Hello.
I hope this is the right place for discussing issues of this forum. If not, my apologizes in advance.
1) if you leave a topic opened in browser for a quiet some time (a day or two) and then attempt post a quick reply, not only it doesn't let you post it with message "token expired" but also you loose what you just typed, because by hitting back button it clears up and locks up the quick reply field. A work around for me is to use 3nd party addon for Firefox Lazarus: Form Recovery. Would be nice if this issue was addressed in forum itself, for example instead of just showing this error message redirect to advanced reply form, as it does in issue #2:
2) about 2 or so month ago I've noticed that every time I try post using quick reply field, it end up with message
This forum requires that you wait 20 seconds between posts. Please try again in 19 seconds.
Click to expand...
Click to collapse
and advanced reply form underneath, but at the same time the message actually get posted fine. It's like clicking on submit button executes submit twice. Don't get this issue with advanced reply form.
Thank you.
I have the same problem. It was reported in October
http://forum.xda-developers.com/showthread.php?t=2478243
Opening Developer Tools in Google Chrome, I can see that after "post quick reply" two POST are send
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
donpippo said:
I have the same problem. It was reported in October
http://forum.xda-developers.com/showthread.php?t=2478243
Opening Developer Tools in Google Chrome, I can see that after "post quick reply" two POST are send
Click to expand...
Click to collapse
Thanks for the info - what plugins do you use?
I haven't been able to re-create this issue but there are a number of people reporting it.
The second POST doesn't indicate who initiated it. The first one is the correct one for quick posting the reply though.
I could reproduce it in different browsers (not 100% though), this means it's not plugin related
[EDIT]
Even though I didn't get the double post issue this time, but here is the detailed information from Live HTTP Headers extension for Firefox: (I replaced some sensitive data with <removed> tag)
Code:
http://forum.xda-developers.com/newreply.php?do=postreply&t=2593689
POST /newreply.php?do=postreply&t=2593689 HTTP/1.1
Host: forum.xda-developers.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.7,ru;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://forum.xda-developers.com/showthread.php?p=49241748
Content-Length: 404
Cookie: bblastvisit=1388113345; bblastactivity=0; bbuserid=620411; bbpassword=<removed>; compactview=0; tab=top; vbulletin_collapse=forumbit_2540%0AThanks_47472268%0AThanks_47561416; cX_P=1377149517077967602642; xda_wikiUserID=317811; xda_wikiUserName=V%40no; xda_wikiToken=<removed>; __ktp=<removed>; visited=1; vbulletin_userlist_hide_avatars_incomingreqs=0; vbulletin_userlist_hide_avatars_buddylist=0; bbsessionhash=<removed>; cX_S=13891938285901641944020; xdaloggedin=1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
securitytoken=<removed>&ajax=1&ajax_lastpost=1389197237&message=I%20can%20reproduce%20it%20different%20browsers%2C%20this%20means%20it%27s%20not%20plugin%20related&wysiwyg=0&styleid=0&signature=1&fromquickreply=1&s=&securitytoken=<removed>&do=postreply&t=2593689&p=49241748&specifiedpost=1&parseurl=1&loggedinuser=620411
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Jan 2014 16:10:06 GMT
Content-Type: text/xml; charset=windows-1252
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
Set-Cookie: xdaloggedin=1; expires=Wed, 08-Jan-2014 16:25:06 GMT; path=/
Set-Cookie: visited=1; expires=Sun, 04-May-2014 09:56:46 GMT; path=/
XDA-No-Cache: 1
Content-Encoding: gzip
----------------------------------------------------------
http://forum.xda-developers.com/newreply.php?do=postreply&t=2593689
POST /newreply.php?do=postreply&t=2593689 HTTP/1.1
Host: forum.xda-developers.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.7,ru;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://forum.xda-developers.com/showthread.php?p=49241748
Cookie: bblastvisit=1388113345; bblastactivity=0; bbuserid=620411; bbpassword=<removed>; compactview=0; tab=top; vbulletin_collapse=forumbit_2540%0AThanks_47472268%0AThanks_47561416; cX_P=1377149517077967602642; xda_wikiUserID=317811; xda_wikiUserName=V%40no; xda_wikiToken=<removed>; __ktp=<removed>; visited=1; vbulletin_userlist_hide_avatars_incomingreqs=0; vbulletin_userlist_hide_avatars_buddylist=0; bbsessionhash=<removed>; cX_S=13891938285901641944020; xdaloggedin=1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 299
message=I+can+reproduce+it+different+browsers%2C+this+means+it%27s+not+plugin+related&wysiwyg=0&styleid=0&signature=1&fromquickreply=1&s=&securitytoken=<removed>&do=postreply&t=2593689&p=49241748&specifiedpost=1&parseurl=1&loggedinuser=620411&ajaxqrfailed=1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 08 Jan 2014 16:10:07 GMT
Content-Type: text/html; charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
Set-Cookie: xdaloggedin=1; expires=Wed, 08-Jan-2014 16:25:07 GMT; path=/
Set-Cookie: visited=1; expires=Sun, 04-May-2014 09:56:47 GMT; path=/
XDA-No-Cache: 1
Location: http://forum.xda-developers.com/showthread.php?t=2593689&goto=newpost
Now I'm testing from an incognito chrome tab (so no extension enabled)
edit
From incognito tab, with no extensions enabled I don't have this issue.
---------- Post added at 07:21 PM ---------- Previous post was at 07:16 PM ----------
incognito tab with only adblock plus enabled
edit
I have double post issue
Maybe is ABP faults?
+1 OP, I too experience the problem of the twice post by posting using quick reply option. My browser is chrome.
We just fixed an issue with the XML that was returned, basically, it was malformed because of an extra line - and the way the Quick Reply button works in Javascript is that it if it thinks the XML/ajax request fails, it tries to do a normal post. But since the first post actually was fine, it attempts a double post. Which is why you see an error.
Can you check to see if the double-post issue is fixed now?
So far so good, no duplicates.
Any words regarding the token issue? A simple redirection to advanced form where it would show the error message, but kept your typed text would suffice.
[email protected] said:
So far so good, no duplicates.
Any words regarding the token issue? A simple redirection to advanced form where it would show the error message, but kept your typed text would suffice.
Click to expand...
Click to collapse
We consider this more a security concern in that we wouldn't allow the post if the browser has been idle for a long period of time. For that reason and since it is a core vBulletin function we consider that it works as intended.
bitpushr said:
We consider this more a security concern in that we wouldn't allow the post if the browser has been idle for a long period of time. For that reason and since it is a core vBulletin function we consider that it works as intended.
Click to expand...
Click to collapse
The problem is browser (at least Firefox) saves data in forms even after page refresh, this means even if you keep refreshing the page all the time, the token will eventually expire, unless you clear the cache or move on to another page and go back without using browser's history.
Basically, you don't have to be idle to loose what you just typed.
Or at least don't clear the quick reply field when you get back from error page...
Thank you.
Related
Every page I go on, on XDA I get two url's in my browsed pages leading to ib.adnxs.com/if?enc=AAAAAAAAAA
Like this
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Im using IE 8
So when using XDA I'm unable to browse back using the back button in IE as the Url just reloads the same page again no matter how many times i click back
I have to click the main link on the top of the page every time I want to go back
Also we now have add's with sound! so bad!
Just a heads up very annoying
I'm getting the same thing, VERY annoying. Can't use the back button at all.
.
Same here. Extremely annoying!!!
Admins please FIX!!!!
orb3000 said:
Click to expand...
Click to collapse
What is the significance of a red X?
I know, I went to the page and saw the pic.
Nice reply from a mod to problems people are having with the site. Nice!
add volume.liftdna.com to the list.
One time I got five url's between the forum page and the thread page. And clicking the forum link to go back is annoying as you always return to Page 1 of the forum instead of the page you were on.
85gallon said:
What is the significance of a red X?
I know, I went to the page and saw the pic.
Nice reply from a mod to problems people are having with the site. Nice!
add volume.liftdna.com to the list.
.
Click to expand...
Click to collapse
Is there another thread on this topic? Are the mods doing anything about it? This is a real pain in the a$$.
.
jpeepers said:
Is there another thread on this topic? Are the mods doing anything about it? This is a real pain in the a$$.
.
Click to expand...
Click to collapse
From orb's response they don't care. He suggests in an offhand way to install another browser other than internet explorer.
I'll forward this to our Server admin and if there is a problem to solve XDA will do the best to fix it as usual.
In the meantime this thread will be closed.
85gallon said:
From orb's response they don't care. He suggests in an offhand way to install another browser other than internet explorer.
Click to expand...
Click to collapse
Rest assured, we care. I use IE8 at work, and IE9 at home, so I am not of the use Opera or Chrome mindset. We are looking into the issue now.
NotATreoFan said:
Rest assured, we care. I use IE8 at work, and IE9 at home, so I am not of the use Opera or Chrome mindset. We are looking into the issue now.
Click to expand...
Click to collapse
Sorry to lump you all in with the response of one. My bad.
Thanks for letting us know you are working on it.
I am not seeing the issue anymore, how about you guys?
Back-button [still] not working in xda-developers on IE
O0Brian0O said:
I am not seeing the issue anymore, how about you guys?
Click to expand...
Click to collapse
1. The problem is unchanged for me; I am still seeing the issue, where (just for the sake of clarity):
"the issue" == a. hitting the back-button doesn't appear to change the displayed page when viewing any page of xda-developers.com with Internet Explorer;
b. depending on what page you are viewing, hitting the back-button might or might not change the IE history-list that you see when you click on the little blue triangle to the left of the URL entry text-box drop-down. Ditto for the IE history-list that you see in the IE history "explorer bar" that you get when you choose to "View By Order Visited Today."
I am using IE 9.0.8112.16421.
Note 1: FWIW, my browser doesn't seem to go to any pages in the domain that is the title of this thread. The unexpected pages in my history list (and there are LOTS of them) are all in one of the two following domains: statc.liftdna.com and mediaservices-d-openxenterprise.com.
Note 2: The title of this thread doesn't really help very much those people who are searching for answers to the problem that the back-button doesn't work. Since there seems to be almost a fetish on this forum about the pleasures of searching for previous posts, perhaps the title of the thread can be changed so that more people (and apparent non-people such as newbies like me) will get more satisfaction from their searches?
Note 3: there is another thread on the same topic that someone has opened up (appropriately enough) in the forum:
AT&T Samsung Galaxy S II Q&A.
The thread is called "IE Back Button within forums".
Being a newbie, I can't post in such a development forum and point him to here.
i got this strange page when i was visiting this thread
Code:
http://forum.xda-developers.com/showthread.php?t=1801464
i am not sure i am the only one getting this error
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
hope u guys can fix this thanks.
Got it too. I think the problems is where the pictures on the thread come from.
mfsr98 said:
Got it too. I think the problems is where the pictures on the thread come from.
Click to expand...
Click to collapse
Well that's what the error message states so yeah.....
OP, this is quite a common occurrence and happens when people choose to host images on less than reputable hosting sites. I'll look through the thread later and take out the offending image.
Sent From My Fingers To Your Face.....
I'm getting this from just about every link I click on for xda, but the malware listed is different.
hooked_on_droid said:
I'm getting this from just about every link I click on for xda, but the malware listed is different.
Click to expand...
Click to collapse
This is true. I have browsed several threads and got the same result
Sent from my SAMSUNG-SGH-I317 using xda app-developers app
Please fix this quickly.
I've gotten the same thing multiple times today.
For me, its on every XDA page that I enter.
But, I keep getting the same malware warning for "security.rltk.us " Doing research on that now.
Update: When I try to go to "security.rltk.us" I get a 403. When I google that malware, all that shows up is results for XDA and another supposedly infected site.
nate234 said:
For me, its on every XDA page that I enter.
But, I keep getting the same malware warning for "security.rltk.us " Doing research on that now.
Update: When I try to go to "security.rltk.us" I get a 403. When I google that malware, all that shows up is results for XDA and another supposedly infected site.
Click to expand...
Click to collapse
just started getting this same thing earlier today. Wasn't getting it this morning though.
