[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / s / t / u / v / vg / vm / vmg / vr / vrpg / vst / w / wg] [i / ic] [r9k / s4s / vip] [cm / hm / lgbt / y] [3 / aco / adv / an / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / pw / qst / sci / soc / sp / tg / toy / trv / tv / vp / vt / wsg / wsr / x / xs] [Settings] [Search] [Mobile] [Home]
Board
Settings Mobile Home
/g/ - Technology
Return Catalog Bottom Refresh
Thread archived.
You cannot reply anymore.
[Advertise on 4chan]
[Return] [Catalog] [Bottom]
Anonymous Archived
 No.109105793
File: 1782066648840.png (449 KB, 1045x1546)
449 KB PNG
 No.109105793 Archived
It do be like that ...
https://github.com/lobsters/lobsters/pull/1218
https://lobste.rs/s/7heurd
>>
Anonymous
 No.109107606
 No.109107606
>>109105793
Tadost
>>
Anonymous
 No.109107694
 No.109107694
>>109105793
>https://github.com/lobsters/lobsters/pull/1218
<% if @user&.is_admin && @user&.show_email? %>


vs

  <% if @user.is_admin? || @user.show_email? %>


Seems different to me.

That said:

https://github.com/lobsters/lobsters/commit/7037494eb85003603ecd87fb00bde994e111f103

>The fix is literally adding an extra "&" for the "show_user" and cleaning up that call to be more appropriate.

I don't think she did anything overly wrong (besides the obvious failure in security NOW) since that push was available for 3 years (nearly) and nobody else fixed it until now.

Ironically enough, it's the *PERSON THAT PUSHED IT* that is the one that fixed it. So ultimately it's on them for failing to see this the first time.
>>
Anonymous
 No.109107971
 No.109107971
>>109105793
is she here to inspire women to insert severe information disclosure bugs into the codebase?
>>
Anonymous
 No.109108583
 No.109108583
>>109105793
kek'd
>>
Anonymous
 No.109108765
 No.109108765
>>109107694
what seems different? she wrote both those snippets, the second was eventually merged after the PR comment.
the mistake was using @user.show_email instead of @showing_user.show_email.
yes, that is "overly wrong", you retard.
>>
Anonymous
 No.109110721
 No.109110721
to be fair, a guy told her to do it
>>
Anonymous
 No.109110729
 No.109110729
>>109110721
There was a bug there to begin with, but the initial bug wouldn't be this catastrophic
>>
Anonymous
 No.109110783
 No.109110783
File: 1775160064141604.png (872 KB, 1200x675)
872 KB PNG
>>109105793
>>
Anonymous
 No.109110981
 No.109110981
>>109107694
Ruby is such a shit language it's wild.

I thank god I can work on go and typescript
>>
Anonymous
 No.109111006
 No.109111006
File: 1763382251179.png (155 KB, 1502x823)
155 KB PNG
>>109107694
When i had to implement an account system with different types of registration, including third party and implemented an OIDC identity provider from scratch according to specs, i went through all code i wrote multiple times, tested every option, slept on it, looked at it again the next day, slept on it another day, and only then dared to commit changes.

Meanwhile pic related is not considered "overly wrong"?
It is a careless mistake that would be an understandable non-issue when it's some UI code that touches nothing important.
It is an offense by negligence when it's about user data.
You should treat different parts of your code different.
>>
Anonymous
 No.109111064
 No.109111064
>>109111006
Do people even write registration code anymore? Every forum says to use <library>, for example for nodejs it is passport I think.
I still roll my own because there has been so many supply chain attacks lately and claude has been getting good at finding vulns so I prefer to use as little of standard foss libraries as possible
>>
Anonymous
 No.109111470
 No.109111470
>>109110783
lol
>>
Anonymous
 No.109111772
 No.109111772
>>109110783
>How could you tell I'm somali?
>>
Anonymous
 No.109114017
 No.109114017
>>109111772
where is the cats
[Return] [Catalog] [Top]
Post a Reply
Return Catalog Top Refresh
[Advertise on 4chan]
Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.