Forum Settings
Forums
Nov 21, 2013 10:40 AM

Offline
Joined: Jan 2012
Posts: 4728
Undim said:
There was a [profile=] tag?

It's a waste anyway.
You put your username in and it makes a link to your profile.
Essentially the same as just posting the link itself:
http://myanimelist.net/profile/Virtual_BS

It's much better to use your user ID, though, to post a perma-link:
http://myanimelist.net/profile.php?id=1120687
That way, the link won't break if you change your username later on.

Use the URL tag to make a perma-link on your username:
Virtual_BS
= [url=http://myanimelist.net/profile.php?id=1120687]Virtual_BS[/url]
 
Nov 21, 2013 11:25 AM

Offline
Joined: Jan 2011
Posts: 2861
The week is almost over. Come on CraveOnline/MAL I believe in you!
[center]
 
Nov 21, 2013 11:42 AM
SetoMary Fanatic

Offline
Joined: Jun 2013
Posts: 5193
Virtual_BS said:
Undim said:
There was a [profile=] tag?

It's a waste anyway.
You put your username in and it makes a link to your profile.
Essentially the same as just posting the link itself:
http://myanimelist.net/profile/Virtual_BS

It's much better to use your user ID, though, to post a perma-link:
http://myanimelist.net/profile.php?id=1120687
That way, the link won't break if you change your username later on.

Use the URL tag to make a perma-link on your username:
Virtual_BS
= [url=http://myanimelist.net/profile.php?id=1120687]Virtual_BS[/url]


Wait, a bit confused...
So [profile=] is the same as [url=]?
 
Nov 21, 2013 12:06 PM

Offline
Joined: Jan 2013
Posts: 9443
Zelot said:
Wait, a bit confused...
So [profile=] is the same as [url=]?
No... with profile you were writing [profile=Zelot] and with url you use the whole url link.
 
Nov 21, 2013 12:09 PM
SetoMary Fanatic

Offline
Joined: Jun 2013
Posts: 5193
ao_no_exo said:
Zelot said:
Wait, a bit confused...
So [profile=] is the same as [url=]?
No... with profile you were writing [profile=Zelot] and with url you use the whole url link.

Ah, alright!
It's a faster way of doing [url=] when using accounts
Thanks ^^
 
Nov 21, 2013 6:05 PM

Offline
Joined: Nov 2012
Posts: 1472
Virtual_BS said:
I posted this earlier, but it was never answered:

Why it the YT tag still disabled?
Surely that has nothing to do with the IMG vulnerability?


Any staff care to address this issue..?

wait, the YT tag is disabled? it works fine for me o-o
 
Nov 21, 2013 7:04 PM

Offline
Joined: Jan 2012
Posts: 4728
Viviaan said:
Virtual_BS said:
I posted this earlier, but it was never answered:

Why it the YT tag still disabled?
Surely that has nothing to do with the IMG vulnerability?


Any staff care to address this issue..?

wait, the YT tag is disabled? it works fine for me o-o



Yup. Still dead.

YT and IMG only work on profiles.
 
Nov 21, 2013 8:34 PM
Show off

Offline
Joined: Oct 2012
Posts: 479
Hopefully I remember how to do my tags again, its been so long

 
Nov 21, 2013 9:36 PM

Offline
Joined: Jan 2012
Posts: 4728
CodeHavoc1992 said:
Hopefully I remember how to do my tags again, its been so long

Guide is still at http://myanimelist.net/info.php?go=bbcode
(and linked below the quick reply box)
 
Nov 21, 2013 11:31 PM

Offline
Joined: Mar 2010
Posts: 1414
So the signature images are disabled as well? :/ seems so. I thought i'd test it out since most people have their signature images, but it was a BAD idea.
*tear*
 
Nov 22, 2013 4:37 AM
DB Administrator
Faerie Queen

Offline
Joined: Aug 2007
Posts: 5095
@Virtual_BS: The YT tag has nothing to do with the image vulnerability, you are correct. But as you can maybe see, we're enabling BBcode step by step as we ensure that there are no other vulnerabilities within them. color and url were re-enabled (profile was simply overlooked), and I suspect yt will come after the whitelist has been pushed and no problems are detected with it.

