Bug - Fixed Relay browser. Can't sail away at the Travel Agency

Bale

Minion
r8285: Using the relay browser.

Code:
[79] Muscle Vacation
Encounter: The Shore, Inc. Travel Agency

[79] Mysticality Vacation
Encounter: The Shore, Inc. Travel Agency

[79] Moxie Vacation
Encounter: The Shore, Inc. Travel Agency

[79] Muscle Vacation
Encounter: The Shore, Inc. Travel Agency
In the relay browser after clicking on the "Sail Away! (3)" button, the main panel refreshes exactly the same as it was, telling me that I've taken no trips so far. Although mafia deducts 500 meat for the vacation, KoL does not.

Finally I decide to automate the adventure:

Code:
Validating adventure sequence...
Requests complete.

Visit to Beach: Muscle Vacation in progress...

[79] Muscle Vacation
Encounter: Testing Grounds, 1... 2... 3...
You acquire an item: anticheese

Requests complete.
 
Last edited by a moderator:

Veracity

Developer
Staff member
I don't know what to say. I took a multi to the shore in the Relay Browser, selected the Ski Resort, and clicked on the Sail Away! (3) button. Twice.

[233320] Moxie Vacation
Encounter: Wired at the Ski Resort
You acquire an item: barbed-wire fence

[233323] Moxie Vacation
Encounter: A Moot Adventure
You gain 749 Smarm
 

Bale

Minion
The heck? I figured that would be really easy to replicate.

Well, I turned debug on and did it again to make a log of the problem for you. Hopefully this will enable you to find the problem.

Code:
> debug on

[119] Muscle Vacation
Encounter: The Shore, Inc. Travel Agency

[119] Mysticality Vacation
Encounter: The Shore, Inc. Travel Agency

[119] Moxie Vacation
Encounter: The Shore, Inc. Travel Agency

> debug off
 

Veracity

Developer
Staff member
Oh! You said "Using the relay browser" but didn't tell me you were running a relay override script for shore.php.
So, when you clicked on the link, it invoked your ASH script, which submitted - as a RelayRequest - the following URL

shore.php?pwd&whichtrip=1

That used to work, but for security reasons, we don't auto-fill the password hash for RelayRequests any more.

There are two possible solutions:

1) visit_url normal submits a GenericRequest, but when being called from a relay override, it submits a RelayRequest. It might have to do that; we do have to return the result of the request back to the browser, and RelayRequest knows how to do that. I'm not going to make RelayRequest autofill the password again, but what if we submitted via a GenericRequest? I'm inclined not to do that, since I'd need to poke around a lot with Relay Override scripts, and thats unknown territory for me.

2) You fix your relay script. You want to pretend to be the browser submitting commands to KoL? Then you do what the browser does - include a valid password hash wherever it is needed. It's easily available via ASH via the "string my_hash()" function.

I'm going with number 2. I guess that means I close this as "Not a Bug".
 

Bale

Minion
Thank you for finding my problem. (I forgot about that relay override.) I'm sorry to have wasted your time when I am clearly the culprit here.
 

Veracity

Developer
Staff member
Don't apologize. It was an obscure case which I never considered, when I made my security changes to RelayRequest. I knew that any request submitted by the user's browser was one such, but I wasn't aware that there were other users of the class. Now I - and you - know, and next time something like this comes up, I - and you - will know what to do. :)
 

lostcalpolydude

Developer
Staff member
The relay script used is here. visit_url() is used to grab the page contents. KoL is already providing the password hash in a hidden input; the script never relied on mafia including it, because it's the same submit button as playing kol without mafia, and all that relay override does is remove the button from the page under certain conditions. Is mafia inadvertently blocking the password hash because a relay override is used? Considering how much trouble I had getting the override to work in the first place, it's possible I don't understand what it's actually doing and it clearly shouldn't work now.
 

Veracity

Developer
Staff member
Hmm. I have now looked at your relay override, and I see you are using the argument-less version of visit_url().
OK, stay tuned. I need to investigate more.

Edit: Revision 8313 passes along all the fields - including the password hash - from the original Relay Request submitted by the browser to the one used by the relay override script.
 
Last edited:
Top