Official Everybody Edits Forums
Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?
You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2016-11-26 05:45:11
- Different55
- Forum Admin
- Joined: 2015-02-07
- Posts: 16,575
Help the forums are possessed
Alright so go on any topic you like, and try to make a post with the censored word for fecal matter. Try it on this one. Won't work, you'll get a Bad Request error. What's interesting about this bad request error is that it's coming from viewtopic.php after post.php redirects you to see your successfully-created new post. So I dig into this a little bit, and as far as I can tell it's only the censored word for fecal matter. Obviously post.php's my first stop. I navigate my way to the section that specifically deals with inserting new posts into existing topics, and throw down a debug thingeroos to see if I can get some sort of idea of where things are going wrong. Immediately after the new post is inserted into the posts table, I check to see if it's still there. It is. Move down a bit to where the topics table is updated, the post still exists. Move down further past the subscription bits, and it's still there. Next stop is right after update_search_index() and bam post's gone after that function runs. So I run on over to search_idx.php and do the same thing and eventually narrow it down to one query that's somehow causing this:
placeholder
Before this query runs, "SELECT * FROM posts WHERE id = <new post ID>" returns the post we just created. After this query runs, this query returns 0 results. I'm still looking into whether any of these queries are throwing warnings but right now nothing is throwing any errors as far as I can tell.
I found the issue this half completed post is being posted for historical purposes. The problem can be seen here:
10142511 Query INSERT INTO posts (poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id) VALUES('Different55', 2, '207.174.226.76', '****', 0, 1480134373, 26106)
10142511 Query UPDATE topics SET num_replies=num_replies+1, last_post=1480134373, last_post_id=636786, last_poster='Different55' WHERE id=26106
10142511 Query SELECT id, word FROM search_words WHERE word IN('****')
10142511 Query INSERT INTO search_words (word) VALUES('****')
10142511 Query ROLLBACK
The forums check to make sure the word **** isn't already in the indexes, before ignoring it and trying to add it again. This fails since word in search_words is a primary key, which then causes the forums to roll back absolutely everything.
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
- Wooted by:
#2 2016-11-26 05:56:33
- Ratburntro44
- Member
- Joined: 1970-01-01
- Posts: 1,383
- Website
Re: Help the forums are possessed
well that's pretty ****
Offline
- Wooted by:
#4 2016-11-26 11:21:32
- Abelysk
- Guest
Re: Help the forums are possessed
What a steaming heap of ****
#5 2016-11-26 14:37:12
- Pingohits
- Banned
- From: aids lizard
- Joined: 2015-02-15
- Posts: 7,591
Re: Help the forums are possessed
****
Offline
#6 2016-11-26 15:20:33
- Gosha
- Member
- From: Russia
- Joined: 2015-03-15
- Posts: 6,211
Re: Help the forums are possessed
guys, i found out that if you write your email and password in form "email/pass" you'll get censored!
look:
****/****
Offline
- Wooted by: (3)
#7 2016-11-26 15:42:47
- Anatoly
- Guest
Re: Help the forums are possessed
We have to test it in the Roast me thread
#8 2016-11-26 18:14:32
Re: Help the forums are possessed
guys, i found out that if you write your email and password in form "email/pass" you'll get censored!
look:
****/****
Please don't suggest this even as a joke. As silly as it may sound I've been fooled by that trick once, and it ended up disastrously. To anybody reading this, please don't repeat my mistakes.
Offline
#9 2016-11-26 18:19:29
- Bimps
- Member
- Joined: 2015-02-08
- Posts: 5,067
Re: Help the forums are possessed
Gosha wrote:guys, i found out that if you write your email and password in form "email/pass" you'll get censored!
look:
****/****Please don't suggest this even as a joke. As silly as it may sound I've been fooled by that trick once, and it ended up disastrously. To anybody reading this, please don't repeat my mistakes.
what joke?
Offline
#10 2016-11-26 18:46:51
- XxAtillaxX
- Member
- Joined: 2015-11-28
- Posts: 4,202
Re: Help the forums are possessed
guys, i found out that if you write your email and password in form "email/pass" you'll get censored!
look:
****/****
I've seen many people fall for that, it's almost worryingly sad.
<Cthon98> hey, if you type in your pw, it will show as stars
<Cthon98> ********* see!
<AzureDiamond> hunter2
<AzureDiamond> doesnt look like stars to me
<Cthon98> <AzureDiamond> *******
<Cthon98> thats what I see
<AzureDiamond> oh, really?
<Cthon98> Absolutely
<AzureDiamond> you can go hunter2 my hunter2-ing hunter2
<AzureDiamond> haha, does that look funny to you?
<Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as *******
<AzureDiamond> thats neat, I didnt know IRC did that
<Cthon98> yep, no matter how many times you type hunter2, it will show to us as *******
<AzureDiamond> awesome!
<AzureDiamond> wait, how do you know my pw?
<Cthon98> er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
<AzureDiamond> oh, ok.
cit: http://bash.org/?244321
*u stinky*
Offline
- Wooted by:
Pages: 1
[ Started around 1738421793.5339 - Generated in 0.057 seconds, 14 queries executed - Memory usage: 1.5 MiB (Peak: 1.65 MiB) ]