Official Everybody Edits Forums

Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?

You are not logged in.

Donate!

pls donate


#726 2019-07-11 20:49:53

Kizuna Ai
Formerly Night More
From: Brazil, Learn, Dev.
Joined: 2018-12-02
Posts: 238
Website

Re: Update Discussion for forums

Anatoly wrote:
Kizuna Ai wrote:
Different55 wrote:

More CSRF, now for the likes page.

CSRF..?
D:<

i believe it’s a certificate.

Are you **** sure?
Explain tell me but what it is CSRF?


Fernandinha is the name of NightMore

212.png

Offline

#727 2019-07-11 22:55:17

den3107
Member
From: Netherlands
Joined: 2015-04-24
Posts: 1,014

Re: Update Discussion for forums

CSRF stands for "Cross-Site Request Forgery", if I'm correct.
Essentially means you're able to make requests (like change the theme of another user) that you're no supposed to be able to.

Offline

Wooted by:

#728 2019-07-12 02:08:49

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,167

Re: Update Discussion for forums

Fixed another CSRF bug in the PM system, this one allowing users to delete other people's folders.

In the case of this latest round of bugs, it's less "change the theme of another user" and more "trick another user into changing their theme."


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#729 2019-07-12 03:18:33

Kizuna Ai
Formerly Night More
From: Brazil, Learn, Dev.
Joined: 2018-12-02
Posts: 238
Website

Re: Update Discussion for forums

- change the theme of another user
so accounts alts?


Fernandinha is the name of NightMore

212.png

Offline

#730 2019-07-17 23:49:03

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,167

Re: Update Discussion for forums

Last edited messages now appear in the post header.

Mods and admins can now review edit history and restore from it from within the forums.

After reviewing the needs of the gamestaff, I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances. Instead of locking down individual parts of the the "moderator" permission, this is starting from nothing and building up from there. Additional abilities can be whitelisted as needed.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#731 2019-07-17 23:53:59, last edited by mrjawapa (2019-07-17 23:57:35)

mrjawapa
Member
From: Ohio, USA
Joined: 2015-02-15
Posts: 5,332
Website

Re: Update Discussion for forums

Different55 wrote:

I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances.

Does this include other users posts?


Looks like everything will be coming to an end soon.

Discord: mrjawapa#5123
Steam: mrjawapa
Twitter: @mrjawapa

Offline

#732 2019-07-18 00:05:03, last edited by TaskManager (2019-07-18 00:05:23)

TaskManager
Formerly maxi123
From: i really should update this
Joined: 2015-03-01
Posts: 8,470

Re: Update Discussion for forums

Different55 wrote:

Last edited messages now appear in the post header.

Mods and admins can now review edit history and restore from it from within the forums.

After reviewing the needs of the gamestaff, I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances. Instead of locking down individual parts of the the "moderator" permission, this is starting from nothing and building up from there. Additional abilities can be whitelisted as needed.

Ok the addition is cool but did you remove xeno's editing powers
and also topic lock powers outside game business


i8SwC8p.png
signature by HG, profile picture by bluecloud, thank!!
previous signature by drstereos













like.php?tid=46047&pid=754703

Offline

#733 2019-07-18 02:51:08, last edited by Different55 (2019-07-18 02:51:57)

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,167

Re: Update Discussion for forums

mrjawapa wrote:
Different55 wrote:

I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances.

Does this include other users posts?

Yes. See below.

TaskManager wrote:
Different55 wrote:

Last edited messages now appear in the post header.

Mods and admins can now review edit history and restore from it from within the forums.

After reviewing the needs of the gamestaff, I've created a new "gamestaff" permission that only enables editing of some posts in limited circumstances. Instead of locking down individual parts of the the "moderator" permission, this is starting from nothing and building up from there. Additional abilities can be whitelisted as needed.

