Greetings!

Welcome to Scifi-Meshes.com! Click one of these buttons to join in on the fun.

Found bugs? Report them here!

13

Posts

  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    Can I send you a test email through the forum?
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • shaved_apeshaved_ape433 USAPosts: 158Member
    Guerrilla wrote: »
    Can I send you a test email through the forum?

    Of course! :)
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    Sent. Might end up in your junk mail, so please check there too.
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • shaved_apeshaved_ape433 USAPosts: 158Member
    Got the email, no problem...didn't even go to junk mail. :)
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    Cool. Try marking it as safe, and hopefully the rest of the emails will sort themselves out to your inbox.
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • shaved_apeshaved_ape433 USAPosts: 158Member
    Well as it came through, not being marked as junk mail, I made sure no other setting would interfere with it's reception. I don't usually have a problem getting emails from anyone, and even if it comes through as junk mail, I can still see it in that folder and then mark it as "not junk" or "safe"...pretty strange, but we'll see how it plays out, thanks!
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    Can you send me the full message header info in a private message? You can usually find a View headers (Gmail) or View message source(Outlook) or some similar option on the web or desktop clients, usually in the menu. I'm guessing it passes SPF. DKIM and DMARC etc. but never hurts to check.
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    Alright, after a fun half day of server admin it looks like email notifications are working.
    shaved_ape
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    Had some issues logging in on Firefox Android client. Basically the login wouldn't stick and I'd just land on the same page, not logged in and with the cookie consent banner. Clearing cookies from the phone seems to have fixed it, so I think it was a messed up cookie, but unsure if it was caused by Vanilla or my browser. Will keep an eye on it.

    Anyone else seen any issues logging in on mobile?
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • MadKoiFishMadKoiFish9709 Posts: 5,302Member
    only thing I noticed is new post count on the trek news thread has been broken since the picard stuff was forked off.
    Also found "prefix" settings wont stick. Saw my thread has none and tried to apply one and it blanks off. I forget if this was something from the old forum or not.
    Each day we draw closer to the end.
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    Yeah, those are known issues. The Trek News will work once the post count reaches what the number was before the Picard stuff was split into its own topic. Number of unread posts gets stored by user (that's how it always knows what the latest post is for you specifically), so while it would be a pretty simple fix, it would be a little tricky to apply for everyone involved.

    The prefixes use a little JS hack to make them forum specific (by default they're universal). As a side effect they get reset everytime you edit a topic (so, the first post in any thread). You just need to remember to add the prefix back in whenever you change the thread thumbnail, or whatever. I also go around adding them all the time, so if you see a mystery edit in an OP from me, it's probably a prefix.
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • MadKoiFishMadKoiFish9709 Posts: 5,302Member
    on cel phone so far FF kept the login from months ago chrome forced a new login but has not logged me out for a hour now.
    Each day we draw closer to the end.
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    I reset everyone's Trek News count to what it is currently (158), so some people will see the count jump around a bit, but it should work normally from now on.
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    Auto awarding badges seems to be broken. Investigating.
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    edited April 2020 #76
    Guerrilla wrote: »
    Auto awarding badges seems to be broken. Investigating.

    Fixed.

    [edit]Ugh. Stupid stylesheet. :eyeroll: Should fix itself in an hour or two.
    Post edited by Guerrilla on
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    Made the thumbnails one size, since responsiveness added very little and messed with the aspect ratios. Thumbnails now set to 240x135, so anything 16:9 will show up correctly.
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • MadKoiFishMadKoiFish9709 Posts: 5,302Member
    edited May 2020 #78
    Found a bug I guess in how the site tracks things.
    sfm-activitybug.jpg
    Note last active and visits. Not a site breaking bug but meh? lol

    also found a bit of a issue as there is no way to manage attachments that I can see. Also found out that the site does more unwanted things Went to copy paste a url and forgot I had a screen cap it uploaded that cap data to the site on ctrl+v and because there is no attachment manager I cannot remove that data from the site. This behavior should be an option to turn on or off.

    If anyone knows what js script I could block or have altered to cease this function please let me know. I am referring to say for example the autosave function can be blocked ro stopped by blocking:
    https://forums.scifi-meshes.com/applications/vanilla/js/autosave.js

    this stops the keylogger like behavior of retaining text you might not want kept that you typed into the editor on the server. While autosave is kinda a nice idea it is for that one time every 3years you crash your client while typing or you experience a power outtage. More often than not it is not that much of a loss vs it logging your input.

