jimc wrote:
I do NOT want it in an email or otherwise in my face.
In my mental image of this feature, it would just be another notification, alongside quote, like, and topic reply notifications.
OP
|
UTC
quote
jimc wrote: I do NOT want it in an email or otherwise in my face. In my mental image of this feature, it would just be another notification, alongside quote, like, and topic reply notifications. |
Atypical Canadian
![]() 2009 Vespa S50(LX150 motor swap), 2006 Vespa GTS250ie
Joined: UTC
Posts: 2319 Location: Toronto, Canada |
UTC
quote
Yup, that's basically what I had in my head. Bell goes red, little notification is in there, that's it.
Dunno if there's a way to create an alias for everyone where the system automatically purges any space in the username... but... probably more important/better potential improvements anyway |
OP
|
UTC
quote
adri wrote: Dunno if there's a way to create an alias for everyone where the system automatically purges any space in the username... but... probably more important/better potential improvements anyway Another place you can see that is the address of any member's uploaded images. View the image in a separate tab and you can see the short version of their username in the address. |
Sergeant at Arms
![]() Weird 80's Vespas & Cool Vintage Lambrettas
Joined: UTC
Posts: 15080 Location: The state of insanity, SoCal |
UTC
quote
the @ system is in place at another few forums I'm on and on all of those it actually works quite well.
no e-mails, it shows up just the same as a alert: so & so: liked, agreed, quoted or @ you in _____ post-- and then there's a link to the post. also, in topic when you're posting you can @ somebody and it autofills with suggestions, then just select who you want to bug. easy.
Positive
|
![]() UTC
Hooked
Vespa C38 - S50 4T Super.
Joined: UTC
Posts: 266 Location: Netherlands |
|
|
UTC
quote
jess wrote: I'm genuinely not sure what you're asking here. Are you asking for the forum to synthesize a title ("Here is Modernvespa") from the URL? I would like the word you selected to become the name of the link and then you put the link itself somewhere. Could be a popup window or something. I'll leave the execution to the professionals.
Positive
|
Moderaptor
![]() The Hornet (GT200, aka Love Bug) and 'Dimples' - a GTS 300
Joined: UTC
Posts: 44558 Location: Pleasant Hill, CA |
UTC
quote
T.S.Zarathusra wrote: Selecting a word and clicking URL does nothing practical. [url]word[/url] I would like the word you selected to become the name of the link and then you put the link itself somewhere. Could be a popup window or something. I'll leave the execution to the professionals. |
OP
|
UTC
quote
jimc wrote: How on earth can you make a link from just one word? Not everything ends in dot com.
Positive
|
OP
|
UTC
quote
T.S.Zarathusra wrote: Selecting a word and clicking URL does nothing practical. [url]word[/url] Secondly, if you were to enclose a set of words (that isn't an URL) then you'll get tags around them -- at which point that becomes the title, and you could, at your option, add the link to the opening URL tag, like so: [URL=http://modernvespa.com]some words[/URL] So the URL button will function in a variety of situations, but it won't try to figure out exactly what you're doing. I think there is very little value in a popup window that attempts to figure out what you're doing and then asks you for the missing pieces. It is both computationally challenging and isn't a substantial improvement over just editing the text directly.