Ok the addition is cool but did you remove xeno's editing powers
and also topic lock powers outside game business

They can edit in forums they've been whitelisted for. They can't edit or post in locked topics, can't (currently) lock or unlock topics, and they can't edit silently since that's only used in extremely limited moderation tasks and so isn't useful for gamestaff at all.

In forums where they're whitelisted their editing abilities are pretty limited. Now that edit history manipulation is easily available to all forum staff (instead of being lost in a random log only I know about) I expect that won't be a problem for anyone.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#734 2019-07-18 03:06:46

Processor
Member
Joined: 2015-02-15
Posts: 2,078

Re: Update Discussion for forums

Diff, why should Xeno moderate anything on these forums at all? We have forum mods for that.

I remember when we originally gave Nou mod permissions, it was so he could edit topics where Thanel was the owner.
If that's still needed, let staff edit the first post in every topic in Game Business (it's always a staff post).

Different55 wrote:

Now that edit history manipulation is easily available to all forum staff (instead of being lost in a random log only I know about) I expect that won't be a problem for anyone.

EE staff have never been good at PR.
Even nou once censored new topics to "prevent drama".
It always backfires.
Its always a rationally dumb choice for staff abuse their role.
Yet they still do it and cause drama.

But why do we choose to let them?


I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.

embed.png?style=banner3

Offline

Wooted by: (2)

#735 2019-07-18 03:35:06

Onjit
Member
Joined: 2015-02-15
Posts: 8,373
Website

Re: Update Discussion for forums

Good update tbh

To be fair - kira, kkay and myself were **** with copypastas and Xeno did the decent thing by cleaning it up


A signature is a small piece of text that is attached to your posts. In it, you can enter just about anything you like. Perhaps you would like to enter your favourite quote or your star sign. It's up to you! In your signature you can use BBCode if it is allowed in this particular forum. You can see the features that are allowed/enabled listed below whenever you edit your signature.

Max length: 2,000 characters / Max lines: 20

Offline

Wooted by: (2)

#736 2019-07-18 03:38:58

mrjawapa
Member
From: Ohio, USA
Joined: 2015-02-15
Posts: 5,332
Website

Re: Update Discussion for forums

Processor wrote:

Even nou once censored new topics to "prevent drama".
It always backfires.

Also the time NVD censored a topic, then censored more topics addressing his censorship.

I thought one of the first "rules" established for the forums, was that NO game staff would have control over the forums. The idea was to keep punishments separate and avoid censorship.

Processor wrote:

But why do we choose to let them?

This time... it will be different!


Looks like everything will be coming to an end soon.

Discord: mrjawapa#5123
Steam: mrjawapa
Twitter: @mrjawapa

Offline

Wooted by: (2)

#737 2019-07-18 03:51:16

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,167

Re: Update Discussion for forums

Processor wrote:

Diff, why should Xeno moderate anything on these forums at all? We have forum mods for that.

He's not. That's why this change was made, to prevent them from moderating anything at all. Let me be clear, I don't really think Xeno did anything wrong cleaning up that topic. I do think he did it in an atypical way for how the forum staff would handle it. He's not looped in with all of our processes so while his way of handling it wasn't bad, it wasn't what we would have done.

While their occasional help is appreciated (if awkward), they really don't need to. The permissions that are left are intended (and really only useful for) the original purpose of managing each other's topics.

Processor wrote:

But why do we choose to let them?

We don't. This update shows that we don't.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

Wooted by:

#738 2019-07-18 13:38:30

TaskManager
Formerly maxi123
From: i really should update this
Joined: 2015-03-01
Posts: 8,470

Re: Update Discussion for forums

So they're not allowed to moderate/edit our posts but they still technically can do it?
How can we be reassured that they're not going to edit our posts regardless


i8SwC8p.png
signature by HG, profile picture by bluecloud, thank!!
previous signature by drstereos













like.php?tid=46047&pid=754703

Offline

#739 2019-07-18 17:40:16, last edited by Different55 (2019-07-18 17:41:19)

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,167

Re: Update Discussion for forums

TaskManager wrote:

So they're not allowed to moderate/edit our posts but they still technically can do it?
How can we be reassured that they're not going to edit our posts regardless

They technically can't still do it.

