Welcome to SP!  -
Areas & RangesMountains & RocksRoutesImagesArticlesTrip ReportsGearOtherPeoplePlans & PartnersWhat's NewForum

Report Bugs Here

Suggestions and comments about SummitPost's features, policies, and procedures. Post bugs here.
 

Re: Report Bugs Here

Postby Scott » Sat Dec 21, 2013 2:48 pm

We should generate a list of countries that should be added, changed, or removed. I don't suppose you could help with that?


Sure. I am planning on helping with that.
User Avatar
Scott

 
Posts: 7456
Joined: Thu Aug 21, 2003 1:03 pm
Location: Craig, Colorado, United States
Thanked: 555 times in 309 posts

Re: Report Bugs Here

Postby rgg » Fri Jan 10, 2014 8:07 am

When I post an image, I sometimes HTML in the text below. That used to work fine, but recently something has changed: part of the caption now shows up at the top of the page (and still also below the image, where it belongs).

An example is this one.

Digging a bit deeper, I found out that the problem is caused by one of the meta tags in the header of the page. The general form reads:

Code: Select all
<meta name="description" content="caption text" />


where the caption text is replaced by the actual caption below the posted image. Normally that's fine, but this can fail if there is HTML code in the caption text. First of all, the first " that happens to appear in the caption text will close the string. Secondly, if there is a /> anywhere after that ", it will denote the end of the meta tag itself, and the rest of the caption wrecks havoc!


For the record, I can work around this myself, but similar problems may affect other pictures. More precicely, any picture that has a " in the caption! That suggests a crude but simple solution to the problem: before copying the caption text into the content attribute of the meta tag, simpy remove all double quotes, or replace them with something else.
User Avatar
rgg

 
Posts: 434
Joined: Sat Oct 02, 2010 7:15 pm
Location: Amsterdam, Netherlands
Thanked: 96 times in 76 posts

Re: Report Bugs Here

Postby nartreb » Fri Jan 10, 2014 3:36 pm

Ditto to what rgg just posted. I have HTML in most of my image captions, so this affects hundreds of photos.

Here's a particularly dramatic example: http://www.summitpost.org/sightseeing/187128


General solution is to sanitize your inputs (don't allow user-written strings inside the META tag unless you escape all the special HTML characters first.) This needs to be a theme of the site's coding in general, for security reasons.
User Avatar
nartreb

 
Posts: 1979
Joined: Sat Apr 03, 2004 10:45 pm
Location: online or in boston, Massachusetts, United States
Thanked: 106 times in 87 posts

Re: Report Bugs Here

Postby Montana Matt » Fri Jan 10, 2014 5:14 pm

Thanks for catching that rgg and nartreb. Should be fixed now.
User Avatar
Montana Matt
Site Admin
 
Posts: 1135
Joined: Sun Apr 11, 2004 10:06 pm
Location: Ashland, Oregon, United States
Thanked: 340 times in 184 posts

The following user would like to thank Montana Matt for this post
rgg

Re: Report Bugs Here

Postby Josh Lewis » Fri Jan 10, 2014 7:25 pm

I don't understand how meta data can break "real" data? I understand inaccuracies of typed code, but this seems a bit different.
My Websites: Alpine Josh · Alpine Ascent · AceMaps
User Avatar
Josh Lewis

 
Posts: 2280
Joined: Thu Jan 06, 2011 11:12 pm
Location: Lynnwood, Washington, The Cloudiest Place on Earth, United States
Thanked: 475 times in 324 posts

Re: Report Bugs Here

Postby nartreb » Fri Jan 10, 2014 8:41 pm

Josh, are you asking how the bug "worked", or are you asking what it has to do with security?

If the former, the answer is simple: the META tag ends at a > . If the content copied in contains a > character [and a double quote somewhere before that], then that character ends the META tag and the rest of the copied content is now outside the META tag, making it ordinary HTML that will be displayed on the page. (You might think that nothing would be displayed since it's still within the HEAD, but you'd be wrong.)

Code: Select all
<meta name="description" content="here is some caption text containing a double quote "  and then a > character" />


In this example the META tag ends before the word "character"

As to the latter, this bug doesn't necessarily expose anything more than allowing HTML comments does in the first place. Which isn't all that much; input-sanitizing applies first and foremost to your SQL, second to your server-side scripts. Client-side stuff is fundamentally beyond your control, though you can do some cleaning to prevent the most common annoyances. In this case, the meta tag is generated server-side, which caused me to raise an eyebrow.
User Avatar
nartreb

 
Posts: 1979
Joined: Sat Apr 03, 2004 10:45 pm
Location: online or in boston, Massachusetts, United States
Thanked: 106 times in 87 posts

The following user would like to thank nartreb for this post
Josh Lewis

Re: Report Bugs Here

Postby Alpinist » Fri Jan 17, 2014 4:39 pm

Not sure if this has been reported yet but MyTopo maps are not working correctly. The link no longer takes you to the specific coordinates.
User Avatar
Alpinist