Positive
|
![]() UTC
Veni, Vidi, Posti
2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
|
Veni, Vidi, Posti
![]() 2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
UTC
quote
report number 1 for today
today posting new thread. shouldn't ui stop this? Update: This works Another lightweight swingarm / exhaust bracket for GTS Shorter but doesn't work Another lightweight "swingarm" / exhaust bracket GTS ![]() ⚠️ Last edited by SteelBytes on UTC; edited 3 times
|
![]() UTC
Veni, Vidi, Posti
2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
|
Veni, Vidi, Posti
![]() 2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
UTC
quote
report number 2 for the day
something weird with the woff vs woff2 files. all the woff2 give errors if i disable cache ![]() |
![]() UTC
Veni, Vidi, Posti
2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
|
Veni, Vidi, Posti
![]() 2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
UTC
quote
report number 3 for the day
karma. in user list it's text in profile it's icons iirc text is correct and the icons representing number of posts are a different thing ![]() ![]() |
OP
|
UTC
quote
SteelBytes wrote: Shorter but doesn't work Another lightweight "swingarm" / exhaust bracket GTS SteelBytes wrote: today posting new thread. shouldn't ui stop this? It doesn't. ⚠️ Last edited by jess on UTC; edited 1 time
|
OP
|
UTC
quote
SteelBytes wrote: something weird with the woff vs woff2 files. all the woff2 give errors if i disable cache |
OP
|
UTC
quote
SteelBytes wrote: karma. in user list it's text in profile it's icons iirc text is correct and the icons representing number of posts are a different thing The roundels have nothing whatsoever to do with number of post count, though. It is strictly how much accumulated karma the user has, obfuscated into roundels and calculated on a very steep curve. |
![]() UTC
Veni, Vidi, Posti
2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
|
Veni, Vidi, Posti
![]() 2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
UTC
quote
jess wrote: Looks like the need to escape the quotes (which made the string longer) pushed the title over the field size limit. You seem to be under the mistaken impression that a plain form element on a web page has any idea what the constraints of the underlying database might be, or any ability to control what you type there. It doesn't. quick test in maria (iirc that's what you use) DROP TABLE IF EXISTS test; PS, the page knows it's going into sql (as you can and do edit both pieces of code) and could simulate whatever escaping is needed before allowing submit but as shown above this point ain't relevant
CREATE TABLE test ( col1 char(6) DEFAULT NULL <-- note the limit of 6 ); INSERT INTO test (col1) VALUES ('"test"'), ('123456'), ('\'test\''), <-- for the causal reader this is an escape method that maria supports but some other dbs don't ('''test'''), <-- and this is another escape method: two single quotes = one quote inserted ('`test`'); ⚠️ Last edited by SteelBytes on UTC; edited 12 times
|
![]() UTC
Veni, Vidi, Posti
2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
|
Veni, Vidi, Posti
![]() 2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
UTC
quote
jess wrote: The roundels have nothing whatsoever to do with number of post count, though. It is strictly how much accumulated karma the user has, obfuscated into roundels and calculated on a very steep curve. |
![]() UTC
Veni, Vidi, Posti
2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
|
Veni, Vidi, Posti
![]() 2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
UTC
quote
jess wrote: I honestly don't know what's going on there. Is there a particular reason you were disabling cache? regardless something seems is wrong ... ... but I did try clearing the cache followed by normal viewing of the site and seemed ok so might not really be an issue. maybe just a browser bug. 🤷 |
OP
|
UTC
quote
SteelBytes wrote: it was when I was checking the file size of the new background (for curiosity) and simply pressing refresh while watching the network tab would show 0 bytes as it was pulled from cache. SteelBytes wrote: regardless something seems is wrong ... |
OP
|
UTC
quote
SteelBytes wrote: Update: more examples showing that escaping chars doesn't count to the limit escaping the quotes ain't needed for this and don't count to the limit anyway SQL Error: 1406 Data too long for column 'topic_title' at row 1 This doesn't seem like much of a mystery to me.SteelBytes wrote: PS, the page knows it's going into sql and could simulate whatever escaping is needed before allowing submit but as shown above this point ain't relevant And then someone will point out that unicode characters tend to use more bytes than characters, which will also (probably) break. Can it be made perfect? Yes. Undoubtedly. Does it need to be perfect, if perfection comes at the cost of complexity? Probably not. Better yet, I could deliver an electric shock to your hand through your mouse or trackpad whenever you hit that limit, if I could figure out the "Shock Miscreant User" permissions interface. Modern Vespa would like permission to shock your hand when you misbehave. [Allow] [Don't Allow] |
![]() UTC
Veni, Vidi, Posti
2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
|
Veni, Vidi, Posti
![]() 2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
UTC
quote
jess wrote: I mean, it's right there in the first line of the dialog: SQL Error: 1406 Data too long for column 'topic_title' at row 1 This doesn't seem like much of a mystery to me.This works (54 chars) Another lightweight swingarm / exhaust bracket for GTS Shorter but doesn't work (52 chars) Another lightweight "swingarm" / exhaust bracket GTS I added char counts for you |
OP
|
UTC
quote
SteelBytes wrote: please reread my original This works (54 chars) Another lightweight swingarm / exhaust bracket for GTS Shorter but doesn't work (52 chars) Another lightweight "swingarm" / exhaust bracket GTS Another lightweight "swingarm" / exhaust bracket G If it's not because of the escaped quotes, then why exactly do you think it's breaking?
