‹‹ 返回 Bugs
獲得高級隱藏所有廣告
發表: 3   誰瀏覽過: 32 users
10.12.2020 - 23:01
Expected behavior
If i put something that is not a color hex on background color input, an error should appear

Actual behavior
I put a css property and it works

Steps to reproduce the behavior
1. Go to Edit Profile page
2. Edit background color input and put ;height:99em(the last ; is to close background-color property)
In this case I tried to change height of page name box but works with any css property if it respects max length of 12 characters.
3. Save changes

Information
Browser: Mozilla Firefox (works with any browser)
OS: Windows

Attachments:






If i try to change the margin instead of height, page looks like this: (zoom 30%)




What about opacity? no problem (put ;opacity:0)



Edit: For some reason, I decided to modify the max-length of the input and as I suspect, the code checks the max length (which is 14) but not with the same value (which is 12) as the input, so it is possible to add css properties with longer names like this one: ;display:none (which makes disappear page name's div)



I would suggest change it for a color picker, which is a fancy option or better yet putting a regex that parses css tags.
載入中...
載入中...
11.12.2020 - 00:05
 Sid (管理員)
Mildly concerning bug, players can currently fuck with their profiles quite a bit lol.

Moved it here...
載入中...
載入中...
11.12.2020 - 04:13
 Dave (管理員)
Fixed, moving back to the bugs forum now that it's safe.

@EastPlz thanks for reporting. Yet another glaring vulnerability that has existed in atWar since who knows when. Fwiw I put in both your suggestions... a color picker and a regex filter.
----
All men can see these tactics whereby I conquer,
but what none can see is the strategy out of which victory is evolved.
--Sun Tzu

載入中...
載入中...
atWar

About Us
Contact

隱私條例 | 服務條例 | 橫額 | Partners

Copyright © 2024 atWar. All rights reserved.

加入我們在

將遊戲傳播出去!