More bad news: I received word yesterday morning that there have been delays. I was not given any ETA on how long this has been delayed, but if it is not pushed today (being Friday) then it should be next week.

Again, this is why I usually don't say anything until changes are live. It's not that I want to keep everyone in the dark, but it's not nice to constantly be told "next week" either.



Open Staff Apps  
Guidelines & FAQ  
Report Abuse  
Listen ♪  

Thanks to 
AnimeboyAnubhab
 
 
Nov 22, 2013 7:07 AM
SetoMary Fanatic

Offline
Joined: Jun 2013
Posts: 5193
Kineta said:
@Virtual_BS: The YT tag has nothing to do with the image vulnerability, you are correct. But as you can maybe see, we're enabling BBcode step by step as we ensure that there are no other vulnerabilities within them. color and url were re-enabled (profile was simply overlooked), and I suspect yt will come after the whitelist has been pushed and no problems are detected with it.

More bad news: I received word yesterday morning that there have been delays. I was not given any ETA on how long this has been delayed, but if it is not pushed today (being Friday) then it should be next week.

Again, this is why I usually don't say anything until changes are live. It's not that I want to keep everyone in the dark, but it's not nice to constantly be told "next week" either.


;_;
 
Nov 22, 2013 9:28 AM
Ashen Awakener

Offline
Joined: Nov 2007
Posts: 17859
Kineta said:
@Virtual_BS: The YT tag has nothing to do with the image vulnerability, you are correct. But as you can maybe see, we're enabling BBcode step by step as we ensure that there are no other vulnerabilities within them. color and url were re-enabled (profile was simply overlooked), and I suspect yt will come after the whitelist has been pushed and no problems are detected with it.

More bad news: I received word yesterday morning that there have been delays. I was not given any ETA on how long this has been delayed, but if it is not pushed today (being Friday) then it should be next week.

Again, this is why I usually don't say anything until changes are live. It's not that I want to keep everyone in the dark, but it's not nice to constantly be told "next week" either.

Haha, could be expected but let's wait some more :) we miss it this long alrdy, 1 week extra... meh won't kill us xD thought I wonder if it's rlly back before 2014 xD
 
Nov 22, 2013 10:58 AM

Offline
Joined: Mar 2013
Posts: 5834
Kineta said:
More bad news: I received word yesterday morning that there have been delays. I was not given any ETA on how long this has been delayed, but if it is not pushed today (being Friday) then it should be next week.

How "unexpected".
Do tell when was the last time Crave didn't delay something (possibly even multiple times in a row), honestly...
 
Nov 22, 2013 11:37 AM

Offline
Joined: Jan 2011
Posts: 2861
Kineta said:

More bad news: I received word yesterday morning that there have been delays. I was not given any ETA on how long this has been delayed, but if it is not pushed today (being Friday) then it should be next week.

Again, this is why I usually don't say anything until changes are live. It's not that I want to keep everyone in the dark, but it's not nice to constantly be told "next week" either.

http://i.imgur.com/4oOdZHi.png
Whelp that's it, everyone go home.
[center]
 
Nov 22, 2013 4:00 PM

Offline
Joined: Nov 2012
Posts: 694
I think its great that they are still currently working on it. Yeahh, it's been a pretty long time, but we lived without it for months. Another week possibly can't hurt us.

I'm just waiting until it does come back... Can't wait!~
 
Nov 22, 2013 4:49 PM

Offline
Joined: Aug 2013
Posts: 1337
MysteriouslyMe said:
I think its great that they are still currently working on it. Yeahh, it's been a pretty long time, but we lived without it for months. Another week possibly can't hurt us.

I'm just waiting until it does come back... Can't wait!~


How do you have an image sig? Or was that from before [img] stopped working?
 
Nov 22, 2013 6:26 PM

Offline
Joined: Nov 2010
Posts: 691
Kyuutoryuu said:
How do you have an image sig? Or was that from before [img] stopped working?