Put adblock from the chrome store on. It clears it up. And you can remove later after XDA cleans up
Sent from my SPH-L710 using xda app-developers app
I'm a little surprised there isn't more discussion of this. I'm far from an expert but poking around the many JS files used on XDA I've noticed some suspicious shellcode in one of the Ad providers scripts. I'm fairly sure shellcode is not a common thing to use for an ad platform so maybe the ad provider has had part of their ad framework compromised? It's strange to see unobfuscated shellcode though, which seems rather lazy for typical browser exploits so this may just be strange/legitimate use of shellcode.
Again, by no means is this a definitive thing, just an observation based on what I understand.
EDIT: Looks like since last night Chrome is no longer reporting malware, so possibly the offending ad was removed? And it would appear the ad provider does intentionally use shellcode, as it's still present in their scripts.
I've flagged this for the server guru to take a look at. Not sure if he's around much the next day or two but it will be looked into folks don't worry.
Sent From My Fingers To Your Face.....
conantroutman said:
I've flagged this for the server guru to take a look at. Not sure if he's around much the next day or two but it will be looked into folks don't worry.
Sent From My Fingers To Your Face.....
Click to expand...
Click to collapse
Was curious myself and just did a little more digging on security.rltk.us. Appears Google Safe browsing has the originating site as blacklisted due to being categorized as "Adult & Pornographic content". No other checkers that knew of it had anything negative and not going to dig much further since 1) It's being addressed by mod and 2) Appears issue is cleared. Likely an ad associated with this domain and the message triggered because of the blacklist?
Per Sucuri SiteCheck the site itself has been blacklisted but clean, and provided a clean security report (warnings found):
Blacklisted: Yes
Malware: No
Malicious javascript: No
Malicious iFrames: No
Drive-By Downloads: No
Anomaly detection: No
IE-only attacks: No
Suspicious redirections: No
Spam: No
Plus it lists other sites that checked the domain and cleared it:
* Domain blacklisted by Google Safe Browsing: security.rltk.us - reference
* Domain clean by Norton Safe Web: security.rltk.us - reference
* Domain clean on Phish tank: security.rltk.us - reference
* Domain clean on the Opera browser: security.rltk.us - reference
* Domain clean by SiteAdvisor: security.rltk.us - reference
* Domain clean on Sucuri IP/URL malware blacklist: security.rltk.us - reference
* Domain clean by the Sucuri Malware Labs blacklist: security.rltk.us - reference
* Domain clean on Yandex (via Sophos): security.rltk.us - reference
Typically the "Red page of death" will come up when someone has linked an image to a hostname that is on the malware blacklist from Google, as conantroutman stated.
If there is an ad causing this (ie, if you see it on more than one thread) then it is possible there is a "Bad ad" being served. These are so customized that likely however much browsing I do I'll never come across it, so if anyone does have this issue and has the ability to determine which script exactly is causing the error, would love to hear it so we can yell at our ad provider.
That includes any shellcode that is being performed by an ad, would be very curious what they are doing.
We are blacklisting security.rltk.us from posting ads, the tough part is sometimes the ad is actually served from somewhere else that forwards to that domain name.
I think it's Google job they hate xda for mods/hacks like 4.2 camera is now blocking(ask to delete download links)
Merry christmas and Happy new year
Paulius
I got this too in the Nexus 7 section a few minutes ago. It was warning about freeimagehosting.net.
---------- Post added at 08:57 PM ---------- Previous post was at 08:55 PM ----------
Paulius7 said:
I think it's Google job they hate xda for mods/hacks like 4.2 camera is now blocking(ask to delete download links)
Merry christmas and Happy new year
Paulius
Click to expand...
Click to collapse
It's not Google. It's members who insist on using shady sites to host their photos and stuff. Those sites are blacklisted by Google and that's why the warning comes up.
I'm getting a warning for valid.canardpc.com when I try to go to this XDA page: http://forum.xda-developers.com/showthread.php?t=2483043&page=33
We wanted to respond to the post on the Full Disclosure mailing list (link) regarding a vulnerability on XDA.
We can confirm that an admin account was compromised on the Portal portion of our site (also known as the blog or front page), however, no user accounts in the forums were compromised. XDA exists on two separate systems that live in two separate server environments and no user data is stored on the Portal servers where the issue happened.
