|
|
admin_bypass.png (9,682 bytes) |
|
|
I think personally it should stay in place but be reduced to 60 seconds. This is so there's less wait for staff, but it still protects against "double submitting" accidents. |
|
|
Even 60 seconds seems like overkill, maybe just a warning with a proceed button would be better. For admins and everyone else. I don't understand why a time limit needs to be part of this. |
|
|
^ I agree |
|
|
I think it's a good feature to have for spam protection (the time limit)... but your staff shouldn't be spamming anyway. If the time limit does get removed, I do suggest at least a warning for similar submitted content. |
|
|
Ok on reflection, the time limit is for a technical reason. It uses the admin logs to check for duplication, but of course naturally some titles may be repeated, especially over different categories - it can't distinguish categories, so it uses time as a reasonable alternative qualifier. I think the time limit could be configurable, there could be a privilege for bypassing a forced wait, and if that privilege is there it could be a click-through screen. OR instead of a time limit/wait... We could throw out the time limit and use the CSRF tokens instead. If something with a shared title and CSRF token was already submitted, we could use that as the qualifier. (We don't delete CSRF tokens upon posting btw, as that's super annoying, so CSRF tokens don't *automatically* prevent double submissions. It annoys me in MantisBT [here], you can't use the back button properly. We do expire them though.). |
|
|
"I think the time limit could be configurable, there could be a privilege for bypassing a forced wait, and if that privilege is there it could be a click-through screen." This gets my vote. Does the job intended but maybe the other method is a better fit overall. You can decide :) |
|
|
We discussed this in our live chat. The reporting happens on the calendar, where it's legitimate to make multiple entries with the same title. I think just having a proceed button is fine. It's not a security feature, as if someone wanted to flood a site they could write a bot to do it anyway - so the separate flood control settings are where you deal with this scenario. So, now a proceed button is implemented, works well. |
- Anonymous
