Silk Road forums
Support => Bug reports => Topic started by: radi8power on August 23, 2013, 05:43 am
-
Tonight I posted feedback for a vendor a few days after finalizing. After posting, I see in the browser plain text some kind of array. Seems to be a list of recent feedback or orders in escrow. Viewing the source makes it more clear:
Array
(
[0] => Array
(
[payment] => 1.380000000000000000000000000000
[usd_equivalent] => 53.284800000000000000000000000000
[seller_id] => REDACTED r8p
[dispute_outcome] =>
[auto_finalized] => 0
[vendor_weight] => 0
[created] => 1362447169
)
[1] => Array
(
[payment] => 2.990000000000000000000000000000
It has 43 such array elements. I went and looked at the vendor's page, and my feedback did post correctly.
-
... fuck. Me.
Listen, new/old/whatever DPR: you're a fine fellow and all, and I hate to sound all high and mighty, but when the fuck will you guys learn that you don't fucking test code in the goddamn production environment with live customers??? I know, I know, proper testing fucking sucks and I don't bother unless someone's paying me either, but Jesus Christ man, you're dealing with people's safety here and this shit is happening every other day almost. This does not sound trivial even if the information may be.
I mean seriously, what's the next thing gonna reveal and how fucked will we _all_ be when something that _really_ shouldn't be viewed, gets viewed by someone who knows how to use the information properly and has no qualms about doing so?
I do like the changes recently though, and it's cool that you care about improving things and all that. For whatever that's worth, anyway ::)
P.S. - I believe it has XX elements because your account has XX prior purchases. I'm saying XX in case you want to edit that; doesn't really matter, but I don't wanna quote it out of respect.
-
Same thing here. I got an array of 45 of those transactions. Seems like its a var_dump() on a php array.
-
experience the same issue twice. it does not instill confidence AT ALL. makes me wonder if tor and PGP are the only things really protecting anyone here.
-
This is a current issue and several threads on it. I expect an official response from MODS or DPR soon enough, apparently no sensitive information is disclosed.
http://dkn255hz262ypmii.onion/index.php?topic=206376.0
http://dkn255hz262ypmii.onion/index.php?topic=206481
http://dkn255hz262ypmii.onion/index.php?topic=206101.0
http://dkn255hz262ypmii.onion/index.php?topic=206507
-
this also happened to me earlier today. i was shown 42 arrays after submitting feedback. i cannot say how sensitive the data may have been, but any deviation from what the standard user is supposed to see should be met with some concern. i submitted a support ticket on sr.
-
I had the same issue today, Aug 24th, 2013 when trying to leave feedback. The page returned an array of something. I didn't read it or take a screenshot. It was obviously a mistake so I moved on. I wanted to leave a 5 for modziw and say that the transaction was perfect, very fast and great product. awesome again/every time!