.  BUT, then the pop-up window about leaving the site appears, I click "OK", and then that tab opens to the cacher's PGC profile.

Yep. Now everything but a simple left-click is broken. :( :cry:

With left-click:  The issue I'm seeing is that different profiles behave differently with left-click.  I click on the PGC section of one cacher's profile (NYPC) and the PGC page opens in a new tab - the same action on the PGC section of another cacher's profile (Mineral2) causes the PGC page to open within the same tab. Not sure if there's something different in the cacher's profile coding or something else.

 

Share this post


Link to post

Are all servers behind the load balancer running identical versions of the website?

 

Or is someone tinkering with a live server?

Share this post


Link to post
7 hours ago, noncentric said:

With left-click:  The issue I'm seeing is that different profiles behave differently with left-click.  I click on the PGC section of one cacher's profile (NYPC) and the PGC page opens in a new tab - the same action on the PGC section of another cacher's profile (Mineral2) causes the PGC page to open within the same tab. Not sure if there's something different in the cacher's profile coding or something else.

 

 

It could be how the link is created on different profiles.  The "target" attribute in an anchor tag determines whether to open a link in the current page or as a new page.   I didn't notice that clicking on the PGC image was triggering a pop-up blocker at first, but once I white-listed geocaching.com,  a left-click on the PGC image would bring up the "you are leaving the site" dialog box, then clicking ok would redirect to the project-gc page.

Share this post


Link to post

GSAK seems to have updated FindStatGen3 (V4.6.3) and released it on 11/17/18 so that the fonts and links work for me.  My profile information is back the way it used to appear and work.

Share this post


Link to post
3 hours ago, Nothereeither said:

GSAK seems to have updated FindStatGen3 (V4.6.3) and released it on 11/17/18 so that the fonts and links work for me.  My profile information is back the way it used to appear and work.

But Javascript is still gone.  No tabs and no collapsible HTML

Edited by Gill & Tony
  • Upvote 1

Share this post


Link to post
On 11/10/2018 at 4:41 PM, Gill & Tony said:

Can anyone explain to me why European law applies in the US or any other non-European country?  I mean, if an EU citizen chooses to visit the US physically, they are subject to US law.  Why is it different if they choose to visit virtually?

They aren't just visiting, they are paying if they are premium members, so GS is definitely doing business in Europe.  But even if they weren't paying, the law applies to sites collecting personal information on EU citizens, so GS can either ban Europeans entirely or it can follow the GDPR.  It works in reverse too: European companies are often compelled to choose either to follow some US rule or be banned from the US market.

  • Upvote 1

Share this post


Link to post

I know GS's standards are low, but this is taking things to a whole new level. If you would have any interest AT ALL in what your users are doing, you would NOT have implemented such a stupid update that 'just' breaks every user's profile page. Unbelievable.

  • Upvote 3

Share this post


Link to post
On 11/28/2018 at 7:35 AM, not2b said:

They aren't just visiting, they are paying if they are premium members, so GS is definitely doing business in Europe.  But even if they weren't paying, the law applies to sites collecting personal information on EU citizens, so GS can either ban Europeans entirely or it can follow the GDPR.  It works in reverse too: European companies are often compelled to choose either to follow some US rule or be banned from the US market.

I'm not trying to be snide here, but that seems to mean that the US government (and any other non-EU government) has to apply EU law because they collect personal information from EU citizens whenever an EU citizen crosses their border and their passport details (and visa details) are recorded.  Is that correct?

Share this post


Link to post

Yes, the have to follow EU law, but as you might expect, there are special rules for law enforcement/government. We can't have our data deleted from the finance dept. servers. :rolleyes:

A webshop will have to delete your data but there are exceptions if it's needed to keep them for warranty and/or for bookkeeping reasons (tax reasons).

 

Share this post


Link to post
On 11/29/2018 at 6:59 AM, Vooruit! said:

I know GS's standards are low, but this is taking things to a whole new level. If you would have any interest AT ALL in what your users are doing, you would NOT have implemented such a stupid update that 'just' breaks every user's profile page. Unbelievable.

Nothing was broken on my profile page by this update.

  • Upvote 3

Share this post


Link to post

Not every user. Only those that employed javascript for any reason.  And some link mechanics.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 15

×