Forum Migration - May 4th(Delayed - Update Inside) [Updated 6/12/2015]
Comments
-
oVenusArmanio wrote: »And we couple that oddly with a general flagrant disregard for breaking certain types of rules.
LOL! So true!I'm hated by former friends, entire factions, PWE, and people I've never met before. I'm hated on servers I've never logged onto.
... and I honestly wasn't even trying.
Enrage has nothing on me.
[SIGPIC][/SIGPIC]0 -
Why won't it be a forum for Fortuna?0
-
--Because PWE doesn't care about its mobile games?-- Scratch that. Because they care about their mobile games even less than its other games?
Anyone else notice how much memory the new forums take? I had the front page up (didn't click on anything) for 3-hours and it was taking 320,000KB. What is that about?Kernal32.dll error? Get Arc XP for PWI because PWE Derpped -->http://www.nrgs.org/dev/arcxp/ArcXP.zip<-- (Don't select the arrows!)
Forums. Where opinion is truth, truth are facts, facts are wrong, and wrong is an opinion.
My site: >http://nrgs.org< | Free and open source tools and utilities developed by me0 -
Updates noted and Suggestion Box Updated.
Guess I should not say this but well done for pointing out the bugs... Lets just hope its not to broken after its... Fixed is the word I want to use.0 -
I just posted a fix for the Arc forum. I just hope they even understand it. I do wonder if they have any programmers working there anymore. If not, they should hire me. I'll work for minimum wage and cookies* b:chuckle
*cookies: Full boxes of cookies per hour worth at least $5. Cause pandas need cookies like polar bears need soda b:laugh
This is needed. It needs to go into your configuration file.$Configuration['Garden']['ForceInputFormatter'] = true;
You only get one of these. BBCode would probably be the best choice. Change it in your configuration file.$Configuration['Garden']['InputFormatter'] = "Text"; $Configuration['Garden']['InputFormatter'] = "BBCode"; $Configuration['Garden']['InputFormatter'] = "Markdown";
===== For people who know what I'm talking about... =====
On line 261 of class.postcontroller.php$this->Comment->Format = GetValue('Format', $FormValues, C('Garden.InputFormatter'));
Based on their description and parameters, basically this says to use whatever format it is given, or if nothing given (which is what happens if ForceInputFormatter is true), use as a default, the InputFormatter.
Same thing happens on line 639 of the same file, as well as a handful of other files. Basically, it's consistent across the board, so this is the fix.
===================
Edit: I finished my search. Nothing else was found. This does appear to be the fix in all its blatant simplicity.
On a serious note PWE/Arc: I am for hire if you want both BBCode and Markdown. It would take me less than an hour to make both possible without HTML being allowed. Or you could even hire me to write stripping code, I've done that before. In fact, I've written my own programming languages. This is nothing new, hard, or out of my normal realm.Kernal32.dll error? Get Arc XP for PWI because PWE Derpped -->http://www.nrgs.org/dev/arcxp/ArcXP.zip<-- (Don't select the arrows!)
Forums. Where opinion is truth, truth are facts, facts are wrong, and wrong is an opinion.
