Any price you want



  • I was showing a friend the shore excursions for a cruise I'm taking. I cut and pasted a URL to a particular event, it looks like this:

    http://www.carnival.com/ShoreExcursionDetails.aspx?portcode=NAS&excursionname=Ardastra+Gardens+%26+City+Tour&excursioncode=424001&price=46.00

    Check out the last variable in the URL. Yes, it really works. Go ahead and change the tour price to $2 or $84234 or whatever you'd like.

    Now, I think I understand why they did this. You only see the page with the numeric price if you're booked on a cruise and signed in to the site. You can "buy now", which shows the correct price, no matter how you've messed with that URL. If you're just browsing their site, not booked, then the pages just display a number of $ marks, depending on how costly the excursion is. I'd guess this lets them use the same code for the booked passengers as for people just browsing the site.

     Too bad, I was really looking forward to playing 18 holes for $4.



  • Funny, you can enter whatever you want in there, but as soon as you try an HTML tag it throws an error. ( or is always fun in unescaped environments)

    And the forum breaks too :X



  • @Daid said:

    And the forum breaks too :X
    Haven't we already established that this forum sucks donkey nuts?



  • Yeah, but I never noticed it was THIS bad. Mmm. I wonder, could you forge a whole post below your own...



  • @Daid said:

    I wonder, could you forge a whole post below your own...
     

    Best. Plan. Ever. 



  • @bstorer said:

    @Daid said:

    And the forum breaks too :X
    Haven't we already established that this forum sucks donkey nuts?

    Yes, including the ability to write fake posts. But it never gets boring!

    <edit> After reading the rest of the thread... yes, yes you can forge posts. Me and somebody else used to do it, though I forget the thread now. :)



  • Mmm... how about:

    Edit: Nope, script tags get destroyed...



  • @Daid said:

    I wonder, could you forge a whole post below your own...

    It would appear that it can be done - meet Signature Guy!

    P.S. If you don't get this note, let me know and I'll write you another.
























    • Tue, Apr 15 2008 10:31 PM
      In reply to











      All Hail Signature Guy










      Some of the styles are a bit tricky to get right, though, but at first glance it can be quite convincing.



  • @Quietust said:

    meet Signature Guy!
    Nicely done!

    Even screws up the reply page. 



  • @Quietust said:

    meet Signature Guy!
     

    Nice work!

     

    Plz to email me teh codez, and so forth.



  • A further thought occurs... would it be possible to add a fake forum post as a tag? Or would that just break everything? 



  •  I couldn't book my tour for $0.01 because I denied a cookie (it was oatmeal, I hate oatmeal) so they assumed I didn't have javascript enabled.



  • @medialint said:

     I couldn't book my tour for $0.01 because I denied a cookie (it was oatmeal, I hate oatmeal) so they assumed I didn't have javascript enabled.


    ...or use NoScript, it blocks the redirect



  • @rc_pinchey said:

    A further thought occurs... would it be possible to add a fake forum post as a tag? Or would that just break everything? 


    I don't know. Let's see how many fake posts come after this one.























    • Tue, Apr 15 2008 10:31 PM
      In reply to











      All Hail Signature Guy










      There's not enough room in the tag entry box for more than about half the markup you need, and I don't feel like synthesizing a HTML POST at the moment. The Real WTFTM comes if you do "view source" on a thread: it looks like every tag ever entered has found its way into the page source, so that this page is approaching a quarter-megabyte in size.

      								    </div><div>


  • Holy god...  Do you realize community server outputs all the tags in a hidden input field on every page?  It's something like 7000 tags right now... 



  • @morbiuswilters said:

    Holy god...  Do you realize community server outputs all the tags in a hidden input field on every page?  It's something like 7000 tags right now... 

    Then it's our destiny to bring this thing to its knees.



  • @bstorer said:

    Then it's our destiny to bring this thing to its knees.

    A few weeks ago I was trying to debug the tag autocomplete so I could submit a bug fix to the CS devs, or at least point them in the right direction.  However, I couldn't get any of the AJAX requests for the tags to show up.  I figured I was just too tired and gave up pretty quickly, but it was becuase there are no AJAX requests.  TDWTF uses the worst forum software in this history of forums.



