announcements

tl;dr: Custom logo uploads are now fixed. If you have 9+ stars, head to workshop settings where you can upload. Read on for technical details if you're curious, as well as an opportunity to earn free stars.

Until today, the way custom logo uploads worked is that you had to upload them to Imgur, then share the Imgur URL with the game. At that point, the game server would then download the logo from Imgur, save it on the game server, and associate it with your bot. The main reason for this convoluted workflow was security. Allowing file uploads to a server comes with a lot of potential problems, as outlined in this article about Unrestricted File Upload. Steps must be taken to ensure that what gets uploaded doesn't result in a malicious actor being able to do something they shouldn't be able to do. To get the benefit of a major platform's built-in security mechanisms instead of rollling my own, I made the decision back in April 2011 when I added profile photos[*] to outsource upload security to Imgur. This was a bit of a hack, but it worked for awhile.

Fast forward to 2023. For some reason, last year Imgur blocked the game server, so the "game server would then download the logo from Imgur" step described above stopped working. In researching this, my best guess is that this is related to policy changes by Imgur in the kinds of content they allow on their platform. As a result of that announcement, people started building scrapers to save the Imgur content that was soon going to be deleted. And in response to this, Imgur seems to have wholesale blocked entire VPS providers (like Linode, which is what I use) which people would use to host the scrapers. In other words, our tiny use case of downloading a few kilobytes a ~week got mixed into the bigger problem.

To fix this, I decided to make the jump and finally allow direct file uploads for the first time ever in the game's existence. I've put in protections to make this safe, but web security is notoriously tricky, so here is where the bug bounty comes in. Please try to discover vulnerabilities. In accordance with the game's responsible disclosure policy, I will award stars to reporters based on issue severity. If you're reading this and happen to be someone very knowledgable of pentesting but that doesn't have access to a bot with 9+ stars for testing, bmail me your credentials or LinkedIn or something and I'll temp some of my stars to you. And of course, if you do discover a problem, please don't take advantage of it or cause problems for other players. I hope no one finds anything, but I (and I'm sure others) will be very grateful if you do. Happy hunting!

[*] You might notice that bot/clan profile photos still go through an Imgur workflow. It's always been slightly different than the custom logo workflow though in that the file doesn't get downloaded to the game server, it gets read live from Imgur everytime you visit a bot/clan profile (well, not counting browser caching). I did logos differently because there'd be potentially many of them rendering on a single page and I didn't want that many requests from players going to Imgur in case it led to problems. Whether that was a real issue to be worried about or not is unclear, but that's why it is the way it is. Now that custom logo direct uploads are supported, I plan to eventually do the same with bot/clan profile photos, but that will be more work because I'll need to do a one-time download of a bunch of all the existing Imgur files the game points at, so it's low priority.

Woohoo \o/ time to dust off and shill my thread

Not sure if it's a bug or not but it's not really working for me. I tried changing my logo to this https://imgur.com/a/ISlvdG3 via the upload file function and it correctly says the file name but when I save my profile in the workshop it simply doesn't save it and keeps up my old one. I think the file is only 143 KB (under 1 MB) and is 75x20 as I resized it online. It doesn't seem like something is wrong with the file itself. Not sure what's happening. It says changes have been saved but doesn't do anything.

Did you select the correct save button? :D There are several on the page

I hit the Save button under the profile text box.

You need to use the direct link (or the original gif link as I'm unsure if gifv works on here actually.) which would be https://i.imgur.com/GlxkbXw.gif

There's no option to do that anymore. It's just a direct upload from my computer as per this update. All that's available is Choose File then I upload it, it says the correct file name next to the Choose File then I hit Save and it does nothing (well it says Changes Saved on the top of the page but actually does nothing). It could be something to do with the gif resizing software though, who knows.

Oh whoops yea I'm dumb, brain on autopilot with the old way

I tried changing my logo to this and similarly couldn't get it to work, even though it said changes were saved. Tried all the different Save buttons

Actually it's working on yours >.>

Oh lmao, I just hard to hard refresh

It'll be caching, if you hard refresh (control + f5), you should see it for you now too

Oh now it works. Still though, found a bug ;D It shouldn't have to refresh like that should it? Or it should auto-refresh when you upload it but doesn't for some reason. Either way, thanks for the help. Might be worth fixing though.

That's image cache. Where it downloads images to your computer to reduce load times, etc.

Well then maybe just adding a Refresh button next to the Choose File would be enough to fix it then. Or just a note to say that you should press F5 to refresh the page.

Thanks for the report. I added cache-busting logic for custom logos, so hard refreshes should no longer be (sometimes) required to see new logos after uploading them.

Hey, you got any roadmap on the stuff you working on?

Yeah it works better now. No refreshes needed.

I'm kind of sad I didn't get a star for it though :( I wouldn't probably even use it. I'd just keep it there like a gold star from the kindergarten teacher for helping.