In the past we gave just Xeno mod powers because he needed to be able to make changes to other staff posts. Then we extended that to a few others who needed to all manage one topic without sharing an account. Before now, we just gave them mod powers and locked down banning and warning, which were our main 2 mod powers we figured.

As of this update, they're only able to edit the first posts in forums they "moderate," so it's more like having a shared account without actually sharing anything.


And as of a few hours ago they also have the ability to userlock (so it can't override a modlock, and it doesn't interfere with the original owner's lock in case they don't also have gamestaff permissions) each other's topics and sticky any topic.

Also one more (this time undiscovered) CSRF vulnerability has been fixed.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#740 2019-07-19 04:03:53

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,167

Re: Update Discussion for forums

Fixed half-missing CSRF token, people should be allowed to close their own topics again.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

Wooted by:

#741 2019-07-19 12:57:07

TaskManager
Formerly maxi123
From: i really should update this
Joined: 2015-03-01
Posts: 8,470

Re: Update Discussion for forums

Oh yeah, the message edits in PMs use the old style of writing "Edited by..." under the message text


i8SwC8p.png
signature by HG, profile picture by bluecloud, thank!!
previous signature by drstereos













like.php?tid=46047&pid=754703

Offline

Wooted by: (3)

#742 2019-07-22 17:54:55

Nebula
Member
From: Minderia Forum
Joined: 2018-04-25
Posts: 4,831
Website

Re: Update Discussion for forums

Different55 wrote:

Fixed half-missing CSRF token, people should be allowed to close their own topics again.

that's still not fixed, mate


Youtube Twitter
nebulapersonal.gif
Kudos to Raphe9000, Zoey2070, Filip2005, Nikko99 & HG

Offline

#743 2019-07-22 18:48:45

peace
Member
From: admin land
Joined: 2015-08-10
Posts: 6,963

Re: Update Discussion for forums

hey diff why dotn you sticky this topic


peace.png

thanks hg for making this much better

Offline

#744 2019-07-22 20:17:24

Gosha
Member
From: Russia
Joined: 2015-03-15
Posts: 5,919

Re: Update Discussion for forums

That's the only active topic out there so it won't ever go down

Offline

#745 2019-07-22 21:58:00

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,167

Re: Update Discussion for forums

Nebula wrote:
Different55 wrote:

Fixed half-missing CSRF token, people should be allowed to close their own topics again.

that's still not fixed, mate

Looks fixed to me, what topic are you trying to close that isn't working?


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#746 2019-07-22 23:53:15

Nebula
Member
From: Minderia Forum
Joined: 2018-04-25
Posts: 4,831
Website

Re: Update Discussion for forums

Different55 wrote:
Nebula wrote:
Different55 wrote:

Fixed half-missing CSRF token, people should be allowed to close their own topics again.

that's still not fixed, mate

Looks fixed to me, what topic are you trying to close that isn't working?

https://forums.everybodyedits.com/viewt … p?id=46111 that one here


Youtube Twitter
nebulapersonal.gif
Kudos to Raphe9000, Zoey2070, Filip2005, Nikko99 & HG

Offline

#747 2019-07-30 13:13:08

Gosha
Member
From: Russia
Joined: 2015-03-15
Posts: 5,919

Re: Update Discussion for forums

Hey diff, please make last edited message also clickable, it makes it easier to copy post url on phone

Offline

Wooted by: (2)
Gosha1564488788757077

Board footer

Powered by FluxBB

[ Started around 1576292392.9823 - Generated in 0.060 seconds, 12 queries executed - Memory usage: 1.61 MiB (Peak: 1.87 MiB) ]