  • Hmm... it seems there's a limit to how many tags you can put in.  I tried about 500k worth but it caused the server to barf :-( 



  • @morbiuswilters said:

    Hmm... it seems there's a limit to how many tags you can put in.  I tried about 500k worth but it caused the server to barf :-( 


    So, just do things the slow way.



  •  @morbiuswilters said:

    Hmm... it seems there's a limit to how many tags you can put in.  I tried about 500k worth but it caused the server to barf :-( 

    Every bit counts.



  • @morbiuswilters said:

    Hmm... it seems there's a limit to how many tags you can put in.  I tried about 500k worth but it caused the server to barf :-( 

    Craps out at 24k, too.  Still, every little bit counts.



  • @morbiuswilters said:

    Hmm... it seems there's a limit to how many tags you can put in.  I tried about 500k worth but it caused the server to barf :-( 

    Craps out at 4k, too.  Still, every little bit counts.



  • @morbiuswilters said:

    Hmm... it seems there's a limit to how many tags you can put in.  I tried about 500k worth but it caused the server to barf :-( 

    Craps out at 4k, too.  Still, every little bit counts.



  • @bstorer said:

    Repeated posts

    Hmmm, it craps out, but still posts it, just without tags... interesting.



  • @bstorer said:

    Hmmm, it craps out, but still posts it, just without tags... interesting.

    Below is a GM script that auto-populates the tags box with a TaxException with a random address.  Every post will create a new tag without any work from you.  I'm already noticing a bit of slowdown, too.

     

    var elm = document.getElementById("ctl00_ctl00_bcr_bcr_PostForm_ctl04_TagsSubForm_ctl00_Tags");

    if (elm) {
    elm.value = "TagException in 0x" + rand_addr() + ", ";
    }

    function rand_addr() {
    var a = "";

        for (var i = 0; i &lt; 8; i++) {
                a += Math.floor(Math.random() * 16).toString(16);
        }
    
        return a;
    

    }



  • @morbiuswilters said:

    Holy god...  Do you realize community server outputs all the tags in a hidden input field on every page?  It's something like 7000 tags right now... 

    There's about 150 KB of tags (154039 bytes to be exact) right now. ... (looks a bit closer) WTF?!?!?! It's a list containing TWO COPIES of every tag, one simply escaped, and one with special characters converted into HTML entities and then escaped. Then each copy of each tag is separated from its neighbors with "&amp;"

    Thus, if we want to generate space-consuming tags, we should use the symbol · heavily, since it is miniscule on-screen and SHOULD expand to %b7 in one tag copy, and &middot; in the other. Testing this theory right now...



  •  @morbiuswilters said:

    Below is a GM script that auto-populates the tags box with a TaxException with a random address.  Every post will create a new tag without any work from you.  I'm already noticing a bit of slowdown, too.
    Fun!  I'm tempted to use GM_set_value to keep track of the last one used and increment it every time.  Just to make sure I never overlap...



  • @bstorer said:

    Fun!  I'm tempted to use GM_set_value to keep track of the last one used and increment it every time.  Just to make sure I never overlap...

    LOL, I wonder how long until CS starts to collapse..

     

    What I meant to say was: "Testing the scalability of this particular forum software is critical to furthering my understanding of successful software engineering and should not be seen as a bannable offense by moderators who were once young and curious themselves!"



  • @morbiuswilters said:

     

    What I meant to say was: "Testing the scalability of this particular forum software is critical to furthering my understanding of successful software engineering and should not be seen as a bannable offense by moderators who were once young and curious themselves!"

    It's cool.  Just a couple days ago Alex stole a bunch of SSNs from some criminals in Oklahoma.



  • @bstorer said:

    It's cool.  Just a couple days ago Alex stole a bunch of SSNs from some criminals in Oklahoma.
     

    Yeah I don't know about the rest of you, but if I 'stumbled' across that data, I would have had a little fun with that.

     

    Hmmm SSN's? How about we buy a house right next to a school and across from a church for Mr. Pedophile?



  • @bstorer said:

    It's cool.  Just a couple days ago Alex stole a bunch of SSNs from some criminals in Oklahoma.

    True.  I would have been tempted to sign them up for all sorts of junk mail if I were in his position.  You know, stuff like catalogs from stores that sell children's clothing, toys, candy, etc..



