Official Everybody Edits Forums

Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?

You are not logged in.

#726 2019-07-11 20:49:53

Debora Cris
Formerly NN
From: Brazil
Joined: 2018-12-02
Posts: 392

Re: Update Discussion for forums

Anatoly wrote:
Kizuna Ai wrote:
Different55 wrote:

More CSRF, now for the likes page.

CSRF..?
D:<

i believe it’s a certificate.

Are you **** sure?
Explain tell me but what it is CSRF?


I am Kizuna Ai known as NN & Noelle Silva | Player EE Nightmore (EEU Fernanda)

original.gif

You can add me Débora Cris#9999 want to talk free of me!

Offline

#727 2019-07-11 22:55:17

den3107
Member
From: Netherlands
Joined: 2015-04-24
Posts: 1,022

Re: Update Discussion for forums

CSRF stands for "Cross-Site Request Forgery", if I'm correct.
Essentially means you're able to make requests (like change the theme of another user) that you're no supposed to be able to.

Offline

Wooted by:

#728 2019-07-12 02:08:49

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,394

Re: Update Discussion for forums

Fixed another CSRF bug in the PM system, this one allowing users to delete other people's folders.

In the case of this latest round of bugs, it's less "change the theme of another user" and more "trick another user into changing their theme."


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#729 2019-07-12 03:18:33

Debora Cris
Formerly NN
From: Brazil
Joined: 2018-12-02
Posts: 392

Re: Update Discussion for forums

- change the theme of another user
so accounts alts?


I am Kizuna Ai known as NN & Noelle Silva | Player EE Nightmore (EEU Fernanda)

original.gif

You can add me Débora Cris#9999 want to talk free of me!

Offline

#730 2019-07-17 23:49:03

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,394

Re: Update Discussion for forums

Last edited messages now appear in the post header.

Mods and admins can now review edit history and restore from it from within the forums.

After reviewing the needs of the gamestaff, I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances. Instead of locking down individual parts of the the "moderator" permission, this is starting from nothing and building up from there. Additional abilities can be whitelisted as needed.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#731 2019-07-17 23:53:59, last edited by mrjawapa (2019-07-17 23:57:35)

mrjawapa
Corn Man ?
From: Ohio, USA
Joined: 2015-02-15
Posts: 5,702
Website

Re: Update Discussion for forums

Different55 wrote:

I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances.

Does this include other users posts?


13kz8x09.gif

Offline

#732 2019-07-18 00:05:03, last edited by TaskManager (2019-07-18 00:05:23)

TaskManager
Formerly maxi123
From: i really should update this
Joined: 2015-03-01
Posts: 9,096

Re: Update Discussion for forums

Different55 wrote:

Last edited messages now appear in the post header.

Mods and admins can now review edit history and restore from it from within the forums.

After reviewing the needs of the gamestaff, I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances. Instead of locking down individual parts of the the "moderator" permission, this is starting from nothing and building up from there. Additional abilities can be whitelisted as needed.

Ok the addition is cool but did you remove xeno's editing powers
and also topic lock powers outside game business


i8SwC8p.png
signature by HG, profile picture by bluecloud, thank!!
previous signature by drstereos

Offline

#733 2019-07-18 02:51:08, last edited by Different55 (2019-07-18 02:51:57)

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,394

Re: Update Discussion for forums

mrjawapa wrote:
Different55 wrote:

I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances.

Does this include other users posts?

Yes. See below.

TaskManager wrote:
Different55 wrote:

Last edited messages now appear in the post header.

Mods and admins can now review edit history and restore from it from within the forums.

After reviewing the needs of the gamestaff, I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances. Instead of locking down individual parts of the the "moderator" permission, this is starting from nothing and building up from there. Additional abilities can be whitelisted as needed.

Ok the addition is cool but did you remove xeno's editing powers
and also topic lock powers outside game business

They can edit in forums they've been whitelisted for. They can't edit or post in locked topics, can't (currently) lock or unlock topics, and they can't edit silently since that's only used in extremely limited moderation tasks and so isn't useful for gamestaff at all.

In forums where they're whitelisted their editing abilities are pretty limited. Now that edit history manipulation is easily available to all forum staff (instead of being lost in a random log only I know about) I expect that won't be a problem for anyone.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#734 2019-07-18 03:06:46

Processor
Member
Joined: 2015-02-15
Posts: 2,173

Re: Update Discussion for forums

Diff, why should Xeno moderate anything on these forums at all? We have forum mods for that.

I remember when we originally gave Nou mod permissions, it was so he could edit topics where Thanel was the owner.
If that's still needed, let staff edit the first post in every topic in Game Business (it's always a staff post).

Different55 wrote:

Now that edit history manipulation is easily available to all forum staff (instead of being lost in a random log only I know about) I expect that won't be a problem for anyone.

EE staff have never been good at PR.
Even nou once censored new topics to "prevent drama".
It always backfires.
Its always a rationally dumb choice for staff abuse their role.
Yet they still do it and cause drama.

But why do we choose to let them?


