On 1/30/2020 7:27 PM, Jason Cobb via agora-discussion wrote:
> During research for CFJ 3888, I discovered that there appears to have
> been a bug ... somewhere in the history.
>
> From the (arbitrarily selected) text of CFJ 2991 in the Github backup [0]:
>
>> ========================================================================
>> Request for reconsideration by <function player at 0xb6d4d5a4>:
>> Arguments from Quazie: > There is a meta question involved with CFJ
>> 2991, mostly are state > verbs able to be used in place of action
>> verbs ('I am a player' vs 'I > become a player') - it seems to me that
>> by CFJ 2991 being judged true > then we are setting a precedent that
>> state verbs are equivalent to > action verbs.
>> ========================================================================
>
>
> I assume that "<function player at 0xb6d4d5a4>" was never in fact a
> player, despite what eir name may claim. Interestingly, with the HTML
> archives [1], Chrome decides "yep, that's an HTML tag right there" and
> therefore doesn't render anything, leaving a blank where the name should be.
So, this is from the era of the mysql database. The mysql database actually
had fields like "Caller" and "Judge" as lookups. This was looked up live when
you queried the database for a case. One place this was used was nicknames,
those were live fill-ins. If you changed your nickname, then the CotC updated
the database, queries ("retroactively") inserted your new nickname into the
older cases.
Lookup fields were only put in the headers and "arguments from" and the like.
Not the arguments. When the data base was retired and this was dumped to flat
files, this led to oddities. I changed my nickname from Goethe to G. during
this time, so all of the dumped cases list "Judge: G." but any place I'm
referred to in arguments or the statement text it's "Goethe". (btw this is
why I'm strictly keeping the source material as flat text files to avoid this
sort of thing).
And obviously, there were some bugs in that final dump! Hadn't seen this one
before. And the missing name is... me (naturally). Here's the original
message:
https://mailman.agoranomic.org/cgi-bin/mailman/private/agora-business/2011-April/028187.html
> Seeing as this means HTML tags aren't escaped, I'm tempted to write a
> CFJ with XSS in its arguments...
Because of this and some other quirks, I tend to email cases to myself from
the archive, inspect them for errors, then forward them to the list. You
could try if you like :)