My site: >http://nrgs.org< | Free and open source tools and utilities developed by me0 -
strumslinger wrote: »Update: Looks like I spoke too soon. We're delaying the migration until further notice. Information here: http://bit.ly/1HZLoa0
Maybe it would be a good idea to edit the thread title to remove "May the 4th" by the way~ Sage Mystic 105-105-105 ~
~ Sage Sin 103-103-102 ~
~ Sage vita Barb 103-102-101 ~
~ Sage BM 102-101 ~ Demon Archer 102 ~
~ Sage Cleric 102 ~ Demon Wizard 101 ~
~ Sage Seeker 101 ~ Sage Psy 101 ~
~ Sage Heavy Veno 101 ~ Demon Storm 9X ~ Dusk 6x ~
Started playing this game in 2007 on Oracle (PW-MY) : Demon MG 101 - Sage EP 99 - WF 890 -
Zoldi - Morai wrote: »Maybe it would be a good idea to edit the thread title to remove "May the 4th" by the way
And maybe add "Delayed" to the title... That might help as well. b:surrender[SIGPIC][/SIGPIC]
(Signature credit to NowItsAwn)
Survivor of Snow-Mageddon 2010, "The Great Earthquake" of 2011, and Sandy 2012 b:victory0 -
KrittyCat - Dreamweaver wrote: »And maybe add "Delayed" to the title... That might help as well. b:surrender
Let's stick with the original version of delayed:
Soon™Soon™
Well, maybe later, semi-retired.0 -
DEMHEALSMAN - Dreamweaver wrote: »Let's stick with the original version of delayed:
Soon™
When they released Arc I stopped play pwi (there were "Free To Play, but work or pay", PvP instead PvE on PvE server issues too). I hope, that they will not close this site.0 -
Toliman - Raging Tide wrote: »When they released Arc I stopped play pwi (there were "Free To Play, but work or pay", PvP instead PvE on PvE server issues too). I hope, that they will not close this site.
This version of the forums is going away when they do the migration, of that there is no question. The plan is to migrate all threads over to the new sub-forum, but this page as it is will no longer exist.[SIGPIC][/SIGPIC]
(Signature credit to NowItsAwn)
Survivor of Snow-Mageddon 2010, "The Great Earthquake" of 2011, and Sandy 2012 b:victory0 -
PWE took a different route than I anticipated, although it was suggested to them. They stripped the style attribute out of output. So, while the style attribute will stay when you input data, people will never see it in the output. Better than nothing, I suppose. I still think having free roaming HTML is like giving a knife to an intruder, but that might just be me.
Edit: They also removed the align attribute from div tags...why?Kernal32.dll error? Get Arc XP for PWI because PWE Derpped -->http://www.nrgs.org/dev/arcxp/ArcXP.zip<-- (Don't select the arrows!)
Forums. Where opinion is truth, truth are facts, facts are wrong, and wrong is an opinion.
My site: >http://nrgs.org< | Free and open source tools and utilities developed by me0 -
NRGLG - Heavens Tear wrote: »PWE took a different route than I anticipated, although it was suggested to them. They stripped the style attribute out of output. So, while the style attribute will stay when you input data, people will never see it in the output. Better than nothing, I suppose. I still think having free roaming HTML is like giving a knife to an intruder, but that might just be me.
Edit: They also removed the align attribute from div tags...why?
They did the latter near the start. There's another way to align it, if I'm not mistaken, but I'm too tired to try and remember.
And you're right about the HTML comparison but for PWE this is a start and better than they usually do.(Insert fancy image here)0 -
My poor sig
Now they just need to strip class attribute too.
I'm pretty sure they can't use the wysiwyg editor now though. We'll see.[sigpic][/sigpic]
PWI Calculators - aster.ohmydays.net/pw0 -
Yes, I'm abusing the class attribute right now. However, I might be correct in thinking that they won't strip it. The problem with that one is that it's needed for the stylized elements. So if they strip it, they strip the stylized elements as well. There is no winning for them if they don't just disable HTML altogether.Kernal32.dll error? Get Arc XP for PWI because PWE Derpped -->http://www.nrgs.org/dev/arcxp/ArcXP.zip<-- (Don't select the arrows!)
Forums. Where opinion is truth, truth are facts, facts are wrong, and wrong is an opinion.
My site: >http://nrgs.org< | Free and open source tools and utilities developed by me0 -
How can I post a SIG on these new forums?
Assassin - SyntherosX - 105, 105, 105 Calc : https://mypers.pw/13/#654396
Loyal Perfect World Player 9 Year Vet.
Youtube&LiveStream @ OROCx24
Get the Forums Enhancement Extension!0 -
How can I post a SIG on these new forums?
Use this link: http://www.arcgames.com/en/forums#/profile/signature
If that doesn't work, on the other forums, use the Preferences button on the upper right of the forum, then click Signature Settings.[SIGPIC][/SIGPIC]
(Signature credit to NowItsAwn)
Survivor of Snow-Mageddon 2010, "The Great Earthquake" of 2011, and Sandy 2012 b:victory0 -
I've found another exploit/bug. This one I sort-of can't believe I found. You can literally move your posts from one thread to another. Since posts are sorted by date they were posted, you then have the ability to technically move your post to before other people's posts. This appears to be just as exploitable on the current version of Vanilla.
