SignShop v4

SignShop v4

Bukkit Plugins
992k Downloads

comma used instead of full stop to scam players

TomLewis opened this issue ยท 9 comments

commented

I have an issue where players are using a comma instead of full stops to scam players on signs.

For example we had one today where they sold an item with 270,00 to pretend it was $270, but that then takes out $270,000.
Is there a way to check that either the comma is in the correct place, or just make that actually be 270 because thats where they put the comma.

p.s im still using purpur 1.18.2 so may be restricted from updates as your v4 uses the latest api.

commented

Sorry I completely missed the notification for this reply!

Players use whatever they feel like on the day by the looks of things, I wonder if its different in different places in the world?
They should be using . which most are using, so the majority are using the full stop, buuut in the minecraft font on a sign , is very close looking...

oh my god im an actual moron it does have

# Use an internationally compatible currency parser that supports ',' and '.' decimal separators.  This may, but likely will not be, incompatible with existing servers.
# This will be automatically enabled on new servers, and disabled for servers that have existing shops. (true, false or auto by Default)
AllowCommaDecimalSeparator: 'false'

so all I need to do is enable this and reboot?

so I presume if they use a space with this enabled, it'll still bypass? 270, 00 ?
Ill get this changed and reboot when I next can

commented

Reading the comment on that toggle, I have a 15mb sellers.yml thats quite a few signs in signshop... When its saying about being incompatible with existing servers, does that mean it will break these existing signs?

commented

I figured that this just got lost in the shuffle. There are lots of countries that use , instead of . for the decimal separator. They also use . instead of , for the thousands separator. Some countries use a space for the thousands separator.

The new parser tries to determine what the intention of the creator is. It does this by checking the price line during the operation and stripping white space and non numerical characters except , and . It then checks the count and location and existence of , and . to determine which format is used. It then caches the determination so it doesn't have to do it again for that price String. It never touches the sellers.yml.

The reason for the disclaimer is we tested every possible combination we could think of, but it is possible that another country does it differently and it could break the price. But I doubt it.

commented

Hey, I like that parser explanation! User input cleaned! I guess the only other thing to do is force a format on everyone haha

So I should be safe to toggle it, wait for tomorrows reboot and old shops should be fine? thats my worry here, that I go and break every sign shop.

I guess if I back it all up first, shouldn't matter right?

commented

I doubt you will have an issue, and if you did it would just be incorrectly parsed prices. You could then just put it back. Of course a backup is always a good idea.

