Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[alway]

Yep. Alt + Drag is pretty much what separates a programmer from an amateurgrammer. It is the best.

[miauw62]

Haha, welp.
I wrote this. Try to see what's wrong.

Spoiler (click to show/hide)

If fed "> foobar <", this runtimes after making a huge string, and BYOND doesn't seem to free the memory, so the server is basically done for.

[Skyrunner]

And that's why you sanitize your inputs

[miauw62]

And that's why you sanitize your inputs

It IS an input sanitization function, there are no builtin sanitization functions except for html_decode() and html_encode() :c

[Thief^]

What's wrong with HTML_encode? Won't that just make anything they enter into displayable text, no tag injection exploits?

[miauw62]

What's wrong with HTML_encode? Won't that just make anything they enter into displayable text, no tag injection exploits?

Yeah, but sometimes you want to strip all the tags.

[Orange Wizard]

In Python, you would use string.strip(thing_to_be_stripped) and be done with it.

[Mephisto]

The DM language looks like something I would prefer not to use. I might even subject myself to PHP given the choice.

[Reelya]

Haha, welp.
I wrote this. Try to see what's wrong.

Spoiler (click to show/hide)

If fed "> foobar <", this runtimes after making a huge string, and BYOND doesn't seem to free the memory, so the server is basically done for.

You might be able to fix your one by constraining the search for the ">" token to after the start of the "<". But the basic way to do it is to copy all chars to from the input one at a time to your output, and basically throw away characters found after you find a "<". Then, if you're in that state and find a ">" you switch back to state 1.

So your have two states, which can be represented as two nested while loops. The most basic form of the algorithm is thus:

While (not end-of-input)
    scan char
    if (char <> "<")
         append char to output
    else
          while (char <> ">" AND not end-of-input)
               scan char
          end while
    end if
end while

Both algorithms would have a problem if e.g. there was a string inside a tag with a greater-than symbol in it, e.g. javascript on an element which adds a tag, or a comparison which uses the > symbol. So to be totally legit you'd need to also scan the inside of each tag for strings delimited with ' and ", and ignore ">" symbols if they're inside a pair of quotes:

While (not end-of-input)
    scan char
    if (char <> "<")
         append char to output
    else
          while (char <> ">" AND not end-of-input)
               scan char
               if (char == single-quotes)
                    do
                         scan char
                    while (char <> single-quotes AND not end-of-input)
               else if (char == double-quotes)
                    do
                         scan char
                    while (char <> double-quotes AND not end-of-input)
               end if
          end while
    end if
end while

should work perfectly even for cases where there was a tag or > inside a string in a tag.

[alway]

Various interesting stuff from around the interblags:
Stop Misquoting Donald Knuth
The Four Horsemen of the Performance Apocalypse
Zero Byte AABB Trees
Hidden Costs of Memory Allocation (With a followup here)

[miauw62]

The DM language looks like something I would prefer not to use. I might even subject myself to PHP given the choice.

TBH, it's not that bad once you get the hang of it. PHP still sounds worse.
The biggest shittiness isn't in the language, it's in the fact that it's built on mountains of undocumented C++ spaghetti enclosing a shitcode rainforest inhabited by braindamaged code monkeys.

BYOND could be quite good, if it weren't for the fact that the underlying code is really, really bad. The function call overhead is huge, you can't fit more than 256 icons in one file because they're scared about what happens byond that point, you can't get a stack trace without crashing the current procedure, etc, etc.

It certainly doesn't help that it's usually beginners using this language, so shitcode naturally arises.

Also, somebody else already made a fix while I was doing other things, it seems.

[Skyrunner]

because they're scared about what happens byond that point

I see what you did there...

[Orange Wizard]

Stop Misquoting Donald Knuth

Spoiler: Obligatory xkcd (click to show/hide)

[Graknorke]

So for a couple of hours I've been trying to create a RNG that would create a bell curve, the peak at 1, that I could also affect the spread of with a parameter.
So far I've tried doing what are essentially a bunch of dice rolls, but it seems no matter how many "dice" I have the result can vary massively. I've also tried pissing around a bit with powers but nothing much has come of that.

I'm sure there must be a better way but for the life of my can't think what it is, and I really can't progress until I've worked this out.

[Telgin]

What language and RNG are you using to generate your "dice"?  Whatever it is, it probably has a lot of bias in the name of being fast, which is going to show up in the results.  Aside from implementing a known algorithm like the Mersenne Twister, I'm not sure really what you can do about that.  A statistician might have a better answer.