Update Discussion for forums

Victoria · 2019-07-11 20:49:53

Anatoly wrote:

Kizuna Ai wrote:
Different55 wrote:
More CSRF, now for the likes page.
CSRF..?
D:<
i believe it’s a certificate.

Are you **** sure?
Explain tell me but what it is CSRF?

den3107 · 2019-07-11 22:55:17

CSRF stands for "Cross-Site Request Forgery", if I'm correct.
Essentially means you're able to make requests (like change the theme of another user) that you're no supposed to be able to.

Victoria

Different55 · 2019-07-12 02:08:49

Fixed another CSRF bug in the PM system, this one allowing users to delete other people's folders.

In the case of this latest round of bugs, it's less "change the theme of another user" and more "trick another user into changing their theme."

Victoria · 2019-07-12 03:18:33

- change the theme of another user
so accounts alts?

Different55 · 2019-07-17 23:49:03

Last edited messages now appear in the post header.

Mods and admins can now review edit history and restore from it from within the forums.

After reviewing the needs of the gamestaff, I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances. Instead of locking down individual parts of the the "moderator" permission, this is starting from nothing and building up from there. Additional abilities can be whitelisted as needed.

mrjawapa, Norwee, mutantdevle, SirJosh3917, Gosha

mrjawapa · 2019-07-17 23:53:59

Different55 wrote:

I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances.

Does this include other users posts?

TaskManager · 2019-07-18 00:05:03

Different55 wrote:

Last edited messages now appear in the post header.
Mods and admins can now review edit history and restore from it from within the forums.
After reviewing the needs of the gamestaff, I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances. Instead of locking down individual parts of the the "moderator" permission, this is starting from nothing and building up from there. Additional abilities can be whitelisted as needed.

Ok the addition is cool but did you remove xeno's editing powers
and also topic lock powers outside game business

Different55 · 2019-07-18 02:51:08

mrjawapa wrote:

Different55 wrote:
I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances.
Does this include other users posts?

Yes. See below.

TaskManager wrote:

Different55 wrote:
Last edited messages now appear in the post header.
Mods and admins can now review edit history and restore from it from within the forums.
After reviewing the needs of the gamestaff, I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances. Instead of locking down individual parts of the the "moderator" permission, this is starting from nothing and building up from there. Additional abilities can be whitelisted as needed.
Ok the addition is cool but did you remove xeno's editing powers
and also topic lock powers outside game business

They can edit in forums they've been whitelisted for. They can't edit or post in locked topics, can't (currently) lock or unlock topics, and they can't edit silently since that's only used in extremely limited moderation tasks and so isn't useful for gamestaff at all.

In forums where they're whitelisted their editing abilities are pretty limited. Now that edit history manipulation is easily available to all forum staff (instead of being lost in a random log only I know about) I expect that won't be a problem for anyone.

Processor · 2019-07-18 03:06:46

Diff, why should Xeno moderate anything on these forums at all? We have forum mods for that.

I remember when we originally gave Nou mod permissions, it was so he could edit topics where Thanel was the owner.
If that's still needed, let staff edit the first post in every topic in Game Business (it's always a staff post).

Different55 wrote:

Now that edit history manipulation is easily available to all forum staff (instead of being lost in a random log only I know about) I expect that won't be a problem for anyone.

EE staff have never been good at PR.
Even nou once censored new topics to "prevent drama".
It always backfires.
Its always a rationally dumb choice for staff abuse their role.
Yet they still do it and cause drama.

But why do we choose to let them?

TaskManager, mrjawapa

Onjit · 2019-07-18 03:35:06

Good update tbh

To be fair - kira, kkay and myself were **** with copypastas and Xeno did the decent thing by cleaning it up

mutantdevle, skullz17

mrjawapa · 2019-07-18 03:38:58

Processor wrote:

Even nou once censored new topics to "prevent drama".
It always backfires.

Also the time NVD censored a topic, then censored more topics addressing his censorship.

I thought one of the first "rules" established for the forums, was that NO game staff would have control over the forums. The idea was to keep punishments separate and avoid censorship.

Processor wrote:

But why do we choose to let them?

This time... it will be different!

mutantdevle, TaskManager

Different55 · 2019-07-18 03:51:16

Processor wrote:

Diff, why should Xeno moderate anything on these forums at all? We have forum mods for that.

He's not. That's why this change was made, to prevent them from moderating anything at all. Let me be clear, I don't really think Xeno did anything wrong cleaning up that topic. I do think he did it in an atypical way for how the forum staff would handle it. He's not looped in with all of our processes so while his way of handling it wasn't bad, it wasn't what we would have done.

While their occasional help is appreciated (if awkward), they really don't need to. The permissions that are left are intended (and really only useful for) the original purpose of managing each other's topics.

Processor wrote:

But why do we choose to let them?

We don't. This update shows that we don't.

mutantdevle

TaskManager · 2019-07-18 13:38:30

So they're not allowed to moderate/edit our posts but they still technically can do it?
How can we be reassured that they're not going to edit our posts regardless

Different55 · 2019-07-18 17:40:16

TaskManager wrote:

So they're not allowed to moderate/edit our posts but they still technically can do it?
How can we be reassured that they're not going to edit our posts regardless

They technically can't still do it.

