h2g2 The Hitchhiker's Guide to the Galaxy: Earth Edition

No validation appears to be performed on thread URLs, so any incorrect entry/user numbers passed are used as incorrect headings. For example � http://www.bbc.co.uk/h2g2/beta/entry/A42/conversation/view/F42/T7878070 � rather than being "H2G2 Read Only Beta", is given the title "Can you see this?" (presumably placeholder text for unavailable entries). Really, as the thread ID (501032) is the authoritative value, *its* parent and grandparent should be ascertained via the db/api to find the conversation name. (And ideally, the URL should be redirected to one with the correct Axxxx & Fxxxx values). Of course, it also allows spoofing - here's a conversation we never had: http://www.bbc.co.uk/h2g2/beta/user/U284/conversation/view/F99/T214

> Really, as the thread ID (501032)

Sorry, that should of course be (878070) - I'd originally used this URL as an example.

http://www.bbc.co.uk/h2g2/beta/entry/A42/conversation/view/F42/501032

Thank you. Logged and noted

Hi,

I was wondering when someone would pick up on that .

The response body from the Forum API being used on the ROBeta did not include the parent id, this prevented any form of validation.

We now have a ForumSource API which prevents spoofing and redirects as you suggested.

Thanks for the comments

Ben

Unfortunately this won’t be available until the full release.

Regards

> I was wondering when someone would pick up on that

Hi Ben - I smiled when I saw "Can you see this?" - I suspected it was some nicely written defensive coding, and had no doubt someone would be on the case

Explanation for any interested non-programmers:

Sometimes conditions arise in the inner working of a program, where a developer might think "well, that can't possibly happen" and do nothing about it.

With defensive programming (like defensive driving), you *expect* everything to go wrong, and code accordingly.

Quirky error messages that catch the user's eye are more likely to be reported, and usually serve as a memory jogger for the developer, too.

A certain application I once worked on used the message "Help, help, I'm being held hostage in a software factory" as the default text for critical error boxes.

Thank you Sean

> Thank you Sean

Very welcome - and thank you for the kind words on your latest update!

I'm thoroughly enjoying playing with this beta - reminds me of the Atomium (http://h2g2.com/A190090#back3) restoration; the faded aluminium panels are being replaced with shinier, more appropriate stainless steel