| View previous topic :: View next topic |
| Author |
Message |
pilla
Bodhisattva
Joined: 07 Aug 2002
Posts: 7730
Location: Underworld
|
 Posted: Fri Dec 26, 2003 2:46 pm Post subject: Problem with images in the sigs |
 |
|
The sigs that have images are presenting strange numbers after the "img" tags, like this:
| Code: |
[img:cbeaad30c4]http://antipersonnel.org/media/images/sigpic/free.gif[/img:cbeaad30c4]
|
Mine is presenting too, but I don't know why.
_________________
"I'm just very selective about the reality I choose to accept." -- Calvin |
|
| Back to top |
|
 |
krusty_ar
Guru
Joined: 03 Oct 2002
Posts: 560
Location: Rosario, Argentina
|
| Posted: Fri Dec 26, 2003 3:48 pm Post subject: |
|
|
I seems some kind of style or something, maybe phpbbuses this to adjust the presentation of the img, and there's some bug...
_________________
I am Beta, don't expect correct behaviour from me.
Take part of the adopt an unaswered post initiative |
|
| Back to top |
|
|
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Fri Dec 26, 2003 3:50 pm Post subject: |
|
|
we have temporarily disabled the use of [img] on our board. More details will be released at a later time.
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
pilla
Bodhisattva
Joined: 07 Aug 2002
Posts: 7730
Location: Underworld
|
| Posted: Fri Dec 26, 2003 3:58 pm Post subject: |
|
|
| klieber wrote: | we have temporarily disabled the use of [img] on our board. More details will be released at a later time.
--kurt |
Roger 
_________________
"I'm just very selective about the reality I choose to accept." -- Calvin |
|
| Back to top |
|
|
Squinky86
Retired Dev
Joined: 25 Mar 2003
Posts: 309
Location: Alabama, USA
|
| Posted: Fri Dec 26, 2003 6:52 pm Post subject: |
|
|
Does this have anything to do with hotlinking image avatars? I just noticed that seems to also have been disabled :'(.
_________________
Me |
|
| Back to top |
|
|
adammc
Apprentice
Joined: 07 Oct 2003
Posts: 230
Location: Europe
|
| Posted: Fri Dec 26, 2003 7:07 pm Post subject: |
|
|
I didn't realise you could do that without modding the vanilla phpBB code 
_________________
There'd better be fudge when I get home... |
|
| Back to top |
|
|
airflow
Apprentice
Joined: 14 Dec 2003
Posts: 173
Location: Vienna, Austria
|
| Posted: Fri Dec 26, 2003 8:07 pm Post subject: |
|
|
| Squinky86 wrote: | | Does this have anything to do with hotlinking image avatars? I just noticed that seems to also have been disabled :'(. |
I noticed this too when I visited the forum today... My image had disappeared and it took me a while to find out the real reason, as I suspected it to be the webserver first. I just wanted to start a new thread because of this, but I see that someone else has already mentioned it... Any comments from the Admins yet?
regards,
airflow |
|
| Back to top |
|
|
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Fri Dec 26, 2003 10:22 pm Post subject: |
|
|
| airflow wrote: | | Any comments from the Admins yet? |
| klieber is pretty sure that, just a few hours earlier, he wrote: | | we have temporarily disabled the use of [img] on our board. More details will be released at a later time. |
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
Squinky86
Retired Dev
Joined: 25 Mar 2003
Posts: 309
Location: Alabama, USA
|
| Posted: Fri Dec 26, 2003 11:52 pm Post subject: |
|
|
hehe, he meant for the hotlinking of avatars, not for the IMG tags, which I thought may be inter-related, so I added them to this thread instead of making a new one. Sorry for not making a seperate thread 
Edit: Unless my slow mind didn't pick up that the hotlinking of avatars was only disabled temporarily, also?
| airflow wrote: | | I suspected it to be the webserver first. |
Same here. I think we just need to wait and they'll give us details later.
