mIRC Home    About    Download    Register    News    Help

Print Thread
Crazy /var bug; double-evaluation math #242286 29/06/13 02:34 AM
Joined: Feb 2003
Posts: 2,785
Raccoon Offline OP
Hoopy frood
OP Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,785
mIRC is evaluating the contents of an identifier when the /var command is used to define a variable. If the identifier contains a simple single-operator math expression, mIRC will store the solution to the expression and not the string itself.

This can be potentially exploited with user input.

This CAN NOT be treated with any known work-arounds, short of replacing spaces with $chr(160).

EXAMPLE 1:

On *:TEXT:*:#: { var %a = $1- | echo -a %a }

<Raccoon> Hi
OUTPUT: Hi
<Raccoon> 1 + 1
OUTPUT: 2
(should be: 1 + 1)

EXAMPLE 2:

//var %a = $qt(1 + 1), %b = $noqt(%a) | echo -a %a , %b

OUTPUT: "1 + 1" , 2

v7.29

UPDATE:

I was informed a functioning work around is to use /set -nl %a $1- instead of /var %a = $1-


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
Re: Crazy /var bug; double-evaluation math [Re: Raccoon] #242287 29/06/13 08:45 AM
Joined: Dec 2002
Posts: 5,020
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 5,020
This is not an issue with /var itself. The /var command can perform simple calculations in the same way as /set. Both of these commands are used by many scripts for this purpose. It would not be possible to make changes to how these commands work without affecting all existing scripts.

The /set command has an -n switch that allows you to store input without evaluating it, as you discovered. The -n switch is not available in /var, which only supports a subset of the switches available to /set. I will add this switch to /var in the next version.

Re: Crazy /var bug; double-evaluation math [Re: Khaled] #242288 29/06/13 10:03 PM
Joined: Feb 2003
Posts: 2,785
Raccoon Offline OP
Hoopy frood
OP Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,785
Thanks, Khaled!

I'm surprised I've never encountered this before with handling user input and storing On Text $1- to a variable. Seems all these years someone must have typed "1 + 1" and my client would have thought they said "2".

I thought the Simple Math behavior of /set and /var was only with explicit assignments and not through evaluation of another variable or identifier... for which one would use $calc() instead.

Last edited by Raccoon; 29/06/13 10:05 PM.

Well. At least I won lunch.
Good philosophy, see good in bad, I like!
Re: Crazy /var bug; double-evaluation math [Re: Khaled] #242380 09/07/13 03:38 AM
Joined: Jul 2006
Posts: 3,829
W
Wims Offline
Hoopy frood
Offline
Hoopy frood
W
Joined: Jul 2006
Posts: 3,829
Hello Khaled, I suggested that in the past, as well as having the -u switch (with -g: var -gu), any way to also add -u in the next version blush ?


Looking for a good help channel about mIRC? Check #mircscripting @ irc.swiftirc.net