From before. ^^ Anyone who's last sig update was before the code was disabled still has their image intact as long as they leave it be.
 
Nov 22, 2013 6:32 PM

Offline
Joined: Jun 2013
Posts: 303
Kineta said:
More bad news: I received word yesterday morning that there have been delays. I was not given any ETA on how long this has been delayed, but if it is not pushed today (being Friday) then it should be next week.

Again, this is why I usually don't say anything until changes are live. It's not that I want to keep everyone in the dark, but it's not nice to constantly be told "next week" either.


Awww (*^*) well it's ok, as long as the disabled BBcodes are enabled again ~(^-^)~

"Music helps me escape from the reality I live in"
 
Nov 22, 2013 11:15 PM

Offline
Joined: Sep 2008
Posts: 7029
Kineta said:

More bad news: I received word yesterday morning that there have been delays. I was not given any ETA on how long this has been delayed, but if it is not pushed today (being Friday) then it should be next week.

Again, this is why I usually don't say anything until changes are live. It's not that I want to keep everyone in the dark, but it's not nice to constantly be told "next week" either.


No Biggie :) everyone is patient. If needs to open in 2014, its good. take your time guys. Keep up the good work.
 
Nov 23, 2013 11:41 AM

Offline
Joined: Aug 2013
Posts: 291
Hime-sama said:
Kineta said:

More bad news: I received word yesterday morning that there have been delays. I was not given any ETA on how long this has been delayed, but if it is not pushed today (being Friday) then it should be next week.

Again, this is why I usually don't say anything until changes are live. It's not that I want to keep everyone in the dark, but it's not nice to constantly be told "next week" either.


No Biggie :) everyone is patient. If needs to open in 2014, its good. take your time guys. Keep up the good work.


patient? for some reason a person with a sig still in tact saying that annoys the piss out of me

*chugs coffee*
I am going to act like you dont exist so I dont try and start a fight over nothing
GOOD DAY SIR!
■□■□■□■□■□■□■□■
 
Nov 23, 2013 11:53 AM

Offline
Joined: Jan 2013
Posts: 9443
ybnrmalatall said:

patient? for some reason a person with a sig still in tact saying that annoys the piss out of me

*chugs coffee*
I am going to act like you dont exist so I dont try and start a fight over nothing
GOOD DAY SIR!
Lol.. someone didn't pet their cat today :). Wish I had a cat.. anyways:
Yeaaah...
 
Nov 23, 2013 1:21 PM

Offline
Joined: Dec 2009
Posts: 876
Kineta said:


More bad news: I received word yesterday morning that there have been delays. I was not given any ETA on how long this has been delayed, but if it is not pushed today (being Friday) then it should be next week.

Again, this is why I usually don't say anything until changes are live. It's not that I want to keep everyone in the dark, but it's not nice to constantly be told "next week" either.


It's good knowing were still getting updates and the fact that we should see the IMG codes and other stuff back up in the next few weeks. Appreciate the update.
 
Nov 24, 2013 8:49 AM

Offline
Joined: Aug 2012
Posts: 10039
I love how the moderation tells us they are going to add the [img] BBCode but they don't add it.

Basic Internet knowledge: Never tell the users you are going to do something if you are not 100% sure you are going to do that.
 
Nov 24, 2013 5:29 PM

Offline
Joined: Nov 2012
Posts: 718
Signatures are generally ways that people try to gain some kind of attention. Apart from advertising a site, its practically a pointless feature anyway.


Mod Edit: Quote from some of the chat/spam that has been deleted from the previous comments has been edited out.
Modified by rodac, Nov 25, 2013 12:05 AM
 
Nov 24, 2013 7:38 PM

Offline
Joined: Dec 2009
Posts: 2530
Tomoki_Sakurai said:
Then just put a link to the picture.

People are too lazy to click unappealing text links. We're in the age where eye-catch is necessary. Nobody cares until you make them care, see?

