 Notice. New forum software under development. It's going to miss a few functions and look a bit ugly for a while, but I'm working on it full time now as the old forum was too unstable. Couple days, all good. If you notice any issues, please contact me. |
Forum Index : Microcontroller and PC projects : Fixing the BBS software
| Author | Message | ||||
| matherp Guru  Joined: 11/12/2012 Location: United KingdomPosts: 10189 |
Is there anything that can be done to fix the board software so that program text between "code" and "/code" is not corrupted? With Cfunctions, we need to be able to post C code which uses square brackets for arrays. Unless the C code includes the word "code" as an array index it should be possible for this to be displayed without corruption. Also we all know about the extra spaces issue, typically these end up in the middle of variable names making debuggging very difficult. I know we can attach ZIP files but this is clunky and must less accessible for the reader. Also this makes it impossible for the author to include a code commentary in any useful way. I assume the board software is written in python or something similar so it must be possible to use "code" to enter a program state where things are left as-is until the next "/code" If we are to use Back Shed to share code effectively this really is an important issue. I've just wasted 15 minutes of my life getting the code G8JCF posted working because of additional spaces. Putting extra spaces in lines of code to try and defeat the bug is not a solution in large programs and does not address the square bracket issue. |
||||
| paceman Guru Joined: 07/10/2011 Location: AustraliaPosts: 1329 |
Glenn (Gizmo) runs the TBS board Peter, at his cost on his server and has done so for many years - he's probably the only one who can answer this. Send him a PM, he's very helpful where possible. Greg |
||||
Gizmo Admin Group  Joined: 05/06/2004 Location: AustraliaPosts: 5116 |
The forum software is a balance between security and ease of use. Security is always more important. It would be very easy for someone to insert code into a post that could compromise hundreds of visitors PC's if it wasnt for the way this forum "breaks" the posts. I can have a look into it, but can you give a link or provide an example of the problem code. Glenn The best time to plant a tree was twenty years ago, the second best time is right now. JAQ |
||||
| matherp Guru Joined: 11/12/2012 Location: United KingdomPosts: 10189 |
Glenn If you have a look at the post from G8JCF on page 2 of the "MM2: Full colour graphics teaser" thread and look at the first line under the comment Global Variables you will see that the variable TFT_rot has become "TFT_r ot". This effect is repeated throughout the code on long lines without space characters. If you need to insert spaces, these can always be safely done either side of a comma. On the C example, please look at the last post on page 1 of the thread C example. The 5th section of code suddenly ends up in italics and the line log=tmr1 should read log"opensquarebracket i closesquarebracket"=tmr1 The opensquarebracket i closesquarebracket is being taken as a display instruction even though it is inside the code section It would be really great if these issues could be fixed Thanks Peter |
||||
| Gizmo Admin Group Joined: 05/06/2004 Location: AustraliaPosts: 5116 |
Looking at those examples, thats exactly the sort of code the forum is trying to protect viewers from. Just add a couple of <script> tags and the web browser would try to execute the code thats been posted. So the forum software is working as it should, by breaking the code. Its not really anything to "fix", but I'll look into it and see if I can make a few changes. Like you say anything within a CODE tag should be passed with some restrictions. Glenn The best time to plant a tree was twenty years ago, the second best time is right now. JAQ |
||||
Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9585 |
I know this is kinda obvious, but why not post any of the longer code examples, especially those with Cfunctions, in a ZIP file? No chance of browser execution then, and also no chance at all of extra spaces in the Cfunction code mucking things up. Yes, you have to download and unzip the file to get at the code vs just copy-and-paste, but C'est La Vie...... Smoke makes things work. When the smoke gets out, it stops! |
||||
| MM_Wombat Senior Member  Joined: 12/12/2011 Location: AustraliaPosts: 139 |
