|
Author |
Thread Statistics | Show CCP posts - 5 post(s) |
Lumy
Minmatar eXceed Inc. HYDRA RELOADED
|
Posted - 2010.03.27 11:23:00 -
[1]
Out of curiosity what is this supposed to be proof of? That you can make bug-free code and CCP can't? Well, your marvelous piece of software engineering has:
Conceptual errors: 1. Storing password as plain text 2. Storing contacts in text file readable for anyone
Code errors: 1. Not checking if request variable is set (pro move really) 2. Not checking allowed variable values (wanna add Friends, Enemies or Watchlist<script>malicious code here</script>) 3. Vulnerable to XSRF (<img src="http://yourdomain/index.php?action=delContact&id=406769056">, tokens are for losers) 4. Vulnerable to permanent XSS (2 and 3 combined)
Presentation errors (html/javascript): 1. onclick='del(406769056,'Lumy')' - parser must really enjoy this 2. if (confirm("Delete "+charactername+"?")) nothing wrong with this line, except that function parameter is called $charactername. How is it fixed in newest version? JS confirm is commented out.
Sorry, I'd rather prefer CCP's EveGate.
Joomla! in EVE - IGB compatible CMS. |
Lumy
Minmatar eXceed Inc. HYDRA RELOADED
|
Posted - 2010.03.27 23:35:00 -
[2]
Originally by: Dr BattleSmith Claiming loudly that it was bug free? Not at all, that was specifically a guy calling for XHTML on something so basic like it really mattered.
Originally by: Dr BattleSmith The HTML is 100% valid idiot.
Originally by: Lumy onclick='del(406769056,'Lumy')'
^_^
Originally by: Dr BattleSmith The security issues aren't relevant in this context.
Then why do you even bother with password?
Originally by: Dr BattleSmith ...and the charactername param used.
LOL, you didn't get it.
Even if the user treats the script with absolute caution and doesn't enter any malicious input, regular EVE names can still break it. I let you figure out this one on our own.
I wonder, do you test whatever you do even once before you commit it to SVN?
Joomla! in EVE - IGB compatible CMS. |
Lumy
Minmatar eXceed Inc. HYDRA RELOADED
|
Posted - 2010.03.28 11:27:00 -
[3]
Sigh. Obviously, subtle smiley doesn't work, so let me be blunt. Nobody cares what kind of HTML spec you claim to use. You claimed the code is 100% valid and called the guy an idiot. I don't know what version HTML it is supposed to be, but Lumy')' is not valid markup. If I'm wrong, please show me. Forgive me I don't keep knowledge of more than decade obsolete technology.
Originally by: Dr BattleSmith For idiots that think they need one. Notice how it doesn't even have a username?
At least now we know who are target users of your scripts, and what do you think of them. Really good to know.
Originally by: Dr BattleSmith There is no way in the world that this lil script needs tokens, XHTML, hashed passwords and the like.
And for that reason I would not recommend to even touch it with standard-issue 10-ft. pole.
Joomla! in EVE - IGB compatible CMS. |
Lumy
Minmatar eXceed Inc. HYDRA RELOADED
|
Posted - 2010.03.29 00:14:00 -
[4]
So it wasn't 100% valid HTML after all, despite your previous claim. Also you claimed it was supposed to be HTML 2.0. You know what? HTML 2.0 does not support tables! And yet your generated code uses them. (I actually looked it up in spec, for the lulz.) So your talk about how HTML is all the same is even more hilarious.
This thread is comedy gold. It's like showcase of human ignorance. Thanks for entertainment, pal.
Joomla! in EVE - IGB compatible CMS. |
Lumy
Minmatar eXceed Inc. HYDRA RELOADED
|
Posted - 2010.03.29 08:18:00 -
[5]
Originally by: Dr BattleSmith Guess you missed the part where it passed the W3C validator with zero changes.
I didn't missed the part where you had to add doctype to make it pass.