_________________
Me |
|
| Back to top |
|
|
viperlin
Veteran
Joined: 15 Apr 2003
Posts: 1319
Location: UK
|
| Posted: Sun Dec 28, 2003 11:33 pm Post subject: |
|
|
| well i've started getting complaints about it in my sig so i think we would like those details ASAP |
|
| Back to top |
|
|
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Mon Dec 29, 2003 1:06 pm Post subject: |
|
|
| viperlin wrote: | | well i've started getting complaints about it in my sig so i think we would like those details ASAP |
Chances are, we will not be releasing details in the near future (next 2 weeks or so). I suggest you change your sig for now.
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
Oopsz
Guru
Joined: 08 Oct 2002
Posts: 340
|
|
| Back to top |
|
|
aridhol
Guru
Joined: 20 Jan 2003
Posts: 509
Location: Stockholm, Sweden
|
| Posted: Tue Dec 30, 2003 3:13 pm Post subject: |
|
|
Some non-details then?
They have been disbled because of abuse?
Instabillity?
Rudeness, BandWidth, Estetic feeling, powertrip, flamewars, principle?
But to limit something like this (not really important) and not give any info seems kind of... uh.. silly to me. If there was any discussion that led to disabling them just post a link.
I can accept pretty much any explanation... except no explanation. 2 weeks to explain? Too long unless you give us a statement at least.
And how long is temporarily? As long as For the time being? Or half of eternity?
Oh... I'm nagging. Sorry, I'll leave for now 
_________________
72 of Pitcairn Islands 49 inhabitants use Seti@Home
"If you buy a DVD you have a copy. If you want a backup copy you buy another one."
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job." |
|
| Back to top |
|
|
airflow
Apprentice
Joined: 14 Dec 2003
Posts: 173
Location: Vienna, Austria
|
| Posted: Tue Dec 30, 2003 4:56 pm Post subject: |
|
|
| aridhol wrote: | | But to limit something like this (not really important) and not give any info seems kind of... uh.. silly to me. If there was any discussion that led to disabling them just post a link. |
I call this behaviour "childish". But "silly" fits well, too.
regards,
airflow |
|
| Back to top |
|
|
pilla
Bodhisattva
Joined: 07 Aug 2002
Posts: 7730
Location: Underworld
|
| Posted: Tue Dec 30, 2003 5:04 pm Post subject: |
|
|
If it is a security vulnerability, it makes sense not to release any further information until the bugfixes are available. But it is up to the sysadmins to do whatever they think it's the best in this situation. From what I know of them, they wouldn't keep it undisclosed unless there was a very good reason for it.
BTW, all I know about the issue I have learned from this thread.
Maybe we should just ban images from the sigs, then we wouldn't have people complaining about the lack of information on the issue.
_________________
"I'm just very selective about the reality I choose to accept." -- Calvin |
|
| Back to top |
|
|
Squinky86
Retired Dev
Joined: 25 Mar 2003
Posts: 309
Location: Alabama, USA
|
| Posted: Tue Dec 30, 2003 5:09 pm Post subject: |
|
|
| pilla wrote: | | Maybe we should just ban images from the sigs, then we wouldn't have people complaining about the lack of information on the issue. |
I was trying to stay out of this since I felt like things could get a little rude in here, but I was just trying to point out that the avatar hotlinking was offline, too. I really didn't mean to start anything.
Gentoo has some of the best admins in the world. I trust them to do the right thing. They'll tell us what we want to know when it's time for us to know it. Just be patient, guys (and maybe a girl or two, if we're lucky)!
Pilla: There are plenty of members of the Gentoo community willing to help should you ask, but if you or any of the other admins don't want any information public, that's understandable, too.
_________________
Me |
|
| Back to top |
|
|
pilla
Bodhisattva
Joined: 07 Aug 2002
Posts: 7730
Location: Underworld
|
| Posted: Tue Dec 30, 2003 5:47 pm Post subject: |
|
|
I am just a moderator -- I can move, erase, edit threads, but only using the phpBB moderator interface. I have no access to the inner workings of the system. This is exclusivity of our sysadmins, like rac, pjp, klieber and masseya.
And as I stated before, I don't know why the images were disabled in the sig.
