Gleb Gamow (OP)
In memoriam
VIP
Legendary
Offline
Activity: 1428
Merit: 1145
|
|
June 25, 2016, 08:51:39 PM |
|
https://bitcointalk.org/index.php?topic=1521348.msg15303430#msg15303430I don't think that one should be able to embed content above the post's user's profile/above the fold. Here's the code that I just changed to in seeing if you can make heads or tails as to how was accomplished, for I'm at sea. [tr][td][/td] [td][url=https://bitcointalk.org/index.php?action=profile;u=537536][b]xavier77[/b][/url][/td] [td](F)[/td] [td][color=red][b]N[/b][/color][/center][/td] [td][url=https://bitcointalk.org/index.php?topic=1521348.msg15330030#msg15330030]June 23 03:28:12 AM[/url][/td] [td]218[/td][/tr] It was changed from: [tr][td]109[/td] [td][url=https://bitcointalk.org/index.php?action=profile;u=537536][b]xavier77[/b][/url][/td] [td](F)[/td] [td][center]Q[/center][/td] [td][url=https://bitcointalk.org/index.php?topic=1521348.msg15330030#msg15330030]June 23 03:28:12 AM[/url][/td] [td]218[/td][/tr] EDIT: Found out how it was done prior to posting this thread. The following was omitted: Not sure to what ends/extent, but I'm pretty sure a nefarious hacker could exploit such a glitch.
|
|
|
|
Cyrus
Ninja
Administrator
Legendary
Offline
Activity: 3808
Merit: 3012
|
|
June 26, 2016, 12:53:54 AM |
|
I've contacted theymos about it.
|
|
|
|
Gleb Gamow (OP)
In memoriam
VIP
Legendary
Offline
Activity: 1428
Merit: 1145
|
|
June 26, 2016, 01:26:00 AM |
|
I've contacted theymos about it.
Hey, I forgot something. Do I send you or theymos my bitcoin wallet address for my 35 BTC finders fee?
|
|
|
|
Felimon
|
|
June 26, 2016, 01:57:56 AM |
|
The bug was not displayed on my side. What browser you are using? I'm using chrome.
|
|
|
|
Accountbr
Member
Offline
Activity: 70
Merit: 10
|
|
June 26, 2016, 02:36:32 AM |
|
I've contacted theymos about it.
Hey, I forgot something. Do I send you or theymos my bitcoin wallet address for my 35 BTC finders fee? You can't get a finders fee if you posted in public.
|
YuTü.Ço.in: Çommoditizing YouTube Çontent Çreator$' Brand$
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5250
Merit: 13099
|
|
June 26, 2016, 04:02:51 AM |
|
I think that this is no security risk whatsoever, but just to be safe I made the bbcode parser return an error in this case.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2926
Merit: 2347
|
|
June 26, 2016, 04:12:20 AM |
|
Do you think this might have something to do with the issue with tables that Dogie was having earlier today? (Maybe both issues have the same root cause).
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5250
Merit: 13099
|
|
June 26, 2016, 04:51:40 AM |
|
Do you think this might have something to do with the issue with tables that Dogie was having earlier today? (Maybe both issues have the same root cause).
That seems very unlikely.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Gleb Gamow (OP)
In memoriam
VIP
Legendary
Offline
Activity: 1428
Merit: 1145
|
|
June 26, 2016, 06:19:48 AM Last edit: June 26, 2016, 06:30:18 AM by Gleb Gamow |
|
The bug was not displayed on my side. What browser you are using? I'm using chrome.
I first noticed it in Chrome, but the screenshot was of it via IE, thinking at first that it may have been a browser glitch. I see that theymos resolved the issue, but I'm gonna see if I can recreate it, so if BCT goes down in the next few minutes, blame Vod.
|
|
|
|
ndnh
Legendary
Offline
Activity: 1302
Merit: 1005
New Decentralized Nuclear Hobbit
|
|
June 26, 2016, 07:29:34 AM Last edit: June 26, 2016, 07:43:22 AM by ndnhc |
|
I think that this is no security risk whatsoever, but just to be safe I made the bbcode parser return an error in this case.
INVALID BBCODE: unclosed tags sounds a little misleading since it happens when the center tag is closed without opening. INVALID BBCODE: bad table usage better Is it possible that there can be more cases like this since this is the second time this thing comes up? I will also try to reproduce it, just for the fun.