  • @MasterPlanSoftware said:

    Yeah I don't know about the rest of you, but if I 'stumbled' across that data, I would have had a little fun with that.

     

    Hmmm SSN's? How about we buy a house right next to a school and across from a church for Mr. Pedophile?

    I defer to your superior skills.



  • so.. how much would that bother?



  • @morbiuswilters said:

    Holy god...  Do you realize community server outputs all the tags in a hidden input field on every page?  It's something like 7000 tags right now... 

    No, it's more like 3500 tags, but for some reason there's 2 copies of each one. It takes up over 150 KB, and the list elements are &amp;-delimited. The first copy of an element has odd characters escaped, and the second copy has them expanded to HTML entities and then escaped. Example: The tag " (one double-quote char) would result in %22&amp;%26quot;%3b appearing in the tag list.

    So if we want to overload the system, we should use characters like · which expands to %b7 and &middot;. Testing this out here...

    Tried a batch of 1-100 middots, that craps out with this:


    QuickPost
    Trying less of them...



  •  Tag testing...



  • Did it... Middot tags FTW!

    Hmm, it maxes out at 42 middots... 



  • Let's see what happens when you overload middot with every possible combining diactrical mark like this: ·̴̵̶̷̸̡̢̧̨̛̖̗̘̙̜̝̞̟̠̣̤̥̦̩̪̫̬̭̮̯̰̱̲̳̹̺̻̼̀́̂̃̄̅̆̇̈̉̊̋̌̍̎̏̐̑̒̓̔̽̾̿̀́͂̓̈́̕̚͠͡ͅ



  • @morbiuswilters said:

    Holy god...  Do you realize community server outputs all the tags in a hidden input field on every page?

    That is enough to make the slow-as-fuck autocomplete piss me off more. I was just blaming it on what I thought was some retarded AJAX+backend latency, but if it's all client-side, there's absolutely no excuse for the lag.

    @morbiuswilters said:

    Below is a GM script that auto-populates the tags box with a TaxException with a random address.

    Sweet! It uses the TagException I've been throwing for a while now. I'm gonna have to take that script and re-work it to include my standard tag (as well as make it compatible with Opera).



  • @morbiuswilters said:

    Below is a GM script that auto-populates the tags box with a TaxException with a random address.

    Here's my Opera user script:

    // --------------------------------------------------------------------------------------------------------------
    // TheDailyWTF.com : Generates a random "TagException" tag for new forum posts
    // --------------------------------------------------------------------------------------------------------------
    
    function rand_addr()
    {
        var a = "";
    
        for (var i = 0; i < 8; i++)
        {
            a += Math.floor(Math.random() * 16).toString(16);
        }
    
        return a;
    }
    
    function generateTags()
    {
        var elm = document.getElementById("ctl00_ctl00_bcr_bcr_PostForm_ctl04_TagsSubForm_ctl00_Tags");
    
        if (elm)
        {
            elm.value = "throw new TagException(), TagException in 0x" + rand_addr();
        }
    }
    
    
    // --------------------------------------------------------------------------------------------------------------
    // ONLY TRIGGER ON THE ADDPOST PAGE
    // --------------------------------------------------------------------------------------------------------------
    if (location.href.indexOf('forums.thedailywtf.com/forums/AddPost.aspx') != -1)
    {
        document.addEventListener(
            'load',
            function (e)
            {
                if( !document.body ) { return; }
                generateTags();
            },
            false
        );
    }


  • @AbbydonKrafts said:

    Here's my Opera user script:

    Bless you, sir, for spreading the tag virus!



  • @AbbydonKrafts said:

    Here's my Opera user script:
    Thank you, I modified the script slightly to also include ·̴̵̶̷̸̡̢̧̨̛̖̗̘̙̜̝̞̟̠̣̤̥̦̩̪̫̬̭̮̯̰̱̲̳̹̺̻̼̀́̂̃̄̅̆̇̈̉̊̋̌̍̎̏̐̑̒̓̔̽̾̿̀́͂̓̈́̕̚͠͡ͅ.



