News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

A non-numeric value encountered

Started by inter, February 15, 2018, 02:49:44 AM

Previous topic - Next topic

inter

php 7.1
smf 2.015
Url: http://.../index.php?action=recent;start=%1$d
Error: A non-numeric value encountered
File: /.../Sources/Recent.php
Line: 229
Sorry for my English

Shambles

Was this from a Tapatalk user/IP or a 66.249.* Google bot by any chance?

inter

Sorry for my English

Shambles

Have you recently upgraded your PHP from < 7.1?

From 7.1 upwards these non-numeric errors are tracked more vigorously and reported more often. I find the GoogleBots and Tapatalk members cause 99% of the errors you reported. Just ignore them (there's not much you can do anyway!)

QuoteNew E_WARNING and E_NOTICE errors have been introduced when invalid strings are coerced using operators expecting numbers or their assignment equivalents. An E_NOTICE is emitted when the string begins with a numeric value but contains trailing non-numeric characters, and an E_WARNING is emitted when the string does not contain a numeric value.

https://stackoverflow.com/questions/42044127/warning-a-non-numeric-value-encountered

http://php.net/manual/en/migration71.other-changes.php

inter

I reported an error, whether it will be corrected by the developers of the forum - this is already a question for them, not for me.
Sorry for my English

live627

The line in question is


$query_parameters['max_id_msg'] = max(0, $modSettings['maxMsgID'] - 100 - $_REQUEST['start'] * 6);


The problem is immediately apparent: an unsanitized string is used in integer arithmetic (subtraction)

This isn't isolated, either...

Shambles

Quote from: live627The problem is immediately apparent: an unsanitized string is used in integer arithmetic (subtraction)

Errr.. yes indeed.  Why bump such an old thread with an obvious diagnosis?

Arantor

$_REQUEST['start'] isn't unsanitised though. It's actually more likely the modSettings entry...

Aleksi "Lex" Kilpinen

Quote from: Sh@mbles on October 30, 2018, 07:53:19 PM
Quote from: live627The problem is immediately apparent: an unsanitized string is used in integer arithmetic (subtraction)

Errr.. yes indeed.  Why bump such an old thread with an obvious diagnosis?
Because going through bug reports is part of being a developer?
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Sesquipedalian

Quote from: Arantor on October 31, 2018, 03:03:13 AM
$_REQUEST['start'] isn't unsanitised though. It's actually more likely the modSettings entry...

If it were the $modSettings value, one would expect the error to occur every time, but the original report doesn't say anything to suggest that that's what was happening. So I expect live627's diagnosis is correct. My main question is whether this can be reproduced on a standard install or if it could be due to a mod that broke the sanitization somehow.
I promise you nothing.

Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

Arantor

An unmodified QueryString.php file should be sanitising that value every time precisely because of the various ways it's used...

Sesquipedalian

A fix for this bug has been added for 2.0.16.
I promise you nothing.

Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

shawnb61

Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Sebastiii

#13
Hello :)
I would like to have an advice coding question.
By switching PHP from 5.6 to 7.4, I'm getting this error (related to Tapatalk code from log) but it seems when a URL didn't match from outside Tapatalk (not 100% sure).

Btw,

<?php
if (!defined('SMF'))
    die(
'Hacking attempt...');

.....

if (!empty(
$board) && empty($topic))
        {
            
$location 'forum';
            
$other_info[] = 'fid='$fid;
            
            
$topics_per_page = empty($modSettings['disableCustomPerPage']) && !empty($options['topics_per_page']) && !WIRELESS $options['topics_per_page'] : $modSettings['defaultMaxTopics'];
            
$current_page = isset($_REQUEST['start']) ? ($_REQUEST['start'] / $topics_per_page 1) : 1;
            
            
$other_info[] = 'page='.$current_page;
            
$other_info[] = 'perpage='.$topics_per_page;
        }
        else if (!empty(
$topic))
        {
            
$messages_per_page = empty($modSettings['disableCustomPerPage']) && !empty($options['messages_per_page']) && !WIRELESS $options['messages_per_page'] : $modSettings['defaultMaxMessages'];
            
            
$other_info[] = 'fid='$fid;
            
$other_info[] = 'tid='.$topic;
            
$other_info[] = 'perpage='.$messages_per_page;
            
            if (
substr($_REQUEST['start'], 03) == 'msg')
            {
                
$location 'post';
                
$other_info[] = 'pid='.(int) substr($_REQUEST['start'], 3);
            }
            else
            {
                
$location 'topic';
                
$current_page = isset($_REQUEST['start']) ? ( intval($_REQUEST['start']) / intval(intval($messages_per_page) + 1)) : 1;
                
$other_info[] = 'page='.$current_page;
            }
        }

The error is on :
<?php
$current_page 
= isset($_REQUEST['start']) ? ($_REQUEST['start'] / $topics_per_page 1) : 1;

And also on :
<?php
$current_page 
= isset($_REQUEST['start']) ? ( intval($_REQUEST['start']) / intval(intval($messages_per_page) + 1)) : 1;

It's maybe also related to Pretty Url, that change URL to pretty name and then there is no numeric value.
Before in PHP5.6, the error wasn't logged.

So the idea will be to test the following code :
<?php
if (is_numeric($topics_per_page))
{
    
$current_page = isset($_REQUEST['start']) ? ($_REQUEST['start'] / $topics_per_page 1) : 1;
}

<?php
if (is_numeric($messages_per_page))
{
    
$current_page = isset($_REQUEST['start']) ? ( intval($_REQUEST['start']) / intval(intval($messages_per_page) + 1)) : 1;
}

What do you think ?
Thanks.

Sebastiii

I have done this, and for now, it seems to work, no more errors logged and seems Tapatalk is OK, I can post, etc.

Advertisement: