The Unimportant Announcement Thread

[Idolon]

Ever wanted to find a place where you could see announcements that are somewhat important but don't deserve a proper press release or discussion? Are you ever in luck! You'll find exactly that in this thread. It's probably just going to be site maintenance notes.

To kick off this unimportant news extravaganza: All of the threads that were in the Contest Entries subforum have been moved to the Map Workshop forum, except for the maps that are in the current contest.

 

[Fruity Snacks]

Oh, I have one!

Server HDD's were full. DrP will be clearing things up for us.


UPDATE: 11:07PM EST - 1.6 Terabytes has been cleared on the servers.

 

[Idolon]

I unstickied the Summer 72 Hour Contest thread, and stickied the Dynamic Control Point Contest thread. If those threads aren't where you're expecting to find them, that's why!

 

[Geit]

The forum nodes/categories now have new fancy icons.

 

[Pocket]

Neat. Although if the goal with the Off Topic icon was to invoke "randomness", shouldn't it have been a spork?

 

[Geit]

Upgraded Xenforo two versions today, changelogs can be found at:
https://xenforo.com/community/threads/xenforo-1-5-6-released.112942/
https://xenforo.com/community/threads/xenforo-1-5-5-a-released.110956/
Also upgraded the Resource Manager addon, changelog:
https://xenforo.com/community/threads/xenforo-resource-manager-1-2-3-released.112940/

 

[Geit]

We've upgraded the PHP version on the server and enabled the OpCache, this caused some fires earlier today but I think they're mostly fixed now. You should be seeing much faster page loads across the site (on the order of 100%+ faster on some pages). Let me know if you run into any unexpected errors.

 

[Geit]

Static content (Avatars, thumbnails, javascripts) is now being served from a CDN using HTTP/2, you should notice images & other static content across the site loading a lot faster - if you use NoScript or similar, you might need to whitelist tf2m-3396.kxcdn.com.

For those that don't know what a CDN & HTTP/2 does: our files are stored at an edge location (a server) closer to you, so when you request assets the closest possible edge location is used to reduce delivery time. HTTP/2 allows assets to be multiplexed over a single connection, so more content can be delivered without the overhead of establishing multiple connections.

 

[Geit]

Updated Xenforo to 1.5.7:

• The interface used by admins to update user passwords has been improved to prevent accidental changes due to autofill.
• Improved usage of cURL in the PayPal upgrade processor to ensure that requests are still successful before the TLS 1.2 transition is required.
• Remove template editor border radius due to Chrome bug with horizontal scrolling.
• Add autofocus to the full page login form.
• Prevent image BB codes from being rendered when they couldn't possibly work.
• Fix issues with the BB code <-> HTML conversion process involving lists within alignment tags. (@Crash)
  
• Improved indication when your search failed or did not run as expected due to containing censored words.
• Allow case insensitive highlighting of non-Latin characters in search results.
• Limit nesting in the HTML to BB code conversion to prevent stack overflow errors.
• Fix various issues with thread tag importing.
• Fix for template modification disabling not working correctly when imported via style XML.

 

[Idolon]

Threads in the Contest Entries subforum have been moved out to the regular Map Factory.

 

[Geit]

Updated to Xenforo 1.5.8:

• An image injection vulnerability in SWFUpload. This could allow a user to believe they were loading an image from your domain while it was being loaded from an external domain which may lead to user confusion.
• A self-XSS related to uploading an invalid attachment file with a specially crafted filename. This can only be triggered by the user uploading the file, so it would require tricking a user to upload a file using your specified filename (using characters disallowed in filenames by Windows) to exploit. (An XSS may allow an attacker to steal data or cause a user to take actions without their consent or knowledge.)
• Ensure message length limits are enforced in conversations.
• Clean up like counts on profile post comments when the comment is deleted or the containing profile post is deleted.
• Log IPs when a session is created from a "stay logged in" cookie.
• Fix an issue where content pasted into the rich text editor could have spaces stripped out unexpectedly.
• When an add-on is updated, make sure JS files are recached as they may have changed.
• Allow reports for posts that were in a forum that has since been deleted to be viewable.
• Only allow form textareas to be vertically resizable by default.
  
• Attempt to force TLSv1 with connections to PayPal when it's unclear if TLS 1.2 is supported.
• Make the meaning of certain subscription-related IPN callbacks from PayPal clearer in the transaction log.
• Allow the PayPal IPN handler to be extended by add-ons.
• Fix an issue where inserting a spoiler into the rich text editor could lose the current selection.
• Fix an issue with spoiler tag buttons being submittable if JavaScript is not functioning properly.
• Remove an unexpected scrollbar from the second (and further) lightbox created on a page.
• Fix a case where accounts imported from IPB did not authenticate properly if their password contained certain special characters.
• Respect custom BB codes disabling BB code parsing within when setting up the rich text editor.

 

[phi]

Chat rules have received an additional clause pertaining to bot usage. http://tf2maps.net/threads/forum-and-chat-rules-please-read.25864/

 

[Fantaboi]

Chat rules have received an additional clause pertaining to bot usage. http://tf2maps.net/threads/forum-and-chat-rules-please-read.25864/

This rule seems a bit excessive, what's the reasoning behind it?

 

[LeSwordfish]

We're worried about bots spamming, stealing personal data, or other dodgy things, so we want to okay them before they're added. It's been in the wings for a while - we just only got reminded of it today.

VBot is preapproved, don't worry.

 

[Crash]

We don't want chat to be overrun with bots. This has always been a sort of unwritten rule (remember the markov bot?) we just figured we should make it official and get it in writing as bot interest/ activity started picking up lately.

edit: welp

 

[Fantaboi]

"bots spamming, stealing personal data, or other dodgy things,"
Bots doing this can't do any more than a regular user can.

However, Crash's reasoning is a lot more understandable. If bot activity is picking up (which I haven't seen because AUS time-zones) would it be possible to have a new sub forum dedicated to Steam Modding/Api in general?

 

[Hyperion]

We're worried about bots spamming, stealing personal data, or other doggy things

FTFY

 

[Geit]

TF2Maps is now HTTPs only, if you notice any issues with content not loading across the site please let me know and I'll try and get it sorted. Currently the subdomains are still HTTP only, but that might change at a later date.

 

[Hyperion]

I already thought I'm becoming mad and I was about to make thread to ask.

Good that I'm still sane

 

[Geit]

TF2Maps is now HTTPs only, if you notice any issues with content not loading across the site please let me know and I'll try and get it sorted. Currently the subdomains are still HTTP only, but that might change at a later date.

Update: I went whole hog and did all the subdomains too.