I'm not gonna lie, the Vanilla forums have some of the ****tiest security, with regards to users, that I've ever seen in my life. I mean, vBulletin had its issues, but Vanilla doesn't even seem like it's trying. Hell, even my own custom-made forum had better security than this. You should never, ever, give the user a way to change the thread ID on a post. b:beatup
How this exploit is bad: Moving posts from one thread to another is already problematic in and of itself. However, now imagine if you made a post a long time ago. Then someone makes a new thread. Right now you could take and move your post into that empty new thread. That could cause the new thread to disappear from the front page, based on how many posts are in the category and how old your post is. If your post is very old and the category has more than 1 page of threads, then it could be put back on something like page 11. This should be treated as a real and potential problem if any players become disgruntled and choose to take it out on the forums.Kernal32.dll error? Get Arc XP for PWI because PWE Derpped -->http://www.nrgs.org/dev/arcxp/ArcXP.zip<-- (Don't select the arrows!)
Forums. Where opinion is truth, truth are facts, facts are wrong, and wrong is an opinion.
My site: >http://nrgs.org< | Free and open source tools and utilities developed by me0 -
NRGLG - Heavens Tear wrote: »How this exploit is bad: Moving posts from one thread to another is already problematic in and of itself. However, now imagine if you made a post a long time ago. Then someone makes a new thread. Right now you could take and move your post into that empty new thread. That could cause the new thread to disappear from the front page, based on how many posts are in the category and how old your post is. If your post is very old and the category has more than 1 page of threads, then it could be put back on something like page 11. This should be treated as a real and potential problem if any players become disgruntled and choose to take it out on the forums.
Based on how the organization works, it would be based on the last post in the thread, not the first post. Moving your post into a thread wouldn't move it back, since that wouldn't change the last post in the thread.
That's not saying that it isn't problematic, but it isn't problematic in the way you're describing, since no matter how many posts are moved into the front of a thread, as long as the last post is new, it's not going to drop it back.[SIGPIC][/SIGPIC]
(Signature credit to NowItsAwn)
Survivor of Snow-Mageddon 2010, "The Great Earthquake" of 2011, and Sandy 2012 b:victory0 -
NRGLG - Heavens Tear wrote: »I've found another exploit/bug. This one I sort-of can't believe I found. You can literally move your posts from one thread to another. Since posts are sorted by date they were posted, you then have the ability to technically move your post to before other people's posts. This appears to be just as exploitable on the current version of Vanilla.
I'm not gonna lie, the Vanilla forums have some of the ****tiest security, with regards to users, that I've ever seen in my life. I mean, vBulletin had its issues, but Vanilla doesn't even seem like it's trying. Hell, even my own custom-made forum had better security than this. You should never, ever, give the user a way to change the thread ID on a post. b:beatup
How this exploit is bad: Moving posts from one thread to another is already problematic in and of itself. However, now imagine if you made a post a long time ago. Then someone makes a new thread. Right now you could take and move your post into that empty new thread. That could cause the new thread to disappear from the front page, based on how many posts are in the category and how old your post is. If your post is very old and the category has more than 1 page of threads, then it could be put back on something like page 11. This should be treated as a real and potential problem if any players become disgruntled and choose to take it out on the forums.Soon™
Well, maybe later, semi-retired.0 -
KrittyCat - Dreamweaver wrote: »Based on how the organization works, it would be based on the last post in the thread, not the first post. Moving your post into a thread wouldn't move it back, since that wouldn't change the last post in the thread.
You are wrong, sorry. I already proved it straight on their forum. I moved a new thread I had created to the bottom of a category.