(i wish i could at least fix my sig, but every time i apply changes i get blocked until i clear cookies)
❀桜舞う空~        @ping me for anime clarifications.        CosmoGenesis Project
 
Nov 25, 2013 12:06 AM

Offline
Joined: Aug 2013
Posts: 291
GenesisAria said:
Tomoki_Sakurai said:
Then just put a link to the picture.

People are too lazy to click unappealing text links. We're in the age where eye-catch is necessary. Nobody cares until you make them care, see?

(i wish i could at least fix my sig, but every time i apply changes i get blocked until i clear cookies)


lol blocked until you clear cookies? wut.
■□■□■□■□■□■□■□■
 
Nov 25, 2013 12:11 AM

Offline
Joined: Jan 2011
Posts: 4262
Mod Note: I've cleaned out a great deal of chat and spam from the final few pages of the thread. This thread is supposed to provide users with information on the progress (and setbacks) to restoring bbcode (and particularly the img tags) to MAL. Some users have also provided useful feedback and suggestions. It is not a chat thread!
Please don't feed the trolls!
In my next life I want to collide at the corner with the cute transfer student
carrying a piece of toast in her mouth
...rodac

 
Nov 25, 2013 12:23 AM

Offline
Joined: Aug 2013
Posts: 291
rodac said:
Mod Note: I've cleaned out a great deal of chat and spam from the final few pages of the thread. This thread is supposed to provide users with information on the progress (and setbacks) to restoring bbcode (and particularly the img tags) to MAL. Some users have also provided useful feedback and suggestions. It is not a chat thread!


lol wut
how is it a huge issue if we chat about the subject at hand?
if you can't chat about it, I see no point in this thread and would be better off locked :P

chatting about things keeps things alive on forums
I am not a mod here, but every place I have modded that allowed aimless chat on things like this, if anything prosper more.

although the rules are rules -_-
good work mod!

*cough* you wanted praise right? >:D
■□■□■□■□■□■□■□■
 
Nov 25, 2013 12:32 AM

Offline
Joined: May 2008
Posts: 4068
@ybnrmalatall: It's fine to discuss the topic, but the posts that were removed were general rants unrelated to it.
 
Nov 25, 2013 1:33 AM

Offline
Joined: Aug 2013
Posts: 291
saka said:
@ybnrmalatall: It's fine to discuss the topic, but the posts that were removed were general rants unrelated to it.


hmm. I see
I was mostly just being sarcastic
man I wish it was simpler to translate sarcasm through text
we need a "sarcasm" emote :D
like .;;.poop.;;.
lol

@thread
so what exactly are the issues with [img]? like the being delayed part
can't you just implement images and not allow them to link somewhere else? I mean that seems the best right?
■□■□■□■□■□■□■□■
 
Nov 25, 2013 1:48 AM
Online
Joined: Jan 2009
Posts: 45513
ybnrmalatall said:

can't you just implement images and not allow them to link somewhere else? I mean that seems the best right?


image hosting cost a lot of bandwidth and harddisk space so i doubt MAL will implement its own image hosting service
 
Nov 25, 2013 8:50 AM

Offline
Joined: Aug 2013
Posts: 291
j0x said:
ybnrmalatall said:

can't you just implement images and not allow them to link somewhere else? I mean that seems the best right?


image hosting cost a lot of bandwidth and harddisk space so i doubt MAL will implement its own image hosting service


no what I mean is
have it auto not allow image links together as one
and block shortened urls
if it is a problem with links right?
■□■□■□■□■□■□■□■
 
Nov 25, 2013 9:21 AM

Offline
Joined: Jan 2012
Posts: 4728
For those of you that haven't been following the thread and want to know what's going on:

Virtual_BS said:

Last I heard...

The problem is a PEBCAK issue.
The "hacker" is using a password-protected folder on his web server to cause embedded images to pop-up a fake login dialog.
These login dialogs look nothing like MAL's, yet some less than intelligent users are typing their MAL passwords into them, giving them straight to the "hacker".

If he really wanted to, he could just put his code in the about me, make a few posts on the forum, and these PEBCAKs will give him passwords every time they open his profile page, so allowing BBCode on profiles and not elsewhere doesn't eliminate the risk entirely.

