Ok I tested it - I tried to register an account named "scooter" and I immediately got an error saying that was already taken. I also tried the same with Griselda, and got an error immediately. Starting to think some sort of vBulletin exploit was used..?

Perhaps it's using zero-width spaces or something.

Not sure if this has been mentioned elsewhere, but there seems to have been some sort of attack on some of the threads where the ' symbol has been replaced with ***8217;

It has certainly happened in Krill's pitboss 5 thread and I have noticed it too in the pitboss 7 forum too.

zakalwe Wrote:Perhaps it's using zero-width spaces or something.

It was a vBulletin exploit involving some, uh, creativity. I found a fix though and sent it to T-Hawk and he applied it, so we should be good now.

I merged the "duplicate usernames" thread in here since they're related.

Scooter's fix involves using the vBulletin censorship filter to block out the sequence & # (without the space) from any user input. Since the censorship filter is also applied at page render time, this ends up affecting threads with special characters in the title, which use that sequence to encode the character.

Unfortunately I don't think there's a workaround to fix those threads while keeping the exploit patched closed. Affected threads will have to be manually edited, I'm afraid.

(Hah, but something useful came out of the censorship filter adventures earlier this year, now I know how it works to explain this behavior. :D )

Uh, does this mean nobody can use characters with diacritics? Not that I'd want to.

PBEM27 has been done for a while now.

Square Leg Wrote:Not sure if this has been mentioned elsewhere, but there seems to have been some sort of attack on some of the threads where the ' symbol has been replaced with ***8217;

It has certainly happened in Krill's pitboss 5 thread and I have noticed it too in the pitboss 7 forum too.

A quick google turned up this:
https://bugs.php.net/bug.php?id=46129

Thanks, that explains things more. Unfortunately, patching vBulletin to use a different PHP XML library is a bit beyond my capabilities.

Looks like this only happens for curly quotes and other such unusual glyphs that are encoded into HTML entities. It wouldn't affect any other diacritic (á é ï õ ù) that's a straight Unicode character. So to avoid this, stop writing turn reports in Microsoft Word and use a proper text editor that doesn't scramble your characters.

Or you could just turn off Word's automatic conversion to curly quotes.