Note: How this works. Basically, when there is more than 0 comments in a thread, the thread then uses the more recent comment posted (date-wise) as the last thing posted on the thread. This might be why you were confused. Because the original post is not treated as a comment, it is treated as a "Discussion".Kernal32.dll error? Get Arc XP for PWI because PWE Derpped -->http://www.nrgs.org/dev/arcxp/ArcXP.zip<-- (Don't select the arrows!)
Forums. Where opinion is truth, truth are facts, facts are wrong, and wrong is an opinion.
My site: >http://nrgs.org< | Free and open source tools and utilities developed by me0 -
b:shocked0
-
So... anyone else starting to think Vanillaforums in general is just an incredibly poor format to use and that it's not completely PWE's fault?
I mean, yeah they made some poor choices in regards to options available (and choosing Vanillaforums in the first place) but still... b:surrender(Insert fancy image here)0 -
So... anyone else starting to think Vanillaforums in general is just an incredibly poor format to use and that it's not completely PWE's fault?
Mmm...possibly. There are definite suggestions that the programmer's haven't any experience with relational databases. If they had, the post movement problem wouldn't even be a problem. In fact, I don't even understand why the post allows for editing of the thread ID at all to begin with. Let's say a database has a table dedicated solely to posts. Why on earth would you need the thread ID to change the post data. The only info you need to change the post data is the post ID (and permissions obviously). I just...I just don't even understand this one. Like I'm sort-of baffled by the fact that this kind of exploitable bug exists. However, the fact that it does exist also makes me worry that if something like this exists, you know, what else? Cause this is something that never should have been a problem. So what other things are there that shouldn't have been a problem. I am concerned by that. b:sweatKernal32.dll error? Get Arc XP for PWI because PWE Derpped -->http://www.nrgs.org/dev/arcxp/ArcXP.zip<-- (Don't select the arrows!)
Forums. Where opinion is truth, truth are facts, facts are wrong, and wrong is an opinion.
My site: >http://nrgs.org< | Free and open source tools and utilities developed by me0 -
Yeah... when problems that shouldn't even exist involving the basics of the basics show up, you have to start second guessing the structure as a whole.
Seeing as you've gone and found out that of all things THAT could be exploited, I'm kinda worried about how much there is that can be broken that most of us just haven't even considered because of how obvious it should be. And worse, what's gonna happen when someone DOES go and exploit it.(Insert fancy image here)0 -
-
Nope (well, not really special). If you are unable to figure it out then it's best that you not try to add a signature. The forums are going through repairs until an unknown time. Wait until they are done fixing all of the problems found. By then everything should be working as expected.Yeah... when problems that shouldn't even exist involving the basics of the basics show up, you have to start second guessing the structure as a whole.
That's what I started thinking and why I'm concerned. I want to do a full security audit of the source code, but don't have the time to do it at the moment.And worse, what's gonna happen when someone DOES go and exploit it.
Moderator party time? b:shutup
(Although...if someone moved their posts into another forum, you wouldn't be able to touch them, huh? That's not good and something the CMs/GMs/Administrators didn't think through... Also, what about troublemakers who take their trouble-making to another forum and you can't stop them... All-in-all this whole thing feels like a good idea executed more poorly than everything in Birdemic.)Kernal32.dll error? Get Arc XP for PWI because PWE Derpped -->http://www.nrgs.org/dev/arcxp/ArcXP.zip<-- (Don't select the arrows!)
Forums. Where opinion is truth, truth are facts, facts are wrong, and wrong is an opinion.
My site: >http://nrgs.org< | Free and open source tools and utilities developed by me0 -
NRGLG - Heavens Tear wrote: »That's what I started thinking and why I'm concerned. I want to do a full security audit of the source code, but don't have the time to do it at the moment.Moderator party time? b:shutup(Although...if someone moved their posts into another forum, you wouldn't be able to touch them, huh? That's not good and something the CMs/GMs/Administrators didn't think through... Also, what about troublemakers who take their trouble-making to another forum and you can't stop them... All-in-all this whole thing feels like a good idea executed more poorly than everything in Birdemic.)
Then there's the question of how the mods will be able to communicate with each other. At least over here, we actively stay in touch with each other, both in and outside the forums, and have all the the benefits of such. If something like that doesn't get established post-migration, though, it makes it even easier for abusers to get away with it because the mods won't be able to stay as organized amongst themselves.