Since Crave are cheap on resources, they won't give us servers powerful enough to allow for a reliable solution, so the staff are stuck with having to develop a workaround that can protect the users from their own stupidity.
The solution they've picked is a Whitelist.
No unapproved domains on the list means the "hacker" won't be able to embed an image from a server where he has the necessary control over it to cause this problem.

For your own safety:
> Read more here <


Modified by Nyaa, Nov 25, 2013 9:36 AM
 
Nov 25, 2013 9:32 AM
Offline
Joined: Jul 2013
Posts: 1474
Virtual_BS said:
For those of you that haven't been following the thread and want to know what's going on:
Virtual_BS said:

Last I heard...
The problem is a PEBCAK issue.
The "hacker" is using a password-protected folder on his web server to cause embedded images to pop-up login dialogs.
These login dialogs look nothing like MAL's, yet some less than intelligent users are typing their MAL passwords into them, giving them straight to the "hacker".

If he really wanted to, he could just put his code in the about me, make a few posts on the forum, and these PEBCAKs will give him passwords every time they open his profile page, so allowing BBCode on profiles and not elsewhere doesn't eliminate the risk entirely.

Since Crave are cheap on resources, they won't give us servers powerful enough to allow for a reliable solution, so the staff are stuck with having to develop a workaround that can protect the users from their own stupidity.

> Read more here <

Agreed, People need to educate themselves and learn the simplest computing knowledge.

Go and search Google for the ways of hacking to prevent yourself from being hacked. Especially "10 Most Popular Ways Hackers Hack Your Website"
 
Nov 26, 2013 8:35 PM

Offline
Joined: Nov 2012
Posts: 777
Virtual_BS said:
For those of you that haven't been following the thread and want to know what's going on:

Virtual_BS said:

Last I heard...

The problem is a PEBCAK issue.
The "hacker" is using a password-protected folder on his web server to cause embedded images to pop-up a fake login dialog.
These login dialogs look nothing like MAL's, yet some less than intelligent users are typing their MAL passwords into them, giving them straight to the "hacker".

If he really wanted to, he could just put his code in the about me, make a few posts on the forum, and these PEBCAKs will give him passwords every time they open his profile page, so allowing BBCode on profiles and not elsewhere doesn't eliminate the risk entirely.

Since Crave are cheap on resources, they won't give us servers powerful enough to allow for a reliable solution, so the staff are stuck with having to develop a workaround that can protect the users from their own stupidity.
The solution they've picked is a Whitelist.
No unapproved domains on the list means the "hacker" won't be able to embed an image from a server where he has the necessary control over it to cause this problem.

For your own safety:
> Read more here <



How did the hacker change half the animes in the database to SSJMaster vs Xinil? Did a database mod really type their password into one of these?
 
Nov 26, 2013 9:10 PM

Offline
Joined: Jan 2012
Posts: 4728
Barktooth said:
Virtual_BS said:

How did the hacker change half the animes in the database to SSJMaster vs Xinil? Did a database mod really type their password into one of these?

Either that happened, or you're referring to the previous attacks involving session-jacking and/or XSS.
He's hit this site like 4 times in the past 2 years.
 
Nov 27, 2013 12:13 AM

Offline
Joined: Jun 2007
Posts: 890
Wouldn't sanitizing the stuff between the tags be sufficient enough?

Like using htmlspecialchars() to convert the HTML contained in the URL to HTML entities, additionally run a regex to strip out characters not allowed in a normal URL.
 
Nov 27, 2013 10:08 PM

Offline
Joined: Jan 2013
Posts: 2053
Why dont they just only allow pictures from imgur ?
 
Nov 27, 2013 11:35 PM

Offline
Joined: Jan 2012
Posts: 4728
ibrahim2712 said:
Why dont they just only allow pictures from imgur ?

That's what the whitelist is for!
If you even just read this page properly, you'd know what's going on...

