I was bored and ran a few tests against the registration page on the blog. It doesn't look like it checks if the username or password field are just blank spaces with no characters. I just registered an account where the username and password are both a single space. 2nd bug I found, when... more
I modified my name in the edit comment field by removing the 'readonly' attribute of the input tag then tried to submit. I got this page: http://www.puckdroppersplace.us/blog/user_editcomments.php?c=6 But it's missing the CSS styling.
But you did! Good thing I didn't trust the client. I've fixed it. I had to not output anything until after I sent a redirect header, so not every message got CSS'd.
Two things actually. Not sure if you wanted directory listing on /blog/includes/ but it's available. The other one is the includes/footer.php gets stuck in an infinite loop and taxes the server hardcore if you open it directly in the browser or via curl (You can bypass the '406' response with curl... more
It's not supposed to be opened alone. Here's the offending line: include "../includes/footer.php"; So when the footer is loaded in the correct place, it drops past /blog/ into / and gets the footer for the website. When loaded in includes/ it bounces down to /blog/ and back up to /blog/includes.... more
I had to: define("SETTINGS_STATUS", "Good.", true) instead of define("SETTINGS_STATUS", true, true); because PHP interpreted SETTINGS_STATUS to be true even if it was never set. Some thing about it not being null or something, I guess.
elsewhere in your code. Kinda like a global, but not really a global. (And globals aren't. You have to explicitly tell your subroutine to use the global variable.) You'd think, and even a function checking for existence would tell you it didn't exist, but nothing really seemed to work. Perhaps... more
because == wasn't equal enough. I think I found why it was evaluating to true if it wasn't defined in one of the comments in the PHP Manual: https://www.php.net/manual/en/function.define.php Be aware that if "Notice"-level error reporting is turned off, then trying to use a constant as a variable... more
What really got me about the comment was everything before the comma: Be aware that if "Notice"-level error reporting is turned off, WHAT! The program behaves differently if a certain type of error reporting is enabled? I'd have never even thought about that as a possibility. The car pulls to... more
My worry would be either sone crawling bot or random person queuing up a bunch of parallel requests to the footer.php file directly and tanking the whole site. I wonder if it would tank NE and UCL as well? Probably, right? Are they all just sub dirs?
from doing that. Imagine, you're on a shared server and you can take down other sites by a simple infinite loop. You can't access the includes directories now. I wonder if I should just upload a blank index page, too. That seems a little less server dependent. I'm running the same code on the... more
Koyeb is way more strict than Heroku (probably free vs paid thing though). On the NE DiscApp Stats page, before I made a fix, I could cause the server to reboot on any export due to the memory spike it would cause. So, while it would protect everyone else on that shared server, if someone was to constantly... more
So the comment error was an off-by-one error- Puckdropper,Wed Aug 30 2023 5:41pm
I sort of remember some post a long time ago saying I was "bug reporter of the year" or something for finding one. By named vs number are you referring to the result set returned from the DB? Ex: my $comment_id = $results->[2]; vs. my $comment_id = $results->{'comment_id'}; (I know it's actually... more
I wrote an internal support ticket submitting website for work in C# about 10 or so years ago and did the same thing. The DB results were referenced by index instead of column name so if the select statement changed, things had to be reworked that used the result set directly. Not too much of an issue... more
I'll have to pull that old code out and fix those things. It's not really a problem that your username is " ", I think. But it might get whitespace removed to "", which could be unfortunate. (UPDATE name SET name="Erik_" WHERE name=" " becomes UPDATE name SET name="Erik_" WHERE name="" and now Erik_... more
On the registration page: 7. Blank usernames and passwords are NOT allowed. I guess a single space isn't technically 'blank' but it sort of is. :) I was going to also try testing leaving comments but you have those blocked on posts that are older than x days old and the latest one is from ~5 years... more
just a single space alone. Two spaces was rejected as already being registered. You've got a new post to play with. I guess I could have turned on commenting on another post, maybe I should do that too.
For strings? Java also has someString.isBlank() which returns true if the string is empty or only spaces. In Perl you can do something like: if ($some_string =~ m/^\s+$/) { # you gotta blank string }