Perchance - Create a Random Text Generator@lemmy.worldEnglish · 4 months ago

[Bug Report] Comments plugin does not validate password hash when posting a comment

Perchance - Create a Random Text Generator@lemmy.worldEnglish · 4 months ago

Comments plugin does not properly validate password hash. When addMessage endpoint is called, one can change loginData.username value to any existing username and impersonate any existing person in chat. While no important user data is stolen, this can certainly confuse people in the comment box. It is not reproducible consistently though, I wasn’t able to find out what exactly is causing this behavior. If you can’t reproduce, you can let me know and I will record a video.

Chat

BluePower@sh.itjust.works
link
fedilink
English
arrow-up
2·
4 months ago
@[email protected] pinging dev.

Perchance - Create a Random Text Generator@lemmy.world

perchance@lemmy.world

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

⚄︎ Perchance

This is a Lemmy Community for perchance.org, a platform for sharing and creating random text generators.

Feel free to ask for help, share your generators, and start friendly discussions at your leisure :)

This community is mainly for discussions between those who are building generators. For discussions about using generators, especially the popular AI ones, the community-led Casual Perchance forum is likely a more appropriate venue.

See this post for the Complete Guide to Posting Here on the Community!

Rules

1. Please follow the Lemmy.World instance rules.

The full rules are posted here: (https://legal.lemmy.world/)
User Rules: (https://legal.lemmy.world/fair-use/)

2. Be kind and friendly.

Please be kind to others on this community (and also in general), and remember that for many people Perchance is their first experience with coding. We have members for whom English is not their first language, so please be take that into account too :)

3. Be thankful to those who try to help you.

If you ask a question and someone has made a effort to help you out, please remember to be thankful! Even if they don’t manage to help you solve your problem - remember that they’re spending time out of their day to try to help a stranger :)

4. Only post about stuff related to perchance.

Please only post about perchance related stuff like generators on it, bugs, and the site.

5. Refrain from requesting Prompts for the AI Tools.

We would like to ask to refrain from posting here needing help specifically with prompting/achieving certain results with the AI plugins (text-to-image-plugin and ai-text-plugin) e.g. “What is the good prompt for X?”, “How to achieve X with Y generator?”
See Perchance AI FAQ for FAQ about the AI tools.
You can ask for help with prompting at the ‘sister’ community Casual Perchance, which is for more casual discussions.
We will still be helping/answering questions about the plugins as long as it is related to building generators with them.

6. Search through the Community Before Posting.

Please Search through the Community Posts here (and on Reddit) before posting to see if what you will post has similar post/already been posted.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

9 users / day
37 users / week
96 users / month
436 users / 6 months
1 local subscriber
434 subscribers
635 Posts
2.02K Comments
Modlog