    Currently having a look myself but I am not a coder and this site has a tonne of scripts and stuff.

    possible? dunno might break attaching anything through the wysiwyg editor.
    https://forums.scifi-meshes.com/plugins/editor/js/jquery.fileupload.js

    Ok that worked but it does break the button based uploader to sadly it is a global uploading script. But it stops the cnp of anything besides text.

    Now if I can please get admin to delete the last 3 to 5 uploads of images from my account from testing as well as that one gaff (though it could be 2 very large files.) while yes they are not accessible it is still on the server taking up space as well as being only as secure as the site is.


    V damnit V lol
    Post edited by MadKoiFish on
    Each day we draw closer to the end.
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    MadKoiFish wrote: »
    Found a bug I guess in how the site tracks things.
    sfm-activitybug.jpg
    Note last active and visits. Not a site breaking bug but meh? lol

    Yeah, I have no idea how that gets calculated. Number of visits is another one that might as well be randomly generated :eyeroll:
    also found a bit of a issue as there is no way to manage attachments that I can see. Also found out that the site does more unwanted things Went to copy paste a url and forgot I had a screen cap it uploaded that cap data to the site on ctrl+c and because there is no attachment manager I cannot remove that data from the site. This behavior should be an option to turn on or off.

    I think that behaviour is due to the drag and drop functionality in the editor. You know, how you can just drag and drop images to the editor to attach them? So, it might look at the clipboard, figure out it's an image, think you're posting a picture and then post it for you. Just a theory though, I haven't looked at the code, but some of the (arguably nice) usability features are a bit sloppy with data for my tastes as well. There actually should be an attachment manager in place (it's enabled and everything), but it's not working. I agree we really could use one. Members being in control of their own data and work is really important to me, and also a legal requirement around here.
    If anyone knows what js script I could block or have altered to cease this function please let me know. I am referring to say for example the autosave function can be blocked ro stopped by blocking:
    https://forums.scifi-meshes.com/applications/vanilla/js/autosave.js

    this stops the keylogger like behavior of retaining text you might not want kept that you typed into the editor on the server. While autosave is kinda a nice idea it is for that one time every 3years you crash your client while typing or you experience a power outtage. More often than not it is not that much of a loss vs it logging your input.

    Keylogger is maybe a bit of an overstatement, but I agree autosave should be optional. I can disable it globally pretty easily, but I'm worried people actually use the functionality, so I need to figure out a plugin to make it optional to cover all bases. One use I've found for it is start typing a reply, go do something else, and then finish my post on another machine or my phone later, but other than that I haven't found many uses.

    Currently having a look myself but I am not a coder and this site has a tonne of scripts and stuff.

    possible? dunno might break attaching anything through the wysiwyg editor.
    https://forums.scifi-meshes.com/plugins/editor/js/jquery.fileupload.js

    Ok that worked but it does break the button based uploader to sadly it is a global uploading script. But it stops the cnp of anything besides text.

    File upload is baked into the editor, which is a core component, so it's a little tricky to change. I'll have a look at the logic to see if there's anything I can tweak, but I doubt it.

    Now if I can please get admin to delete the last 3 to 5 uploads of images from my account from testing as well as that one gaff (though it could be 2 very large files.) while yes they are not accessible it is still on the server taking up space as well as being only as secure as the site is.

    I'll do that once I'm in front of my main machine with proper database access.
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • MadKoiFishMadKoiFish9709 Posts: 5,302Member
    Yeah I found just blocking the elements on my end easy. Foundation3d has updated and has these annoyances as well and I just had to find the modules and break them. >_>
    From the explanation that I got on the cnp data is it is part of richmedia. Over there they are customizing things so the user can manage the stuff uploaded. Here i just get a automated code with a png linked. So for the screen cap it was of my entire desktop. So a 4500X2400ish png. Probably in the realm of 12mb in size lol.
    The auto save least for me causes conflicts with Firefox as it has it's own "memory". ATM this site when I post a comment and I reopen firefox and one of these threads I comment in my last comment in already in the field. So I have to remove it before typing. Early on the autosave would cause glitches as I typed and well visually was annoying.
    I call it a keylogger because it is logging text in series to a file on the server (as we can delete these "Saves" ) So if I paste content or type something I decide to take back it can still be found. Hence it is not private as it is typed into the text field. It is being logged and saved. Keylogger in of itself isnt a exploit as tonnes of companies do this crap. Hell most web clients do it.