Is it possible to have the inserted blank spaces change the background color, so they are easier to detect? Or change the character to a mathematical symbol in a different color? ie from ....subjectco de=5,.... to ....subjectco*de=5,.... AussieWombat Keep plugging away, it is fun learning But can be expensive (if you keep blowing things up). Maximite, ColourMaximite, MM+ |
||||
bigmik Guru Joined: 20/06/2011 Location: AustraliaPosts: 2949 |
Or a smiley face? Mick Mick's uMite Stuff can be found >>> HERE (Kindly hosted by Dontronics) <<< |
||||
MicroBlocks Guru Joined: 12/05/2012 Location: ThailandPosts: 2209 |
The only danger is from a <script> tag. It would be enough to filter those out. The rest is not a danger but a way to prevent the post getting very wide and break the layout. The way to solve it is to filter <script> out of the text that is outputted and put the code in a separate element with the style overflow: auto applied to it. This seems easy but if this is forum is a complete product it might be close to impossible. Is this open source? I it is, i might be able to contribute to fix this issue. Edit: As you can see the <script> tag is already taken care of. Microblocks. Build with logic. |
||||
| Gizmo Admin Group Joined: 05/06/2004 Location: AustraliaPosts: 5116 |
The <script> tag is just an example, there are may ways to embed code into a post thats malicious. The best approach is what the forum is doing, inserting blanks into long strings. If you ever look at a piece for malware, its never neatly laid out code, its usually a long string of bunched up code with no formatting or spaces what so ever. Thats why random spaces in long strings works so well, it brakes the code. It can also brake code with long strings posted by members. If I have to made a decision between security and what members would like, sorry but security comes first, I've seen enough sites ( including my own ) hacked to know how big a problem it is. But I will look into it. Glenn The best time to plant a tree was twenty years ago, the second best time is right now. JAQ |
||||
TassyJim Guru Joined: 07/08/2011 Location: AustraliaPosts: 6266 |
I have added another section to the variable report in MMEdit to list the lines that might be a problem with posting on this forum. It should show lines that 'might' have the extra space added in code you have copied from the forum and also lines that probably will have the extra space added when you post your code. Using the code example from 'MM2: Full colour graphics teaser', the output from Variable report includes: Variables which are only refered to in one line:
TFT_r 137 ot 137 TFT_DRAWCHAR 144 TFT_DRAWLINE 144 length 205 T_nr 208 _w1 296 FT_w1 375 TFT.CRect Sub 403 _rot 415 Lines that might be corrupted with extra space when posted in TBS: 8 137 208 237 238 239 240 250 251 252 253 254 255 256 257 296 316 330 342 375 389 391 392 394 399 404 415 422 423 424 425 445 446 449 450 453 454 457 458 476 477 480 481 489 It doesn't fix the issue, but it does make checking a lot easier. I have also added code to replace those pesky smart quotes that often appear when you copy from documents that were written in MS word. The update will be posted in a day or so. Jim VK7JH MMedit |
||||
| Gizmo Admin Group Joined: 05/06/2004 Location: AustraliaPosts: 5116 |
Looking at the code that does the formatting. Lots of issues. First up, removing the random spaces the forum inserts into long strings. Dont know if I can do anything about that without compromising security. Formatting within CODE blocks I may be able to fix, but its a real pain in the butt! Normally the forum looks for the tags, and formats the text between the tags as required, usually by replacing the tag with HTML. To tell the forum not to format other tags within a CODE tag is not that easy. Approach would be to look for CODE tag, and record its start and stop positions. Then when it looks for the other tags, ignore any found between the recorded positions of the CODE tags. Problems. There may be more than one CODE tag in a post, so need to find all, record all start/stop positions in a array, and then for each possible tag, step through the array and dont format tags between arrays recorded start/stop positions. Bit of a pain, but workable. The other problem is the way the forum software uses shared functions and subs spread over several pages, so I need to make sure any modifications wont break other parts of the forum. Anyway, I'll get to it as time allows. Glenn The best time to plant a tree was twenty years ago, the second best time is right now. JAQ |
||||
 Print this page |
 |
The Back Shed's forum code is written, and hosted, in Australia. | © JAQ Software 2025 |
