I liked my own post


Seba06 2020-06-16 01:11


Seba06 2020-06-16 01:14

And also commented on it before it was posted

Seba06 2020-06-16 01:18

I KNOW PEOPLE WILL THINK IM A HACKER BUT I SWEAR IM A LAW ABIDING CITIZEN. I dont want to say how i did it here because then everyone will do it and thats bad so Timo if you want to hear it tell me and i can tell you through discord

Timo 2020-06-16 16:21

Hm, not sure if I took a lot of care in the development. Comment before post?? I have no idea how this could work :O
You can tell us here how it's made. People aren't that bad to make use of it, are they??

Seba06 2020-06-16 17:28

OK i'm gonna put it here but please, to anyone reading this, don't do it.

So basically each post has an id that can be seen in the link. If you change the id to something else it will take you to the post with that id. The problem is in posts that don't exist. Instead of showing an Error 404 couldn't find page. It shows the standard page but empty and with an error message at the top. You can still like and comment on it. Basically what i did is that i went to the latest post and added 1 to the id, i liked it and commented on it then created a post. The post i created would then get assigned the next id being the one i commented on. Bingo Bango I liked my own post. I don't know much about web design but i would say that the best thing to do would be to add an Error 404 page.

Seba06 2020-06-16 17:30 (Edited)

Also you can go to numbers less than 1 https://lowresnx.inutilis.com/topic.php?id=0

GAMELEGEND 2020-06-16 22:49 (Edited)

did you do this to see what whouuld happen
or was it completly by accident somehow

Seba06 2020-06-16 23:35

I saw that you could go to posts with invalid id's and like them, then i saw that all posts where enumerated in order. I did it on purpose because 1. I like breaking things and 2. I though that by pointing out a bug like this I could help Timo improve the site a little bit

Timo 2020-06-17 05:48

That’s clever, I didn’t think about doing stuff on an invalid ID, but it makes totally sense. The reference to a topic in a comment or “like” is just a number, it doesn’t care if the topic exists or not.
Yes, I should return a 404 for this case. Thanks!

Timo 2020-06-20 09:36

Fixed! Now we have a 404 :)

GAMELEGEND 2020-06-20 13:49

that 404 error looks pretty cool

Timo 2020-06-20 15:07

It’s a screenshot of was8bit’s Poke Poke.

Log in to reply.