|
|
|
|
ndnh
Legendary
Offline
Activity: 1302
Merit: 1005
New Decentralized Nuclear Hobbit
|
|
June 26, 2016, 07:48:56 AM |
|
Occurs when a closing tag of an unopened tag appears inside a table. 1. INVALID BBCODE: bad table usage (The table tag can be closed. Has nil effect) size, font, glow, image, url..... and everything else. 2. INVALID BBCODE: unclosed tags
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5250
Merit: 13099
|
|
June 26, 2016, 02:21:47 PM |
|
INVALID BBCODE: unclosed tags sounds a little misleading since it happens when the center tag is closed without opening. INVALID BBCODE: bad table usage better Is it possible that there can be more cases like this since this is the second time this thing comes up? I will also try to reproduce it, just for the fun. OK, I changed both errors to "close of unopened tag in table". There are a variety of ways to produce invalid HTML, but usually it's not a huge problem because the effects are confined to within your own post. It's possible that there are additional undiscovered ways to do especially disruptive things. In this case, the old code path was for inline tags and the new code path which I missed last time was for block tags. (They're in very different places in the code, and not obviously related.) I don't think that anyone really understands the SMF bbcode parser: it looks like someone quickly coded up some mainly regex-based parser that sort of worked, and then people have been constantly tweaking it to fix its bugs for 10+ years. It's terrible. I've long been thinking that I should write a proper parser in C using the traditional lex+yacc tools.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
ndnh
Legendary
Offline
Activity: 1302
Merit: 1005
New Decentralized Nuclear Hobbit
|
|
June 28, 2016, 01:42:52 PM |
|
INVALID BBCODE: unclosed tags sounds a little misleading since it happens when the center tag is closed without opening. INVALID BBCODE: bad table usage better Is it possible that there can be more cases like this since this is the second time this thing comes up? I will also try to reproduce it, just for the fun. OK, I changed both errors to "close of unopened tag in table". There are a variety of ways to produce invalid HTML, but usually it's not a huge problem because the effects are confined to within your own post. It's possible that there are additional undiscovered ways to do especially disruptive things. In this case, the old code path was for inline tags and the new code path which I missed last time was for block tags. (They're in very different places in the code, and not obviously related.) I don't think that anyone really understands the SMF bbcode parser: it looks like someone quickly coded up some mainly regex-based parser that sort of worked, and then people have been constantly tweaking it to fix its bugs for 10+ years. It's terrible. I've long been thinking that I should write a proper parser in C using the traditional lex+yacc tools. Cool! I am really good at messing up bbcode and those two are the only issues have had yet (the narrow first column and (one of) the closing tag in table thingy here). I think nothing disruptive can be done with bbcode. We should be safe I don't think that anyone really understands the SMF bbcode parser Totally agree
|
|
|
|
Spoetnik
Legendary
Offline
Activity: 1540
Merit: 1011
FUD Philanthropist™
|
|
June 30, 2016, 03:35:23 AM |
|
The bug was not displayed on my side. What browser you are using? I'm using chrome.
I first noticed it in Chrome, but the screenshot was of it via IE, thinking at first that it may have been a browser glitch. I see that theymos resolved the issue, but I'm gonna see if I can recreate it, so if BCT goes down in the next few minutes, blame Vod. ..we do And wow look at you Bruno you just a regular ole hacker / bug finder hard at work like a busy bee finding them bugs like a trooper looking for that "finders fee" ahahahhaha 35 BTC ? HOLY COW MAN ! ..you reported it so it's all good
|
FUD first & ask questions later™
|
|
|
Gleb Gamow (OP)
In memoriam
VIP
Legendary
Offline
Activity: 1428
Merit: 1145
|
|
July 01, 2016, 01:27:42 AM |
|
The bug was not displayed on my side. What browser you are using? I'm using chrome.
I first noticed it in Chrome, but the screenshot was of it via IE, thinking at first that it may have been a browser glitch. I see that theymos resolved the issue, but I'm gonna see if I can recreate it, so if BCT goes down in the next few minutes, blame Vod. ..we do And wow look at you Bruno you just a regular ole hacker / bug finder hard at work like a busy bee finding them bugs like a trooper looking for that "finders fee" ahahahhaha 35 BTC ? HOLY COW MAN ! ..you reported it so it's all good I meant 35 XRA. Rumor has that that shit's goin' to da moon.
|
|
|
|
Gleb Gamow (OP)
In memoriam
VIP
Legendary
Offline
Activity: 1428
Merit: 1145
|
|
July 01, 2016, 01:32:57 AM |
|
The bug was not displayed on my side. What browser you are using? I'm using chrome.
I first noticed it in Chrome, but the screenshot was of it via IE, thinking at first that it may have been a browser glitch. I see that theymos resolved the issue, but I'm gonna see if I can recreate it, so if BCT goes down in the next few minutes, blame Vod. ..we do And wow look at you Bruno you just a regular ole hacker / bug finder hard at work like a busy bee finding them bugs like a trooper looking for that "finders fee" ahahahhaha 35 BTC ? HOLY COW MAN ! ..you reported it so it's all good I meant 35 XRA. Rumor has that that shit's goin' to da moon.
|
|
|
|
Gleb Gamow (OP)
In memoriam
VIP
Legendary
Offline
Activity: 1428
Merit: 1145
|
|
October 27, 2016, 11:44:59 PM |
|
Since I'm now a certified coder , I thought I'd share with my fellow coder buddies a trick I came up after hours of research (or via happenstance) on how to quickly discover where the missing bracket is in a big table after doing several edits causing the INVALID BBCODE error to rear its ugly head. Simply remove the third to last bracket like below, preview the post by scrolling up, and you'll see exactly where the error lies. [/tr][/table]
[/tr[/table] Tomorrow's lesson will be on how to ingeniously depict three consecutive question marks without generating the Huh smiley --> . <fuck me in the ass. I meant that to be a joke, but pondered how to do such, coming up with a solution that I believe might work. gonna try it now> ??? <okay, so that didn't work , but I'm still a fuckin' genius.> FAKE EDIT (prior to posting): Okay, I have another idea on how to do it. Watch this, losers! ? .? .?
|
|
|
|
Foxpup
Legendary
Online
Activity: 4410
Merit: 3062
Vile Vixen and Miss Bitcointalk 2021-2023
|
|
October 28, 2016, 02:58:16 AM |
|
Why would you resort to such an ugly hack??? My way's better.
|
Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
|
|
|
Gleb Gamow (OP)
In memoriam
VIP
Legendary
Offline
Activity: 1428
Merit: 1145
|
|
October 28, 2016, 03:14:53 AM |
|
Why would you resort to such an ugly hack??? My way's better.
Dude, I've yet to get to the nobbc chapter, thus my other hack ... ???
|
|
|
|
|