Discuss mailing list

[Al Beano <albino AT autistici.org>]

If <marquee> tags are available should it not follow that <script> tags and 
other JS attributes are also allowed?

On 11 September 2017 17:55:12 BST, Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:
>I appreciate the offer.  It's not really a matter of not being *able*
>to 
>fix it, I'm fairly fluent in PHP and its shortcomings in many of its 
>functions that don't quite live up to their names, it's more a matter
>of 
>having the problem pointed out to me.  If someone had just said "hey we
>
>can enter <script> tags in the fields", it would have immediately 
>clicked that yes, this is a very very bad thing, and I would have
>locked 
>it down right away.
>
>
>On 09/11/2017 02:04 AM, Dmitry S. Nikolaev wrote:
>>
>> Hi Jeff.
>>
>> First of all get well and be healthy.
>>
>> I did not quite understand who did and what did, but I understood
>that 
>> someone hack something.
>> I dont see any discussion about it.
>>
>> If it is PHP code, so maybe I can help you. Write if you need help.
>We 
>> will see what we can do.
>>
>> Good luck !
>> With best regards, Dmitry S. Nikolaev
>>
>> Moscow, Russia
>> phone: +7 (499) 678 8007 [ext. 6003]
>> fax: +7 (499) 678 8007 [ext. 7777]
>> www:http://www.mega-net.ru
>> mail:dnikolaev AT mega-net.ru
>> SIP URI:dnikolaev AT sip.mega-net.ru  ||dn AT sip.mega-net.ru
>> On 11.09.2017 07:52, Jeff Taylor wrote:
>>> Last night I got an ear infection plus bad acid reflux and didn't 
>>> hardly sleep at all.  So you can imagine my state of mind when I got
>
>>> up this morning to find a discussion between T1 and T2 operators 
>>> talking vaguely about an exploit they found in the servers page, and
>
>>> the page itself broken and not providing usable info.  It took me 
>>> quite awhile to dig through everything and determine exactly what
>was 
>>> done and start working towards repairing the intentional damage.
>>>
>>> OK, it's a fair point that I didn't properly sanitize the input.  
>>> However we're talking about a page that has been online for the past
>
>>> two years without any problems, but for some reason you decided that
>
>>> immediate action must be taken right this very second.  And not a 
>>> single one of you assholes had the courtesy to even send me a PM to 
>>> say "hey we found this problem in your page and these are the
>actions 
>>> we took."  Seriously, I know some of you newcomers are in your
>teens, 
>>> but do you really have to ACT like it?  This is a community project,
>
>>> it exists because people in the past have worked *together* to solve
>
>>> problems. It's not a hacking contest to see who can blow up each 
>>> other's contributions.
>>>
>>> There have been a lot of complaints about my code in the past. Yes I
>
>>> write in Bash and PHP, and yes my code isn't going to be the easiest
>
>>> to read.  There's also the constant complaints that I don't post my 
>>> code on repo-of-the-week, which I've discussed several times on IRC 
>>> but nobody seems to care.  Just how many 'official' source-hosting 
>>> pages has opennic been through?  We've been in sourceforge, but we 
>>> don't trust them now.  What was the one that did SVN?  And of course
>
>>> there's the numerous local repos that people have run over the years
>
>>> which up and disappear one day without warning.  I've submitted a 
>>> fair chunk of my code at least twice.  And poof, there's no evidence
>
>>> remaining that it ever existed.
>>>
>>> I have limited time to work on opennic, but I've churned out an 
>>> incredible amount of code for the project over the years.  There is 
>>> very little of opennic's infrastructure that I haven't had a hand in
>
>>> or written completely from scratch.  Everybody that comes through 
>>> always has their own ideas on how things should be done, what
>changes 
>>> need to be made, and yet almost none of those people have actually 
>>> contributed anything.  Opennic owes its very existence to those few 
>>> people such as myself who have dedicated months or years of 
>>> programming time to provide the services that everyone else uses on
>a 
>>> daily basis.  There is a huge amount of code in the background that
>I 
>>> personally own and have to troubleshoot when things go wrong.  I 
>>> spend what time I can either fixing the larger problems or trying to
>
>>> set up new code to provide features.  I have dedicated time nearly 
>>> daily to making sure things run smoothly or fixing whatever is 
>>> broken, and the thanks I get is "hey lets fuck up his shit and see 
>>> how long it takes him to figure it out."  Real mature.
>>>
>>> If anyone wants a copy of my working code, I have always been happy 
>>> to provide it.  It may take me some time to get it together, but
>I've 
>>> always given it.  And I would love to have others help clean things 
>>> up, especially the registrar code behind reg.for.free. 
>Unfortunately 
>>> the only feedback I have ever gotten is "I don't like your standard 
>>> use of single- and double-quotes... here's a rewrite to quote things
>
>>> MY way."  I don't have time to keep learning a new repo system every
>
>>> year or two and I no longer have the patience to care, but if
>someone 
>>> else wants to do the deed I've already mentioned many times that I
>am 
>>> happy to help work with them.
>>>
>>> I've been thinking about this all day and I'm still pissed, and 
>>> apparently still can't even coherently express my frustration, so
>let 
>>> me summarize... Grow the fuck up and learn how to actually work with
>
>>> other people who are in different times zones.  People have pointed 
>>> out bugs in my code before, and I almost always get them fixed
>within 
>>> a day or two.  Yeah I make mistakes, I know this and I know enough
>to 
>>> understand the problem when they are pointed out, assuming you 
>>> actually give me the chance.
>>>
>>>
>>> --------
>>> You are a member of the OpenNIC Discuss list.
>>> You may unsubscribe by
>emailingdiscuss-unsubscribe AT lists.opennicproject.org
>>
>>
>>
>>
>> --------
>> You are a member of the OpenNIC Discuss list.
>> You may unsubscribe by emailing
>discuss-unsubscribe AT lists.opennicproject.org
>
>
>
>------------------------------------------------------------------------
>
>
>
>--------
>You are a member of the OpenNIC Discuss list. 
>You may unsubscribe by emailing
>discuss-unsubscribe AT lists.opennicproject.org