On a side note, I hate their "unanswered" category. I browse here with a heavy reliance on the new posts feature and if I'm not a global mod there AND can't tell if I'm going to PWI's General Discussion or Swordsman's (for example) it just makes it tougher on me since there's gonna be even MORE forum to cover. Add in that there's no simple way to quickly and easily sort through it, the limitations it already has, and the fact that their search feature is absolutely pathetic (at least here I can search by poster and have some control and ease with my results) and the entire thing is generally gonna be a nightmare for attempting to enforce rules. FLagging will alleviate those issues somewhat but only if people both use that function AND don't get abusive with it (yeah right). Overall, I'm neither pleased, nor impressed, and see little, if any, positives coming from this.
... Oh and people who have been banned on each game's individual forums aren't banned there. Which means if they come back and want to cause chaos... well... gonna suck for us. Especially if mods are as limited there as they are already (before accounting for lack of global moderation allowing people to hopscotch sections to avoid the mods entirely).(Insert fancy image here)0 -
Best of luck. That thing looks like a nightmare.
Little too late for an audit anyway.
Kossy conveniently happened to have called in sick that day. What's that, you saw her out and about partying just fine? Nonesense. She was clearly suffering and putting on a brave face. Clearly. b:laugh
Yep. One of the issues with not having global mods while so many issues exist. Odds are the mods would stick to their own games most of the time regardless but by deciding that they won't have global permissions, someone causing issues on one section (or who wants to move their posts) can easily abuse that to get away with a lot more than they should.
I don't see why it's a moderators task to uphold something that should be fixed by the developers. Having moderators for each section would be better than global mods. That's what you would (normally) have administrators for. But that's why I said normally.
Moderators are better on their own games, because they know how that community part functions and what the rules are for that part. Unless they are going to make rules global too.
Then there's the question of how the mods will be able to communicate with each other. At least over here, we actively stay in touch with each other, both in and outside the forums, and have all the the benefits of such. If something like that doesn't get established post-migration, though, it makes it even easier for abusers to get away with it because the mods won't be able to stay as organized amongst themselves.
User PM's? Outside of the forums will stay the same?
I really don't get the issue there, but I'm gonna assume moderators have their own private little forum subsection here.
Plenty of ways to get around that, so don't really see the issue of this.
On a side note, I hate their "unanswered" category. I browse here with a heavy reliance on the new posts feature and if I'm not a global mod there AND can't tell if I'm going to PWI's General Discussion or Swordsman's (for example) it just makes it tougher on me since there's gonna be even MORE forum to cover. Add in that there's no simple way to quickly and easily sort through it, the limitations it already has, and the fact that their search feature is absolutely pathetic (at least here I can search by poster and have some control and ease with my results) and the entire thing is generally gonna be a nightmare for attempting to enforce rules. FLagging will alleviate those issues somewhat but only if people both use that function AND don't get abusive with it (yeah right). Overall, I'm neither pleased, nor impressed, and see little, if any, positives coming from this.
... Oh and people who have been banned on each game's individual forums aren't banned there. Which means if they come back and want to cause chaos... well... gonna suck for us. Especially if mods are as limited there as they are already (before accounting for lack of global moderation allowing people to hopscotch sections to avoid the mods entirely).
>Expecting something competent to come from PWE
One would expect people would know better by now b:laughSoon™
Well, maybe later, semi-retired.0 -
Best of luck. That thing looks like a nightmare.
Part of it is; the other part isn't. A portion of the code does look like it was written by amateurs and I'm not sure why. Maybe it was some interns or part of the original Vanilla Forums source. Either way, there is at least one code block I can think of that is 400 lines long. Code blocks aren't supposed to be longer than the height of your screen in general practice. So the fact that this one is 400 lines long is just stupid. It also scores off the charts on maintenance complexity (which is a bad thing).Kossy conveniently happened to have called in sick that day. What's that, you saw her out and about partying just fine? Nonsense. She was clearly suffering and putting on a brave face. Clearly. b:laugh
b:chuckleDEMHEALSMAN - Dreamweaver wrote: »Little too late for an audit anyway.
