Angband.oook.cz
Angband.oook.cz
AboutVariantsLadderForumCompetitionComicScreenshotsFunniesLinks

Go Back   Angband Forums > The real world > Oook!

Reply
 
Thread Tools Display Modes
Old December 12, 2007, 19:24   #1
zaimoni
Knight
 
zaimoni's Avatar
 
Join Date: Apr 2007
Posts: 590
zaimoni is on a distinguished road
RGRA portal stealth post feature

Just had an unpleasant re-surprise (was only half-awake, so didn't take full usual precautions against double-posting from Oook RGRA portal). Note that I normally use the dedicated RGRA login rather than the forum login.

I am not used to the following sequence generating a post:
* being asked to login in, so...panic; instead of filling out the login form per correct checklist on my end, hit the back button (to recover post content; panic precludes noticing that I just copied the whole post content into the clipboard just-in-case).
* Blank post composition screen comes up rather than the content of the intended post (ok)...*but* the post gets sent out anyway (bug).

The back button not only re-logged me in (not normal behavior for a web application, but can be caused by appropriate http headers), it sent out the original composed post as well (exceptionally not-normal behavior) without suggesting it had done so (bug).

This isn't the first time this has happened to me when half-awake. It just occurred to me that this combination of features would also cause double-posting for RGRA portal newbies used to standard web application back button behavior.

Does the architecture permit a quick alteration that does exactly one of the following:
* blocks posting when the back button is used?
* correctly informs the user that their post has been submitted to USENET?

Target browser is SeaMonkey 1.1.7; FireFox was forked from SeaMonkey back when SeaMonkey was the Mozilla suite.
zaimoni is offline   Reply With Quote
Old December 12, 2007, 20:46   #2
Nick
Vanilla maintainer
 
Nick's Avatar
 
Join Date: Apr 2007
Location: Canberra, Australia
Age: 54
Posts: 7,945
Donated: $60
Nick will become famous soon enough
Quote:
Originally Posted by zaimoni View Post
This isn't the first time this has happened to me when half-awake. It just occurred to me that this combination of features would also cause double-posting for RGRA portal newbies used to standard web application back button behavior.
I have double-posted to rgra more than once by this method, using SeaMonkey and/or Firefox (and possibly even IE).
__________________
One for the Dark Lord on his dark throne
In the Land of Mordor where the Shadows lie.
Nick is offline   Reply With Quote
Old December 12, 2007, 23:33   #3
pav
Administrator
 
pav's Avatar
 
Join Date: Apr 2007
Location: Prague, Czech republic
Age: 39
Posts: 782
pav is on a distinguished road
Send a message via ICQ to pav
Well I'm not entirely sure what's going on for you. You are not allowed to fill in the post without not being already logged in, right?

So somehow the website logs you off when you hit Post button, and when you hit the back button it posts the article? I find that very hard to believe.
__________________
See the elves and everything! http://angband.oook.cz
pav is offline   Reply With Quote
Old December 13, 2007, 00:44   #4
zaimoni
Knight
 
zaimoni's Avatar
 
Join Date: Apr 2007
Posts: 590
zaimoni is on a distinguished road
Quote:
Originally Posted by pav View Post
Well I'm not entirely sure what's going on for you. You are not allowed to fill in the post without not being already logged in, right?
Yes, explicit login is required befores starting to compose the post.
Quote:
Originally Posted by pav View Post
So somehow the website logs you off when you hit Post button,
The login times out on its usual 15-20ish minute schedule when using the RGRA portal login, yes. I often need longer than this to properly proofread a USENET post.
Quote:
Originally Posted by pav View Post
and when you hit the back button it posts the article? I find that very hard to believe.
RGRD, "LOS/FOV vs. Line of Fire": my first reply was double-posted with this bug.

It's not at all hard to believe. All that's required is that the back button resubmit the login form (which I can look up both how to do and prevent; I just would never design a web application to break the back button this way. I'm composing on the page generated at login) -- and that the content of the attempted post be matched with the login credentials. The form content definitely was sent in, the page requiring re-login came up in response to the failed posting.

