SummitPost.org

for some reason when I go onto SP, I go to sign on and it automatically goes to my page yet I'm not signed on. I;m not allowed to vote on pages or pictures and not able to post any comments whether its on the forum or on a page. Cannot sign out because I'm not signed on. First time this happened I did not go onto SP for 2-3 weeks and it seemed to fiix itself but this time around it did not. I am only able to post this because I am on a different computer.

Hope this makes sense.

I'm having trouble adding a new topic in on the Southwest US board. When I click "new topic" I'm sent to my profile page. I did try other forums and was directed to the new topic pages for each of the few I sampled.

Thanks,
Sean Kenney.

Update: This appears to be a FIrefox issue. I.E. will allow me to post.

I get messages sent to my inbox from my e-mail. Then I open the e-mail and get this note: "This message was not sent to you. Stop trying to read other people's mail!" It is odd to have that response. It appears punitive or angry at the person who opened it, when it was the site that sent me the mail, not me hacking into Summitpost. Any explanation?

hgrapid wrote:I get messages sent to my inbox from my e-mail. Then I open the e-mail and get this note: "This message was not sent to you. Stop trying to read other people's mail!" It is odd to have that response. It appears punitive or angry at the person who opened it, when it was the site that sent me the mail, not me hacking into Summitpost. Any explanation?

I do have the same "problem" - it seems to occur when a fake user is deleted previously before I try to open the message (?)

Today it was this one:

Hi selinunte01, akpenejoseph1 just sent you a private message.
You can read the new message here:

http://www.summitpost.org/view_privmsg. ... lder=inbox

If the link does not work, try copying and pasting this link into your web browser:
http://www.summitpost.org/view_privmsg. ... lder=inbox

Have a nice day!

We're probably going to change that message or do away with it entirely.

Apparently, at least one member has found the message very offensive. People ought to take a deep breath and realize that whoever wrote that message back in the day was probably trying to be a little funny. I seriously doubt it was actually meant to scold or offend.

add a smiley to it
then they will understand

sensitive weenies!

I am about to add five pages to Trinidad and Tobago. Any way we can get the country's name fixed in the dropdown?

Scott, you should add that name to the page anyways. If it's a renamed country, Matt can change it's display value from the one you chose right now. But if it's a country that splits into two, then you have a more complicated issue.

But yes, that should be changed. We should generate a list of countries that should be added, changed, or removed. I don't suppose you could help with that? Once it's ready we can put it on the platter for recommending it to Matt.

We should generate a list of countries that should be added, changed, or removed. I don't suppose you could help with that?

Sure. I am planning on helping with that.

When I post an image, I sometimes HTML in the text below. That used to work fine, but recently something has changed: part of the caption now shows up at the top of the page (and still also below the image, where it belongs).

An example is this one.

Digging a bit deeper, I found out that the problem is caused by one of the meta tags in the header of the page. The general form reads:

Code: Select all

<meta name="description" content="caption text" />

where the caption text is replaced by the actual caption below the posted image. Normally that's fine, but this can fail if there is HTML code in the caption text. First of all, the first " that happens to appear in the caption text will close the string. Secondly, if there is a /> anywhere after that ", it will denote the end of the meta tag itself, and the rest of the caption wrecks havoc!


For the record, I can work around this myself, but similar problems may affect other pictures. More precicely, any picture that has a " in the caption! That suggests a crude but simple solution to the problem: before copying the caption text into the content attribute of the meta tag, simpy remove all double quotes, or replace them with something else.

Ditto to what rgg just posted. I have HTML in most of my image captions, so this affects hundreds of photos.

Here's a particularly dramatic example: http://www.summitpost.org/sightseeing/187128


General solution is to sanitize your inputs (don't allow user-written strings inside the META tag unless you escape all the special HTML characters first.) This needs to be a theme of the site's coding in general, for security reasons.

I don't understand how meta data can break "real" data? I understand inaccuracies of typed code, but this seems a bit different.

Josh, are you asking how the bug "worked", or are you asking what it has to do with security?

If the former, the answer is simple: the META tag ends at a > . If the content copied in contains a > character [and a double quote somewhere before that], then that character ends the META tag and the rest of the copied content is now outside the META tag, making it ordinary HTML that will be displayed on the page. (You might think that nothing would be displayed since it's still within the HEAD, but you'd be wrong.)

Code: Select all

<meta name="description" content="here is some caption text containing a double quote "  and then a > character" />

In this example the META tag ends before the word "character"

As to the latter, this bug doesn't necessarily expose anything more than allowing HTML comments does in the first place. Which isn't all that much; input-sanitizing applies first and foremost to your SQL, second to your server-side scripts. Client-side stuff is fundamentally beyond your control, though you can do some cleaning to prevent the most common annoyances. In this case, the meta tag is generated server-side, which caused me to raise an eyebrow.

Not sure if this has been reported yet but MyTopo maps are not working correctly. The link no longer takes you to the specific coordinates.

Seems to work now. The URL should add a "&z=15" at the end of it so that it is zoomed in to that peak. I tested this to confirm that it works. Right now when using the link to MyTopo it has me zoomed way out which is inconvenient.