Bungie.net Community
This topic has moved here: Subject: Script Central: ALL GM SCRIPTS - New: SENT BOX
  • Subject: Script Central: ALL GM SCRIPTS - New: SENT BOX
Subject: Script Central: ALL GM SCRIPTS - New: SENT BOX
  •  | 
  • Exalted Legendary Member
  • gamertag: [none]
  • user homepage:

Okay, I better issue a warning out right now, and this is why we have a submission approval too.

The auto-approval will be shutdown by tonight, so go ahead, mess around all you can, but don't go too far.

It's also supposed to alert you when you click "Publish". Is it?

[Edited on 11.21.2008 7:51 PM PST]

  • 11.21.2008 7:51 PM PDT

Posted by: Sprool
Okay, I better issue a warning out right now, and this is why we have a submission approval too.

The auto-approval will be shutdown by tonight, so go ahead, mess around all you can, but don't go too far.
Right. Of course.

But the problem is how to judge legitimate requests from illicit ones. Real attacks may not be as obvious as the ones paul and I have demonstrated.

Posted by: Sprool
It's also supposed to alert you when you click "Publish". Does it?
Yes.

[Edited on 11.21.2008 7:55 PM PST]

  • 11.21.2008 7:54 PM PDT

Flours2012
Deathcon_5 on Adelais

yea, it confirms if I want to proceed.

  • 11.21.2008 7:54 PM PDT

"Once Bungie takes over the world, The Marty Army will take over Bungie and then we'll really have some fun."
-Marty O'Donnell

"Condemnant quod non intellegunt."

Make Bungie.net More Enjoyable: Read & Follow

I will hax the script so that all pages on Bungie.net show a giant "PAULMARV" flashing in blue an nothing else.


But seriously, as JMH said, people could do stuff like embed scripts that steal your browser activity and fire it off to their webserver. Unlikely, but possible. (Especially if you mess with JMH - he will get his revenge!)

[Edited on 11.21.2008 7:57 PM PST]

  • 11.21.2008 7:54 PM PDT
  •  | 
  • Exalted Legendary Member
  • gamertag: [none]
  • user homepage:

I put a character limit on your title, so anything more then 32 charaters will get you nothing.

EDIT: Well, no. I'll just strip any <script> tags, <embed> or <object> tags, and "onload" and "onunload".

[Edited on 11.21.2008 8:00 PM PST]

  • 11.21.2008 7:57 PM PDT

"Once Bungie takes over the world, The Marty Army will take over Bungie and then we'll really have some fun."
-Marty O'Donnell

"Condemnant quod non intellegunt."

Make Bungie.net More Enjoyable: Read & Follow

Disallow the script tag entirely. People could reference scripts stored on their servers using the 'src' attribute.

  • 11.21.2008 7:59 PM PDT
  •  | 
  • Exalted Legendary Member
  • gamertag: [none]
  • user homepage:

Posted by: paulmarv
Disallow the script tag entirely. People could reference scripts stored on their servers using the 'src' attribute.
That is what I did, I edited.

  • 11.21.2008 8:00 PM PDT

"Once Bungie takes over the world, The Marty Army will take over Bungie and then we'll really have some fun."
-Marty O'Donnell

"Condemnant quod non intellegunt."

Make Bungie.net More Enjoyable: Read & Follow

So about the PHP source code...

Can I Haz It?

  • 11.21.2008 8:03 PM PDT
  •  | 
  • Exalted Legendary Member
  • gamertag: [none]
  • user homepage:

I got it, I'll just add a <noscript> tag to your title, so that way, it blocks everything javascript, but you can still mess around with style and other html.

  • 11.21.2008 8:03 PM PDT

"Once Bungie takes over the world, The Marty Army will take over Bungie and then we'll really have some fun."
-Marty O'Donnell

"Condemnant quod non intellegunt."

Make Bungie.net More Enjoyable: Read & Follow

How do I preview it locally without changing it auto-approved?

  • 11.21.2008 8:05 PM PDT
  •  | 
  • Exalted Legendary Member
  • gamertag: [none]
  • user homepage:

Posted by: paulmarv
So about the PHP source code...

Can I Haz It?
Yes. Err.

http://iggyhopper.dyndns.org/CoupDBungie/Process.php.txt
http://iggyhopper.dyndns.org/CoupDBungie/CoupDBungie.php.txt

This is not final, so it will be fixed, but that is the basic source right there.

Uhm, to be fixed, paul. There will be an update on monday, or tuesday.

[Edited on 11.21.2008 8:08 PM PST]

  • 11.21.2008 8:06 PM PDT

Posted by: Sprool
I got it, I'll just add a <noscript> tag to your title, so that way, it blocks everything javascript, but you can still mess around with style and other html.
You could use eregi() to throw an error and exit upon finding "<script" anywhere in the submitted strings.