In the past we gave just Xeno mod powers because he needed to be able to make changes to other staff posts. Then we extended that to a few others who needed to all manage one topic without sharing an account. Before now, we just gave them mod powers and locked down banning and warning, which were our main 2 mod powers we figured.

As of this update, they're only able to edit the first posts in forums they "moderate," so it's more like having a shared account without actually sharing anything.

And as of a few hours ago they also have the ability to userlock (so it can't override a modlock, and it doesn't interfere with the original owner's lock in case they don't also have gamestaff permissions) each other's topics and sticky any topic.

Also one more (this time undiscovered) CSRF vulnerability has been fixed.

TaskManager, mrjawapa, Tomahawk, Processor

Different55 · 2019-07-19 04:03:53

Fixed half-missing CSRF token, people should be allowed to close their own topics again.

Weirdoverse

TaskManager · 2019-07-19 12:57:07

Oh yeah, the message edits in PMs use the old style of writing "Edited by..." under the message text

Trytu, Slabdrill

Nebula · 2019-07-22 17:54:55

Different55 wrote:

Fixed half-missing CSRF token, people should be allowed to close their own topics again.

that's still not fixed, mate

peace · 2019-07-22 18:48:45

hey diff why dotn you sticky this topic

Gosha · 2019-07-22 20:17:24

That's the only active topic out there so it won't ever go down

Different55 · 2019-07-22 21:58:00

Nebula wrote:

Different55 wrote:
Fixed half-missing CSRF token, people should be allowed to close their own topics again.
that's still not fixed, mate

Looks fixed to me, what topic are you trying to close that isn't working?

Nebula · 2019-07-22 23:53:15

Different55 wrote:

Nebula wrote:
Different55 wrote:
Fixed half-missing CSRF token, people should be allowed to close their own topics again.
that's still not fixed, mate
Looks fixed to me, what topic are you trying to close that isn't working?

https://forums.everybodyedits.com/viewt … p?id=46111 that one here

Gosha · 2019-07-30 13:13:08

Hey diff, please make last edited message also clickable, it makes it easier to copy post url on phone

rat, Slabdrill

Tomahawk · 2022-04-13 15:47:40

New user registrations temporarily disabled while Diff cleans up the nearly 3000 bot accounts that registered this month and makes the filter racist again.

NoNK · 2022-04-17 03:48:37

Never thought I would see the day where hate wins over love. Disappointed in the direction this community is going in!

Buy replica watches submariner quartz crstyal online at reputable relaible online e-commerce shops based out of sellers. Online casino

Cola1, N1KF, Raphe9000, Dencc, rat, Norwee

Tomahawk · 2022-06-03 04:41:32

Send love and corn to our lord and master Indifferent55, as user registrations are now enabled again.

Official Everybody Edits Forums

#726 2019-07-11 20:49:53

Re: Update Discussion for forums

#727 2019-07-11 22:55:17

Re: Update Discussion for forums

#728 2019-07-12 02:08:49

Re: Update Discussion for forums

#729 2019-07-12 03:18:33

Re: Update Discussion for forums

#730 2019-07-17 23:49:03

Re: Update Discussion for forums

#731 2019-07-17 23:53:59, last edited by mrjawapa (2019-07-17 23:57:35)

Re: Update Discussion for forums

#732 2019-07-18 00:05:03, last edited by TaskManager (2019-07-18 00:05:23)

Re: Update Discussion for forums

#733 2019-07-18 02:51:08, last edited by Different55 (2019-07-18 02:51:57)

Re: Update Discussion for forums

#734 2019-07-18 03:06:46

Re: Update Discussion for forums

#735 2019-07-18 03:35:06

Re: Update Discussion for forums

#736 2019-07-18 03:38:58

Re: Update Discussion for forums

#737 2019-07-18 03:51:16

Re: Update Discussion for forums

#738 2019-07-18 13:38:30

Re: Update Discussion for forums

#739 2019-07-18 17:40:16, last edited by Different55 (2019-07-18 17:41:19)

Re: Update Discussion for forums

#740 2019-07-19 04:03:53

Re: Update Discussion for forums

#741 2019-07-19 12:57:07

Re: Update Discussion for forums

#742 2019-07-22 17:54:55

Re: Update Discussion for forums

#743 2019-07-22 18:48:45

Re: Update Discussion for forums

#744 2019-07-22 20:17:24

Re: Update Discussion for forums

#745 2019-07-22 21:58:00

Re: Update Discussion for forums

#746 2019-07-22 23:53:15

Re: Update Discussion for forums

#747 2019-07-30 13:13:08

Re: Update Discussion for forums

#748 2022-04-13 15:47:40, last edited by Tomahawk (2022-04-13 15:52:05)

Re: Update Discussion for forums

#749 2022-04-17 03:48:37

Re: Update Discussion for forums

#750 2022-06-03 04:41:32

Re: Update Discussion for forums

Board footer