 
Posts: 5999
Joined: Tue Jul 29, 2003 7:21 pm
Location: Kildeer, Illinois, United States
Thanked: 633 times in 430 posts

The following user would like to thank Alpinist for this post
Montana Matt

Re: Report Bugs Here

Postby Josh Lewis » Fri Jan 17, 2014 5:59 pm

Seems to work now. :) The URL should add a "&z=15" at the end of it so that it is zoomed in to that peak. I tested this to confirm that it works. Right now when using the link to MyTopo it has me zoomed way out which is inconvenient.
My Websites: Alpine Josh · Alpine Ascent · AceMaps
User Avatar
Josh Lewis

 
Posts: 2280
Joined: Thu Jan 06, 2011 11:12 pm
Location: Lynnwood, Washington, The Cloudiest Place on Earth, United States
Thanked: 475 times in 324 posts

The following user would like to thank Josh Lewis for this post
Alpinist, Montana Matt

Re: Report Bugs Here

Postby Scott » Tue Jan 21, 2014 6:33 pm

There seems to be a new bug in the search function. At least from what I can see, the scroll bars for searching for mountains, routes, etc., by country, etc. no longer work for Google Chrome, at least not on two computers I tried. They still work fine in IE. They also work by using the mouse wheel.
User Avatar
Scott

 
Posts: 7456
Joined: Thu Aug 21, 2003 1:03 pm
Location: Craig, Colorado, United States
Thanked: 555 times in 309 posts

Re: Report Bugs Here

Postby Montana Matt » Tue Jan 21, 2014 6:48 pm

Scott wrote:the scroll bars for searching for mountains, routes, etc., by country, etc. no longer work for Google Chrome

That's odd. Yes, they don't seem to work any longer. I've noticed this on other sites as well, since the most recent Chrome release. Not sure if it's something we can fix as webmasters or if it's something that Google must fix with their next release of Chrome.
User Avatar
Montana Matt
Site Admin
 
Posts: 1135
Joined: Sun Apr 11, 2004 10:06 pm
Location: Ashland, Oregon, United States
Thanked: 340 times in 184 posts

Re: Report Bugs Here

Postby Josh Lewis » Tue Jan 21, 2014 9:52 pm

The issue on Google Chrome with scroll bars for drop downs happens on MountainProject too. Another reason I like FireFox better. 8)
My Websites: Alpine Josh · Alpine Ascent · AceMaps
User Avatar
Josh Lewis

 
Posts: 2280
Joined: Thu Jan 06, 2011 11:12 pm
Location: Lynnwood, Washington, The Cloudiest Place on Earth, United States
Thanked: 475 times in 324 posts

Re: Report Bugs Here

Postby ARosenthal » Wed Feb 05, 2014 6:13 pm

Not sure if this is just me but when I try to post a new topic in Firefox it takes me to my profile page. Tried logging out and back in, restarting browser, etc. The url it takes me to is:

http://www.summitpost.org/users/arosent ... firm_post=

Seems to work fine in Chrome.
User Avatar
ARosenthal

 
Posts: 87
Joined: Mon Aug 31, 2009 6:58 pm
Location: Santa Cruz, California, United States
Thanked: 1 time in 1 post

Re: Report Bugs Here

Postby Josh Lewis » Wed Feb 05, 2014 8:43 pm

It's a cookie issue. Try clearing your cookies. It's one of the biggest glitches in SummitPost which no one can figure out how to solve it. Unless someone is willing to step up to the plate. :wink:
My Websites: Alpine Josh · Alpine Ascent · AceMaps
User Avatar
Josh Lewis

 
Posts: 2280
Joined: Thu Jan 06, 2011 11:12 pm
Location: Lynnwood, Washington, The Cloudiest Place on Earth, United States
Thanked: 475 times in 324 posts

Re: Report Bugs Here

Postby Scott » Thu Mar 13, 2014 8:49 pm

I keep getting this, but only in Google Chrome? I cleared cookies, etc.
Attachments
sp.JPG
sp.JPG (136.31 KiB) Viewed 325 times
User Avatar
Scott

 
Posts: 7456
Joined: Thu Aug 21, 2003 1:03 pm
Location: Craig, Colorado, United States
Thanked: 555 times in 309 posts

Re: Report Bugs Here

Postby Montana Matt » Fri Mar 14, 2014 1:33 am

Scott wrote:I keep getting this, but only in Google Chrome?

On which pages and what actions are you doing when you get that error?
User Avatar
Montana Matt
Site Admin
 
Posts: 1135
Joined: Sun Apr 11, 2004 10:06 pm
Location: Ashland, Oregon, United States
Thanked: 340 times in 184 posts

PreviousNext

Return to Site Feedback

 


  • Related topics
    Replies
    Views
    Last post

Who is online

Users browsing this forum: No registered users and 0 guests

© 2006-2013 SummitPost.org. All Rights Reserved.