  • ๐Ÿ‘1
commented

This was our test method

    public void testparsePrice() {
        SignShopConfig.CommaDecimalSeparatorState prev = SignShop.getInstance().getSignShopConfig().allowCommaDecimalSeparator();
        SignShop.getInstance().getSignShopConfig().setAllowCommaDecimalSeparator(SignShopConfig.CommaDecimalSeparatorState.TRUE, false);
        assertEquals(0.0D, economyUtil.parsePrice(null));
        assertEquals(0.0D, economyUtil.parsePrice("null"));
        assertEquals(0.0D, economyUtil.parsePrice("NaN"));
        assertEquals(5.0D, economyUtil.parsePrice("-5"));
        assertEquals(1234.0D, economyUtil.parsePrice("1234"));
        assertEquals(1234.0D, economyUtil.parsePrice("1234.00"));
        assertEquals(1234.0D, economyUtil.parsePrice("1234,00"));
        assertEquals(1234.0D, economyUtil.parsePrice("1,234.00"));
        assertEquals(1234.0D, economyUtil.parsePrice("1.234,00"));
        assertEquals(1234.0D, economyUtil.parsePrice("1 234.00"));
        assertEquals(1234.0D, economyUtil.parsePrice("1 234,00"));
        assertEquals(1234.0D, economyUtil.parsePrice("1, 234.00"));
        assertEquals(1234.0D, economyUtil.parsePrice("1. 234,00"));
        assertEquals(123400.0D, economyUtil.parsePrice("1, 234,00"));
        assertEquals(123400.0D, economyUtil.parsePrice("1. 234.00"));
        assertEquals(123400.0D, economyUtil.parsePrice("1. 234. 00"));
        assertEquals(123400.0D, economyUtil.parsePrice("1, 234, 00"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1234"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1234 wa"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1234.00"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1234,00"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1234.00 wa"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1234,00 wa"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1,234 wa"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1.234 wa"));
        assertEquals(1234.0D, economyUtil.parsePrice("1,,,,,234"));
        assertEquals(1234.0D, economyUtil.parsePrice("1.....234"));
        assertEquals(1234.0D, economyUtil.parsePrice("1,2,3,4,,,"));
        assertEquals(1234.0D, economyUtil.parsePrice("1.2.3.4..."));
        assertEquals(1234.0D, economyUtil.parsePrice(",,,1,2,3,4"));
        assertEquals(1234.0D, economyUtil.parsePrice("...1.2.3.4"));
        assertEquals(0.0D, economyUtil.parsePrice("..,.,.,.1234,.,.,.,"));
        assertEquals(0.0D, economyUtil.parsePrice("1,.2,.3,.4,."));
        assertEquals(0.0D, economyUtil.parsePrice("1.,2.,3.,4.,"));
        assertEquals(12341234.0D, economyUtil.parsePrice("wa 1234 wa 1234"));
        assertEquals(12341234.0D, economyUtil.parsePrice("1234 wa 1234 wa"));
        assertEquals(121212.0D, economyUtil.parsePrice("12 wa 12 wa 12 wa"));
        assertEquals(121212.0D, economyUtil.parsePrice("wa 12 wa 12 wa 12"));
        assertEquals(12341234.0D, economyUtil.parsePrice("wa, 12,3,4 w,a 1,2,34,"));
        assertEquals(12341234.0D, economyUtil.parsePrice("1234. wa. 1.2.3.4 .wa."));
        assertEquals(1212.12D, economyUtil.parsePrice("12. wa 12. wa, 12 wa"));
        assertEquals(1212.12D, economyUtil.parsePrice("wa, 12, wa 1,2 wa. 12"));
        assertEquals(0.0D, economyUtil.parsePrice("12. wa 1,2 wa 12 wa"));
        assertEquals(0.0D, economyUtil.parsePrice("wa, 12, wa 1.2 wa 12"));
        assertEquals(1234.0D, economyUtil.parsePrice("!@#$%^&*()1234!@#$%^&*()"));
        assertEquals(0.0D, economyUtil.parsePrice(""));
        assertEquals(0.0D, economyUtil.parsePrice("i am nothing"));
        assertEquals(40711031.0D, economyUtil.parsePrice("i 4m n07h1ng w1th s0m3th1ng"));
        assertEquals(43.0D, economyUtil.parsePrice("giggity goo ga 43"));
        assertEquals(12341234.0D, economyUtil.parsePrice("1234.1234"));
        assertEquals(12341234.0D, economyUtil.parsePrice("1234,1234"));
        assertEquals(12341234.0D, economyUtil.parsePrice("1234+1234"));
  • ๐Ÿ‘1
  • ๐Ÿ˜„1
commented

