News:

Looking for documentation? Take a look on our wiki

Main Menu

Rounding price custom fields problem after update to Joomla 2.5.16

Started by Lockerbie, November 07, 2013, 15:43:55 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4
User actions

jurajvt

#15
November 11, 2013, 15:18:28 PM
I sanitized comma to HTML entity , in my quick fix above... But, it doesn't resolve the security problem, I think.

Milbo

#16
November 11, 2013, 16:01:27 PM Last Edit: November 11, 2013, 16:31:31 PM by Milbo
So the conditions that it happens are quite clear now.

If there is a currency, which is ending at the value and not the currency sign and it is using Comma, then you get this problem. Solution is maybe to use instead of the comma, this
Code Select
&#44 ;
yehe remove the space between 44 and ; , but the forum is replacing it directly
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Milbo

#17
November 11, 2013, 16:32:46 PM
Quote from: jurajvt on November 11, 2013, 15:18:28 PM
I sanitized comma to HTML entity , in my quick fix above... But, it doesn't resolve the security problem, I think.

This is the right method. We could now always for all calls using JText::_ or the dropdown list use this replacement.

But I just think the solution of joomla is wrong.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

jurajvt

#18
November 11, 2013, 16:45:02 PM
I think, that it is Joomla core fast fix, which will be replaced in new version. It is first time, when some minor change break logic of framework...

If you are interesting in JS XSS vulnerability, try this test http://escape.alf.nu/

Milbo

#19
November 11, 2013, 17:02:36 PM
Code Select

if (!(strpos($string, ',') === false))
{
$test = substr($string, strpos($string, ','));
if (strtoupper($test) === $test)
{
$strs = explode(',', $string);
foreach ($strs as $i => $str)

This means look in the String for a Comma. For example we have "16x digitaal + €100,00"

if there is a comma cut the part after this comma into a new string => we get "00".

Then it is checked if "00" is equal if we create an upper case out of it "00" => "00"

If yes, then start to filter all segments. So it filters ""16x digitaal + €100" and "00". The 00 is assumingly filtered as octal.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Milbo

#21
November 11, 2013, 17:27:02 PM
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Milbo

#22
November 11, 2013, 18:26:13 PM
LOL, can anyone tell me why we need this?

http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31587

A feature added into a core feature having side effects. A very, very old core feature. I know, we have this also sometimes. But ... why changing this behaviour?

Quote from: vanWesten
Instead of doing:
SOME_STRING="Hello %s, Welcome to %s. You can log in with %s (%s)"

You can now do:
SOME_STRING="Hello [[%1:name]], Welcome to [[%2:sitename]]. You can log in with [[%3:username]] ([[%4:password]])"

I am interested how it impacts speed and memory use.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Margriet

#23
November 11, 2013, 18:37:01 PM
 8) You're right. I think there are more important things to develop! Makes it a little bit easier to see what's the meaning of the %s in the language strings, but if this breaks other important extensions.......................................... :'(

Lockerbie

#24
November 11, 2013, 20:42:22 PM
To be clear and to help you search for a good solution, here are my screenshots.

Right after the update to Joomla 2.5.16:
(img1) and (img2)
The costs of the wrapping (€ 1,50) were added to the productprice, but weren't showing in the custom field dropdowns.

After the update and replacing the decimal sign from comma to point (dot):
(img3)

I don't know if it helps, but yes: I have the €-sign behind the amount. And there's also a space between the amount and the currency-sign, as was before.

[attachment cleanup by admin]

postkat

#25
November 13, 2013, 22:44:59 PM
I have the same problem.
Virtuemart 2.0.24 and Joomla  2.5.16
I need to add eco tax for a French webshop but € 0,12 is rounded to € 0.
To be shure i tested it with € 0,90 and this is rounded to € 1
Really  looks like this problem is a bug in Virtuemart.

jenkinhill

#26
November 13, 2013, 23:10:41 PM
postkat if you revert to J2.0.14 you will see the problem no more........

VM2.0.24a will have a "fix" for the change in Joomla code.
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Lockerbie

#27
November 13, 2013, 23:18:08 PM
@ Postkat: you can keep the update, but be sure to use a point/dot as decimal-sign in VM, instead of a comma.

@ Jenkinhill: where can we find the 2.0.24a, or when can we expect this version?

jenkinhill

#28
November 13, 2013, 23:20:27 PM
In SVN or wait a few hours for the release.
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Lockerbie

#29
November 13, 2013, 23:22:36 PM
Thanks! I'll look into it in the morning.  :)
Print
Go Up Pages 1 2 3 4
User actions