Your mama may have had eyes in the back of her head, but our admin team just can't see everything at once. It takes a village to make sure TVTropes is running the way it should, so when it comes to spotting tech snafus, dreaming up a better digital mousetrap, or just diagnosing plain old asshattery, the quicker you let us know something's up, the quicker we can address it. See a bug? Point to it and we'll squash it. Have idea for a new feature? Post in the Tech Wishlist.
NOTE: Do not post duplicate bug queries, please check existing queries to see if your issue has already been reported and then comment on it.
Submit a Bug:
closed Search function not showing results
I just noticed that while trying to use the site's search bar, it won't turn up results after I hit enter. Not in a "No results" way, but it just won't display them. I tried this with both Firefox and Edge, and neither fixed the problem.
Now, I did try the "Preview our new search" setting and that turned up results just fine. Is the new search function in the process of being implemented right now? If the transition is causing the regular search page no longer turn up results, I can understand that. Still, it's something I thought I should bring attention to.
closed Slashes in quotation marks on Discussion pages
This thread was closed as resolved, but it's still happening. Still the case in both Chrome and Firefox and after clearing cache/cookies.
Edit: And for some reason, when I type a backslash on the Bugs board, it doesn't appear at all. There should be one in front of each of these: ' and ".
Edited by Unsungclosed Followed thread list doesn't update and then items on list disappear, threads don't bump
My followed threads list had a weird bug just now. When a post happened in it, the thread didn't let me know that the post showed up. I had to go to the thread itself to figure out that the post happened. When I went back to the thread followed list, the entire thread was missing from the list, even though I know for a fact I'm following it (and it says I'm following it on the top). This has happened for multiple threads now. Also, the forum listing doesn't list the timestamp for the new post, just the previous post before this started happening.
EDIT: Threads don't seem to be bumping either. If a post lands on a new page, the new page doesn't show up and you have to manually go to the page by typing it in the URL.
Edited by AllHailThrallclosed Save Changes on troper profile gone?
The Save Changes button doesn't seem to be there anymore. Is it happening to anyone else?
closed All-caps text bug (fixed)
Using all caps now causes the text within [[AC: ]] to be placed on an entirely separate line from the rest for some reason. It's kind of like this.
Edited by koryclosed Issue with "Random Trope" button
For whatever reason, the "Random Trope" button has started only sending me to Have You Tried Rebooting?. This started very recently (measured in minutes), but it looks like it isn't just me.
workingFlame Bait icon quirks
Two things regarding the little icon that pops up next to Flame Bait potholes:
- Mousing over it shows alt text reading something like "This entry contains a Flame Bait trope. It should be moved to the Flame Bait tab." Obviously the result of copy-pasting code from the YMMV/Trivia icons—we don't (and tbh shouldn't have) a Flame Bait tab. This could be easily fixed by changing the alt text to something like "This is a pothole to a Flame Bait trope! Please remove the link to avoid flame wars."
- It appears on subpages of tropes that are themselves Flame Bait. This doesn't seem like something that should be a problem, since if you're on, say, a SBIH page, you know what you're getting into.
closed Unable to set avatars
I and some users on here have not been able to set avatar on our profile. Clicking on any avatar I have uploaded makes it lit up with blue border but none of the change applies after I refresh. Also, the share/receive avatar option on the profile page could not be turned on either. I have tried this with both Chrome and Safari along with both desktop and mobile device. I would really appreciate if this issue gets fixed.
openTimezone is Stuck on Pacific Time
I can't change my timezone to my local one after the crash. The dropdown's empty/inaccessible.
closed TLP Suspension poor banner
After getting suspended on TLP, I have discovered the banner on it says "Sorry, you are currently banned from particpating in the YKTTW process, learn moreHERE". Please fix the following mistakes:
- Says "particpating" instead of "participating".
- Says YKTTW instead of TLP.
- Should have a space before HERE.
- Should end the sentence with a period (would look better).
closed No preview button.