    Anyhow cause vanilla is so compartmentalized I can just alter the scripts on my end or outright block them. The auto save I can block easily. The copy paste of data outside of text though means the uploader here is broken. I do not use it as I cannot edit or alter it later on so I link things in. So no loss there. Hence why I posted the scripts so anyone wants to stop those behaviors from occurring can do so on their end.

    I really have to say it is something I really like about this software you chose. It refers to real scripts vs a cgi bin that many use via googleapis. At that point one needs to run things like script monkey to sniff and alter raw code strings. Probably wa way to stop the rich media stuff without breaking the uploader.

    The uploader I just worry if someone say is copy pasting a confidential document or file and forgets to clear the clipboard itll upload here by accident or if it is a way to exploit by use as overruns or other nasties.
    Each day we draw closer to the end.
  • MadKoiFishMadKoiFish9709 Posts: 5,302Member
    edited May 2020 #81
    some examples of me cnping things,

    wpm6lxjccee5.png
    webpage

    open image
    alznnf8px25q.png

    I mean if your careful and not forgetful or OLD hah it could be a super lazy way to post stuff. Could be a huge file mess though as it makes it all PNGs

    OK good it wont paste "files" it has to be something open in software such as a webpage or editor.

    Anyhow mostly want to bring it to attention at most. As I have found ways to "break" it or alter the behavior.
    It shal bend to my will! lol


    Post edited by MadKoiFish on
    Each day we draw closer to the end.
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    MadKoiFish wrote: »
    Yeah I found just blocking the elements on my end easy. Foundation3d has updated and has these annoyances as well and I just had to find the modules and break them. >_>
    From the explanation that I got on the cnp data is it is part of richmedia. Over there they are customizing things so the user can manage the stuff uploaded. Here i just get a automated code with a png linked. So for the screen cap it was of my entire desktop. So a 4500X2400ish png. Probably in the realm of 12mb in size lol.
    Oh neat, I had no idea F3D updated. Looks like they have a coder type working on things too. Vanilla is moving toward rich media as well, but I've consciously kept us on the old editor and BBCode, mostly because I feel WYSIWYG editors are clunky and awful to use, but also partly because of the broad assumptions they tend to make on people's content and formatting. With that said, I flipped a few switches that might actually help the issue. Can you try again with the accidental attachments?
    The auto save least for me causes conflicts with Firefox as it has it's own "memory". ATM this site when I post a comment and I reopen firefox and one of these threads I comment in my last comment in already in the field. So I have to remove it before typing. Early on the autosave would cause glitches as I typed and well visually was annoying.
    I call it a keylogger because it is logging text in series to a file on the server (as we can delete these "Saves" ) So if I paste content or type something I decide to take back it can still be found. Hence it is not private as it is typed into the text field. It is being logged and saved. Keylogger in of itself isnt a exploit as tonnes of companies do this crap. Hell most web clients do it.

    Yeah, HTML5 has a localstorage we could use. There's a pretty old plugin that I could probably fix, which would make the drafts local only, but that eliminates the whole finishing your post on a different client, which is the only thing I use drafts for. :p

    But like I said, making them optional is on my to-do.

    The drafts go in the database, but yeah, it's not ideal.
    Anyhow cause vanilla is so compartmentalized I can just alter the scripts on my end or outright block them. The auto save I can block easily. The copy paste of data outside of text though means the uploader here is broken. I do not use it as I cannot edit or alter it later on so I link things in. So no loss there. Hence why I posted the scripts so anyone wants to stop those behaviors from occurring can do so on their end.

    I really have to say it is something I really like about this software you chose. It refers to real scripts vs a cgi bin that many use via googleapis. At that point one needs to run things like script monkey to sniff and alter raw code strings. Probably wa way to stop the rich media stuff without breaking the uploader.

    The uploader I just worry if someone say is copy pasting a confidential document or file and forgets to clear the clipboard itll upload here by accident or if it is a way to exploit by use as overruns or other nasties.

    I just like that it's a forum with none of the bolted on nonsense like blogs and social media integrations. Means I can bolt on my own nonsense at my leisure. :p

    Anyway, I disabled some rich media components from the core, so can you check if the accidental attaching still happens? Preferably with something smaller than 12Mb? :D
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • MadKoiFishMadKoiFish9709 Posts: 5,302Member
    edited May 2020 #83
    Oh yeah I auto block all hooks to Facebook etc as those often run all sorts of snoops or just fat overhead for a few icons. One thing I dislike about html5 is often it causes major issues with ram useage. My tyoutube 64bit firefox is a nightmare as it will eat up to 16gigs after a week.

