webMonitor v2 - by BonScott

[EternalHarvest]

What Wx ? The WX files in src/intercface folder ? I dont use the wxstart.exe.

No, wxPerl modules. If you're not running normally with your system's Perl, I guess you'll need to use wxstart since start just won't include wxPerl (and you can still choose the console interface if you want) or just put map images into map directory.

Now, he return the mapa name but not the extension of the file:

Code: Select all

    <style type="text/css">
		canvas { 
		background:url(/map/moc_fild03);
		background-size: contain;
		background-repeat: no-repeat;
		background-position:center; 
		}
    </style>

Nothing wrong with that. And it's not a file, it's URL. Neither files nor URLs must include extensions. And it can return different content types here.

[EternalHarvest]

It's counterproductive to have some version-controlled source file to be automatically constantly changed on each use. This needs to be dealt with. For example, just don't put it in version control at all.

That file is also 26639 lines long, with 26552 empty lines.

[EternalHarvest]

Does that obfuscated code help much, considering most uses are on localhost and other should be (for now) proxied by real web servers?

[BonScott]

What Wx ? The WX files in src/intercface folder ? I dont use the wxstart.exe.

No, wxPerl modules. If you're not running normally with your system's Perl, I guess you'll need to use wxstart since start just won't include wxPerl (and you can still choose the console interface if you want) or just put map images into map directory.

The intention is NO NEED wxPerl modules, only the plugin. If need the modules, ceases to be a plugin and it will be an old WXinterface.

That file is also 26639 lines long, with 26552 empty lines.

which file refers?

Does that obfuscated code help much, considering most uses are on localhost and other should be (for now) proxied by real web servers?

Which code is obfuscated?

[EternalHarvest]

The intention is NO NEED wxPerl modules, only the plugin.

Now there's no NEED for it, it just won't make new images, still allowing you to utilize existing ones.

If need the modules, ceases to be a plugin and it will be an old WXinterface.

I can't follow this logic.

Wx modules are easy to install and they're already there if user ever used Wx interface.

With this your opinion ("If need X, ceases to be a plugin") you can't use any other tools of libraries (like imagemagick) to convert images, either, and it's pointless to create your own just for that purpose.

I think any dependance on third-party services is not a good idea (due to reliability and privacy issues). This includes those character and skill pictures, too. Whatever, we can make an option to use maps etc from any third-party service.

That file is also 26639 lines long, with 26552 empty lines.

which file refers?

WWW/chatlog.html.template

Which code is obfuscated?

WWW/js/jquery.min.js. I know what "minimized" js file is.

[EternalHarvest]

Tested security issues I mentioned earlier. Confirmed:

XSS in /handler.

Injection vulnerabilites in:
- console log
- chat log
- your character's name
- NPC names in NPC list
- guild member names in guild list

Can expose openkore, IP, get username and password and run anything on vulnerable system.

[BonScott]

I can't follow this logic.

Wx modules are easy to install and they're already there if user ever used Wx interface.

With this your opinion ("If need X, ceases to be a plugin") you can't use any other tools of libraries (like imagemagick) to convert images, either, and it's pointless to create your own just for that purpose.

I use openKore for 3~4 years, never installed a interface WX. Why complicate?

WWW/chatlog.html.template

This is a legacy solution of KeplerBR. In future, need be replaced for a better version.

WWW/js/jquery.min.js. I know what "minimized" js file is.

I can change this in next update, no problem. There is nothing special in this file, only for better performance in page loading the file local instead of loading the internet.

I think any dependance on third-party services is not a good idea (due to reliability and privacy issues). This includes those character and skill pictures, too. Whatever, we can make an option to use maps etc from any third-party service.

Tested security issues I mentioned earlier. Confirmed:

XSS in /handler.

Injection vulnerabilites in:
- console log
- chat log
- your character's name
- NPC names in NPC list
- guild member names in guild list

Can expose openkore, IP, get username and password and run anything on vulnerable system.

First of all: I´m not a programmer.
following...

the idea is make a better experience for control the kore "locally". I run 4 bots in pc and dont like loook the windows in systemtray. So, I decided make um tool which help me in this. webMonitor is a good tool, but, was precarious. I remake almost all the code for work new features, within my capabilities (i´m a webDesigner). With the help of a few people, can add interesting features.

I just use what has been done so far as base, if until now this is wrong, I do not have enough skill to fix it, but keep "improving" the plugin anyway.

[EternalHarvest]

I use openKore for 3~4 years, never installed a interface WX. Why complicate?

Interface/library misunderstanding again. If you would need imagemagick instead of Wx, would that be better?

What about other modules webMonitor would want, like HTML::Entities, some sane template system, something to work with web sockets etc?

Can expose openkore, IP, get username and password and run anything on vulnerable system.

the idea is make a better experience for control the kore "locally"

Mentioned things are possible even if you're not visiting any other websites, just by using webMonitor itself.

That's not for blame, but as an information that there are such issues and that webMonitor still needs work.

I think we can fix all such issues eventually.

[Kaspy]

[EN]
I usually do not post in this forum because my English is bad ... But because of the situation ...
1° - Regarding WWW/chatlog.html.template... I will correct the chatLogWebMonitor.pm and, for me, the chatlog.html and chatLogWebMonitor.pm can be erased by time.
2° - I know very little about these failures, I do not know how they work. Would have to study how to correct them.
3° - About the icons and other images that are collected from third party websites ... There would be something cool for all in the SVN, would only consume space for something few would use. There are two solutions: all on the same host server openkore.com the user himself or collect it from the GRF and adapting them for use in WebMonitor - something like a facility.

Only able to focus less on WebMonitor after resolving some personal projects - probably next week.

[PT-BR]
Não costumo postar nesse fórum pelo fato do meu inglês ser péssimo... Mas, devido a situação...
1° - Em relação ao WWW/chatlog.html.template... Irei corrigir o chatLogWebMonitor.pm e, por mim, o chatlog.html e o chatLogWebMonitor.pm podem ser apagados por hora.
2° - Conheço muito pouco sobre essas falhas, não sei como funcionam. Teria que estudar como é para corrigi-las.
3° - Sobre os ícones e demais imagens que são recolhidas de sites de terceiros... Não seria algo legal por no SVN tudo, só iria consumir espaço para algo que poucos usariam. Existem duas soluções: hospedar tudo no mesmo servidor do openkore.com ou então o próprio usuário recolher do GRF dele e adapta-las para usar no webMonitor - algo como uma instalação.

Só poderei me focar menos no webMonitor depois de resolver uns projetos pessoais - provavelmente, próxima semana.

[EternalHarvest]

One of practical problems with jquery.min.js is that it has some plugins baked in, but it's not clear which ones, which versions or patches they are and it's not easy to update them. Provide full source code for it, keeping plugins separately.

Tooltip plugin used is buggy or misconfigured, it displays tooltips in such a way they're partially invisible if window edge is near (browsers' default title attribute handling does a better job so far). Also it destroys newlines in titles.

See also bootstrap.min.css. By the way, webMonitor can just optimize these files when starting, and serve optimized ones.