This was our test method

    public void testparsePrice() {
        SignShopConfig.CommaDecimalSeparatorState prev = SignShop.getInstance().getSignShopConfig().allowCommaDecimalSeparator();
        SignShop.getInstance().getSignShopConfig().setAllowCommaDecimalSeparator(SignShopConfig.CommaDecimalSeparatorState.TRUE, false);
        assertEquals(0.0D, economyUtil.parsePrice(null));
        assertEquals(0.0D, economyUtil.parsePrice("null"));
        assertEquals(0.0D, economyUtil.parsePrice("NaN"));
        assertEquals(5.0D, economyUtil.parsePrice("-5"));
        assertEquals(1234.0D, economyUtil.parsePrice("1234"));
        assertEquals(1234.0D, economyUtil.parsePrice("1234.00"));
        assertEquals(1234.0D, economyUtil.parsePrice("1234,00"));
        assertEquals(1234.0D, economyUtil.parsePrice("1,234.00"));
        assertEquals(1234.0D, economyUtil.parsePrice("1.234,00"));
        assertEquals(1234.0D, economyUtil.parsePrice("1 234.00"));
        assertEquals(1234.0D, economyUtil.parsePrice("1 234,00"));
        assertEquals(1234.0D, economyUtil.parsePrice("1, 234.00"));
        assertEquals(1234.0D, economyUtil.parsePrice("1. 234,00"));
        assertEquals(123400.0D, economyUtil.parsePrice("1, 234,00"));
        assertEquals(123400.0D, economyUtil.parsePrice("1. 234.00"));
        assertEquals(123400.0D, economyUtil.parsePrice("1. 234. 00"));
        assertEquals(123400.0D, economyUtil.parsePrice("1, 234, 00"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1234"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1234 wa"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1234.00"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1234,00"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1234.00 wa"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1234,00 wa"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1,234 wa"));
        assertEquals(1234.0D, economyUtil.parsePrice("wa 1.234 wa"));
        assertEquals(1234.0D, economyUtil.parsePrice("1,,,,,234"));
        assertEquals(1234.0D, economyUtil.parsePrice("1.....234"));
        assertEquals(1234.0D, economyUtil.parsePrice("1,2,3,4,,,"));
        assertEquals(1234.0D, economyUtil.parsePrice("1.2.3.4..."));
        assertEquals(1234.0D, economyUtil.parsePrice(",,,1,2,3,4"));
        assertEquals(1234.0D, economyUtil.parsePrice("...1.2.3.4"));
        assertEquals(0.0D, economyUtil.parsePrice("..,.,.,.1234,.,.,.,"));
        assertEquals(0.0D, economyUtil.parsePrice("1,.2,.3,.4,."));
        assertEquals(0.0D, economyUtil.parsePrice("1.,2.,3.,4.,"));
        assertEquals(12341234.0D, economyUtil.parsePrice("wa 1234 wa 1234"));
        assertEquals(12341234.0D, economyUtil.parsePrice("1234 wa 1234 wa"));
        assertEquals(121212.0D, economyUtil.parsePrice("12 wa 12 wa 12 wa"));
        assertEquals(121212.0D, economyUtil.parsePrice("wa 12 wa 12 wa 12"));
        assertEquals(12341234.0D, economyUtil.parsePrice("wa, 12,3,4 w,a 1,2,34,"));
        assertEquals(12341234.0D, economyUtil.parsePrice("1234. wa. 1.2.3.4 .wa."));
        assertEquals(1212.12D, economyUtil.parsePrice("12. wa 12. wa, 12 wa"));
        assertEquals(1212.12D, economyUtil.parsePrice("wa, 12, wa 1,2 wa. 12"));
        assertEquals(0.0D, economyUtil.parsePrice("12. wa 1,2 wa 12 wa"));
        assertEquals(0.0D, economyUtil.parsePrice("wa, 12, wa 1.2 wa 12"));
        assertEquals(1234.0D, economyUtil.parsePrice("!@#$%^&*()1234!@#$%^&*()"));
        assertEquals(0.0D, economyUtil.parsePrice(""));
        assertEquals(0.0D, economyUtil.parsePrice("i am nothing"));
        assertEquals(40711031.0D, economyUtil.parsePrice("i 4m n07h1ng w1th s0m3th1ng"));
        assertEquals(43.0D, economyUtil.parsePrice("giggity goo ga 43"));
        assertEquals(12341234.0D, economyUtil.parsePrice("1234.1234"));
        assertEquals(12341234.0D, economyUtil.parsePrice("1234,1234"));
        assertEquals(12341234.0D, economyUtil.parsePrice("1234+1234"));

Bloody hell, well if we find any exception I will let you know LOL
I will enable it for tomorrows reboot then!

commented

I think it worked? I've not had any reports or screaming players ๐Ÿคฃ

I guess we can close this ticket! And I'll reopen if something pops up!

Thanks!

  • ๐Ÿ‘1
commented

What exact Signshop version are you currently using? Does your server mostly use , or . or both as the decimal separator and do the others work as expected? Is there a space or some other character in the price? Does your config contain AllowCommaDecimalSeparator: and if so what is the value?