At this point it appears that an admin account was compromised and used to gain access to the backend code on the WordPress site. We have patched this exploit and are continuing to review our code and policies to prevent this type of thing from happening again. We take security very seriously.
As a safety precaution, we've asked all Portal editors to change their password. Again we have no concern or evidence that XDA's user accounts were in any way compromised.
Our thanks to Steffen for reporting this. His attempts to contact us via other channels were unsuccessful mainly because we receive many emails on a daily basis about various topics, including people falsely claiming that our site is hacked. If anyone has information regarding a vulnerability, they can use the technical contact form on our site with details, or email me directly at security + at + xda-developers.com. When reporting a security vulnerability, make sure to include specific details so that we know that it is a real issue.
To follow up on what bitpushr said above, we've decided to create a dedicated page on the site where people from the community can report security vulnerabilities and understand our disclosure policy. Look for that in the coming days. In the mean time, feel free to use his email if you want to directly reach him and our team.
Thank you
Thank you for informing everyone about the incident and for taking user security serious.
Portal is hacked again.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What's uppening?
---------- Post added at 10:32 AM ---------- Previous post was at 10:21 AM ----------
The home page is now ok
And again.
Kim Jong Un is now here.
What does the database tar contain? Pretty sure it wasn't there before, so should we change our passwords?
Trafalgar Square said:
And again.
Kim Jong Un is now here.
Click to expand...
Click to collapse
Who is Kim Jong Un?
Portal and Forum are on different Servers.
You can change your pass, if you want to be sure.
As far as I know.
---------- Post added at 09:58 ---------- Previous post was at 09:57 ----------
Astrubale said:
Who is Kim Jong Un?
Click to expand...
Click to collapse
Korean dictator
Trafalgar Square said:
Portal and Forum are on different Servers.
You can change your pass, if you want to be sure.
As far as I know.
---------- Post added at 09:58 ---------- Previous post was at 09:57 ----------
Korean dictator
Click to expand...
Click to collapse
What? Why he is here?
Astrubale said:
What? Why he is here?
Click to expand...
Click to collapse
There was a GIF from him on the Portal site.
He hacked a server or admin account?
I don't know.
I am not the Admin.
Maybe it's a joke by the Admins. They are very funny sometimes
Trafalgar Square said:
I don't know.
I am not the Admin.
Maybe it's a joke by the Admins. They are very funny sometimes
Click to expand...
Click to collapse
I think no
Hey all, sorry it's no joke! But our wordpress and forum accounts are totally different. I am evaluating the portal server now, no need to change your password on XDA forum, although it is always good practice to change your passwords every few months, everywhere.
bitpushr said:
Hey all, sorry it's no joke! But our wordpress and forum accounts are totally different. I am evaluating the portal server now, no need to change your password on XDA forum, although it is always good practice to change your passwords every few months, everywhere.
Click to expand...
Click to collapse
Is it ok the web site now?
Since there's xda ad free now, I think it would be a good idea to launch some kind of a bug bounty program.
bitpushr said:
Hey all, sorry it's no joke! But our wordpress and forum accounts are totally different. I am evaluating the portal server now, no need to change your password on XDA forum, although it is always good practice to change your passwords every few months, everywhere.
Click to expand...
Click to collapse
This means files uploaded to xda forums are safe? Downloaded and installed an app when this went down.
Visi0nofExcellence2 said:
This means files uploaded to xda forums are safe? Downloaded and installed an app when this went down.
Click to expand...
Click to collapse
Wouldn't be the forum and the normal website be on different severs? So I guess its okay
Sent from my Moto G using Tapatalk
Hello,
Couple minutes ago, I logged out from my account in xda, and when I logged out I saw the account name changed to another user called stratian45646 and I found his account.
I don't know why this happened? Is that a glitch/bug on the xda website or something different going on? Check the screenshot below, it's the moment I logged out and I saw this - when I tried to clicked on the account name to see the profile, a window pop up to login again. Also before that I saw a message saying "a user has changed" but I didn't paid attention since this happened in the past again but I refreshed the page and all was good.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
If someone had any idea why this happened, please let me know.
Retrial said:
Hello,
Couple minutes ago, I logged out from my account in xda, and when I logged out I saw the account name changed to another user called stratian45646 and I found his account.