Quote: A valid HTML document declares what version of HTML is used in the document. The document type declaration names the document type definition (DTD) in use for the document (see [ISO8879]).
Source: http://www.w3.org/TR/REC-html40/struct/global.html#h-7.2 Also I didn't missed the part where w3c validator (do you use some other one?) detects an error
Quote: Line 5, Column 30: required attribute "TYPE" not specified
Let me remind you this is validated as HTML 4.01 Transitional. Did you missed that one, or have you left it out on purpose?
Nitpick: I actually left out all PHP warnings before <html> tag.
Originally by: Dr BattleSmith ugh actually I claimed it was as basic as HTML 2 and that this mattered not at all.
Originally by: Dr BattleSmith Semantically correct? It's HTML 2.0, I doubt you could find any errors in code that simple :-D
Do you always contradict yourself? Also I could find errors in code that simple.
Originally by: Dr BattleSmith The original statement was someone saying the HTML was invalid and written by a WYSIWYG. Completely false and ridiculious.
It was invalid at the time. And, let me quote original:
Originally by: Captain Greeneyes It looks like the HTMl was made from a WYSIWYG editor. x_x
Saying something "looks like" and "is" are two quite different statements. But hey, really nice straw man.
Originally by: Dr BattleSmith Yeah I've got a good laugh outta the witchhunt.
Amazing just how pathetic some people can be.
Choosing the most basic part of the script, the part that doesn't matter at all, and making it into a big fuss.... Simply moronic.
"witchhunt"
Security does not matter, validity does not matter, errors do not matter, others opinions do not matter, users are supposed to be idiots. Great way to start a project. :thumbsup:
Anyway, I promise I'll stop this "witchhunt" , if you manage to post at least one reasonable response without contradicting yourself or insulting someone. Or admitting mistake, but that would probably cause universe to implode.
Joomla! in EVE - IGB compatible CMS. |
Lumy
Minmatar eXceed Inc. HYDRA RELOADED
|
Posted - 2010.03.29 09:42:00 -
[6]
Edited by: Lumy on 29/03/2010 09:47:06 Dr BattleSmith: The HTML is 100% valid idiot. Lumy and others: No, it isn't. Here are the errors. Dr BattleSmith fixes errors. Dr BattleSmith: The HTML is 100% valid, here's the link.
I wonder what's wrong with that.
Originally by: Dr BattleSmith I've patched any you've pointed out.
Not on the SVN.
Originally by: Dr BattleSmith Not when they are fools who are only commenting to "defend" CCP like they've been personally insulted by the very prospect of this script existing.
I haven't notice I've been defending CCP. Just rebutting your arguments. But I must admit, on some level I'm personally insulted. This is the kind of sloppy work that gives PHP developers bad name.
Originally by: Dr BattleSmith Users are happy, idiots who are only here to troll aren't.... Big surprise there.
[troll]What users? Do you mean "you"?[/troll]
Ok, disregard the last comment. That was me really trolling.
Edit: I've made basic mistake of not being specific enough. You would probably interpret "last comment" as whole post. Hence the [troll] markup.
Joomla! in EVE - IGB compatible CMS. |
Lumy
Minmatar eXceed Inc. HYDRA RELOADED
|
Posted - 2010.03.31 08:26:00 -
[7]
@Catari Taga
1. If the first release of any other projects (EVEMon, EFT, Yapeal, whatever) started with attack on someone's else work 2. If their work had the same flaws (or even worse) as the work they were attacking 3. If they reacted with insults to any issues pointed out (no matter how petty they thought they were) 4. Called everybody left and right including users idiots
... I guess they would met with "hostility" and "trolling" too. Unless they showed at least some level of competence.
But that doesn't matter anymore. Dr BattleSmith already showed us what is his work good for, how is he willing to deal with any kind of critique and what does he thinks about any of us. I guess it's time let this thread rot.
Joomla! in EVE - IGB compatible CMS. |
|
|
|