No, it's never too late to audit code. It was thanks to people auditing OpenSSL's code that the Heartbleed bug was found, years after it had been created. Same thing happens with lots of code all the time. I used to do that as a job when I was kid, but I haven't done it in a long time. So I may not be as sharp to notice wrong things.DEMHEALSMAN - Dreamweaver wrote: »I don't see why it's a moderators task to uphold something that should be fixed by the developers.
Well, the question is whether the Vanilla Forums developers will/can fix it. They are not exactly known for their tight security. I looked back and they have a crazy track record for exploitable bugs. More than the usual product IMO. Don't know what their deal is.DEMHEALSMAN - Dreamweaver wrote: »User PM's? Outside of the forums will stay the same?
I really don't get the issue there, but I'm gonna assume moderators have their own private little forum subsection here.
Plenty of ways to get around that, so don't really see the issue of this.
The new forums don't appear to have a private message system (although Arc does). In fact, the new forums seem to lack the basic functionality of most forums, that it's almost sort-of astonishing. Like, they packed it with useless features and said, "**** it," to basic usability and productivity.On a side note, I hate their "unanswered" category. I browse here with a heavy reliance on the new posts feature and if I'm not a global mod there AND can't tell if I'm going to PWI's General Discussion or Swordsman's (for example) it just makes it tougher on me since there's gonna be even MORE forum to cover. Add in that there's no simple way to quickly and easily sort through it, the limitations it already has, and the fact that their search feature is absolutely pathetic (at least here I can search by poster and have some control and ease with my results) and the entire thing is generally gonna be a nightmare for attempting to enforce rules. FLagging will alleviate those issues somewhat but only if people both use that function AND don't get abusive with it (yeah right). Overall, I'm neither pleased, nor impressed, and see little, if any, positives coming from this.
This ties right in with what I was saying about those forums missing basic usability and productivity. As for the flagging, I'd also considered that people could abuse it. I suppose they could add in a setting to block people who abuse the flag button and also prevent people with less than, let's say, 10 posts from using it. However, I don't think we'll be seeing them do that. More than likely, if it gets abused, it will just be disabled (like the WYSIWYG text box is right now).... Oh and people who have been banned on each game's individual forums aren't banned there. Which means if they come back and want to cause chaos... well... gonna suck for us. Especially if mods are as limited there as they are already (before accounting for lack of global moderation allowing people to hopscotch sections to avoid the mods entirely).
You can only hope the banned people have left and no longer care to do whatever it is they did to get banned.Kernal32.dll error? Get Arc XP for PWI because PWE Derpped -->http://www.nrgs.org/dev/arcxp/ArcXP.zip<-- (Don't select the arrows!)
Forums. Where opinion is truth, truth are facts, facts are wrong, and wrong is an opinion.
My site: >http://nrgs.org< | Free and open source tools and utilities developed by me0 -
So... anyone else starting to think Vanillaforums in general is just an incredibly poor format to use and that it's not completely PWE's fault?
I mean, yeah they made some poor choices in regards to options available (and choosing Vanillaforums in the first place) but still... b:surrender
PWE picked it because Vanillaforums is the PWE of the forums world. Perfect Match.0
Categories
- All Categories
- 181.9K PWI
- 699 Official Announcements
- 2 Rules of Conduct
- 264 Cabbage Patch Notes
- 61.1K General Discussion
- 1.5K Quality Corner
- 11.1K Suggestion Box
- 77.4K Archosaur City
- 3.5K Cash Shop Huddle
- 14.3K Server Symposium
- 18.1K Dungeons & Tactics
- 2K The Crafting Nook
- 4.9K Guild Banter
- 6.6K The Trading Post
- 28K Class Discussion
- 1.9K Arigora Colosseum
- 78 TW & Cross Server Battles
- 337 Nation Wars
- 8.2K Off-Topic Discussion
- 3.7K The Fanatics Forum
- 207 Screenshots and Videos
- 22.8K Support Desk