I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.

embed.png?style=banner3

Offline

Wooted by: (2)

#735 2019-07-18 03:35:06

Onjit
Banned
Joined: 2015-02-15
Posts: 9,150
Website

Re: Update Discussion for forums

Good update tbh

To be fair - kira, kkay and myself were **** with copypastas and Xeno did the decent thing by cleaning it up


:.|:;

Offline

Wooted by: (2)

#736 2019-07-18 03:38:58

mrjawapa
Corn Man ?
From: Ohio, USA
Joined: 2015-02-15
Posts: 5,702
Website

Re: Update Discussion for forums

Processor wrote:

Even nou once censored new topics to "prevent drama".
It always backfires.

Also the time NVD censored a topic, then censored more topics addressing his censorship.

I thought one of the first "rules" established for the forums, was that NO game staff would have control over the forums. The idea was to keep punishments separate and avoid censorship.

Processor wrote:

But why do we choose to let them?

This time... it will be different!


13kz8x09.gif

Offline

Wooted by: (2)

#737 2019-07-18 03:51:16

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,394

Re: Update Discussion for forums

Processor wrote:

Diff, why should Xeno moderate anything on these forums at all? We have forum mods for that.

He's not. That's why this change was made, to prevent them from moderating anything at all. Let me be clear, I don't really think Xeno did anything wrong cleaning up that topic. I do think he did it in an atypical way for how the forum staff would handle it. He's not looped in with all of our processes so while his way of handling it wasn't bad, it wasn't what we would have done.

While their occasional help is appreciated (if awkward), they really don't need to. The permissions that are left are intended (and really only useful for) the original purpose of managing each other's topics.

Processor wrote:

But why do we choose to let them?

We don't. This update shows that we don't.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

Wooted by:

#738 2019-07-18 13:38:30

TaskManager
Formerly maxi123
From: i really should update this
Joined: 2015-03-01
Posts: 9,096

Re: Update Discussion for forums

So they're not allowed to moderate/edit our posts but they still technically can do it?
How can we be reassured that they're not going to edit our posts regardless


i8SwC8p.png
signature by HG, profile picture by bluecloud, thank!!
previous signature by drstereos

Offline

#739 2019-07-18 17:40:16, last edited by Different55 (2019-07-18 17:41:19)

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,394

Re: Update Discussion for forums

TaskManager wrote:

So they're not allowed to moderate/edit our posts but they still technically can do it?
How can we be reassured that they're not going to edit our posts regardless

They technically can't still do it.

In the past we gave just Xeno mod powers because he needed to be able to make changes to other staff posts. Then we extended that to a few others who needed to all manage one topic without sharing an account. Before now, we just gave them mod powers and locked down banning and warning, which were our main 2 mod powers we figured.

As of this update, they're only able to edit the first posts in forums they "moderate," so it's more like having a shared account without actually sharing anything.


And as of a few hours ago they also have the ability to userlock (so it can't override a modlock, and it doesn't interfere with the original owner's lock in case they don't also have gamestaff permissions) each other's topics and sticky any topic.

Also one more (this time undiscovered) CSRF vulnerability has been fixed.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#740 2019-07-19 04:03:53

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,394

Re: Update Discussion for forums

Fixed half-missing CSRF token, people should be allowed to close their own topics again.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

Wooted by:

#741 2019-07-19 12:57:07

TaskManager
Formerly maxi123
From: i really should update this
Joined: 2015-03-01
Posts: 9,096

Re: Update Discussion for forums

Oh yeah, the message edits in PMs use the old style of writing "Edited by..." under the message text


i8SwC8p.png
signature by HG, profile picture by bluecloud, thank!!
previous signature by drstereos

Offline

Wooted by: (2)

#742 2019-07-22 17:54:55

Nebula
Guest

Re: Update Discussion for forums

Different55 wrote:

Fixed half-missing CSRF token, people should be allowed to close their own topics again.

that's still not fixed, mate

#743 2019-07-22 18:48:45

peace
Member
From: admin land
Joined: 2015-08-10
Posts: 8,936

Re: Update Discussion for forums

hey diff why dotn you sticky this topic


peace.png

thanks hg for making this much better and ty for my avatar aswell

Offline

#744 2019-07-22 20:17:24

Gosha
Member
From: Russia
Joined: 2015-03-15
Posts: 6,014

Re: Update Discussion for forums

That's the only active topic out there so it won't ever go down

Offline

#745 2019-07-22 21:58:00

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,394

Re: Update Discussion for forums

Nebula wrote:
Different55 wrote:

Fixed half-missing CSRF token, people should be allowed to close their own topics again.

that's still not fixed, mate

Looks fixed to me, what topic are you trying to close that isn't working?


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#746 2019-07-22 23:53:15

Nebula
Guest

Re: Update Discussion for forums

Different55 wrote:
Nebula wrote:
Different55 wrote:

Fixed half-missing CSRF token, people should be allowed to close their own topics again.

that's still not fixed, mate

Looks fixed to me, what topic are you trying to close that isn't working?

https://forums.everybodyedits.com/viewt … p?id=46111 that one here

#747 2019-07-30 13:13:08

Gosha
Member
From: Russia
Joined: 2015-03-15
Posts: 6,014

Re: Update Discussion for forums

Hey diff, please make last edited message also clickable, it makes it easier to copy post url on phone

Offline

Wooted by: (2)
Gosha1564488788757077

Board footer

Powered by FluxBB

[ Started around 1596509423.6709 - Generated in 0.853 seconds, 11 queries executed - Memory usage: 1.66 MiB (Peak: 1.91 MiB) ]