PDA

View Full Version : Open Source Software Lab at Microsoft ?


Cthulhu
September 1st, 2006, 09:14
Code:

http://groups.google.com/group/mozilla.dev.planning/browse_frm/thread/622906b52581628e/a303e61ccb5c8149#a303e61ccb5c8149



JMI
September 1st, 2006, 11:49
Cthulhu:

Please surround such long URL or code in a "code box" to prevent the listing from over-extending the page. These are constructed by using CODE (surrounded by brackets) at the start and /CODE (surrounded by brackets) at the end. I would have listed them WITH the brackets, but that would create the code box itself.

Regards,

Silver
September 2nd, 2006, 12:22
JMI, you mean like this? [CODE]http://url.goes.here[/CODE]

Odd, that

JMI
September 2nd, 2006, 15:21
Strange! I did the three following test boxes. the first one has a return after the
entry and the word "content".

test [CODE]
content


The second has no returns.

test2
content

The third one is a direct copy and paste of your contents visible in the post.

test 3 JMI, you mean like this?
http://url.goes.here

As you can see, all of them produced the Code Box. So what did you do?

EDIT: I've now "reversed" your post using your "edit" button (we admin types can edit anybody's posts) and see that you used a COLOR CODE which seems to screw up the Code Box operation. In fact, when I just attempted to use the start of the COLOR CODE, without the ending COLOR CODE, it put all three of my boxes above into one big box. I notice you put the COLOR CODE before the start of the Box code and ended it before the end of the Box code. I'll have to play with it and see how it works in other configurations, because I have seen colored text inside Code Boxes before.

I'll have to check this out on the vBulletin Site and see if there is any discussion of this anomoly. Thanks Silver for the interesting mystery. Did you discover this by accident?

Regards,

fr33ke
September 2nd, 2006, 15:36
Use "Quote" on Silver's post to see the source. Pretty neat trick.

naides
September 2nd, 2006, 17:34
@Silver, you clever boy.

That is the way exploits are created,

deceiving the php scripts of VB that process the input. . .

Silver
September 3rd, 2006, 07:17
JMI, when you posted your first message saying you couldn't put the actual code tags in, that sounded a lot like a challenge to me, and replacing O with 0 just wasn't particularly elegant

I'd not done it before but I figured it would be possible by mangling the tags somehow. I've run into similar things elsewhere caused by lax regex, although this is the first one I've found (/bothered to look for) in VBulletin. I just spent a few minutes in the post preview option mangling the tags until it did what I wanted.

Naides (un)fortunately I think this one is nothing more than an anomaly in the post display system, I don't think it's exploitable. I did just try wrapping some javascript in it but vBulletin still correctly replaced the quotes and tags.

I've got a little personal interest in security, so it's always fun to play with things like this.

SiGiNT
September 4th, 2006, 00:49
Off topic - but JMI,

As long as you're checking V-Bulletin - find out why forums show new content on the main screen when It's several days old and I've already read it, sometimes twice - been that way since the last time the board was down for a short update. IE: Unpacking forum shows new content where I made the last reply.

SiGiNT

Silver
September 4th, 2006, 07:09
Ah, sigint, you have that problem too? I thought it was just me going senile and forgetting what posts I've read. But you're right, the only way I can reliably get the new post indicators to work is if I specifically click the "Mark all posts as read" every time I leave the forum.

JMI
September 4th, 2006, 14:30
We had an Announcement posted at the top of all the Forums a while back, but Woodmann superceded it with the announcement he posted in the Newbie Forum when he got annoyed with some of the new posters continuing failure to read the BIG RED LETTERS.

Last month we changed the "Read Marking" system that vBulletin uses here so that you can now just click on the "New Posts" Button in the NavBar at the top of the Forums and it will show you "ALL" the "New Posts" gathered from "all" the Forums, together in one place. After you read the first one, you just click on the "New Posts" Button again and you will find one less "new Posts" to read. Keep clicking on the "New Posts" Button until you've opened ALL the New Posts and they "ALL" will be marked "Read" without using the "Mark all posts as read" Button. The only issue is that you can only do one search every 20 seconds, I believe. At least on the vBulletin site it is set that way. I will check if that is an option which can be adjusted.

Try that and report back if it does not work as I described.

Regards,

ZaiRoN
September 4th, 2006, 15:14
Quote:
you can now just click on the "New Posts" Button in the NavBar at the top of the Forums and it will show you "ALL" the "New Posts" gathered from "all" the Forums, together in one place. After you read the first one, you just click on the "New Posts" Button again and you will find one less "new Posts" to read. Keep clicking on the "New Posts" Button...
You don't need to click everytime over 'new posts', just use your browser's back button and then select the next thread you want to read. In the meanwhile if someone starts another thread you'll see the yellow icon when you'll come back to the main page of the board.

Silver
September 5th, 2006, 08:02
Hm, ok, I think we're talking about different issues then. My quirk isn't with the "New Posts" option, it's with the standard main forum view/page. Posts and forums that I read today will sometimes still show as unread tomorrow. It's quite random, which is why I wasn't sure if there was a problem with the forum, my browser or my brain. It has only started since the forum update that changed new post indicators to be per-post rather than per-forum-visit.

I've seen something similar in other forum software where editing a post updates the new-post indicators but doesn't alter anything else, so an old post appears unread with no indication why. I don't believe that's the case here though. Not a major issue, I'll keep an eye out and see if I can spot a pattern.