They've decided to allow a whole list of 'safe' sites and block everything else.
You can find this list (and request to have sites added) in the following thread:
http://myanimelist.net/forum/?topicid=690615
 
Nov 28, 2013 3:35 AM

Offline
Joined: Mar 2013
Posts: 5834
Virtual_BS said:
ibrahim2712 said:
Why dont they just only allow pictures from imgur ?

That's what the whitelist is for!
If you even just read this page properly, you'd know what's going on...

They've decided to allow a whole list of 'safe' sites and block everything else.
You can find this list (and request to have sites added) in the following thread:
http://myanimelist.net/forum/?topicid=690615

Make sure to at least read the first three posts on that shared thread, not just the first one.
 
Nov 28, 2013 3:21 PM
DB Administrator
Faerie Queen

Offline
Joined: Aug 2007
Posts: 5095
Happy American Thanksgiving!

And Happy Thanksgiving to Crave, who was unable to push the whitelist this week due to holidays. Unfortunately, this means I get the job of telling you all once again: "next week".

Welcome to my world.
Please don't shoot the messenger.



Open Staff Apps  
Guidelines & FAQ  
Report Abuse  
Listen ♪  

Thanks to 
AnimeboyAnubhab
 
 
Nov 28, 2013 3:22 PM
Monia-Hime

Offline
Joined: Aug 2008
Posts: 39396
Kineta said:
Happy American Thanksgiving!

And Happy Thanksgiving to Crave, who was unable to push the whitelist this week due to holidays. Unfortunately, this means I get the job of telling you all once again: "next week".

Welcome to my world.
Please don't shoot the messenger.
Oh no, not again~

Anyway, let's hope they manage to do it next week.... Amen XD

Merci for the update Kineta~
 
Nov 28, 2013 3:48 PM

Offline
Joined: Aug 2007
Posts: 1808
Kineta said:


Welcome to my world.
Please don't shoot the messenger.


How could you do this to me!?


 
Nov 28, 2013 3:53 PM
Offline
Joined: Jul 2013
Posts: 1474
Kineta said:
Happy American Thanksgiving!

And Happy Thanksgiving to Crave, who was unable to push the whitelist this week due to holidays. Unfortunately, this means I get the job of telling you all once again: "next week".

Welcome to my world.
Please don't shoot the messenger.


Haaa~~ Nanda kore?
 
Nov 28, 2013 6:12 PM

Offline
Joined: Mar 2011
Posts: 4232
┐( ̄ヮ ̄)┌
I have a feeling it will be continued to be push back into after new year (ー△ー;)
Well, at least someone is still giving a news instead of just abandoning the thread until god know when


Happy Thanksgiving~
 
Nov 28, 2013 8:11 PM

Offline
Joined: Jun 2013
Posts: 303
Kineta said:
Happy American Thanksgiving!

And Happy Thanksgiving to Crave, who was unable to push the whitelist this week due to holidays. Unfortunately, this means I get the job of telling you all once again: "next week".

Welcome to my world.
Please don't shoot the messenger.


Awww ~(*^*)~
I'm going to cross my fingers and hope it will be next week (^-^)

~Happy Thanksgiving~

"Music helps me escape from the reality I live in"
 
Nov 28, 2013 9:17 PM

Offline
Joined: Jan 2011
Posts: 2861
Kineta said:

Please don't shoot the messenger.

KIIIINNNNEEEETTTAAAAAAAAAAAAA
[center]
 
Nov 29, 2013 12:20 AM

Offline
Joined: Jun 2008
Posts: 15702
Kineta said:

Please don't shoot the messenger.


Can the messenger give back a nice big punch in the face to those Crave guys as a message back from MAL users? And no is not just for this delay, we have a lot of anguish built against them over the years.
 
Nov 29, 2013 4:02 AM

Offline
Joined: Apr 2009
Posts: 5390
I don't want to shoot the messager, bit I want to shoot everyone behind said messenger.
Every small fan forum gets more shit done than Crave and Xinil when it comes to appointing review/rec mods.
Stone Ocean adaption when?
 
Top
Pages (29) « First ... « 6 7 [8] 9 10 » ... Last »