xb95 (xb95) wrote in lj_dev,

customview.cgi: Free vs. Paid Accounts

An interesting question was brought up in supportlounge at this link.

Basically, if you don't want to read it, there exists the ability for a free user to "hide" their friends page through overrides (see the above link for details). This ability does not exist for a paid user. There isn't a way to hide your friends page, since any user can use customview.cgi with the nooverrides command to view someone's friends page.

(In case you want to say, "just telnet to the server and download the page raw, meta refresh tags don't work if you're not viewing it in a browser", note that LJ apparently interprets a meta refresh header to return a HTTP 302 response with the new URL. You can't telnet in and get the page.)

This behavior is more than likely accidental, and perhaps something should be done. There are several options I can think of:

  1. Make paid users able to use customview.cgi on all accounts, not just other paid users. This has the advantage of being really easy, the disadvantage of introducing the possibility of a bunch of people sharing a paid account's access to use customview.cgi to make their free journal look pretty.

  2. Make a new userprop that allows your friends page to be private. This could make the list of Friends on your userinfo page private and would return a sort of error message when someone other than you tries to view your friends page. On the positive side, this is a more "clean" alternative and has been requested several times in suggestions, but on the other hand, it's been shot down there just as many times as it's been brought up.

  3. Remove the ability for free users to do this. This would require filtering for meta refresh tags within the overrides. Advantage of being effective without introducing any other bogies, but it's just putting water on the fire, so to speak.

Those are the three options I can think of. There are probably others. Anyway, I can implement any of these, if they sound good. This really isn't a horribly bad issue or anything, but it should be addressed.

Brad, Alan, anybody else, comments?

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded