±Recent Visitors

Recent Visitors to Com-Central!

±User Info-big


Welcome Anonymous
Nickname
Password
Membership:
Latest: HighestAce
New Today: 0
New Yesterday: 0
Overall: 6648
People Online:
Members: 0
Visitors: 186
Total: 186
Who Is Where:
 Visitors:
01: Home
02: Community Forums
03: Community Forums
04: Community Forums
05: Home
06: Statistics
07: Home
08: Community Forums
09: Home
10: Community Forums
11: Home
12: Community Forums
13: Community Forums
14: Member Screenshots
15: Community Forums
16: Home
17: Home
18: Community Forums
19: Community Forums
20: Community Forums
21: Photo Gallery
22: Home
23: Home
24: Community Forums
25: Community Forums
26: Community Forums
27: News Archive
28: Home
29: Your Account
30: Home
31: Home
32: Community Forums
33: Home
34: Home
35: Community Forums
36: Home
37: Downloads
38: Home
39: Community Forums
40: Photo Gallery
41: Community Forums
42: Home
43: Community Forums
44: Home
45: Home
46: Home
47: Community Forums
48: Home
49: Downloads
50: Home
51: Home
52: Home
53: Community Forums
54: Your Account
55: Community Forums
56: Home
57: Community Forums
58: Member Screenshots
59: News
60: Home
61: Home
62: Home
63: Community Forums
64: Home
65: Home
66: Community Forums
67: Community Forums
68: Community Forums
69: Community Forums
70: Home
71: Home
72: Community Forums
73: Community Forums
74: Home
75: Downloads
76: News
77: Downloads
78: Home
79: Community Forums
80: Community Forums
81: Community Forums
82: Community Forums
83: Home
84: Home
85: News Archive
86: Community Forums
87: Community Forums
88: Home
89: Community Forums
90: Community Forums
91: Community Forums
92: News Archive
93: Photo Gallery
94: Member Screenshots
95: Community Forums
96: Community Forums
97: Home
98: Your Account
99: Home
100: Home
101: Contact
102: Home
103: Home
104: Photo Gallery
105: Home
106: Community Forums
107: Home
108: Home
109: Community Forums
110: Home
111: Your Account
112: Home
113: News
114: Community Forums
115: Photo Gallery
116: Community Forums
117: Home
118: Community Forums
119: Community Forums
120: Home
121: Home
122: Community Forums
123: Community Forums
124: Community Forums
125: Community Forums
126: Home
127: Community Forums
128: Community Forums
129: Community Forums
130: Home
131: Community Forums
132: Member Screenshots
133: Community Forums
134: Community Forums
135: Home
136: Community Forums
137: Community Forums
138: Home
139: Community Forums
140: Member Screenshots
141: Home
142: Community Forums
143: Your Account
144: Community Forums
145: Community Forums
146: Community Forums
147: Home
148: Community Forums
149: Community Forums
150: Home
151: Member Screenshots
152: Community Forums
153: Community Forums
154: Home
155: Community Forums
156: Home
157: Home
158: Photo Gallery
159: Home
160: Home
161: Home
162: Home
163: Home
164: Home
165: Community Forums
166: Home
167: Community Forums
168: Home
169: Downloads
170: Community Forums
171: Community Forums
172: Member Screenshots
173: Home
174: Home
175: Home
176: Photo Gallery
177: Community Forums
178: Home
179: Home
180: Community Forums
181: Community Forums
182: Home
183: Community Forums
184: Home
185: Home
186: Member Screenshots
Staff Online:

No staff members are online!
Forum FAQForum FAQ  Log in to check your private messagesLog in to check your private messages  LoginLogin
SearchSearch  ModeratorsModerators
Page themes fixed...
The AFV ASSOCIATION was formed in 1964 to support the thoughts and research of all those interested in Armored Fighting Vehicles and related topics, such as AFV drawings. The emphasis has always been on sharing information and communicating with other members of similar interests; e.g. German armor, Japanese AFVs, or whatever.
Go to page Previous  1, 2
Post new topic    Reply to topic    Printer Friendly Page     Forum Index ›  AFV News Discussion Board

View previous topic :: View next topic  
Author Message
Doug_Kibbey
Power User

Offline Offline
Joined: Jan 23, 2006
Posts: 4678
Location: The Great Satan
PostPosted: Sun Feb 05, 2012 10:26 pm
Post subject: Re: Page themes fixed...
The chief building superintendent sez:

"I've come across some information on this. Since the update prior to this last one, the updated BBcode has changed and that new change will not allow spaces in the URL link. A request to revamp the code has been made..."

