|
Register | Sign In |
|
QuickSearch
Thread ▼ Details |
|
|
Author | Topic: General Discussion Of Moderation Procedures (aka 'The Whine List') | |||||||||||||||||||||||||||||||||||||||||||
Admin Director Posts: 12998 From: EvC Forum Joined: Member Rating: 2.3 |
There was a technical glitch when this thread was first promoted. The problem has been fixed and this thread is now open.
|
|||||||||||||||||||||||||||||||||||||||||||
Admin Director Posts: 12998 From: EvC Forum Joined: Member Rating: 2.3 |
It turns out that paragraph indents are remarkably easy. All you need is a little bit of HTML. I could also very easily provide a dBCode, but it wouldn't be much more convenient than HTML, so I'll think about it and see if I can come up with something convenient. Perhaps a user preference. Anyway, in the meantime just use this HTML at the beginning of each paragraph: <p style="text-indent: 30px"> Change the "30" to be as much or as little indent as you want.
|
|||||||||||||||||||||||||||||||||||||||||||
Admin Director Posts: 12998 From: EvC Forum Joined: Member Rating: 2.3 |
arachnophilia writes: ...the more universal "style" tag... I'm not familiar with it. Can you point me to a board that has it? AbE: Never mind, I understand now. I thought you were referring to a [style] code, but you meant the <style> tag. Yes, the <style> tag is disallowed. Edited by Admin, : Add AbE comment.
|
|||||||||||||||||||||||||||||||||||||||||||
Admin Director Posts: 12998 From: EvC Forum Joined: Member Rating: 2.3 |
arachnophilia writes: your board allows far more html than most. That's because I pass all message text through an HTML parser that uses a white list of safe tags. All tags not on the white list disappear. I don't know of any other bulletin board software that does this, hence they must disable HTML due to the risks involved.
|
|||||||||||||||||||||||||||||||||||||||||||
Admin Director Posts: 12998 From: EvC Forum Joined: Member Rating: 2.3 |
Can you provide an example of what you're talking about?
|
|||||||||||||||||||||||||||||||||||||||||||
Admin Director Posts: 12998 From: EvC Forum Joined: Member Rating: 2.3 |
Okay, I see how you're thinking about this, and in this case the attempted insertion doesn't need to be inside an HTML tag. To keep it simple let's say this is your entire message:
');DROP TARLE users; And now I'm going to add this message to the message database, and the SQL query would look like this:
insert into messages values (..., '');DROP TARLE users;', ...); Your close quote ends the insert query, after which the users table is deleted. However, a message is text, and all single quotes in message text are escaped, so the actual query becomes:
insert into messages values (..., '\');DROP TARLE users;', ...); But interestingly, this has uncovered a bug. The mere presence of the string "drop tarle" in message text hangs the message preview feature, and that explains why I've used "tarle" in place of "table" in this message. I'm really curious about this one. Edited by Admin, : Typo.
|
|||||||||||||||||||||||||||||||||||||||||||
Admin Director Posts: 12998 From: EvC Forum Joined: Member Rating: 2.3 |
Actually, I didn't add any filtering to the software until this past summer when some hackers targeted the site, but there's nothing secret about this stuff, you can find SQL hacking info all over the Internet, so if you have any questions just ask away. The basics for filtering are pretty simple:
AbE: Oh, about the hangs if "drop table" is in the message text? Works fine from everywhere but work. Evidently my place of work blocks certain external CGI traffic that includes the string "drop table". The exact same thing happens at vBulletin-based boards. Why would my place of work do that? I'm going to guess that it's a side effect of their own tracking software protecting itself, although blocking instead of filtering seems way overly aggressive. Edited by Admin, : AbE. Edited by Admin, : Add backslashes.
|
|||||||||||||||||||||||||||||||||||||||||||
Admin Director Posts: 12998 From: EvC Forum Joined: Member Rating: 2.3 |
All CGI parameters get filtered. For example, the URL for the page where I'm typing this reply is:
But the browser address box could be edited to instead be this:
EvC Forum: Login Note: I didn't bother, but some characters have to be encoded - for example, the semicolon should be "%3B" and the space between drop and table should really be "+". Now if I don't filter the "m" CGI parameter then when I look up your message in the database the query will look like this:
select * from MessageTable where MessageNumber=595701;drop table users Oops! So, yes, everything gets filtered.