Or eregi_replace() to screw with them... :D

[Edited on 11.21.2008 8:11 PM PST]

  • 11.21.2008 8:07 PM PDT

"Once Bungie takes over the world, The Marty Army will take over Bungie and then we'll really have some fun."
-Marty O'Donnell

"Condemnant quod non intellegunt."

Make Bungie.net More Enjoyable: Read & Follow

Posted by: Sprool
Posted by: paulmarv
So about the PHP source code...

Can I Haz It?
Yes. Err.

http://iggyhopper.dyndns.org/CoupDBungie/Process.php.txt
http://iggyhopper.dyndns.org/CoupDBungie/CoupDBungie.php.txt

This is not final, so it will be fixed, but that is the basic source right there.

I <3 Sprool
Posted by: jmh9072
Posted by: Sprool
I got it, I'll just add a <noscript> tag to your title, so that way, it blocks everything javascript, but you can still mess around with style and other html.
You could use eregi() to throw an error upon finding "<script" anywhere in the submitted strings.

Now that I think of it, there are other ways to embed javascript. Couldn't I just create an element (that supports the handler) and insert code in the onLoad() handler? Or make an invisible, page-consuming <div> and handle the onMouseMove() event or something like that?

[Edited on 11.21.2008 8:11 PM PST]

  • 11.21.2008 8:08 PM PDT

I have no opinion one way or the other.

Hey Sprool, I have been trying to update my local script, but nothing is happening! Has this simply not been implemented yet, or am I doing something wrong?

  • 11.21.2008 8:10 PM PDT

Does anyone even read these?

Wait, what did I miss?

  • 11.21.2008 8:10 PM PDT
  •  | 
  • Exalted Legendary Member
  • gamertag: [none]
  • user homepage:

Posted by: jmh9072
Posted by: Sprool
I got it, I'll just add a <noscript> tag to your title, so that way, it blocks everything javascript, but you can still mess around with style and other html.
You could use eregi() to throw an error upon finding "<script" anywhere in the submitted strings.
Really? You mean it will search through GET and POST, and all values in them?

  • 11.21.2008 8:10 PM PDT
  •  | 
  • Exalted Legendary Member
  • gamertag: [none]
  • user homepage:

Posted by: RyanThePerson
Hey Sprool, I have been trying to update my local script, but nothing is happening! Has this simply not been implemented yet, or am I doing something wrong?
YOUR DOING IT WRONG!

No, it has not been implemented yet, update Monday or Tuesday.

  • 11.21.2008 8:11 PM PDT
  • gamertag: [none]
  • user homepage:

“To say more would spoil be it’s overall its a game that needs to be played.” - Aristotle

Posted by: Deathcon 5
Darn it, Snakie has surpassed my avatars awesomeness.
I always surpass people in awesomeness. Don't even worry about it. It's like a passive thing- I don't even try anymore. It just happens.[/egotistical montage of words]

Posted by: S1NESTER
Will it be free cookies for all?
Haha, your title is "Snakie's Slave". Bow down, servant, and wear the avatar that was made for ye!

  • 11.21.2008 8:14 PM PDT
  • gamertag: [none]
  • user homepage:

My GT is TheLoneSkittle. This is my bungie.net account ONLY.

Don't spam my inbox with group invites, as you will be met with a rude auto-response. Don't cry; you were warned.

Posted by: BadBall3r47
Wait, what did I miss?
Only the new Coup d'Bungie. Dur

  • 11.21.2008 8:15 PM PDT

Does anyone even read these?

Posted by: Dskull88
Posted by: BadBall3r47
Wait, what did I miss?
Only the new Coup d'Bungie. Dur
OMG OMG OMG, what page is it? I'm going to look.

Edit: I found-ed it. What makes this one different?

[Edited on 11.21.2008 8:17 PM PST]

  • 11.21.2008 8:16 PM PDT
  •  | 
  • Exalted Legendary Member
  • gamertag: [none]
  • user homepage:

Page 24, I think.

[Edited on 11.21.2008 8:17 PM PST]

  • 11.21.2008 8:17 PM PDT

Does anyone even read these?

Posted by: Sprool
Page 24, I think.
Up by my sign out button all my info like message center and groups have all fallen down a bit. It's really screwed up.

But I must say thank you for all your hard work and effort you put into this :)

[Edited on 11.21.2008 8:20 PM PST]

  • 11.21.2008 8:19 PM PDT
  • gamertag: [none]
  • user homepage:

My GT is TheLoneSkittle. This is my bungie.net account ONLY.

Don't spam my inbox with group invites, as you will be met with a rude auto-response. Don't cry; you were warned.

Posted by: BadBall3r47
Posted by: Dskull88
Posted by: BadBall3r47
Wait, what did I miss?
Only the new Coup d'Bungie. Dur
OMG OMG OMG, what page is it? I'm going to look.

Edit: I found-ed it. What makes this one different?
Everything. The fact I'm on the Master makes it that much better

  • 11.21.2008 8:20 PM PDT

What the hell is that?

  • 11.21.2008 8:21 PM PDT