Silk Road forums

Support => Bug reports => Topic started by: radi8power on August 23, 2013, 05:43 am

Title: posting feedback returned list of transactions
Post by: radi8power on August 23, 2013, 05:43 am

Tonight I posted feedback for a vendor a few days after finalizing. After posting, I see in the browser plain text some kind of array. Seems to be a list of recent feedback or orders in escrow. Viewing the source makes it more clear:

Code: [Select]

Array
(
    [0] => Array
        (
            [payment] => 1.380000000000000000000000000000
            [usd_equivalent] => 53.284800000000000000000000000000
            [seller_id] => REDACTED r8p
            [dispute_outcome] =>
            [auto_finalized] => 0
            [vendor_weight] => 0
            [created] => 1362447169
        )

    [1] => Array
        (
            [payment] => 2.990000000000000000000000000000

It has 43 such array elements. I went and looked at the vendor's page, and my feedback did post correctly.

Title: Re: posting feedback returned list of transactions
Post by: SelfSovereignty on August 23, 2013, 06:14 am

... fuck.  Me.

Listen, new/old/whatever DPR: you're a fine fellow and all, and I hate to sound all high and mighty, but when the fuck will you guys learn that you don't fucking test code in the goddamn production environment with live customers???  I know, I know, proper testing fucking sucks and I don't bother unless someone's paying me either, but Jesus Christ man, you're dealing with people's safety here and this shit is happening every other day almost.  This does not sound trivial even if the information may be.

I mean seriously, what's the next thing gonna reveal and how fucked will we _all_ be when something that _really_ shouldn't be viewed, gets viewed by someone who knows how to use the information properly and has no qualms about doing so?

I do like the changes recently though, and it's cool that you care about improving things and all that.  For whatever that's worth, anyway ::)

P.S. - I believe it has XX elements because your account has XX prior purchases.  I'm saying XX in case you want to edit that; doesn't really matter, but I don't wanna quote it out of respect.

Title: Re: posting feedback returned list of transactions
Post by: monkeyhausner on August 23, 2013, 10:34 am

Same thing here. I got an array of 45 of those transactions. Seems like its a var_dump() on a php array.

Title: Re: posting feedback returned list of transactions
Post by: phunky on August 24, 2013, 12:31 am

experience the same issue twice.  it does not instill confidence AT ALL.  makes me wonder if tor and PGP are the only things really protecting anyone here.

Title: Re: posting feedback returned list of transactions
Post by: WhiteShark on August 24, 2013, 08:21 am

This is a current issue and several threads on it. I expect an official response from MODS or DPR soon enough, apparently no sensitive information is disclosed.

http://dkn255hz262ypmii.onion/index.php?topic=206376.0

http://dkn255hz262ypmii.onion/index.php?topic=206481


http://dkn255hz262ypmii.onion/index.php?topic=206101.0

http://dkn255hz262ypmii.onion/index.php?topic=206507

Title: Re: posting feedback returned list of transactions
Post by: circusaulait on August 24, 2013, 10:17 pm

this also happened to me earlier today. i was shown 42 arrays after submitting feedback. i cannot say how sensitive the data may have been, but any deviation from what the standard user is supposed to see should be met with some concern. i submitted a support ticket on sr.

Title: Re: posting feedback returned list of transactions
Post by: silv3rLine on August 24, 2013, 11:15 pm

I had the same issue today, Aug 24th, 2013 when trying to leave feedback. The page returned an array of something. I didn't read it or take a screenshot. It was obviously a mistake so I moved on. I wanted to leave a 5 for modziw and say that the transaction was perfect, very fast and great product. awesome again/every time!