However, doing what's expected (entering the login credentials) doesn't cause the posting. Just the back button to the page generated at login.
zaimoni is offline   Reply With Quote
Old December 13, 2007, 01:04   #5
pav
Administrator
 
pav's Avatar
 
Join Date: Apr 2007
Location: Prague, Czech republic
Age: 39
Posts: 782
pav is on a distinguished road
Send a message via ICQ to pav
I still don't get it. You log in, fill in the post, submit, get login form. At that point, you hit back - but there's no post content in that request! Only thing I can think of is hitting Reload.

Also, you surely had to confirm the warning box about re-submitting POST content, haven't you?
__________________
See the elves and everything! http://angband.oook.cz
pav is offline   Reply With Quote
Old December 13, 2007, 01:21   #6
zaimoni
Knight
 
zaimoni's Avatar
 
Join Date: Apr 2007
Posts: 590
zaimoni is on a distinguished road
Quote:
Originally Posted by pav View Post
I still don't get it. You log in, fill in the post, submit, get login form. At that point, you hit back - but there's no post content in that request!
Correct; the repost on back would only have login credentials.
Quote:
Originally Posted by pav View Post
Only thing I can think of is hitting Reload.
That's not even adjacent to Back either on keyboard or GUI.
Quote:
Originally Posted by pav View Post
Also, you surely had to confirm the warning box about re-submitting POST content, haven't you?
SeaMonkey doesn't have that warning box reposting POST forms with the reload key. I have no reason to think I'd get one on a back-button induced form repost.

(Exhaustively checks options.) SeaMonkey has no obvious configuration options for this.
zaimoni is offline   Reply With Quote
Old December 13, 2007, 09:21   #7
pav
Administrator
 
pav's Avatar
 
Join Date: Apr 2007
Location: Prague, Czech republic
Age: 39
Posts: 782
pav is on a distinguished road
Send a message via ICQ to pav
So how does this happen?

You type in a post, hit submit, fill in login, hit submit, then hit back? That would lead to the post - but it's hardly sneaky, you should be getting Your post have been sent. message in any case.

Other than that, there's something weird going on with your browser. Or I don't know.
__________________
See the elves and everything! http://angband.oook.cz
pav is offline   Reply With Quote
Old December 13, 2007, 09:40   #8
zaimoni
Knight
 
zaimoni's Avatar
 
Join Date: Apr 2007
Posts: 590
zaimoni is on a distinguished road
Quote:
Originally Posted by pav View Post
So how does this happen?

You type in a post, hit submit, fill in login, hit submit, then hit back?
As originally stated:
* type in post (on page generated immediately after login)
* hit submit, get login page
* hit back.

That's sufficient to get the intercepted post to reach a supported newsgroup. Which would be fine if I got "your message has been posted", but what actually arrives is the composition textarea.
zaimoni is offline   Reply With Quote
Old December 13, 2007, 09:54   #9
pav
Administrator
 
pav's Avatar
 
Join Date: Apr 2007
Location: Prague, Czech republic
Age: 39
Posts: 782
pav is on a distinguished road
Send a message via ICQ to pav
Okay, this is impossible. I'm sorry I can't fix this issue.

My only hope is this is some odd proxy/cache issue on the client side. Because as the server code is laid out now, it's not possible to have the post posted without also receiving "Your message has been posted" text...

Also my guess is that the back button is not necessary; the post is posted when you hit submit first time.
__________________
See the elves and everything! http://angband.oook.cz
pav is offline   Reply With Quote
Old December 13, 2007, 10:00   #10
zaimoni
Knight
 
zaimoni's Avatar
 
Join Date: Apr 2007
Posts: 590
zaimoni is on a distinguished road
I've never seen the original post posted when actually filling out the login credentials. It should be easy enough to test safely, however.

The empty textarea for editing still comes up when doing that.
zaimoni is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
rgra weirdness Nick Oook! 2 August 19, 2007 05:04


All times are GMT +1. The time now is 23:00.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, vBulletin Solutions Inc.