10.12.2020 - 23:01
Expected behavior If i put something that is not a color hex on background color input, an error should appear Actual behavior I put a css property and it works Steps to reproduce the behavior 1. Go to Edit Profile page 2. Edit background color input and put ;height:99em(the last ; is to close background-color property) In this case I tried to change height of page name box but works with any css property if it respects max length of 12 characters. 3. Save changes Information Browser: Mozilla Firefox (works with any browser) OS: Windows Attachments: If i try to change the margin instead of height, page looks like this: (zoom 30%) What about opacity? no problem (put ;opacity:0) Edit: For some reason, I decided to modify the max-length of the input and as I suspect, the code checks the max length (which is 14) but not with the same value (which is 12) as the input, so it is possible to add css properties with longer names like this one: ;display:none (which makes disappear page name's div) I would suggest change it for a color picker, which is a fancy option or better yet putting a regex that parses css tags.
Loading...
Loading...
|
|||
11.12.2020 - 00:05
Mildly concerning bug, players can currently fuck with their profiles quite a bit lol. Moved it here...
Loading...
Loading...
|
|||
11.12.2020 - 04:13
Fixed, moving back to the bugs forum now that it's safe. @EastPlz thanks for reporting. Yet another glaring vulnerability that has existed in atWar since who knows when. Fwiw I put in both your suggestions... a color picker and a regex filter.
----
Loading...
Loading...
|
Are you sure?