PDA

View Full Version : Patches and Fixes



Fay V
11-15-2012, 04:53 PM
http://i148.photobucket.com/albums/s25/FaileV/sewgood2-1.png

Hello Weasyl users! We just wanted to take the time to thank everyone who has been reporting site bugs and offering suggestions to improve our features. Our coders have been working hard to develop patches, and with the helpful suggestions and comments of our community, Weasyl has once again taken a step towards improving the experience of our users.

For those interested, here's a full list of the most recent additions and bug fixes:

- URL rewrite misconfiguration would sometime cause 404s or redirect to the home page
- Favorite button on journals did not indicate when one had favorited it
- Ignored users could still follow the user who had ignored them
- Character submission favorites count always appeared as zero
- Several pages did not give "friendly" error messages
- Embedded Bandcamp submissions could not accept single tracks, only albums
- Date of birth could be set to a future date, which caused problems with users updating their viewable rating settings
- Friending or following ignored users caused unexpected behavior
- Strict IP address matching issue caused some users to be logged out frequently
- Collections would not allow an offer if the recipient used advanced filters, even if the submission was not rated 18+
- Multiple "Go to Group Profile" buttons 404'd
- Submissions rated higher than user's maximum viewable rating hid own submissions when viewing gallery
- Followed by and following pages would not list users sequentially correctly
- Profile and comments did not designate site staff
- Folders could not be moved (missing UI integration)
- Commission classes and prices could not be edited in-place (missing UI integration)
- Added https://www.weasyl.com/help/bbcode
- Added https://www.weasyl.com/invitations
- Ratings guidelines and Collection FAQ pages now open in new windows so upload process is not interrupted
- Could not directly link to submission, character, and journal comments

Keep reporting any bugs you may find, or post here on the forums to suggest updates or features you would like to see while using Weasyl! We're happy to see our users involved and to see our site growing so rapidly to include a variety of artists, writers, and musicians.

Please note, if you are someone who donated but never received an invite, be sure to check your spam folder on your email. If you cannot find your invite, email Support@Weasyl.com with the email you donated with, and we can resend the invite. Any other problems with invites please email Support@weasyl.com for assistance.

Thanks again for all the assistance and keep those suggestions coming!



Picture by: Fiz

Nightpaws
11-16-2012, 04:42 PM
Oh, I like this sort of post! Very informative and it shows how much effort is going into the site.

I was pleasantly surprised when this didn't say "We fixed some bugs etc. kthx" :thumbsup:

Keep up the good work!

Vitani
11-26-2012, 01:20 PM
Its not so much a bug, but more of a security bugbear that I can see.

In the "Sent Invitations" page, you have a list of email's readily readable. If in the event one account is compromised and the user gets to that page, multiple other accounts can be targeted.

Personally I would try to distort the email addresses from view (partial obscure).

Temrin
11-26-2012, 03:06 PM
I can definitely agree with Vitani. I remember doing that kind of stuff on college. Telling the code to parse from "this" to "this" and how tedious it was. But i do agree that perhaps having it show only from the first letter to the @ sign would help. Or when inviting someone have a name field for us to put in and that is what shows on the invite page. Something like that.

Vitani
11-26-2012, 03:36 PM
I can definitely agree with Vitani. I remember doing that kind of stuff on college. Telling the code to parse from "this" to "this" and how tedious it was. But i do agree that perhaps having it show only from the first letter to the @ sign would help. Or when inviting someone have a name field for us to put in and that is what shows on the invite page. Something like that.

My apologies if my message was someone short and disjointed, but I was short on time to write it earlier.

I'm no security expert, and I don't claim to be, but having studied security before I've see how important it could be.

I agree with your point about obscuring the domain name, it then leaves literally hundreds of possible combinations of generic email providers (hotmail, yahoo, gmail and the like) but then there are a fair few others who have email addresses on personal domains. So the chances of access are reduced further.

One further change I would make is to change the @ to [at] (even though its not an actual link it still stops harvesters from scanning the page for it, well, reduces the success rate at least.)