Leaderboard range is incorrect when using before parameter

[cetteup]

When requesting any leaderboard with before > 0, the returned range of leaderboard positions is incorrect. Using e.g. pos=5&before=2&after=2, one should receive a total of five entries (position itself, two before, two after). However, only three positions are returned (position itself, two before).

The bug is caused by max = after + 1 being treated as an absolute position index (similar to min = (pos - 1) - before), when it is actually used as the number of items to return in the LIMIT statement (where min = (pos - 1) - before acts as the OFFSET).

asp/src/ASP/aspx/getleaderboard.php

Lines 81 to 90 in df86f71

	// Optional parameters
	$after = (isset($_GET['after'])) ? (int)$_GET['after'] : 19;
	$before = (isset($_GET['before'])) ? (int)$_GET['before'] : 0;
	$pos = (isset($_GET['pos'])) ? (int)$_GET['pos'] : 1;
	$min = ($pos - 1) - $before;
	$max = $after + 1;
	// Negative correction
	if ($min < 0) $min = 0;
	if ($max < 0) $max = 0;

asp/src/ASP/aspx/getleaderboard.php

Lines 121 to 122 in df86f71

	$query = "SELECT id, name, rank_id, country, time, score FROM player WHERE score > 0
	ORDER BY score DESC, name DESC LIMIT " . $min . ", " . $max;

The correct way to calculate max would be max = position + after - min. In the above example, min = (pos 5 - 1) - before 2 would result in OFFSET 2 and max = position 5 + after 2 - min 2 would set LIMIT 5.

[cetteup]

Note: The overall number of returned entries should be limited regardless to prevent #82.