Tampering with generatorName

I have recently discovered this but apparently you can tamper with the generatorName variable to use another generator’s name despite that it’s a different generator name, in other words, identify that as another generator. This could be used to play with some sort of things that you can’t in a normal circumstance, like accessing the comments from another generator, even from deleted or renamed generators.

@perchance

  • allo@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    8 months ago

    edit: @perchance@lemmy.world i think that, while comments seems to be safe from abuse this way, I just created an image from one gallery, made the name of the page another pagename with the gallery i wanted to feed that image in to, hit submit, and the image DID go in to that other page’s gallery.

    high high high high high abuse potential where people can stick nasty images in other people’s galleries.

    and while you are here, i am on the path to making a gallery plugin because various people have trolls come thru and post a bunch of nasty gore that makes it thru filters in to their galleries and they alone can do nothing about it, including not even move it to nsfw. https://perchance.org/imagineimage is a prime example and the creator was here on the forum asking for help with gore being spammed in to the pg13 area that they could do nothing about. ive seen it happen to other galleries too. so im on the path to making a gallery plugin that allows admin control literally because people are suffering and there is huge risk without it. but i don’t want to, you already have the gallery plugin, i don’t know how im gonna do storage unless i scale down the images and store them thru upload plugin, and generally seems better if you do it instead of me. i will tho if you prefer i continue to make it because there seems to be a critical need for gallery moderation. please, should i continue to make it? can you please tackle this issue instead? you seem better equipped. anyway, good time to mention it with the other critical gallery issue popping up

    even if it is just whipped together and piggybacks on the adminchecking of the comments plugin