504 Gateway timeout

The exploit that can crash user's browser, prevent people from viewing the site, including the staff

smilies can break photo limit count

(the one you want to pretend does not exist, yet you keep covering up).

Appears to be able to cause a Gateway error once you have enough of them on the site. The more I post them, the more the errors.

Please fix this.

Funny, Chrome crashes right away for me. Firefox freezes up and hangs for what seems like, forever, though sometimes it too does crash. Only Opera seems to work on those pages, though it is a bit slower and it did freeze in 1 of the threads I made.

Before the 504 errors, I could post thousands of smilies into a single post. They removed the post that had nearly 1,000,000. And no, it is not any work at all, a simple script can post it all in seconds.

The main concern is that to many images can crash your typical web browser and as you suggest, there should be a photo limit (which should include smilies). Anything that a rogue user can inject into your site that can intentionally crash someone's browser or prevent folks from reaching and successfully loading your page (especially if it is the 1st page), should be kept in check.

As it stands now, anyone could essentially make your site seem unsafe as they discover vising it means it can crash your browser. That is not the behavior you would want anyone to be able to execute on your site. Almost always when the browser does crash, you do not even see as to why, so the average person will quickly associate their browser crashing for unknown reasons on your site.

As you said and I agree... There should be a limit.

Disclaimer: (thoughts)  

Depending on which browser you are using and a number of available system resources, this thread may temporarily freeze or crash your browser.

smile (image test)

While it is true that the code of any given site is a contributing factor in rendering any given page, I do not believe in this instance that the code alone is the problem, rather the method of how some web browsers render mass photos. I would be lying if I said the code was not a factor because no matter how well optimized a site is, the code is always a factor to a degree. Just that in this instance I suspect the primary cause is the rendering method used in most browsers and the available resources allowed.

In short, this is not something WoltLab can completely address at this time. Rather, you should look toward the development of Firefox, Chrome, Opera, etc. After all, the software can successfully display 2,000,000 (2 million) characters without issue here on the beta forums and 10,000,000 (10 million) on my private test. 2 million character thread (100,000 per post x 20 post on page 1)

It is, however, an opportunity to remind the importance of limiting the smile and image count within a post, as well as, from a developer standing point.

The staff can CAN reproduce it, that is why they keep deleting my profile wall. This exploit can crash people's browsers on their own computer, prevent you from reaching the site, and that includes guest, members, and staff.

Yet they seem unwilling to fix it since it would require a bit more work and I suspect push back their schedule.

Quote from Chris

Is this smile (image test) the thread, which should case the crash?

It is one example, but it is not as sever as the examples they seem to not allow me to demonstrate here.

Quote from Morik

https://github.com/WoltLab/WCF/co…c5aa05e26e96f4f

seems to be fixxed

But i couldn't reproduce this problem to, so the lable seams to be correct, but limiting the abuse ability is a good thing too

Wonderful.

It is sad, that I had to go so such lengths to have them fix this. I do not like having to be 'the bad guy', just have something addressed, which they, themselves can reproduce.

Quote from Chris

You can go try test it here on my site: http://chris223.serpens.uberspace.de/beta/index.php?user/2-foo/ (user "foo", pw "bar").

Sadly it is not yet fixed

http://chris223.serpens.uberspace.de/beta/index.php?user/2-foo/

But thank you for supplying the most current development branch (assuming you have).

Quote from Morik

took my firefox a 5 seconds freeze but then the page was smoothly accasseble

I think this was a test for my browser, the fix wouldn't allow more then 50 images and as you can see there are clearly mor then that^^

Well either you have more resources than everyone I have shown it too OR you're just lucky. The staff here could reproduce it, which is why they kept deleting my example.

But even if it only affects 1/2 of everyone, that is still a problem. Anything that could remotely crash your guest, members, and staff's web browser is not something that should be allowed. Anything that can prevent people from loading your site or even reaching it is not a good thing.

Quote from Morik

I agree that it should be fixxed (and it was even if it is maybe not active here at the moment, didn't tested it ) but i personally couldn't reproduce it.

And i have extra used my old notebook with just 3 GB of ram and a 2x1.3 GHz processor, so nothing really big.

My desktop browser showed the thread in about 1 second^^

Well, then I honestly do not know how you were able to do it. But I know other folks could and that was good enough.

Quote from Alexander Ebert

Can't reproduce this error. I suspect it happened around the time I've ran a server update that involved restarting the whole webserver stack, which would cause the connection to be terminated while the request was processing.

In truth, the 504 error is not exactly what I'm talking about this morning.

smilies can break photo limit count

But from the direct message you and I shared, we both know what I'm talking about (the smilie bug that could render the site unusable and could crash people's browser)