...roughly meaning: "We've asked, and are awaiting a response, about which we haven't a lot of say."
Back to top
View user's profile Visit poster's website Photo Gallery
Smashy
Power User

Offline Offline
Joined: Aug 05, 2010
Posts: 112
PostPosted: Mon Feb 06, 2012 12:09 am
Post subject: Re: Page themes fixed...
- Doug_Kibbey
The chief building superintendent sez:

"I've come across some information on this. Since the update prior to this last one, the updated BBcode has changed and that new change will not allow spaces in the URL link. A request to revamp the code has been made..."

...roughly meaning: "We've asked, and are awaiting a response, about which we haven't a lot of say."


This is very important as linux web servers allow users to create folder names & file names with spaces in them and there are a heck of a lot of linux web servers out there.

If I remember correctly the workaround is you must surround the filename with quotation marks?

_________________
Smashy
Back to top
View user's profile
Doug_Kibbey
Power User

Offline Offline
Joined: Jan 23, 2006
Posts: 4678
Location: The Great Satan
PostPosted: Mon Feb 06, 2012 11:36 pm
Post subject: Re: Page themes fixed...
- Smashy
- Doug_Kibbey
The chief building superintendent sez:

"I've come across some information on this. Since the update prior to this last one, the updated BBcode has changed and that new change will not allow spaces in the URL link. A request to revamp the code has been made..."

...roughly meaning: "We've asked, and are awaiting a response, about which we haven't a lot of say."


This is very important as linux web servers allow users to create folder names & file names with spaces in them and there are a heck of a lot of linux web servers out there.

If I remember correctly the workaround is you must surround the filename with quotation marks?



Here's the latest (and we can assume final) word on this subject:

"I'm still looking into this issue and this is what I've learned to date...

The BBcode code writers, (the code used on most forums and here at CC), has found a security issue with the older code which allowed spaces in the URL link. At the moment, the code writers are 'sticking to their guns' about not allowing spacing in URL's.

Some of the pic hosting sites on the web such as PhotoBucket allow using spaces in their URL's so it's going to be a bigger problem than some realize if those sites don't update their policies. It's too easy to include malicious code in broken (using spaces) URL's and that could include redirect scripts that would allow a hacker to point others to a different site than you had intended to use or inserting JAVA code to install hacker code into your personal computer.

A more 'techy' point of view:

One way to think about this problem is as well to check on server side that GET and POST request are not equivalent.

A POST request can alter data in server side, a GET request mustn't change anything. That's the HTTP protocol. An IMG tag is a GET request, always. And the browser can perform this GET request without any risk, so the problem is on server side, every action that can change alter data (database, session, etc) must check the request is a POST one. For example your /post url, should return asking for a POST confirmation. If this is wrong in your application, then you'll have problems not only with altered IMG tags, but maybe as well with 'html page speeders' that make preload of GET references, or even bots.

It's possible to 'force' (rewrite) the code, but I think we should error in the way of security as it's our duty to try to protect our users as much as possible."



Sorry for any inconvenience, but site and member safety come first, as it should be.
I'm no authority, but I have plenty of anecdotal experience that suggests that it's not good practice to include spaces in any filenames, etc....and it's also not wise to make them any longer than they have to be.
Back to top
View user's profile Visit poster's website Photo Gallery
Roy_A_Lingle
Power User

Offline Offline
Joined: Jan 24, 2006
Posts: 1997
Location: El Paso & Ft Bliss, Texas
PostPosted: Tue Feb 07, 2012 10:20 pm
Post subject: Re: Page themes fixed...
Hi Doug! Hi Folks!

Thanks for the update! The last thing we all need is to lose another site.

Sgt, Scouts out!

_________________
"You can never have too much reconnaissance."
General G.S. Patton Jr.
Back to top
View user's profile Send e-mail
Display posts from previous:   
Post new topic    Reply to topic    Printer Friendly Page    Forum Index ›  AFV News Discussion Board
Page 2 of 2
All times are GMT - 6 Hours
Go to page Previous  1, 2



Jump to:  


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum