Quantcast

A community for students.

Here's the question you clicked on:

55 members online
  • 0 replying
  • 0 viewing

‌‌

  • 2 years ago

How is this possible??? This is @SWAG. I was testing this to see if it worked and it did, so how is it possible.

  • This Question is Closed
  1. joannaxox3
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 0

    if what workeeD?

  2. ‌‌
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 1

    I have no name

  3. joannaxox3
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 0

    i noticed..that odd...check all the other ambassadors.

  4. ‌‌
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 1

    No no, I made this account with no name. My SWAG account is fine.

  5. joannaxox3
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 0

    oh ok then ...got it lol ... well i cant see my smart score i cant see my messages unless i go to my profile idk y tho.

  6. Compassionate
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 1

    Did you type in a normal name to register with or use special characters?

  7. ‌‌
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 1

    I dont know I just looked something up and pasted this

  8. ‌‌
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 1

    ‌‌

  9. ‌‌
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 1

    ^

  10. joannaxox3
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 0

    theres nothing? you posted nothing ?

  11. ‌‌
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 1

    @joannaxox3 Exactly & No one can see their stuff at the moment

  12. joannaxox3
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 0

    @.. wel i cant put your name cuz you got nun ...yes i cant see my stuff well my messages

  13. poopsiedoodle
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 2

     alt + 255 

  14. Compassionate
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 1

    gooby pls

  15. joannaxox3
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 0

    what does alt+255 do?

  16. SWAG
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 2

    Just to verify this was me

  17. joannaxox3
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 0

    oh well my computer does this ringing sound when i push that .

  18. shadowfiend
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 5

    You're using a Unicode character that essentially indicates, “INVISIBLE SEPARATOR”: http://www.fileformat.info/info/unicode/char/2063/index.htm . Because it isn't typically considered whitepsace, stripping a given string doesn't necessarily remove it.

  19. shadowfiend
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 5

    We explicitly chose not to enforce on the server length limits to usernames because long usernames don't harm the system to our knowledge. We're still not convinced that was what affected things a little while ago. Likewise, we explicitly chose not to filter characters. That was because we wanted to allow you folks the expressive power of being able to use unicode characters in your usernames, and because in order to properly avoid all of the username duplication attacks and other such issues that can be caused with unicode, we'd have to eliminate large spans of that possibility. That said, we may start automatically stripping invisible separator characters during username submission.

  20. SWAG
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 2

    I see, well this is very interesting. Thank you Shadow.

  21. Sean_Le_Van
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 0

    @shadowfiend Interesting! Then how comes when I hacked the client-side in this manner, it went down each time ?

  22. Sean_Le_Van
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 0

    @shadowfiend I agree that invisible characters are not resposinble for bringing it down, but you should still remove them, because users can pretend to be other users by appending them. I programmed a simple thing to patch the bug in PHP for you: http://pastehtml.com/view/cu5clntb0.html I still think that I may have been reposonsible for taking OS down because of some of my client-side calls, but maybe not...

  23. Compassionate
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 1

    No, Sean, you're not. You look silly. Stop embarrassing yourself.

  24. shadowfiend
    • 2 years ago
    Best Response
    You've already chosen the best response.
    Medals 5

    A couple of things: (1) I've not completely ruled out that those actions are bringing the server down, since I don't know what the client-side actions are. (2) I will go so far as to repeat myself, since you apparently didn't read my reply: “Likewise, we explicitly chose not to filter characters. That was because we wanted to allow you folks the expressive power of being able to use unicode characters in your usernames, and because in order to properly avoid all of the username duplication attacks and other such issues that can be caused with unicode, we'd have to eliminate large spans of that possibility. That said, we may start automatically stripping invisible separator characters during username submission.” And, last but not least, we don't use PHP, thank goodness. We use Scala and the Lift framework. That said, your PHP snippet has an htmlspecialchars escaping call that is somewhat orthogonal to the purpose of the snippet.

  25. Not the answer you are looking for?
    Search for more explanations.

    • Attachments:

Ask your own question

Sign Up
Find more explanations on OpenStudy
Privacy Policy

Your question is ready. Sign up for free to start getting answers.

spraguer (Moderator)
5 → View Detailed Profile

is replying to Can someone tell me what button the professor is hitting...

23

  • Teamwork 19 Teammate
  • Problem Solving 19 Hero
  • You have blocked this person.
  • ✔ You're a fan Checking fan status...

Thanks for being so helpful in mathematics. If you are getting quality help, make sure you spread the word about OpenStudy.

This is the testimonial you wrote.
You haven't written a testimonial for Owlfred.