    ![](https://forums.scifi-meshes.com/uploads/editor/y6/ye5n2ifvc7c3.png "")
    `![](https://forums.scifi-meshes.com/uploads/editor/y6/ye5n2ifvc7c3.png "")`
    image from google search

    ![](https://forums.scifi-meshes.com/uploads/editor/jb/4ri0819w504b.png "")
    `![](https://forums.scifi-meshes.com/uploads/editor/jb/4ri0819w504b.png "")`

    image from clipboard via psp7

    still loads up something and produces a odd code vs a img tag. lol. hopefully the code string posts without parsing.

    bugger it I forget the tags to allow code to list as text. . . . . AH ok uses something different to do it here lol. '
    Post edited by MadKoiFish on
    Each day we draw closer to the end.
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    Ugh. Looks like that post got switched over to markdown. Looks like the forum forgets its post format when I mess with the editor. :eyeroll:
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • MadKoiFishMadKoiFish9709 Posts: 5,302Member
    edited May 2020 #85
    ![](https://forums.scifi-meshes.com/uploads/editor/ts/g5nk47ndtl85.png "")

    Yeah it is strange cause now it attaches one of the lines of code to my posts! lol (points up)
    Also I cannot find the area to delete the saved drafts now lol.

    oh DUH hahah it is right there under muh icon! >_>oh boy.

    hue, markdown. Wont be learning that heh I can barely remember simple html and bb code :D
    Post edited by MadKoiFish on
    Each day we draw closer to the end.
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    Hmm... how are your posts still markdown? I changed it back
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • MadKoiFishMadKoiFish9709 Posts: 5,302Member
    edited May 2020 #87
    Says I can use it when I go to edit it. but in the open editor for reply says I can use bbcode in my post.
    zycu6km93xva.png
    back to using bbcode for the cnp thing though. odd it doesn't keep the transparency in the png heh.

    Ok yeah says markdown on the older posts if I edit them. but on new stuff it is back to bbcode.

    Yeah the wysiwyg editors sometimes drive me nuts as you get formatting code all over and strange carryover of it like color tags italics etc and as they are hidden you see it in the text and cannot get rid of it short of stripping it with a button if that button is offered. Or worse ones with a auto-spell checker turning random words into the wrong ones.
    Post edited by MadKoiFish on
    Each day we draw closer to the end.
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    edited May 2020 #88
    Yeah, it gets stored in the comment table. Bruteforced everything back to bbcode

    [edit] I guess I'll continue messing around on the dev forum instead of here... :grimace:
    Post edited by Guerrilla on
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • MadKoiFishMadKoiFish9709 Posts: 5,302Member
    edited May 2020 #89
    Yeah that markdown thing with the odd accent mark lol "`" never use that key except for "~"so it was like WHERE is it. . . . "`" lol
    Post edited by MadKoiFish on
    Each day we draw closer to the end.
  • GuerrillaGuerrilla789 HelsinkiPosts: 2,865Administrator
    Ok, I figured out the rich content and how to disable it (technically). Essentially having an image on your clipboard and hitting paste essentially reads as dragging and dropping an image to a post, which uploads it and generates the necessary bbcode (or whatever format you happen to be using), which was pretty much my original theory.

    The bad news is it's the same embed module that handles Youtube, Twitter and other embeds, so disabling it would disable those as well, which is not a feature I want to lose, so I'll have to leave it on. That means figuring out an attachment manager of some sort. The filenames do get obscured during upload (I think that's a security feature), and there are limits in place for size and type of files and upload frequency, so exploit potential is limited, but I wouldn't want my stuff accidentally in the cloud either.
    Comco: i entered it manually in the back end
    Join our fancy Discord Server!
  • MadKoiFishMadKoiFish9709 Posts: 5,302Member
    Well I did take care of it on my end. I managed to break it by blocking the linked to script above. It isn't hard to do so others could implement it if they really dislike it. Granted it isn't a proper fix but i beats breaking or removing other features to fix right away. Probably best is to have a system that allows members to control the content they upload like the old managers. But Vanilla might not be set up to make that even possible.

    It is easy enough on my end to disable the block if I ever need to upload something like tut projects or file sets in the future.
    Each day we draw closer to the end.
Sign In or Register to comment.