|
Register | Sign In |
|
QuickSearch
Thread ▼ Details |
|
|
Author | Topic: General Discussion Of Moderation Procedures (aka 'The Whine List') | |||||||||||||||||||||||||||
nwr Member Posts: 6412 From: Geneva, Illinois Joined: Member Rating: 4.5 |
bluegenes writes:
Well, there was Victor Borge who did just about everything other than capitalize.We don't capitalize and use formal grammar when we chat. Jesus was a liberal hippie
|
|||||||||||||||||||||||||||
Admin Director Posts: 13038 From: EvC Forum Joined: Member Rating: 2.1 |
Okay, I see how you're thinking about this, and in this case the attempted insertion doesn't need to be inside an HTML tag. To keep it simple let's say this is your entire message:
');DROP TARLE users; And now I'm going to add this message to the message database, and the SQL query would look like this:
insert into messages values (..., '');DROP TARLE users;', ...); Your close quote ends the insert query, after which the users table is deleted. However, a message is text, and all single quotes in message text are escaped, so the actual query becomes:
insert into messages values (..., '\');DROP TARLE users;', ...); But interestingly, this has uncovered a bug. The mere presence of the string "drop tarle" in message text hangs the message preview feature, and that explains why I've used "tarle" in place of "table" in this message. I'm really curious about this one. Edited by Admin, : Typo.
|
|||||||||||||||||||||||||||
crashfrog Member (Idle past 1494 days) Posts: 19762 From: Silver Spring, MD Joined: |
Sure.
Like, I don't ask because I think you haven't taken measures, I ask because I'm curious, and somewhat of a (poor) programmer myself. And I guess I could try to find out by trying these hacks myself but if any of them worked I'd have destroyed EvC Forum. (That, of course, overestimates my hacking abilities to a significant extent.) Of course, maybe you don't want to openly discuss the nuts and bolts of site security? Maybe I'll just let it go.
|
|||||||||||||||||||||||||||
arachnophilia Member (Idle past 1371 days) Posts: 9069 From: god's waiting room Joined: |
you can't have looked at too many forums, as i'm registered at quite a few.
bluegenes writes: They want period, space, space, capital. That's double your preferred period, space. well, as crash pointed out, that's not what "double spaced" means, but yes, that is part of standard MLA (i think?). i actually prefer it myself, and always have, but i've stopped typing that way since html doesn't allow it. it collapses all extra spaces in text. i'd literally have to add two extra non-breaking spaces at the end of each sentence, and i'm not going to do that when period-space is sufficient. MLA also does not like the extra blank line between paragraphs, which i believe that nearly everyone does here for the sake of clarity. Edited by arachnophilia, : No reason given.
|
|||||||||||||||||||||||||||
Jon Inactive Member |
No style guide since the age of typewriters has specified "period space space capital" formatting, because modern computers kern text - that is, they adjust the space between letters to compensate for the relative visual width of letters. In the age of typewriters "period space space capital" formatting was preferred because the text was monospaced and unkerned, so there was less visual density of text and therefore less apparent space between sentences. "The Mac is not a Typewriter" is, of course, best-selling author and editor Robin Williams's cri de coeur against obsolete style guides misapplied to computers, and he spends most of it railing against "period space space capital" formatting, and he's absolutely right - unless you're reading this on your old IBM Selectric, somehow, you shouldn't be doing it under any circumstances. I always double space after sentencesalways. Jon Check out Apollo's Temple! Ignorance is temporary; you should be able to overcome it. - nwr
|
|||||||||||||||||||||||||||
crashfrog Member (Idle past 1494 days) Posts: 19762 From: Silver Spring, MD Joined: |
I always double space after sentencesalways. HTML strips out extra whitespace, so here it doesn't matter. In any other context where you're producing printed material on a computer, you shouldn't be. Don't misapply obsolete styles.
|
|||||||||||||||||||||||||||
Jon Inactive Member |
However, a message is text, and all single quotes in message text are escaped, so the actual query becomes:
insert into messages values (..., '\');DROP TARLE users;', ...); Is this why when I do a PNT, the ' in my signature becomes '\ (or maybe it's \')? When I enter Edit mode and then Submit (even without making any actual changes to anything), it goes back to normal... It only seems to happen in PNTs. Jon Check out Apollo's Temple! Ignorance is temporary; you should be able to overcome it. - nwr
|
|||||||||||||||||||||||||||
Jon Inactive Member |
In any other context where you're producing printed material on a computer, you shouldn't be. Why shouldn't I be? Jon Check out Apollo's Temple! Ignorance is temporary; you should be able to overcome it. - nwr
|
|||||||||||||||||||||||||||
crashfrog Member (Idle past 1494 days) Posts: 19762 From: Silver Spring, MD Joined: |
Why shouldn't I be? UR DOIN IT RONG
|
|||||||||||||||||||||||||||
nwr Member Posts: 6412 From: Geneva, Illinois Joined: Member Rating: 4.5 |
Jon writes:
That was just crashfrog being ornery. I wouldn't worry about it.Why shouldn't I be? When I'm using a plain text editor in a command line window, the two spaces at the end of a sentence still look better. Jesus was a liberal hippie
|
|||||||||||||||||||||||||||
crashfrog Member (Idle past 1494 days) Posts: 19762 From: Silver Spring, MD Joined: |
When I'm using a plain text editor in a command line window, the two spaces at the end of a sentence still look better. Right, but that's a monospaced font, which is exactly when you should do it. Unless Jon is writing papers in Courier, though, he shouldn't use two spaces after periods.
|
|||||||||||||||||||||||||||
Jon Inactive Member |
UR DOIN IT RONG Why is it rong? Why is your method wright? Jon Check out Apollo's Temple! Ignorance is temporary; you should be able to overcome it. - nwr
|
|||||||||||||||||||||||||||
arachnophilia Member (Idle past 1371 days) Posts: 9069 From: god's waiting room Joined: |
crashfrog writes: Unless Jon is writing papers in Courier, though, he shouldn't use two spaces after periods. i might have written a paper once in courier. i can't, for the life of me, remember why. i have also had at least one teacher at some point when i was in school who insisted on "period space space capital" which i only remember because i thought it was absurd at the time.
|
|||||||||||||||||||||||||||
Jon Inactive Member |
I use a typewriter quite often. Not always with a Courier-esque font; but they are always monospaced (naturally). But that's not why I use double-spaces after sentences.
Now what I really hate are lining figures. Yuck. Jon Check out Apollo's Temple! Ignorance is temporary; you should be able to overcome it. - nwr
|
|||||||||||||||||||||||||||
arachnophilia Member (Idle past 1371 days) Posts: 9069 From: god's waiting room Joined: |
Jon writes: I use a typewriter quite often. and people think i'm weird for owning a turntable. in any case, in reference to the original sub-thread title, there's a very famous message board with a somewhat high percentage of lowercase posts. it just made the news recently, as members took down the webpages of visa, mastercard, and the government of sweden.
|
|
|
Do Nothing Button
Copyright 2001-2023 by EvC Forum, All Rights Reserved
Version 4.2
Innovative software from Qwixotic © 2024