  • Here's a quick-and-dirty GM for getting a count of all "TagException in 0x" tags, their bytes and the totals bytes.  The summary is displayed in a div at the top of the page over the main logo.


    var all_tags = document.getElementById("ctl00_ctl00_bcr_bcr_ctl00_PostList_ctl03_ctl23_ctl00_AllTags");
    var tagex_count = 0;
    var tagex_bytes = 0;
    var curr_idx = 0;
    var end_idx = 0;

    if (all_tags) {
    all_tags = all_tags.value;

    while (curr_idx != -1) {
        curr_idx = all_tags.indexOf("TagException+in+0x", curr_idx);
    
        if (curr_idx != -1) {
            end_idx = all_tags.indexOf("&amp;", curr_idx);
            tagex_count++;
            tagex_bytes += (end_idx - curr_idx);
            curr_idx++;
        }
    }
    
    var report_elm = document.createElement("div");
    document.body.appendChild(report_elm);
    report_elm.innerHTML = "TagExceptions: " + tagex_count + "<br>TagEx Bytes: " + tagex_bytes + "<br>All Tags Bytes: " + all_tags.length;
    report_elm.style.position = "absolute";
    report_elm.style.top = "15px";
    report_elm.style.left = "25px";
    report_elm.style.background = "#FFCC33";
    report_elm.style.border = "1px solid #000000";
    report_elm.style.padding = "6px";
    

    }



  • Crap, there's a bug.. the "AllTags" id changes based on thread..  I'll take a look after lunch.. 



  • Amended code: 

    var all_tags = document.getElementsByTagName("input");
    var tagex_count = 0;
    var tagex_bytes = 0;
    var curr_idx = 0;
    var end_idx = 0;

    for (var i = 0; i < all_tags.length; i++) {
    if (all_tags[i].id.indexOf("AllTags") != -1) {
    all_tags = all_tags[i].value;

        while (curr_idx != -1) {
            curr_idx = all_tags.indexOf("TagException+in+0x", curr_idx);
    
            if (curr_idx != -1) {
                end_idx = all_tags.indexOf("&amp;", curr_idx);
                tagex_count++;
                tagex_bytes += (end_idx - curr_idx);
                curr_idx++;
            }
        }
    
        var report_elm = document.createElement("div");
        document.body.appendChild(report_elm);
        report_elm.innerHTML = "TagExceptions: " + tagex_count + "<br>TagEx Bytes: " + tagex_bytes + "<br>All Tags Bytes: " + all_tags.length;
        report_elm.style.position = "absolute";
        report_elm.style.top = "15px";
        report_elm.style.left = "25px";
        report_elm.style.background = "#FFCC33";
        report_elm.style.border = "1px solid #000000";
        report_elm.style.padding = "6px";
    }
    

    }



  • Interesting... AllTags (now 175 KB) is only served up when you're logged in.

    morbiuswilters: I haven't looked into it very extensively at all, but it might just be from people making new tags between your pageviews. So far, I've only seen AlllTags get longer, though it'd me nice to do a diff.

    For examining AllTags, I copy-paste the whole mess into GVIM, :s/&amp;/\r/g at prompt 1 and Jam It! That Vim command just replaces all "&amp;" with a line break, separating tags into one per line so diff (or is the correct term "Diffler Search"?) can do something meaningful with it.



  • @morbiuswilters said:

    Amended code:

    And here's my complete Opera script. I modified the DIV positioning to put it in the navigation bar to the right of "Forums". I also added a "break;" in after the DIV is generated. It was continuing through and generating a script error on the "if (all_tags[i].id.indexOf.." line due to a null object.

    // --------------------------------------------------------------------------------------------------------------
    // TheDailyWTF.com : Generates a random "TagException" tag for new forum posts
    // --------------------------------------------------------------------------------------------------------------
    
    function rand_addr()
    {
        var a = "";
    
        for (var i = 0; i < 8; i++)
        {
            a += Math.floor(Math.random() * 16).toString(16);
        }
    
        return a;
    }
    
    function generateTags()
    {
        var elm = document.getElementById("ctl00_ctl00_bcr_bcr_PostForm_ctl04_TagsSubForm_ctl00_Tags");
    
        if (elm)
        {
            elm.value = "throw new TagException(), TagException in 0x" + rand_addr();
        }
    }
    
    function countTagExceptions()
    {
        var all_tags = document.getElementsByTagName("input");
        var tagex_count = 0;
        var tagex_bytes = 0;
        var curr_idx = 0;
        var end_idx = 0;
    