I don't know why this happened? Is that a glitch/bug on the xda website or something different going on? Check the screenshot below, it's the moment I logged out and I saw this - when I tried to clicked on the account name to see the profile, a window pop up to login again. Also before that I saw a message saying "a user has changed" but I didn't paid attention since this happened in the past again but I refreshed the page and all was good.
View attachment 5385715
If someone had any idea why this happened, please let me know.
Click to expand...
Click to collapse
Maybe a bad cookie?
@MikeChannon
sd_shadow said:
Maybe a bad cookie?
@MikeChannon
Click to expand...
Click to collapse
Possibly, but I'm no expert on this. I'll notify someone who can check on it.
Mike
This is easy to replicate.
Login to XDA (or any XF 2.2.x forum that misconfigured caching)
Open Cookies in use for the site (via Dev Tools)
Delete both xf_lscxf_logged_in & xf_user cookies
Then browse the forum, you are still logged in but unfortunately your session is NOW CACHED on the server as Guest view
Any Guest visit the site and browse those pages will be serve from cached (but with your private details like unread convo, alerts, etc)
XF 2.2 Admin and Owner here.
dan_09 said:
This is easy to replicate.
Login to XDA (or any XF 2.2.x forum that misconfigured caching)
Open Cookies in use for the site (via Dev Tools)
Delete both xf_lscxf_logged_in & xf_user cookies
Then browse the forum, you are still logged in but unfortunately your session is NOW CACHED on the server as Guest view
Any Guest visit the site and browse those pages will be serve from cached (but with your private details like unread convo, alerts, etc)
XF 2.2 Admin and Owner here.
Click to expand...
Click to collapse
@MikeChannon @svetius
dan_09 said:
This is easy to replicate.
Login to XDA (or any XF 2.2.x forum that misconfigured caching)
Open Cookies in use for the site (via Dev Tools)
Delete both xf_lscxf_logged_in & xf_user cookies
Then browse the forum, you are still logged in but unfortunately your session is NOW CACHED on the server as Guest view
Any Guest visit the site and browse those pages will be serve from cached (but with your private details like unread convo, alerts, etc)
XF 2.2 Admin and Owner here.
Click to expand...
Click to collapse
Well as I write this, I have deleted the two Cookies you mention and I'm still logged in and able to post as me.
Also, although I can see how deleting cookies can result in odd forum behavior, like the cached guest pages you mention, I'm not so clear on how this would explain the case where logging out results in another user's name appearing top right as if you were logged in as that other user (even if you aren't really logged in as them).
Mike
MikeChannon said:
I have deleted the two Cookies you mention and I'm still logged in and able to post as me.
Click to expand...
Click to collapse
Yes this is expected and I didn't say you'll be logout after doing that.
PHP server or the forum software still recognize you as logged in user.
BUT, pages you visit after that will be cached for guest view as the cache server (Nginx or LiteSpeed) think you as Guest visitor only, this is the mis-configured part.
Sample:
Delete both xf_lscxf_logged_in & xf_user cookies
Visit any forum page (add random query to avoid cache hit):
https://forum.xda-developers.com/f/oneplus-8t-accessories.11591/post-thread
Now open that same url on Incognito mode or as Guest on other browser
You should be able to access it via Cache with your account logged (when guest should not be able to view that)
dan_09 said:
Yes this is expected and I didn't say you'll be logout after doing that.
PHP server or the forum software still recognize you as logged in user.
BUT, pages you visit after that will be cached for guest view as the cache server (Nginx or LiteSpeed) think you as Guest visitor only, this is the mis-configured part.
Sample:
Delete both xf_lscxf_logged_in & xf_user cookies
Visit any forum page (add random query to avoid cache hit):
https://forum.xda-developers.com/f/oneplus-8t-accessories.11591/post-thread
Now open that same url on Incognito mode or as Guest on other browser
You should be able to access it via Cache with your account logged (when guest should not be able to view that)
Click to expand...
Click to collapse
Yes, I understand. I thought, (probably incorrectly) that you were explaining how another user's name could appear on the page (like happened to someone several posts up).
