Hacker Newsnew | comments | ask | jobs | submitlogin
DCoder 1432 days ago | link | parent

Using Firebug, FireQuery, jQuery no conflict as $jq, from inside a photo page (http://www.facebook.com/photo.php?pid=xxx&id=y) :

  var loc = window.location.href.match(/pid=(\d+)&id=(\d+)/);
  
  var args = {
  	pid: loc[1], // photo ID
  	id: loc[2], // request sender id? photo owner id? not sure, haven't tested, but my user ID worked when trying to remove someone from a photo in my album
  	subject: loc[2], // user ID to remove
  	name: '', // not checked
  	action: 'remove',
  	__a: 1,
  	fb_dtsg: $jq('input[name="fb_dtsg"]').val(),
  	post_form_id: $jq('#post_form_id').val(),
  	post_form_id_source: 'AsyncRequest'
  };
  
  $jq.post('/ajax/photo_tagging_ajax.php', args);
  
It doesn't update the UI. The fb_dtsg and post_form_id are required and seem to be anti-CSRF tokens. Haven't experimented enough to know if they can be reused multiple times.


TalSafran 1432 days ago | link

DCoder, I posted the original question on Stack-O. It's sending a request and getting 200 OK but is not actually removing the tag. Have you gotten it to actually work?

-----

DCoder 1431 days ago | link

Sorry, I hadn't tested that enough. Here's a revised version that works better. Tested and removed my tag from another account's photo correctly. Unfortunately the CSRF tokens are not updated in the response, so you cannot run multiple requests without retrieving new tokens (opening another page should be enough).

  var loc = window.location.href.split('?')[1].split('#')[0].split('&');
  var qs = {};
  $jq.each(loc, function(ix, el) {
   var m = el.split('='), k = m[0], v = m[1];
   qs[k] = v;
  });
  
  var args = {
  	pid: qs.pid, // photo ID
  	id: qs.id, // photo owner ID
  	subject: Env.user, // user ID to remove
  	name: '', // not checked
  	action: 'remove',
  	__a: 1,
  	fb_dtsg: Env.fb_dtsg,
  	post_form_id: Env.post_form_id,
  	post_form_id_source: 'AsyncRequest'
  };
  
  $jq.post('/ajax/photo_tagging_ajax.php', args);
It seems to me that now it should be easy to adapt this to work on the "photos of me" page if you don't mind reloading it after each removal - $jq('a.UIPhotoGrid_PhotoLink:first'); should find the first link to a photo, and you can tokenize it instead of window.location.href on the first line.

-----

user24 1432 days ago | link

that only does the current photo though, right?

-----

DCoder 1432 days ago | link

Yeah, that was the context in which the OP was trying to do it. And they're using auth tokens, which, if they're at all competent, cannot be reused to automate it. I'll see what can be done to improve it when I get back home.

-----

zackattack 1432 days ago | link

http://stackoverflow.com/questions/2855288/programmatically-...

I hope this is OK.. I'll delete it if you want. I just have such low Stack Overflow karma and you didn't seem to care.

-----

DCoder 1432 days ago | link

Nah, I don't mind. Hope it helps.

-----




Lists | RSS | Bookmarklet | Guidelines | FAQ | DMCA | News News | Feature Requests | Bugs | Y Combinator | Apply | Library

Search: