Check for the timestamp to prevent users from assigning flags to other posters

[26000]

Hey! Extraflags are nice! While I was exploring the source (wanted to know how it works, thought it adds invisible characters to the post or something like this), I found out that it doesn't check if the flag was assigned by the one who have written the post or by somebody else. E. g.

curl --data "post_nr=1&board=bant&regions=Murmansk Region" http://whatisthisimnotgoodwithcomputers.com/int/post_flag_api2.php

assigns Murmansk Region flag to the first post... Works if the original poster hasn't assigned a flag themself.

I have an idea how to fix that. You should save a timestamp of the post and give it to the user when they ask for flags for posts. And the userscript would check if the post timestamp is the same with the extraflags entry timestamp (±30s maybe).

Firstly thought the backend would check if the timestamp is appropriate, but then realized it would take a lot of bandwidth and would probably get you banned out of 4chan.

And not to disable all older posts' flags, just send the timestamp only for the new ones. If no timestamp, then the flags are probably real (no way to check if they are).

Thanks!

[maluhia]

I see what you mean. PK (WhatIsThisImNotGoodWithComputers) knows the intricacies of the code, though doesn't maintain it much nowadays. I will email and ask if he can implement it.

[WhatIsThisImNotGoodWithComputers]

There is no way to completely mitigate this problem, only to minimize the impact. I can let the database generate timestamps if you want to create a fix for this.

[26000]

@maluhia, thanks!

@WhatIsThisImNotGoodWithComputers, sorry, I'm not into JS much (I can code, but my JS code is shit) and I don't have enough time... Maybe later.