|
![]() UTC
Veni, Vidi, Posti
2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
|
Veni, Vidi, Posti
![]() 2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
UTC
quote
jess wrote: I did actually carefully read your original, and even tested the 2nd string iteratively, shortening it until I got it to work. The threshold is: Another lightweight "swingarm" / exhaust bracket G If it's not because of the escaped quotes, then why exactly do you think it's breaking?'tis weird. what col type (char or varchar etc) and what size is it? any chance of a show create table ? |
OP
|
UTC
quote
SteelBytes wrote: what col type (char or varchar etc) and what size is it? any chance of a show create table ? (I'd rather not post the entire table definition, just out of sheer paranoia). EDIT: Doing some more tests as we speak. |
OP
|
UTC
quote
And there we have it:
post_subject is Another lightweight \"swingarm\" / exhaust bracket G
post_subject length is 62 |
![]() UTC
Veni, Vidi, Posti
2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
|
Veni, Vidi, Posti
![]() 2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
UTC
quote
jess wrote: And there we have it: post_subject is Another lightweight \"swingarm\" / exhaust bracket G post_subject length is 62 was mislead by the error message on screen inappropriately displaying the " as a single quote, ie not showing the real sql command executed. this reason does ring a bell that we discussed it before. (and the pros/cons of this model of storing html escaping in the db instead of using htmlspecialchars() at display time) fine. |
OP
|
UTC
quote
SteelBytes wrote: this reason does ring a bell that we discussed it before. (and the pros/cons of this model of storing html in the db instead of using htmlspecialchars() at display time) It could be that they just did it that way to avoid SQL injection attacks (which is totally the wrong way to go about it). |
OP
|
UTC
quote
I've been dreading re-writing that portion of code. It is literally the beating heart of the forum, and yet it probably needs to be replaced by something modern and sane.
Might be time. |
![]() UTC
Veni, Vidi, Posti
2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
|
Veni, Vidi, Posti
![]() 2019 GTS300 HPE SuperTech 66,000km
Joined: UTC
Posts: 6802 Location: Batmania aka Melbourne, Australia |
UTC
quote
jess wrote: I've been dreading re-writing that portion of code. It is literally the beating heart of the forum, and yet it (please excuse my striking)
Positive
|
![]() UTC
Hooked
Vespa C38 - S50 4T Super.
Joined: UTC
Posts: 266 Location: Netherlands |
|
|
UTC
quote
jess wrote: A few thoughts on that. First, that's not really what the URL button is for. It's supposed to be used to enclose a fully-qualified URL with URL tags. In practice, though, you can just paste the URL into the text and the forum will figure out that it's a link and will link-ify it properly. Secondly, if you were to enclose a set of words (that isn't an URL) then you'll get tags around them -- at which point that becomes the title, and you could, at your option, add the link to the opening URL tag, like so: [URL=http://modernvespa.com]some words[/URL] So the URL button will function in a variety of situations, but it won't try to figure out exactly what you're doing. I think there is very little value in a popup window that attempts to figure out what you're doing and then asks you for the missing pieces. It is both computationally challenging and isn't a substantial improvement over just editing the text directly. |
Atypical Canadian
![]() 2009 Vespa S50(LX150 motor swap), 2006 Vespa GTS250ie
Joined: UTC
Posts: 2319 Location: Toronto, Canada |
UTC
quote
greasy125 wrote: the @ system is in place at another few forums I'm on and on all of those it actually works quite well. no e-mails, it shows up just the same as a alert: so & so: liked, agreed, quoted or @ you in _____ post-- and then there's a link to the post. also, in topic when you're posting you can @ somebody and it autofills with suggestions, then just select who you want to bug. easy. Ew, wow... Never thought I would say "Similar to Facebook" in a positive way. I feel weird and confused inside.
