Scratch

sparks wrote:

Yup!

I tried uploading a test block and I got "SQLConnectionError". My block importer found that error and reported it to me. 
I entered a fake password and that was detected.
If you see a block (or many) with test as a comment don't upload it.

@dreamod: show the Squeaky code so we can see what you're POSTing. 

blob8108 wrote:

@dreamod: show the Squeaky code so we can see what you're POSTing. 

ok. heres the code:

"format everything properly"
t1 _ WeakKeyAssociation new value: (Array with: userNameMorph contents asString).
            t1 key: 'username'.
            t3 _ WeakKeyAssociation new value: (Array with: passwordMorph contents asString).
            t3 key: 'password'.
            t5 _ WeakKeyAssociation new value: (Array with: commentMorph contents asString).
            t5 key: 'comment'.
            t4 _ WeakKeyAssociation new value: (Array with: blockFile).
            t4 key: 'block'.
            t2 _ #() asOrderedCollection. "collect data into an array"
            t2 add: t1.
            t2 add: t3.
            t2 add: t5.
            t2 add: t4.
"upload block"
Cursor wait showWhile: [t2 _ (HTTPSocket httpPostDocument: URL "URL is a class variable with the value 'http://blocks.scratchr.org/remoteBlockUploader.php'" args: t1) content]

dreamod wrote:

Greenatic wrote:

Could you provide an updated patch?   

(Or did you already update the project?)

I've posted my update for the block importer. I'm going to add a 'check automatically' setting as well. You can turn it off if you don't have internet. But you just right click the .block icon in the top left (you should have downloaded the image) and select 'check updates' or 'update patch' to update your block importer.

@Sparks: Every time I try updating the block update file it seems to replace all // with /, and that ruins the code because / is the division sign and // is the mod sign.

correction: it replaces all \\ with \. sorry about that.

blob8108 wrote:

dreamod wrote:

it replaces all \\ with \.

An escaping problem! 

what do you mean by "escaping problem"?

dreamod wrote:

blob8108 wrote:

@dreamod: show the Squeaky code so we can see what you're POSTing. 

ok. heres the code:

Code:

"format everything properly"
t1 _ WeakKeyAssociation new value: (Array with: userNameMorph contents asString).
            t1 key: 'username'.
            t3 _ WeakKeyAssociation new value: (Array with: passwordMorph contents asString).
            t3 key: 'password'.
            t5 _ WeakKeyAssociation new value: (Array with: commentMorph contents asString).
            t5 key: 'comment'.
            t4 _ WeakKeyAssociation new value: (Array with: blockFile).
            t4 key: 'block'.
            t2 _ #() asOrderedCollection. "collect data into an array"
            t2 add: t1.
            t2 add: t3.
            t2 add: t5.
            t2 add: t4.
"upload block"
Cursor wait showWhile: [t2 _ (HTTPSocket httpPostDocument: URL "URL is a class variable with the value 'http://blocks.scratchr.org/remoteBlockUploader.php'" args: t1) content]

Apologies — as I'm definitely not a Squeak person (other than the vague reading I had to do to write Kurt) — how can I run this in my copy of Squeak/Scratch/your mod? I can't figure out how to add a method/run that code. I downloaded your Block Importer from here, but presumably that's not your latest version.

All I wanted to do was have a look at what it's sending, to see what the PHP script makes of it... 

dreamod wrote:

Ok. Do this, right click the .block on the top left and select update patch ( or check for updates). You want to update it and then right click a block and select upload block. When an SQLConnectionError appears hold control (or command) and press okay. Than a debugger will appear and you can see results. Ask me for more help if needed.

Thanks!    Well, it's definitely not your code, as far as I can tell. If that helps at all. 

dreamod wrote:

blob8108 wrote:

dreamod wrote:

Ok. Do this, right click the .block on the top left and select update patch ( or check for updates). You want to update it and then right click a block and select upload block. When an SQLConnectionError appears hold control (or command) and press okay. Than a debugger will appear and you can see results. Ask me for more help if needed.

Thanks!    Well, it's definitely not your code, as far as I can tell. If that helps at all. 

I just hope this ends up working. I could probably make one for panther and BYOB as well.

'one' being an uploader. So an uploader for the Panther and BYOB mods.

blob8108 wrote:

dreamod wrote:

Ok. Do this, right click the .block on the top left and select update patch ( or check for updates). You want to update it and then right click a block and select upload block. When an SQLConnectionError appears hold control (or command) and press okay. Than a debugger will appear and you can see results. Ask me for more help if needed.

I now can't scroll in the block area, having updated it to 2.6 from 2.22. Any reason? 

Oh, no. There's a weird glitch in just that image. But if you file-out the 'working' changes into another image then it works. I'll put up a working image. Sorry for the inconvenience.

blob8108 wrote:

dreamod wrote:

blob8108 wrote:

I now can't scroll in the block area, having updated it to 2.6 from 2.22. Any reason? 

Oh, no. There's a weird glitch in just that image. But if you file-out the 'working' changes into another image then it works. I'll put up a working image. Sorry for the inconvenience.

At the risk of being thick — how precisely do I do that?    "Save image for end-user" didn't work...

I'll take care of that for you and give you a good working link, for the newest block importer and image.

blob8108 wrote:

sparks wrote:

I just checked the database and none of the blocks got through, which is good and bad    Thanks for testing it! I'm really stumped as to why there's an error at all though    I shall have to eyeball the code again!

Is this still the code you're using?

If so, I think I have an idea of the problem:

* On line 54, you've set the $query variable, but not actually run mysql_query($query). Might want to add that in 

* None of your values passed to the INSERT query appear to be escaped, as far as I can tell (using mysql_escape(), for example), so you might have some problems with values containing apostrophes — as well as it being a rather large security problem 

As a final note: on lines 44 and 58 it might be better to do something like "SELECT * FROM blocks WHERE name='$blockspec' LIMIT 1;" (where blockspec is escaped, naturally) rather than "SELECT * FROM `blocks`", and then just do $exists = mysql_num_rows($result) > 0. Should help reduce the load on the server.

Hope that helps! 

Oh! What a stupid mistake    Fresh eyes are always useful! I'll add it in a few hours after I've eaten and remeber to escape the string 

Would you like to join the developer team (i.e have access to the admin page?)

dreamod wrote:

this is the newest link to the block importer: http://www.mediafire.com/?bjdyg9wd965onla

Thanks!    This download's taking forever, though -_- 

You should use mysql_real_escape_string()

I plan on writing a topic on code security and practises tommorow, so be sure to read it!