A well known bug explained and how to fix.

[waffles]

Ok this happened on my game before and luckily i was able to patch it asap.

 

Someone can send an item to themselves while overriding the item quantitity check.

How it is performed:

1. They type 1.4e1053838..... in the quantity box.

2. They type the id

3. They user is large ammount of items and the item quantity check is disabled.

Why this happens:

1. The e acts as a exponent. So its actually going to send you 1.4 to the power of 1053838 quantities of items. This e will confuse the script and the item quantity check will fail.

How to patch it:

1. Open the itemsend.php file.

2. Under the line: $h->menuarea();

3. Add: $_GET['qty'] = ((int) $_GET['qty']);

4. Save the file

How does this fix it:

1. The int means that the value can only be an interger.

2. So if the script discouvers a letter or unknown character in the script it will stop the value befotre the letter

3. so 1.4e1053838 would be come 1.

4. This is because it would orginally be 1.4 but you did not want decimals so it is rounded to the nearest whole number giving you the final value of 1.

 

Thanks all and i think this bug only happens on MC Lite.

[UCC]

Re: A well known bug explained and how to fix.

It doesnt appear to be a problem in 2.0

At least on my game

[Revolution]

Re: A well known bug explained and how to fix.

V2 is already patched against this...

[waffles]

Re: A well known bug explained and how to fix.

Thanks for the confirmation.

[Arson]

Re: A well known bug explained and how to fix.

Also, for those of you that dont like the 2.147 billion cap..for money transfers and whatnot..

$_POST['money']=abs($_POST['money']);

That makes the money var an absolute number. It also blocks out the Exponent. Remember back in 6th grade? |-5| = 5 ..thats what it is...you can do the same for the quantity of items for itemsend too if you want people to be able to send that many items..