When I'm on the editing page, I notice that there's no preview button, without it I'm not sure whether or not my edits are fine.
closed Old Search broke
Reposting from here, the Old Search seems to be stuck indefinitely. New Search is fine for now.
open"Unread Thread" highlighting
If I'm the last person to post on a thread, that forum remains highlighted with an unread post, even if the post is...well, mine. And checking the thread doesn't clear it, either. It just stays highlighted.
closed Database has been breached - passwords decrypted
As it has been 31 days since I notified the administrators of this via a Private posting on this forum, I now have to go public with the details to defend users. TV Tropes.org has had its password database exfiltrated, and passwords decrypted. I cite the fact that a unique password I used only for this one site alone started showing up in scam emails as proof. That password (which I have since changed) is not used for any other site or logon, it could only have been obtained from the password database of TV Tropes.
I suggest all users change their passwords here, and on any other site they have used the same password for. I would also like to note that I'm truly dismayed that after posting in this form to the Mods only, and emailing the Contact Us address, not one person at TV Tropes has responded to my disclosure. I can only hope that my going public after an industry-accepted 30 day waiting period will spur them into action to protect their users.
Write up is here: https://www.miketalon.com/2019/07/tvtropes-had-a-breach-passwords-stolen/
closed Crowners borked. Again.
Every single crowner appears to have had all of their options replaced with:
closed Youtube Video Embedding Not Working
New forum posts using the "[[youtube:(video ID)]]" markup do not work properly.
closed Avatar Gallery not properly split into pages
When you look at someone's avatar gallery, it's supposed to be split into pages of 40 avatars each. But instead, every page now has the full gallery in it. [1]
EDIT: You can't check the "share" box anymore, either.
Edited by Everzwijnclosed Viewed forum threads taking me to the top of the last page.
Recently, more often than not, going to a forum thread I've visited takes me to the top of the last page no matter what my last viewed post was. Sometimes it happens, sometimes it doesn't. Just kind of annoying.
workingPosting Bug
I got a bug, it prevents me from posting stuff such as on forums, even here preventing me from notifying said bug. Also if I post on a forum, not only does the post not go through but I get redirected to the first page for some reason. I’m honestly lucky I’m able to make this post in the first place. Had to turn off my tablet just which apparently wiped it at least for a bit to be able to make it.
It’s a very inconvenient bug.
Edited by slimcoder
There are multiple security issues including XSS (persistent and reflected) and CSRF.
The following will trigger an alert box:
https://tvtropes.org/pmwiki/query.php?type=%22%3E%3Cscript%3Ealert()%3C/script%3E
https://tvtropes.org/pmwiki/pmwiki.php/WesternAnimation/%22%3E%3Cbody_onload=alert%28%27xss%27%29%3E (https://tvtropes.org/pmwiki/pmwiki.php/WesternAnimation/%22%3E%3Cbody_____onload_=___alert%28%27xss%27%29%3E)
https://tvtropes.org/pmwiki/article_history.php?article=%3Cscript%3Ealert()%3C/script%3E
Changing password to '<script>alert()</script>'. (also don't store passwords in plaintext (if you do))
Changing location to '<script>alert()</script>'.
Changing description to 'bracket /textarea bracket <script>alert()</script>'
Editing bug report with 'bracket /textarea bracket <script>alert()</script>'
Editing bug report with quote <script>alert()</script>
Submitting a bug with <body onload=alert()> as the title.
XSS isn't the only issue. A user's messages can be deleted if they click go to the following page: tvtropes (DOT) org/pmwiki/delpm.php?id=all&conf=1
SOLUTIONS:
- Whenever passing a query, sanitize it.
- Either add a CSRF token to forms or only accept certain referers. Note that the latter may not work do to adblockers.
For more information, please read the following:
https://en.wikipedia.org/wiki/Cross-site_scripting
https://en.wikipedia.org/wiki/Cross-site_request_forgery
Edited by frankye8998