|
|||||||||||||||||||||||||||||||||||||||||||
Admin Director Posts: 12998 From: EvC Forum Joined: Member Rating: 2.3 |
I think this was fixed a while back - let me know if you run into it again.
|
|||||||||||||||||||||||||||||||||||||||||||
Admin Director Posts: 12998 From: EvC Forum Joined: Member Rating: 2.3 |
No set of rules of reasonable length can cover all contingencies, and so I've often asked people to follow the spirit of the guidelines. The goal of EvC Forum is productive discussion that promotes knowledge and understanding. Approaches that place too great an emphasis on a Socratic or overly terse and cryptic style tend to be provocative and are not consistent with EvC's philosophy. And in any event, whether anyone agrees or not, there's always rule 1:
|
|||||||||||||||||||||||||||||||||||||||||||
Admin Director Posts: 12998 From: EvC Forum Joined: Member Rating: 2.3 |
I agree with Adminnemooseus. I've seen evolutionists define natural selection in many different ways over the years, and this one seems okay, certainly more than adequate for a thread about the number of designers. If the thread were more directly about evolution then exerting effort getting the definition of natural selection precisely right would make more sense.
|
|||||||||||||||||||||||||||||||||||||||||||
Admin Director Posts: 12998 From: EvC Forum Joined: Member Rating: 2.3 |
Hi Buz,
I saw AdminPD's response, and while she's correct that I'm the final arbiter, I don't want to be a dictator. Decisions by myself or any moderator should be rational, proportionate and unbiased. You're restricted from evidence-based threads because your participation distracts from the thread's topic. The thread's other participants begin requesting evidence from you. You claim that what you're providing *is* evidence. It's explained why it isn't evidence. The pattern continues and the thread's topic is ignored. I know that Wyatt's theories interest you, and if you'd like to discuss them why don't you go to a board whose idea of what constitutes evidence is more congruent with your own?
|
|||||||||||||||||||||||||||||||||||||||||||
Admin Director Posts: 12998 From: EvC Forum Joined: Member Rating: 2.3
|
Hi Buz,
I was only trying to give you constructive feedback so that, if you choose, you can use it to return to participation in the science forums. But your reaction was to accuse me of biased moderating and purposeful silencing of opposing views. You're restricted from the science forums because you cause those threads to go off-topic to argue about whether your evidence is really evidence, not because moderators are opposed to your views on the Exodus. The goal of EvC Forum is constructive debate, and we can't turn every science thread you participate in into an argument over what constitutes valid evidence. If you'd truly like to return to the science forums then why don't you propose a thread to discuss the nature of valid evidence. If you can reach a consensus with other people about evidence then you can return to the science forums. Buz, sincerely, I could care less about whether the Exodus was real or not. I could care less about whether they crossed the Reed Sea, the Red Sea or the Gulf of Aqaba. I have no strong feelings either way about any religion - you know this because I almost never participate in the religious threads. What possible impact could the Exodus have on evolution, which I do discuss quite a bit? What is important to me is rational thinking and preventing threads from bogging down, and it is because your participation works against both these goals that you're restricted from the science forums. It has nothing to do with your religious views. Sometimes I think you forget that I am not an atheist. I have no problem with any religion when it comes to matters of faith.
|
|||||||||||||||||||||||||||||||||||||||||||
Admin Director Posts: 12998 From: EvC Forum Joined: Member Rating: 2.3 |
Hi Buz,
The first three paragraphs of Crash's Message 196 pose the key question: Why is it that even people who share your position on a matter do not believe you're presenting any evidence?
|
|||||||||||||||||||||||||||||||||||||||||||
Admin Director Posts: 12998 From: EvC Forum Joined: Member Rating: 2.3 |
Adminnemooseus writes: Much of what he got suspended for (and I did give a "-" to Admin's suspension message) was building on Jar's and your messages. IamJoseph was suspended for ignoring moderator requests to stop discussing the Bible in science forums in these three threads:
Discussing the Bible in science threads is a longstanding IamJoseph problem, and combined with his inability to stay on topic or clearly articulate anything he is a significant disruptive force in threads and I am actively trying to discourage his participation here.
|
|
|
Do Nothing Button
Copyright 2001-2023 by EvC Forum, All Rights Reserved
Version 4.2
Innovative software from Qwixotic © 2024