I thnk though you were explaining a different issue... the one where a user gets mixed messages about being logged in or out.
Mike
MikeChannon said:
I thought, (probably incorrectly) that you were explaining how another user's name could appear on the page (like happened to someone several posts up).
Click to expand...
Click to collapse
Yes, I explain the main reason why it happen from the first place.
Please understand my post carefully :|
It happened again!
I've been trying to respond to a direct question from somebody on the forum for the last half hour.
I keep getting broken matrix. Firefox inspector shows:
Code:
Uncaught ReferenceError: freestar is not defined
<anonymous> https://forum.xda-developers.com/t/please-help-unbrick-unit-with-qualcomm-msm8953.4484041/#post-87340185:306
Renate said:
I've been trying to respond to a direct question from somebody on the forum for the last half hour.
I keep getting broken matrix. Firefox inspector shows:
Code:
Uncaught ReferenceError: freestar is not defined
<anonymous> https://forum.xda-developers.com/t/please-help-unbrick-unit-with-qualcomm-msm8953.4484041/#post-87340185:306
Click to expand...
Click to collapse
Hello and good evening, Renate.
I've just responded to the linked post you provide and it's just working fine. Reply here, screenshot below:
Spoiler: Screenshot
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Regards
Oswald Boelcke
<slaps forehead> I've actually run into this problem before.
I was giving an example of a simple Linux command inside a code block.
It turns out that this bit of text even by itself breaks the matrix and causes everything to be out of sync, even bashing the preview button.
The brokeness persists even after deleting the offending text. *Or maybe not. Maybe a failed post sets the frequent poster timer too.
u n a m e - a
Squish those letters together (a space between E and hyphen) and everything breaks.
uname - // This is ok
uname -z // This is ok
you-guessed-it // BAD!
Bet you can't say it! Just type that as a response and hit "Preview".
@Oswald Boelcke
Renate said:
<slaps forehead> I've actually run into this problem before.
I was giving an example of a simple Linux command inside a code block.
It turns out that this bit of text even by itself breaks the matrix and causes everything to be out of sync, even bashing the preview button.
The brokeness persists even after deleting the offending text. *Or maybe not. Maybe a failed post sets the frequent poster timer too.
u n a m e - a
Squish those letters together (a space between E and hyphen) and everything breaks.
uname - // This is ok
uname -z // This is ok
you-guessed-it // BAD!
Bet you can't say it! Just type that as a response and hit "Preview".
@Oswald Boelcke
Click to expand...
Click to collapse
Renate, I confirm your observation but I don't have an explanation.
uname with the "-a" including a space after it breaks the matrix. Let's bring this to the attention of @MikeChannon or @the_scotsman
Oswald Boelcke said:
Renate, I confirm your observation but I don't have an explanation.
uname with the "-a" including a space after it breaks the matrix. Let's bring this to the attention of @MikeChannon or @the_scotsman
Click to expand...
Click to collapse
Well I too can confirm it gives a Neo error but I don't know how to unblock it. I have reported it to bitpushr.
It's not an unheard of error:
I can’t add some words like “/etc” “uname -a” in Gutenberg Editor
Support » Fixing WordPress » I can’t add some words like “/etc” “uname -a” in Gutenberg Editor I can’t add some words like “/etc” “…
wordpress.org
new "forum gotcha": post must not contain {u n a m e} - antiX oldforums archive
Mike
This seems to be fixed.
uname -a
Arealhooman said:
This seems to be fixed.
Click to expand...
Click to collapse
I manually typed what your post apparently says and it broke the matrix.
I quoted you and it broke the matrix.
I thought that maybe you did some sneaky Unicode character substitution.
Maybe you did.
I can type uname<nbsp>-a and it goes in without an error.
If I copy it back it shows as a normal 0x20 space.
uname -a
In any case, it still appears broken.
I did not. I did not even copy
Arealhooman said:
I did not. I did not even copy
Click to expand...
Click to collapse
Well, then it must be because you're a human and I'm just a bot.
oop I copied what I put yp their and now I’m getting a error. Weird.
I remember had same issue with ls -l (in code tags)
https://forum.xda-developers.com/showpost.php?p=81134277&postcount=3