Windows v6 beta test

[Stephen]

Quote:

Originally Posted by fowlplay4

Security Concern: There still isn't a prompt for OpenURL, reported this ages ago.

If I understand your request correctly then I disagree. A prompt places responsibility on the user. Graal Online (and in extension, the server) should be held responsible. Administrative routine should moderate openURLs; either through punishing unreported openURLs in scripts or strict access restrictions.

[fowlplay4]

Quote:

Originally Posted by Stephen

If I understand your request correctly then I disagree. A prompt places responsibility on the user. Graal Online (and in extension, the server) should be held responsible. Administrative routine should moderate openURLs; either through punishing unreported openURLs in scripts or strict access restrictions.

The damage is done far before it will even get reported, a whole server could be repeatedly goatsed (or other shock-site/exploit) hours before anyone can do anything about it.

This can also be easily exploited to open hundreds of browser tabs, etc.

PHP Code:

//#CLIENTSIDE
function onCreated() {
  setTimer(0.05);
}

function onTimeout() {
  openurl("http://www.google.com");
  setTimer(0.05);
} 


[Stephen]

Quote:

Originally Posted by fowlplay4

The damage is done far before it will even get reported, a whole server could be repeatedly goatsed (or other shock-site/exploit) hours before anyone can do anything about it.

I cannot agree. Tricking a user and forcing a user into visiting a shock site (or other illicit material) have the same result - the user is exposed to undesirable content. The only way to prevent that entirely is through strict administrative procedure. We can all agree that the users hold no responsibility if they are exposed to undesirable content via game client... that in itself is a strong argument against a openURL prompt. Perhaps Graal Online needs a better system report and respond to abuse?

In the mean time it may be a good idea to filter openURL requests from the client.

[ffcmike]

I've now noticed that going from one level to another but then staying still causes a line of the previous level to be drawn over the current one, I think this depends on the differences between the new and old position of the player somewhat as it occurs every time in some places and others not at all, it can also be done with or without being on a gmap:



Regarding the playerlist alot of things seem really inconsistent, when you receive a PM you should be able to click the Icon at the top that has been changed into a PM bubble in order to open it, but this now doesn't seem to work half the time, mouse-over hint text also seems to display the wrong thing until you click somewhere on the playerlist.

It's also annoying that you now have to maximise both the client window and the playerlist window separately, they used to be in sync with eachother.

[Admins]

Quote:

Originally Posted by ffcmike

I've now noticed that going from one level to another but then staying still causes a line of the previous level to be drawn over the current one

Can you give me servername/levelname/position where I can test it? Is this only happening when entering buildings, eventually the server uses some transparent tiles? There was a blackness-transparency problem in some earlier v6 beta version but should work fine now, but I can check it if you give me the location where it's happening often.

[ffcmike]

Quote:

Originally Posted by Stefan

Can you give me servername/levelname/position where I can test it? Is this only happening when entering buildings, eventually the server uses some transparent tiles? There was a blackness-transparency problem in some earlier v6 beta version but should work fine now, but I can check it if you give me the location where it's happening often.

I noticed it the very first time I entered a building (the Bank) from level 14/classic_overworld_graalcity_04.nw on Classic, and was able to repeat this by then going from the main bank level to the room on the right hand side, doing the opposite made a vertical streak as opposed to a horizontal one, although this didn't occur when exiting back onto the gmap.

Having tried further it seems to be happening when entering pretty much every level where there is a black background, but we do not use transparent tiles or layers on Classic, it also seems that moving doesn't make it instantly disappear but actually shifts its position.

[fowlplay4]

Quote:

Originally Posted by Stephen

I cannot agree. Tricking a user and forcing a user into visiting a shock site (or other illicit material) have the same result - the user is exposed to undesirable content. The only way to prevent that entirely is through strict administrative procedure. We can all agree that the users hold no responsibility if they are exposed to undesirable content via game client... that in itself is a strong argument against a openURL prompt. Perhaps Graal Online needs a better system report and respond to abuse?

In the mean time it may be a good idea to filter openURL requests from the client.

It had a prompt in the V5 Client now it doesn't, you know what works good for a openurl filter, a "do you want to open 'URL' prompt" that's all that has to be done and we don't need to get admins involved with URL approval like we do on these forums.

[Stephen]

Quote:

Originally Posted by fowlplay4

we don't need to get admins involved with URL approval like we do on these forums.

Quote:

Originally Posted by Stephen

In the mean time it may be a good idea to filter openURL requests from the client.

You are mistaken.

[fowlplay4]

Quote:

Originally Posted by Stephen

You are mistaken.

Okay whatever point you're trying to make, I don't really care.

In it's current state OpenURL can be abused and V5 prevented this with an "Open 'http://example.org' OK Cancel" this is obviously something Stefan had to cut out from his builds due to the External Windows / Scripted Version of certain systems (Options, etc) and other refactoring. It needs to be re-added that's it.

[LoneAngelIbesu]

Quote:

Originally Posted by fowlplay4

In it's current state OpenURL can be abused and V5 prevented this with an "Open 'http://example.org' OK Cancel" this is obviously something Stefan had to cut out from his builds due to the External Windows / Scripted Version of certain systems (Options, etc) and other refactoring. It needs to be re-added that's it.

If there's a problem with implementing it, I don't think Stefan should waste his time. Even if you _can_ abuse openurl(), you need access to the server. So, it's inherently going to be abused in very isolated incidents, especially given that most of the servers played are Classic playerworlds, and those servers tend to have somewhat decent response times to major staff abuses.

Similarly, how often to users try and trick people to visiting shock sites? I haven't experienced much, and I would say Valikorlia would be more prone to that. If there's really difficulty in implement it, I still don't think the problem is that prevalent. And I don't see how a prompt would 'save' somebody from being tricked, anyways.