I deposited $5,500,000,000 dolars in the clan treasury. I did not withdraw anything. I had $5,500,000,000 less listed on the status bar. $5,500,000,000 more appeard in the clan treasury. But the news said:
0.2 hours ago You:
gave $1,205,032,704 to the clan treasury.
Bug, Treasury News
-
Ruddertail
- Promi Diplomacy ate my homework...
- Posts: 4510
- Joined: Wed May 12, 2004 11:39 pm
- Location: Chances are, playing FAF.
- Contact:
Yay for me!111one
Sorry, it's just that what I discovered probably explains most of the news bugs we've had issues with:
addNews() calls fixInputNegativeNum to fix its input numbers while still allowing negative numbers. To do this, it uses intval($num).
Proposal to just remove intval. What does it do that fixInputNum doesn't already cover(besides the leaving in negatives, but just remove the abs value call and you're set)
Note: this explains the negative aid in news and all the other crazyiness.
Sorry, it's just that what I discovered probably explains most of the news bugs we've had issues with:
addNews() calls fixInputNegativeNum to fix its input numbers while still allowing negative numbers. To do this, it uses intval($num).
Unfortunately, from the php manual about intval:function fixInputNegativeNum ($num) {
$num = round(str_replace(",", "", $num));
return intval($num);
}
On the page about integers:Returns the integer value of var, using the specified base for the conversion (the default is base 10).
This worried me, so I did an experiment:The size of an integer is platform-dependent, although a maximum value of about two billion is the usual value (that's 32 bits signed). PHP does not support unsigned integers.
The results of this code were:<?
// Int val test:
function fixInputNegativeNum ($num) {
$num = round(str_replace(",", "", $num));
return intval($num);
}
print("FINN(4294967297) returns: " . fixInputNegativeNum(4294967297)); // scary big numbers!
print("\n<br>FINN(2147483648 returns: " . fixInputNegativeNum(2147483648)); // Also a scary big number
print("\n<br>FINN(5,500,000,000) returns: " . fixInputNegativeNum("5,500,000,000")); // Number ruddertail put in
?>
If you look at the last example, the number matches up exactly with the result Ruddertail got. Therefore, intval() is too unstable for our uses and I don't really like it.FINN(4294967297) returns: 1
FINN(2147483648 returns: -2147483648
FINN(5,500,000,000) returns: 1205032704
Proposal to just remove intval. What does it do that fixInputNum doesn't already cover(besides the leaving in negatives, but just remove the abs value call and you're set)
Note: this explains the negative aid in news and all the other crazyiness.
"The truth is a trap: you can not get it without it getting you; you cannot get the truth by capturing it, only by its capturing you." - Søren Kierkegaard
-
The Beatles
- Fear me for I am root
- Posts: 6285
- Joined: Tue May 24, 2005 8:12 pm
What security issues? (as that's all fixInputNum does anyways)The Beatles wrote: You rock!
However, that introduces some new security issues - why not round(floatval($num))?
That is where I'm confused. Round() returns a float anyways.
But that should work of course. (Swapped in floatval())
"The truth is a trap: you can not get it without it getting you; you cannot get the truth by capturing it, only by its capturing you." - Søren Kierkegaard
-
Members connected in real time
