Official Everybody Edits Forums

Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?

You are not logged in.

Advertisement

Hello, visitor! These forums are run off of the revenue generated from these ads. If you'd like to support us, please whitelist us or consider donating:

#726 2019-07-11 20:49:53

Kizuna Ai
Formerly Night More
From: Brazil, Learn, Dev.
Joined: 2018-12-02
Posts: 220
Website

Re: Update Discussion for forums

Anatoly wrote:
Kizuna Ai wrote:
Different55 wrote:

More CSRF, now for the likes page.

CSRF..?
D:<

i believe it’s a certificate.

Are you **** sure?
Explain tell me but what it is CSRF?


Fernandinha is the name of NightMore

597883506441322498.gif 597883506441322498.gif

598596166539673650.gif Friendly
598597705505177670.gif Official

Offline

#727 2019-07-11 22:55:17

den3107
Member
From: Netherlands
Joined: 2015-04-24
Posts: 992

Re: Update Discussion for forums

CSRF stands for "Cross-Site Request Forgery", if I'm correct.
Essentially means you're able to make requests (like change the theme of another user) that you're no supposed to be able to.


Current project: Thinking of/finding/requesting projects...
?type=registered&name=den3107     ?type=itemsbought&name=den3107
user.php?id=den3107&hideoffline=true    user.php?id=den3107bot&hideoffline=true

Offline

Wooted by:

#728 2019-07-12 02:08:49

Different55
Forum Admin
Joined: 2015-02-07
Posts: 15,918

Re: Update Discussion for forums

Fixed another CSRF bug in the PM system, this one allowing users to delete other people's folders.

In the case of this latest round of bugs, it's less "change the theme of another user" and more "trick another user into changing their theme."


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#729 2019-07-12 03:18:33

Kizuna Ai
Formerly Night More
From: Brazil, Learn, Dev.
Joined: 2018-12-02
Posts: 220
Website

Re: Update Discussion for forums

- change the theme of another user
so accounts alts?


Fernandinha is the name of NightMore

597883506441322498.gif 597883506441322498.gif

598596166539673650.gif Friendly
598597705505177670.gif Official

Offline

#730 Yesterday 23:49:03

Different55
Forum Admin
Joined: 2015-02-07
Posts: 15,918

Re: Update Discussion for forums

Last edited messages now appear in the post header.

Mods and admins can now review edit history and restore from it from within the forums.

After reviewing the needs of the gamestaff, I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances. Instead of locking down individual parts of the the "moderator" permission, this is starting from nothing and building up from there. Additional abilities can be whitelisted as needed.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#731 Yesterday 23:53:59, last edited by mrjawapa (Yesterday 23:57:35)

mrjawapa
Member
From: Ohio, USA
Joined: 2015-02-15
Posts: 4,861
Website

Re: Update Discussion for forums

Different55 wrote:

I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances.

Does this include other users posts?


iu.png

Offline

#732 Today 00:05:03, last edited by TaskManager (Today 00:05:23)

TaskManager
Formerly maxi123
From: i really should update this
Joined: 2015-03-01
Posts: 7,579

Re: Update Discussion for forums

Different55 wrote:

Last edited messages now appear in the post header.

Mods and admins can now review edit history and restore from it from within the forums.

After reviewing the needs of the gamestaff, I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances. Instead of locking down individual parts of the the "moderator" permission, this is starting from nothing and building up from there. Additional abilities can be whitelisted as needed.

Ok the addition is cool but did you remove xeno's editing powers
and also topic lock powers outside game business


i8SwC8p.png
signature by HG, profile picture by bluecloud, thank!!
previous signature by drstereos













like.php?tid=46047&pid=754703

Offline

#733 Today 02:51:08, last edited by Different55 (Today 02:51:57)

Different55
Forum Admin
Joined: 2015-02-07
Posts: 15,918

Re: Update Discussion for forums

mrjawapa wrote:
Different55 wrote:

I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances.

Does this include other users posts?

Yes. See below.

TaskManager wrote:
Different55 wrote:

Last edited messages now appear in the post header.

Mods and admins can now review edit history and restore from it from within the forums.

After reviewing the needs of the gamestaff, I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances. Instead of locking down individual parts of the the "moderator" permission, this is starting from nothing and building up from there. Additional abilities can be whitelisted as needed.

Ok the addition is cool but did you remove xeno's editing powers
and also topic lock powers outside game business

They can edit in forums they've been whitelisted for. They can't edit or post in locked topics, can't (currently) lock or unlock topics, and they can't edit silently since that's only used in extremely limited moderation tasks and so isn't useful for gamestaff at all.

In forums where they're whitelisted their editing abilities are pretty limited. Now that edit history manipulation is easily available to all forum staff (instead of being lost in a random log only I know about) I expect that won't be a problem for anyone.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#734 Today 03:06:46

Processor
Member
Joined: 2015-02-15
Posts: 1,860

Re: Update Discussion for forums

Diff, why should Xeno moderate anything on these forums at all? We have forum mods for that.

I remember when we originally gave Nou mod permissions, it was so he could edit topics where Thanel was the owner.
If that's still needed, let staff edit the first post in every topic in Game Business (it's always a staff post).

Different55 wrote:

Now that edit history manipulation is easily available to all forum staff (instead of being lost in a random log only I know about) I expect that won't be a problem for anyone.

EE staff have never been good at PR.
Even nou once censored new topics to "prevent drama".
It always backfires.
Its always a rationally dumb choice for staff abuse their role.
Yet they still do it and cause drama.

But why do we choose to let them?


embed.png?style=banner3
viewtopic.php?id=46089

Offline

#735 Today 03:35:06

Onjit
Member
Joined: 2015-02-15
Posts: 7,835
Website

Re: Update Discussion for forums

Good update tbh

To be fair - kira, kkay and myself were **** with copypastas and Xeno did the decent thing by cleaning it up


Simply incredible work as always Xenonetix, you never disappoint! Looking forward to EEU!

Last edited by Xenonetix (Today 2:18 am)

Offline

Wooted by:

#736 Today 03:38:58

mrjawapa
Member
From: Ohio, USA
Joined: 2015-02-15
Posts: 4,861
Website

Re: Update Discussion for forums

Processor wrote:

Even nou once censored new topics to "prevent drama".
It always backfires.

Also the time NVD censored a topic, then censored more topics addressing his censorship.

I thought one of the first "rules" established for the forums, was that NO game staff would have control over the forums. The idea was to keep punishments separate and avoid censorship.

Processor wrote:

But why do we choose to let them?

This time... it will be different!


iu.png

Offline

Wooted by:

#737 Today 03:51:16

Different55
Forum Admin
Joined: 2015-02-07
Posts: 15,918

Re: Update Discussion for forums

Processor wrote:

Diff, why should Xeno moderate anything on these forums at all? We have forum mods for that.

He's not. That's why this change was made, to prevent them from moderating anything at all. Let me be clear, I don't really think Xeno did anything wrong cleaning up that topic. I do think he did it in an atypical way for how the forum staff would handle it. He's not looped in with all of our processes so while his way of handling it wasn't bad, it wasn't what we would have done.

While their occasional help is appreciated (if awkward), they really don't need to. The permissions that are left are intended (and really only useful for) the original purpose of managing each other's topics.

Processor wrote:

But why do we choose to let them?

We don't. This update shows that we don't.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

Wooted by:
Different551563418276755357

Board footer

Powered by FluxBB

[ Started around 1563449196.9313 - Generated in 0.047 seconds, 12 queries executed - Memory usage: 1.47 MiB (Peak: 1.66 MiB) ]