Positive
|
OP
|
UTC
quote
adri wrote: Never thought I would say "Similar to Facebook" in a positive way. I feel weird and confused inside. ![]()
Positive
|
Sergeant at Arms
![]() Weird 80's Vespas & Cool Vintage Lambrettas
Joined: UTC
Posts: 15080 Location: The state of insanity, SoCal |
UTC
quote
if I had mybookfacebird I might know what you're talking about.
10 lashes with a well used 50cc drive belt. |
OP
|
UTC
quote
SteelBytes wrote: this reason does ring a bell that we discussed it before. (and the pros/cons of this model of storing html escaping in the db instead of using htmlspecialchars() at display time) Which is naturally the path that I've chosen. The number of places where topic titles are displayed as HTML is staggering. Places that you never would have thought of. And each one of those is a vector for a potential security issue -- not because of the " entity, but because of the potential to insert HTML -- or worse, javascript -- into that field. Okay, it would have to be relatively small, but it's theoretically possible, at which point an attacker could do all kinds of nasty things. When you enter a title for a topic, it is now inserted into the database escaped by SQL standards, but not by HTML standards. As it should be. But wait! There's more! Because the database is chock full of topic titles that already have HTML entities encoded in them, I have to un-encode the topic title every. single. time. I get the value out of the database. Only to then re-encode it for HTML display, in many (most?) cases. Eventually I'll run through the entire database and remove all the HTML entities from the topic titles, at which point I can remove approximately half of the fuckmillion bits of code that I've just had to change. Someday. That said, the chances of me having found every single place where a topic title needs to be either decoded or encoded is near 0%. And the chance that I've introduced new bugs is a solid 100%. But whatevs. I haven't pushed this change to the main server yet -- I'm still running it on my test server (where I'm typing this post). If things look vaguely stable, I'll maybe think about pushing the changes tomorrow. And then y'all can tell me what I broke. |
OP
|
UTC
quote
I have pushed the changes mentioned above (and then some).
The changes were so numerous and so scattered that I will probably spend the next 5 years slowly finding all the places where I forgot something. |
![]() UTC
Veni, Vidi, Posti
2007 GTS
Joined: UTC
Posts: 22821 Location: Harriman, Tennessee, Tn |
|
|
UTC
quote
jess wrote: I have pushed the changes mentioned above (and then some). The changes were so numerous and so scattered that I will probably spend the next 5 years slowly finding all the places where I forgot something. |
OP
|
UTC
quote
old as dirt wrote: it gives you something to do since your retired now. |
![]() UTC
Veni, Vidi, Posti
2007 GTS
Joined: UTC
Posts: 22821 Location: Harriman, Tennessee, Tn |
|
|
UTC
quote
jess wrote: That's a depressing thought, honestly. but being retired you do need to do 1 thing per day, it might take 5 min or 3-5 hrs , but 1 task a day. example : clean the outside of the windows on the house. or maybe inspect the attic for critters, water, broken boards, insulation ect. how about painting that 1 room you don't like the color in? pressure washing the driveway. there are lots of tasks you can do. but don't do them all at once, spread them out, 1 a day is a nice pace. |
Atypical Canadian
![]() 2009 Vespa S50(LX150 motor swap), 2006 Vespa GTS250ie
Joined: UTC
Posts: 2319 Location: Toronto, Canada |
UTC
quote
Personally I really dig the little Vespa backgrounds. I think they're changing colors too which is cool. Keeps things looking fresh.
Food for thought: Maybe an MP3 specific one, or a Vespa with a bag on the back for the Rallies forum, etc. Basically just themed per forum. |
OP
|
UTC
quote
adri wrote: Food for thought: Maybe an MP3 specific one, or a Vespa with a bag on the back for the Rallies forum, etc. Basically just themed per forum. Haven't reached any conclusive decisions yet. The Vespas are going to be here for another day or so, to be replaced by a season-appropriate theme for a few more days after that.
Positive
|
Ossessionato
![]() 07 GTS250(RIP), 07 LX150, Several Lambrettas
Joined: UTC
Posts: 2834 Location: Raleigh, NC |
Modern Vespa is the premier site for modern Vespa and Piaggio scooters. Vespa GTS300, GTS250, GTV, GT200, LX150, LXS, ET4, ET2, MP3, Fuoco, Elettrica and more.