        for (var i = 0; i < all_tags.length; i++)
        {
            if (all_tags[i].id.indexOf("AllTags") != -1)
            {
                all_tags = all_tags[i].value;
                
                while (curr_idx != -1)
                {
                    curr_idx = all_tags.indexOf("TagException+in+0x", curr_idx);
    
                    if (curr_idx != -1)
                    {
                        end_idx = all_tags.indexOf("&", curr_idx);
                        tagex_count++;
                        tagex_bytes += (end_idx - curr_idx);
                        curr_idx++;
                    }
                }
    
                var report_elm = document.createElement("div");
                document.body.appendChild(report_elm);
                report_elm.innerHTML = "TagExceptions: " + tagex_count + 
                    ", Bytes: " + tagex_bytes + 
                    ", All Tags Bytes: " + all_tags.length;
                report_elm.style.position = "absolute";
                report_elm.style.top = "127px";
                report_elm.style.left = "300px";
                // report_elm.style.background = "#ECECEC";
                // report_elm.style.border = "1px solid #000000";
                report_elm.style.padding = "6px";
                report_elm.style.fontWeight = "bold";
                break;
            }
        }
    }
    
    // --------------------------------------------------------------------------------------------------------------
    // ONLY TRIGGER ON FORUM PAGES
    // --------------------------------------------------------------------------------------------------------------
    if (location.href.indexOf('forums.thedailywtf.com/forums/') != -1)
    {
        document.addEventListener(
            'load',
            function (e)
            {
                if( !document.body ) { return; }
                countTagExceptions();
                generateTags();
            },
            false
        );
    }


  • @AbbydonKrafts said:

    And here's my complete Opera script.

    Minor change to prevent overwriting existing tags when editing an entry:

    function generateTags()
    {
        var elm = document.getElementById("ctl00_ctl00_bcr_bcr_PostForm_ctl04_TagsSubForm_ctl00_Tags");
    
        if (elm)
        {
            if (elm.value.length == 0)
            {
                elm.value = "throw new TagException(), TagException in 0x" + rand_addr();
            }
        }
    }


  • Since private message replies don't seem to work, here's my reply to rc_pinchey. If you are not rc_pinchey, don't read this.



    It's pretty simple: duplicate the HTML that produces a post, then re-order it so you've got the last half of one post, followed by the first half of the next post.



  • That's hilarious. I wonder if style tags work?<style type="text/css">*:hover{border: 1px #F00 dotted;}</style>



  • @Carnildo said:

    It's pretty simple: duplicate the HTML that produces a post, then re-order it so you've got the last half of one post, followed by the first half of the next post.
     

    Like this? 

    							    <div><span id="ctl00_ctl00_bcr_bcr_ctl00_PostList_ctl49_ctl23_ctl01">Filed under: <a href="/tags/community+server+blows+goats/default.aspx" mce_href="/tags/community+server+blows+goats/default.aspx" rel="tag">community server does indeed blow goats</a></span><input name="ctl00$ctl00$bcr$bcr$ctl00$PostList$ctl49$ctl23$ctl01" id="ctl00_ctl00_bcr_bcr_ctl00_PostList_ctl49_ctl23_ctl01_State" value="nochange" type="hidden"></div>
    
    							    <ul class="ForumPostStatistics CommonPrintHidden" style="clear: both;">
    							        <li><br></li>
    							        
    								    
    								    <li><a href="/forums/ReportAbuse.aspx?ForumID=1&amp;ReportPostID=160890" mce_href="/forums/ReportAbuse.aspx?ForumID=1&amp;ReportPostID=160890">Report abuse</a></li>
    								    <li><a onclick="Telligent_Modal.Open('/forums/QuickReply.aspx?ReplyToPostID=160890',600,400,new Function('result', 'if (result != undefined && !result) { window.location.reload(false); }')); return false;" href="#" mce_href="#">Quick Reply</a></li>
    							    </ul>
    						   
    
    		    <li>
    		        <a class="" title="160890" name="160890"></a>
    			    <div class="ForumPostArea">
    				    <h4 class="ForumPostHeader">
    					    <table border="0" cellpadding="0" cellspacing="0" width="100%">
    						    <tbody><tr valign="middle">
    							    <td align="left">
    
