Hi,
I've been playing around with TubePress and think it's great, but I have stumbled across something that is giving me a nagging concern.
I have added a YouTube playlist to a page on my Wordpress site using TubePress shortcodes, that works fine.
My concern is that by adding "?tubepress_video=xxxxxxxxxxxxx" to the URL I can make it appear that another YouTube video is in the playlist, even though it's not.
For example if I wanted to add the first moon landing to the demo page on TubePress (http://tubepress.com/demo/) I just add that extra bit like this:
http://tubepress.com...deo=RMINSD7MmT4
and now suddenly it looks like the site's author intended the Moon Landing video was in their playlist. I'm putting the video on their site just be adjusting the URL!
What concerns me is that this enables an unscruplulous individual to circulate a URL that makes it look like my site somehow endorses their chosen video.
This is true it seems of the Pro version too.
http://tubepress.com...alone_php_demo/
becomes:
http://tubepress.com...em...MINSD7MmT4
with my 'moon landing' choice added.
Can anyone suggest a way to stop this happening - am I missing something here?
Thanks
EnJohn
Concerned over Playlist item 'injection' via URL
Started by Nigel Hayler, Sep 19 2011 11:10 AM
1 reply to this topic
#1
Posted 19 September 2011 - 11:10 AM
#2
Posted 21 September 2011 - 02:36 PM
Does anyone else find this worrying? It's putting me off using TubePress or buying the Pro version.
Is there any way I could get TubePress to check the id of the video sent in the url (i.e. ?tubepress_video=xxxxxxxx) against the id's of the videos actually in the playlist and only play the video if it matches?
Any thoughts much appreciated!
Is there any way I could get TubePress to check the id of the video sent in the url (i.e. ?tubepress_video=xxxxxxxx) against the id's of the videos actually in the playlist and only play the video if it matches?
Any thoughts much appreciated!