Author Topic: Rounding price custom fields problem after update to Joomla 2.5.16  (Read 10760 times)

jurajvt

  • Beginner
  • *
  • Posts: 21
Re: Rounding price custom fields problem after update to Joomla 2.5.16
« Reply #15 on: November 11, 2013, 15:18:28 pm »
I sanitized comma to HTML entity , in my quick fix above... But, it doesn't resolve the security problem, I think.


Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9839
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Rounding price custom fields problem after update to Joomla 2.5.16
« Reply #16 on: November 11, 2013, 16:01:27 pm »
So the conditions that it happens are quite clear now.

If there is a currency, which is ending at the value and not the currency sign and it is using Comma, then you get this problem. Solution is maybe to use instead of the comma, this
Code: [Select]
&#44 ;yehe remove the space between 44 and ; , but the forum is replacing it directly
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9839
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Rounding price custom fields problem after update to Joomla 2.5.16
« Reply #17 on: November 11, 2013, 16:32:46 pm »
I sanitized comma to HTML entity , in my quick fix above... But, it doesn't resolve the security problem, I think.

This is the right method. We could now always for all calls using JText::_ or the dropdown list use this replacement.

But I just think the solution of joomla is wrong.
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

jurajvt

  • Beginner
  • *
  • Posts: 21
Re: Rounding price custom fields problem after update to Joomla 2.5.16
« Reply #18 on: November 11, 2013, 16:45:02 pm »
I think, that it is Joomla core fast fix, which will be replaced in new version. It is first time, when some minor change break logic of framework...

If you are interesting in JS XSS vulnerability, try this test http://escape.alf.nu/

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9839
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Rounding price custom fields problem after update to Joomla 2.5.16
« Reply #19 on: November 11, 2013, 17:02:36 pm »
Code: [Select]
if (!(strpos($string, ',') === false))
{
$test = substr($string, strpos($string, ','));
if (strtoupper($test) === $test)
{
$strs = explode(',', $string);
foreach ($strs as $i => $str)
This means look in the String for a Comma. For example we have "16x digitaal + €100,00"

if there is a comma cut the part after this comma into a new string => we get "00".

Then it is checked if "00" is equal if we create an upper case out of it "00" => "00"

If yes, then start to filter all segments. So it filters ""16x digitaal + €100" and "00". The 00 is assumingly filtered as octal.
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Margriet

  • Jr. Member
  • **
  • Posts: 80
Re: Rounding price custom fields problem after update to Joomla 2.5.16
« Reply #20 on: November 11, 2013, 17:13:30 pm »

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9839
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9839
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Rounding price custom fields problem after update to Joomla 2.5.16
« Reply #22 on: November 11, 2013, 18:26:13 pm »
LOL, can anyone tell me why we need this?

http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31587

A feature added into a core feature having side effects. A very, very old core feature. I know, we have this also sometimes. But ... why changing this behaviour?

Quote from: vanWesten
Instead of doing:
SOME_STRING="Hello %s, Welcome to %s. You can log in with %s (%s)"

You can now do:
SOME_STRING="Hello [[%1:name]], Welcome to [[%2:sitename]]. You can log in with [[%3:username]] ([[%4:password]])"

I am interested how it impacts speed and memory use.
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Margriet

  • Jr. Member
  • **
  • Posts: 80
Re: Rounding price custom fields problem after update to Joomla 2.5.16
« Reply #23 on: November 11, 2013, 18:37:01 pm »
 8) You're right. I think there are more important things to develop! Makes it a little bit easier to see what's the meaning of the %s in the language strings, but if this breaks other important extensions.......................................... :'(

Lockerbie

  • Jr. Member
  • **
  • Posts: 102
Re: Rounding price custom fields problem after update to Joomla 2.5.16
« Reply #24 on: November 11, 2013, 20:42:22 pm »
To be clear and to help you search for a good solution, here are my screenshots.

Right after the update to Joomla 2.5.16:
(img1) and (img2)
The costs of the wrapping (€ 1,50) were added to the productprice, but weren't showing in the custom field dropdowns.

After the update and replacing the decimal sign from comma to point (dot):
(img3)

I don't know if it helps, but yes: I have the €-sign behind the amount. And there's also a space between the amount and the currency-sign, as was before.

[attachment cleanup by admin]

postkat

  • Beginner
  • *
  • Posts: 34
Re: Rounding price custom fields problem after update to Joomla 2.5.16
« Reply #25 on: November 13, 2013, 22:44:59 pm »
I have the same problem.
Virtuemart 2.0.24 and Joomla  2.5.16
I need to add eco tax for a French webshop but € 0,12 is rounded to € 0.
To be shure i tested it with € 0,90 and this is rounded to € 1
Really  looks like this problem is a bug in Virtuemart.

jenkinhill

  • UK Web Developer & Consultant
  • Global Moderator
  • Super Hero
  • *
  • Posts: 27426
  • Always on vacation
    • Jenkin Hill Internet
Re: Rounding price custom fields problem after update to Joomla 2.5.16
« Reply #26 on: November 13, 2013, 23:10:41 pm »
postkat if you revert to J2.0.14 you will see the problem no more........

VM2.0.24a will have a "fix" for the change in Joomla code.
Kelvyn

Jenkin Hill Internet,
Lowestoft, Suffolk, UK

Unsolicited PMs/emails will be ignored.

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Currently using VM 3.4.3.10057 on Joomla 3.9.8 PHP 7.0.33
Testing VM .3.6.0.10075 on Joomla 3.9.8

Lockerbie

  • Jr. Member
  • **
  • Posts: 102
Re: Rounding price custom fields problem after update to Joomla 2.5.16
« Reply #27 on: November 13, 2013, 23:18:08 pm »
@ Postkat: you can keep the update, but be sure to use a point/dot as decimal-sign in VM, instead of a comma.

@ Jenkinhill: where can we find the 2.0.24a, or when can we expect this version?

jenkinhill

  • UK Web Developer & Consultant
  • Global Moderator
  • Super Hero
  • *
  • Posts: 27426
  • Always on vacation
    • Jenkin Hill Internet
Re: Rounding price custom fields problem after update to Joomla 2.5.16
« Reply #28 on: November 13, 2013, 23:20:27 pm »
In SVN or wait a few hours for the release.
Kelvyn

Jenkin Hill Internet,
Lowestoft, Suffolk, UK

Unsolicited PMs/emails will be ignored.

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Currently using VM 3.4.3.10057 on Joomla 3.9.8 PHP 7.0.33
Testing VM .3.6.0.10075 on Joomla 3.9.8

Lockerbie

  • Jr. Member
  • **
  • Posts: 102
Re: Rounding price custom fields problem after update to Joomla 2.5.16
« Reply #29 on: November 13, 2013, 23:22:36 pm »
Thanks! I'll look into it in the morning.  :)