    							        <a href="/forums/p/8425/160890.aspx#160890" mce_href="/forums/p/8425/160890.aspx#160890"><img src="/Themes/leanandgreen/images/icon_post_show.gif" mce_src="/Themes/leanandgreen/images/icon_post_show.gif" alt="" style="border-width: 0px;"></a>
    							        Thu, Apr 17 2008 8:57 PM    
    							    </td>
    							    <td align="right">
    							    
    							    <a href="/forums/p/8425/160236.aspx#160236" mce_href="/forums/p/8425/160236.aspx#160236">In reply to</a>
    							    
    							    </td>
    						    </tr>
    					    </tbody></table>
    				    </h4>
    
    				    <table border="0" cellpadding="0" cellspacing="0" width="100%">
    					    <tbody><tr valign="top">
    						    <td rowspan="2" class="ForumPostUserArea">
    							    <div class="ForumPostUserContent">
    							    <ul class="ForumPostUserPropertyList">
    								    <li class="ForumPostUserName">
    								        
    								                <img src="/Themes/leanandgreen/images/user_IsOnline.gif" mce_src="/Themes/leanandgreen/images/user_IsOnline.gif" alt="" style="border-width: 0px;">
    								                
    								            
    								        <a href="/members/rc_pinchey.aspx" mce_href="/members/rc_pinchey.aspx">Signature Guy</a>
    
    								    </li>
    								    <li class="ForumPostUserAvatar"><img src="/users/avatar.aspx?userid=1154" mce_src="/users/avatar.aspx?userid=1154" alt="" style="border-style: solid; border-width: 1px; max-height: 80px; max-width: 80px;"></li>
    								    
    							                <li class="ForumPostUserIcons"><img src="/Themes/leanandgreen/images/rankicons/rankTop25.gif" title="Top 25 Contributor" alt="Top 25 Contributor" mce_src="/Themes/leanandgreen/images/rankicons/rankTop25.gif"></li>
    							                <li class="ForumPostUserAttribute">Joined on Wed, Mar 30 2005</li>
    							                
    							                <li class="ForumPostUserAttribute">Posts <a href="/search/SearchResults.aspx?u=1154&amp;o=DateDescending" mce_href="/search/SearchResults.aspx?u=1154&amp;o=DateDescending">509</a></li>
    							                
                                                
                                                
                                            
    							    </ul>
    							    </div>
    
    						    </td>
    						    <td class="ForumPostContentArea">
    							    <div class="ForumPostTitleArea">
    								    <h4 class="ForumPostTitle">
    								        
    									    Re: Any price you want
    								    </h4>
    									
    							        
    
    							        <div class="ForumPostThreadStatus">
    							            
    							            
    					                    
    							        </div>
    
    								    <div class="ForumPostButtons">
    
    								        
    								        <a href="/forums/AddPost.aspx?ReplyToPostID=160890&amp;Quote=False" class="CommonImageTextButton CommonReplyButton" mce_href="/forums/AddPost.aspx?ReplyToPostID=160890&amp;Quote=False">Reply</a>
    								        
    								        
    								        <a onclick="return window.ctl00_ctl00_bcr_bcr_ctl00_PostList_ctl02_ctl17_ctl00_ServerPopulatedPopupMenu.LoadMenu(this, event, '1154:160890:18:Forum');" href="#" class="CommonImageTextButton CommonFavoriteButton" mce_href="#">Favorites</a>
    								        <a onclick="return window.ctl00_ctl00_bcr_bcr_ctl00_PostList_ctl02_ctl18_ctl00_ClientPopulatedPopupMenu.LoadMenu(this,event,['1154','Carnildo','0','1','','','','/search/SearchResults.aspx?u=1154&o=DateDescending'],null);" href="#" class="CommonImageTextButton CommonContactButton" mce_href="#">Contact</a>
    								        
    								    </div>
    							    </div>
    								
    							    <table style="table-layout: fixed;" border="0" cellpadding="0" cellspacing="0" height="100%" width="100%">
    								    <tbody><tr><td>
    
    								    <div class="ForumPostBodyArea">
    								    <div class="ForumPostContentText">Hmm... this could conceivably be open to abuse.</div></div></td></tr></tbody></table></td></tr></tbody></table></div></li>

Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.