SSL certificate is only valid for serv.slayerduck.com and www.serv.slayerduck.com.

Front page links (above search box) say "Forum" twice. The second one has the alt text (or title text, not sure) of "A site map", but still goes to the forum.

Both issues found on Firefox 49.0.2 on Android.

Dude, don't bother. My username has bold tags that aren't escaped by the comments page. You can XSS with a username if you have a short enough domain name. They don't fix anything here.

It's more like there aren't many things that CAN be fixed because the site code was written by someone who isn't updating it anymore.

That's because i have something running on port 443 (SSL) on the same IP as hypnohub. Its not a site issue, its you trying to use SSL on a site that doesn't have SSL.

I think they are escaped, actually. They're showing up as literals, not bolding anything. Unless I misunderstand you?


Ah. Scratch off that one, then, but the duplicated front-page link remains.

Edit: Actually, what are you using as server software? I personally only have experience with Apache but I doubt any other system would make it too hard to set up routing (so that https access to hypnohub doesn't redirect to your other site, which it does). And Let's Encrypt is providing free (and trustworthy) SSL certs, so that would be a possibility.

It's the "Comments" page that doesn't escape it. They don't care enough to learn how to fix stuff like this - it's not the only thing that's been reported.

It's not a matter of caring. They try to fix what they can; as I know I've heard Vaan talk about trying to fix bugs before, but trying to blindly fix someone else's code is a massive ordeal. Especially if that person did not do a good job of leaving comments to help make the code legible.

Well it's a matter of not caring enough then, isn't it? It can be done, they just haven't bothered, even with all the time they've had it up.

You know, maybe just don't talk about programming since you obviously don't know enough about it? You don't make functional code just by wanting it bad enough. Fiddling around with code you don't understand is how you break a site, not fix it.

In other words: The first step in a serious attempt to fix the site's codebase would be a minimum-impact mass-refactor to basically, function by function, figure out WTF each thing does.

Frankly, no one here's getting paid enough for that. If we had a high-total Hypnohub Patreon or something, that could work, but...

EDIT: Just to be clear, function-by-function work like that is one of the biggest slogs in programming. You need someone who was at least roughly as skilled as the original coder, too, and someone that good could be expensive (and darn well deserve that kinda pay). Volunteer coders just... Aren't as reliable as you'd need for such a project.

Just out of curiosity, what programming language are we talking about here, and about how many lines of code is the program?

I think Vann mentioned PHP as the site's language

Adventures of lets encrypt, what a fucking bitch it is with nginx but whatever. hypnohub.net/

Haha, I program for a living. It's all just code. You can mod a game from binary or reverse engineer a program with a debugger. I'm pretty sure you can figure out some bad PHP code, if you really want to. They dont need to refactor it so that the places that render usernames are doing it with the same code - like it probably should be - but they can at least make those places equally secure pretty easily.

Unless someone has a boner for PHP I honestly think it would be easier to make a new site. I get the impression that the project was more for the creator's self-education than it was to actually make good software. In other words, as soon as the creator became capable of making the code good, they got too bored with it to actually do so. Such projects are quite common (I've certainly had my share).

The dependencies are also kind of a mess. There's no package management in the project so when you first clone the repo, you're likely to have no idea what's source code and what's library.