Possible fix for issue #88

[KyleMassacre]

Maybe something that can be done for issue #88 Instead of this https://github.com/MasterGeneral156/chivalry-engine/blob/5d5980c5bf557a8ee022f81cf70613182a479841/upload/criminal.php#L110 You can try something like this:

$ec = "\$sucrate=" . str_ireplace(array("LEVEL", "EXP", "WILL", "IQ"), array($ir['level'], $ir['xp'], $ir['will'], $ir['iq']), $r['crimePERCFORM']) . ";";

$tokens = token_get_all("<?php {$ec}");
$expr = '';

foreach($tokens as $token){

  if(is_string($token)){

    if(in_array($token, array('(', ')', '+', '-', '/', '*'), true))
      $expr .= $token;

   continue;   
  }

  list($id, $text) = $token;

  if(in_array($id, array(T_DNUMBER, T_LNUMBER)))
    $expr .= $text;
}

eval("{$expr};");

Source: https://3v4l.org/vbLdo

Note: This isn’t tested

[MasterGeneral156]

I think a7ff6be32382da748993343f97dcbeca44079665 should finish this up?

[KyleMassacre]

We are on the right track I think but it’s still not there. As you can see from this: https://3v4l.org/7Fomj It still produces a value because a lot of functions produce a Boolean and you can’t catch it until it is ran. The best thing to do is somehow get away from eval()

[MasterGeneral156]

34bed06256f0ed7db042f762d7da4ceb0f74eb16 + a0fecf64c88e3216fcd37d55ad949340f4e76627

I think this should wrap this issue up? Unless you have anything else you manage to spot.

[KyleMassacre]

I haven actually tested anything and browsed through the classes. I didn’t see eval() at all which is a plus but you may want to check to see if you can run bad commands. One of the worst I seen in action was this gem: $db->query('drop table users'); You don’t have to go that extreme though

[MasterGeneral156]

Just attempted to run that query (manually entered it in my local DB) and it failed with an error. I think its because the class itself errors when the formula input isn't solvable? (Try (10)445 as an example?) I'll have to do more thorough testing, but I'd say we've got this vector licked up nicely.