Will you show me a screenshot? I tested in Opera and Firefox and it looked fine, but I don't have IE since it doesn't run on Linux.

I'm getting it in both Firefox and IE.
Firefox, IE

One other thing, pretty minor, the "Report Abuse" link on the level comments is on top of the "Mail" and "Edit" buttons if IE has the zoom set to something other than 100%. This is in IE 7.

Weird, it looks like the left frame is scaled up, as opposed to the text on the right being scaled down. I bet it has something to do with your default font settings being different or something. The font specifications are a little whack, the older stuff uses HTML font tags with size=1 or size=2 or something, whereas the new level page uses a pixel size in CSS. I'm definitely not seeing what you're seeing on my Opera or Firefox.

Ok, yeah. It's fixed now. :downs:

I recently redid my signature, and I clicked the link for it to see what my levels look like with the new level page features, and I got all that scripting crap showing up. It happened both in IE and Firefox.

Blah, that's annoying. We use a really, really old search script thing. I can fix that, I have to put HTML comments around the CSS rules, I'll do it tomorrow. Bleck.

Awesome stuff! Sorry I don't have anything constructive to add.

Actually I fixed that search script issue just now, it should be reflected shortly (when all the pages are rebuilt and the search index built).

I fixed the search engine to show a real year instead of "107"

yeah, JK isn't that old...

So, we had the Y2K Bug and the servers didn't explode? Wow!

It was a bug in the search index generation script we use, it was a silly math bug that only affects the display of a date.

Actually that would be more like a Y1900 bug when the servers reset in 1899 if it thinks the date is 107...

Perl is silly, it gives you the year and you have to += 1900 to it or you get that. Whoever wrote the search script (some 3rd-party thing I d/l) didn't realize that, apparently.

This is a surprise to you?

I think Java does the same thing with the new date and time classes. :downs:

This isn't actually related to the level/file page, but...

On the level list, when sorting by level name, it doesn't sort based on a trimmed level name, which means that for levels with a space at the beginning of their name, it appears at the top of the list:

http://www.massassi.net/levels/view_category.php3?category_id=2

If you check the source you can see that 'Space Station -- SaniStat' is actually ' Space Station -- SaniStat' which is why it appears at the top. Just noticed it when going to look up 6000 Block and thought I'd mention. Not a biggie though.

Blarg, that's an input checking issue I'll try to remember to edit that level and remove the space. I could probably run an update command and get all of them at once, but it doesn't appear to be a big problem.

You should get on Jabber more often.

Surely you can just trim them as they come out of the database?

Honestly that's inefficient. If you just fix it once in the database then you don't have to fix it constantly in the output.

I believe that safety takes priority over the sort of efficiency gains we're talking about there. I personally never trust any data in the database and will trim and clean it in my output code. Any data source should be considered untrustworthy as there's no guarantee that it hasn't been subverted and poisoned by a malicious attacker. To do otherwise is irresponsible and dangerous programming in my opinion.

[ Yes, in this instance, there doesn't appear to be any 'dangerous' behaviour - only broken behaviour. However, if there's no trimming being done, is there any HTML cleaning being done? If I gained access to the massassi database could I insert malicious javascript that would potentially damage any computer used to browse the files list? ]

In my experience, all the filtering should happen up front, you don't want your database polluted with nasty data.

That said, the scripts on this site are going on 10 years old. Seriously. So I wouldn't expect a high degree of security. You're lucky they even run at all.

The data in the levels database isn't put there directly by malicious users. It's emailed to us, where we then copy & paste the data into the database. In almost 3000 levels now, I haven't seen even one person put HTML in their descriptions or level names, much less malicious javascript.

If someone cracked into our posting system, we'd have more to worry about than someone putting javascript into a page.