Legacy Online - Portal

« First

Last »

Game News posted by Zorg

Monday, November 1st 2010

Ok, so the problem I'm having with images is quite complicated. Basically a lot of scripts in this game "do stuff". For example, the script gangs8_1.php when navigated to will make you leave your current gang (this is what I did with my proof of concept exploit). In order to link someone to this script you need to first steal their session ID and then redirect them to the relevant URL, very easy to do if we allow IMG tags on the forums.

My fix for this is to implement code that upon arrival at gangs8_1.php (and the hundred or so other scripts like it) checks the page you came from. So if you did not come from the page leading to it, then it will error. However, this error would also pop up if you used the back button on your browser before clicking a link to do something.

I don't know how often players use the back button when playing my game so I have no idea how inconvenient this fix is going to become. All I can do is implement it and see, this will be done once all the scripts are updated.

inFamous

"1st"

Altiar

kukker

"make a bote "how often do youu use the back button"

btw SECOND!"

CodeHydro

"Wouldn't a captcha be great in such a case? http://www.google.com/recaptcha FTW!"

mayjo

"I for one don't use the back button very often."

CannOwns

"please dont use captcha"

LordPain

"tend to use back several times a day at least"

Varamin

"I use back, and people who level probably do so much more. Referrer checking is not very strong protection; perhaps something like http://shiflett.org/articles/cross-site-request-forgeries ?"

junglewolf

"i use back button to boast my dmg

,dont change it

Moonpig

"only use it to see what happend in wl, but I wouldnt mind this to be implemented."

bcfcespley

"Just makes sigs so theyre not linkable?"

Jerv

"I use it a fair bit actually...when posting in forums...however, I do also use "Open in New Tab", so can easily cope without it

Jess

"In order to link someone to this script you need to first steal their session ID"

ExDeath

"meh I hardly ever use the back button here"

Rod

"What about not having a session ID in the URL and rather than have pages that can be navigated to that perform the action, have buttons that run the script in the background?"

kae

"The only time I use the back button is in the WL. My request is fixing the Guards, so when you click on one that doesn't exist anymore, it takes you back to the WL, rather than through 3 other pages"

Haze

"I always use the back button....

Toyic

"I definitely use back button quite a bit when using forums, but I can deal with tabs."

Durke

"I'm using back very often

Maurice

"a captcha on the leave gang screen would not be bad, as long as that's the only place."

rollin340

"Like they said, why not have a captcha beside the Leave Gang? The script will check that first. But then, what about market stuff? See guys, not so easy.

uglymug

"Zorg, I don't use the back button much, but I do use tabs to play this game. Whenever my jobs are complete, I open the link in a new tab so that the current page I am on does not change and for my inv"

Jobu

"I agree with Maurice, if this helps the issue. I use the back button for some things like healing, or checking damage in fights.

6Vincent6

"Back button.. back button!!! o_o"

Roosell

"Like has been said, I use the back button but also tabs. As long as it doesn't affect tabs I think I can like without Back for a while."

soulcrushe

"Does that mean the game will stop working if you disable http referrers?"

Cyclone

"@ Zorg, hide session ID's. Or just take away the IMG tag; I have sigs disabled anyways."

Wasteland Cycle 2024
- Updated by Charlie

Legacy Anniversaries
- Updated by Charlie

Banners
- Updated by Charlie

Gift Box 19
- Updated by Charlie