search

plebbit / plebbit-react

A GUI for plebbit
https://plebbitapp.eth.limo
GNU General Public License v2.0
35 stars 6 forks source link

An incorrect thread URL should redirect #290

Closed plebeius-eth closed 1 year ago

plebeius-eth commented 1 year ago

If I navigate to https://plebbitapp.eth.limo/#/p/business-and-fance.eth/c/QmXBQv3svduVyrD8GzSMg17YHYFQnRKCdor6st2NFrdaSH I see the thread correctly because the comment CID is correct, but the subplebbit address has a typo yet it's still being loaded. It should redirect automatically.

But if the comment cid is wrong too, then the page will break instead of redirect to a 404 page:

Image

I just fixed this on plebchan with this code:

const { subplebbitAddress, threadCid } = useParams();
const subplebbit = useSubplebbit({subplebbitAddress: comment.subplebbitAddress});
const selectedAddress = subplebbit.address;

useEffect(() => {
    // If selectedAddress is undefined, navigate to the NotFound page.
    if ( comment.state !== "initializing" && selectedAddress === undefined) {
        navigate('/404');
    }
    // Else, check if the subplebbitAddress from the URL parameters matches the selectedAddress.
    else if (comment.state === "failed" && subplebbitAddress !== selectedAddress) {
        // If they don't match, navigate to the correct URL.
        navigate(`/p/${selectedAddress}/c/${threadCid}`);
    }
}, [subplebbitAddress, selectedAddress, navigate, threadCid, comment.state]);
estebanabaroa commented 1 year ago

a wrong sub address should not redirect, it should error, otherwise people can trick others into visiting subs they dont want. you can put the CID of a NSFW sub and put a SFW sub into the url and trick people into visiting NSFW subs.

plebeius-eth commented 1 year ago

a wrong sub address should not redirect, it should error, otherwise people can trick others into visiting subs they dont want. you can put the CID of a NSFW sub and put a SFW sub into the url and trick people into visiting NSFW subs.

Right I forgot about that, a sub redirect shouldn't happen. But that's one part of the issue. A 404 page redirect should happen for an invalid comment CID because otherwise the thread view will load forever and show p/undefined (see above screenshot). Without a 404 redirect, or an error toast, the user will think that there's something wrong with the client.

Not sure if you fixed it, I just did this:

  useEffect(() => {
    if ( comment.state === "failed" && selectedAddress === undefined) {
      navigate('/404');
    }
  }, [selectedAddress, navigate, comment.state]);
estebanabaroa commented 1 year ago

a wrong sub address should not redirect, it should error, otherwise people can trick others into visiting subs they dont want. you can put the CID of a NSFW sub and put a SFW sub into the url and trick people into visiting NSFW subs.

Right I forgot about that, a sub redirect shouldn't happen. But that's one part of the issue. A 404 page redirect should happen for an invalid comment CID because otherwise the thread view will load forever and show p/undefined (see above screenshot). Without a 404 redirect, or an error toast, the user will think that there's something wrong with the client.

Not sure if you fixed it, I just did this:

  useEffect(() => {
    if ( comment.state === "failed" && selectedAddress === undefined) {
      navigate('/404');
    }
  }, [selectedAddress, navigate, comment.state]);

I think a 404 on plebchan is fine, but on plebbit-react I think I would rather display a custom error that explains that the link is malicious and trying to trick the user. But this is very low priority, I dont think it matters if someone posts a malicious links and it stalls forever for now.