announcements

Forum > Announcements > Introducing bmail deletion
Reply To Thread (login)
Ender [1]
Administrator
2015-08-17 00:10:26
[9 years, 100 days ago]

This long overdue and long requested post office management feature has at last been added. Here are the details:

  • You can no longer see a bmail thread that you have deleted. This is an instant and permanent action that cannot be undone.
  • Clicking a delete button triggers a confirmation warning due to the permanent nature of this action.
  • Assuming the sender/recipient has not deleted the thread too, they can still read it, but can no longer reply.
  • Bmails can be deleted one-at-a-time from the single thread view (i.e. when reading a bmail).
  • Bmails can be deleted in bulk from the main post office page, which supports Gmail-like features such as mass selection and shift selection.

This should help those that want to keep clean inboxes, help scrub accounts before selling, and effectively eliminate one of the more annoying forms of griefing (bmail spam bomb - a punishable offense, for the record). Enjoy!


 
Ender [1]
Administrator
2015-08-17 00:12:11
[9 years, 100 days ago]

(Not so) Fun fact: I discovered a pretty surprising (surprising in that it went unnoticed, or at least unreported, for this long) security bug while working on this feature. The bmail reply page (e.g. "/post-office/reply/<id>") could be use to access the name of arbitrary thread ids (!) by manipulating the id in the URL. The page properly blocked you out from replying to arbitrary bmail threads, but not before loading the name of that thread into the page title. I didn't look to see whether it's always been like this or whether it was introduced later on at some point, but it's quite possible this bug has been around since the post office's inception (Feb 2011).

This bug isn't game-shattering, but it's definitely not good and I can imagine a few ways that a clever person could have taken advantage of this. This just goes to show that even a game that's about to turn 5 and would supposedly be hardened against relatively basic things like this by now can still surprise you. Be on the lookout for issues like this in the dusty corners of the game!

Also, I'd have certainly been interested in rewarding the private disclosure of this issue. To that end, I've setup an official bots4 bug bounty program. This is something I should have done long ago, so it's good to at last formalize and document something.


 
Bot Smasher [85]
2015-08-17 00:12:50
[9 years, 100 days ago]

Hekk yes bout time :)


 
Bot Smasher [85]
2015-08-17 00:14:40
[9 years, 100 days ago]

how do I the met ender trophie I wasn't sure how to get it


 
Mithrandon [179]
2015-08-17 02:48:35
[9 years, 99 days ago]

good work as always


 
Scabara [55]
2015-08-17 02:51:42
[9 years, 99 days ago]

Tried to delete 47 unread bmails, they appear to have gone, but my post office still says I have 47 unread (on the navigation bar on every page)


 
Creator God Light [33]
2015-08-17 09:27:22
[9 years, 99 days ago]

the second most important feature for the trade and sale of bots since perm stars being in our control. good job ed


 
Ender [1]
Administrator
2015-08-17 22:49:54
[9 years, 99 days ago]

Tried to delete 47 unread bmails, they appear to have gone, but my post office still says I have 47 unread (on the navigation bar on every page)

Ah, I had not considered the case of deleting unread bmails when testing, so I missed this. The unread count now ignores deleted bmails, so this should be fixed. Thanks.


 
Neurokill [42]
2015-09-26 01:03:46
[9 years, 60 days ago]

Pleased to hear about the bug being discovered and fixed, and that these discoveries (when made by players) will be rewarded!


 
Forum > Announcements > Introducing bmail deletion
Reply To Thread (login)