ID:2359834
 
Resolved
A minor fix to html_encode() behavior for non-strings also rather badly broke it, producing incorrect results.
BYOND Version:512.1420
Operating System:Windows 7 Ultimate 64-bit
Web Browser:Firefox 59.0
Applies to:Dream Daemon
Status: Resolved (512.1421)

This issue has been resolved.
Descriptive Problem Summary:

When the result of html_encode() called with a non-text value is stored to a variable, that variable points to what I assume is a temporary buffer, and is poisoned to change according to other writes to that buffer.

Behavior gets even weirder when text involving the poisoned value is sent to a browser. This manifested in SS13 as "[html_encode(name)] = [html_encode(value)]" lines with non-text values being replaced by other, later key/value pairs, which thus appeared twice in the output.

Code Snippet (if applicable) to Reproduce Problem:
/client/New()
. = ..()
var/t = "([html_encode(50)])"
src << "[length(t)]"
src << "_( [t] )_"
src << "[istext(t)]"
src << "[t:type]"


In addition, inserting another print of "_( [t] )_" before the first existing print causes all future prints to not appear.

Expected Results:
4
_( (50) )_
1
runtime error: Cannot read "(50)".type

Actual Results:
0
_( 0 )_
1
runtime error: Cannot read "1".type

Second code snippet:
/client/New()
. = ..()
var/t = "[html_encode(50)]<br>"
var/obj/O = new
for(var/key in O.vars)
t += "[key]<br>"
src << browse(t)


Expected Results:
50
animate_movement
loc
x
y
(... further output ...)

Actual Results:
animate_movement
animate_movement
(no further output)

Does the problem occur:
Every time? Or how often? -- Every time
In other games? -- Yes
In other user accounts? -- Unknown
On other computers? -- Unknown

When does the problem NOT occur?
Introduced in 1420; works fine in 1419.

Workarounds:
Call html_encode("[X]") everywhere you currently call html_encode(X).
Lummox JR resolved issue with message:
A minor fix to html_encode() behavior for non-strings also rather badly broke it, producing incorrect results.

Login to reply.