_________________
"I'm just very selective about the reality I choose to accept." -- Calvin |
|
| Back to top |
|
|
astika
Tux's lil' helper
Joined: 31 Oct 2003
Posts: 131
Location: /usr/local/src
|
| Posted: Wed Dec 31, 2003 3:56 am Post subject: |
|
|
most often, it is a bandwidth issue, or off-linking images from other sites, and
those sites might complain.
just have a text sig, works for me
_________________
even now in heaven, there were angels carrying savage weapons |
|
| Back to top |
|
|
stonent
Veteran
Joined: 07 Aug 2003
Posts: 1139
Location: Texas
|
| Posted: Wed Dec 31, 2003 6:43 am Post subject: |
|
|
You should have seen the Dell forums in the glory days. People had large java applets in their sigs. If you entered a large thread on an old computer, you'd lock up. Finally dell killed about 99% of the allowed html tags. Some were fun, like iframe, embed, or if you wanted to really screw up a thread, throw a bunch of /td's and /tr's
When I ran a phpBB2 forum, I removed all html restrictions so that the disappointed Dell forum users could still use their java applets and other fun stuff.
Occasionally I had to warn users for forgetting to close their tags and causing the posts to move all over the place.
_________________
Inspiron 4100 & Sun UltraAXe
Portage on Solaris|Dell Laptop Hacks
The way you feel about organized religion is the same way I feel about organized socialism. |
|
| Back to top |
|
|
Cerement
Guru
Joined: 14 Jun 2003
Posts: 404
|
| Posted: Wed Dec 31, 2003 9:52 am Post subject: |
|
|
another fun one was </script>  |
|
| Back to top |
|
|
aridhol
Guru
Joined: 20 Jan 2003
Posts: 509
Location: Stockholm, Sweden
|
| Posted: Wed Dec 31, 2003 11:09 am Post subject: |
|
|
| pilla wrote: | | If it is a security vulnerability, it makes sense not to release any further information until the bugfixes are available. |
They don't have to release information about how it was done, just that it was a security vulnerability.
And it's not just in sigs, it's anywere the [img]-tag can be used.
_________________
72 of Pitcairn Islands 49 inhabitants use Seti@Home
"If you buy a DVD you have a copy. If you want a backup copy you buy another one."
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job." |
|
| Back to top |
|
|
meowsqueak
Veteran
Joined: 26 Aug 2003
Posts: 1549
Location: New Zealand
|
| Posted: Thu Jan 15, 2004 12:18 am Post subject: |
|
|
Could it be related to this, or is this a tad too old? What version of phpBB is forums.gentoo.org using?
http://www.securityfocus.com/bid/4379/info/
Edit: I think I just discovered it was 2.0.4 as of last January, so I guess it's definitely phpBB2 then? A related problem perhaps? |
|
| Back to top |
|
|
viperlin
Veteran
Joined: 15 Apr 2003
Posts: 1319
Location: UK
|
| Posted: Thu Jan 15, 2004 12:21 am Post subject: |
|
|
it says at the bottom of the page, version 2.0.6, so yes thats a little over a "tad" old |
|
| Back to top |
|
|
meowsqueak
Veteran
Joined: 26 Aug 2003
Posts: 1549
Location: New Zealand
|
| Posted: Thu Jan 15, 2004 12:26 am Post subject: |
|
|
| Yes, but the problem could be similar. Maybe a way of embedding malicious code in an image has been found, that can work its way around the prevention schemes in phpBB2? I'm just speculating really. |
|
| Back to top |
|
|
Anior
Guru
Joined: 17 Apr 2003
Posts: 317
Location: European Union (Stockholm / Sweden)
|
| Posted: Tue Jan 20, 2004 12:04 am Post subject: |
|
|
Am I the only one here who 's actually /happy/ that they are disabled?
Large bloated sigs all come from satan and are the harbringers of Gehenna *sage nod*
Atleast they make you look like you're just in from the counterstrike forums... :-P |
|
| Back to top |
|
|
|
Gentoo Forums Feedback
