Brian Wolff has uploaded a new change for review.
https://gerrit.wikimedia.org/r/294032
Change subject: Cast width, height, page to int as paranoia measure
......................................................................
Cast width, height, page to int as paranoia measure
Everything is properly escaped so it doesn't matter, but as an
extra bit of safety, cast width/height/page to int, in order to
ensure under no circumstances would something unexpected be fed
to ghostscript.
Change-Id: I961a3dae5801dd116e1cb6c93808d49268d1e81e
---
M PdfHandler_body.php
1 file changed, 3 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/PdfHandler
refs/changes/32/294032/1
diff --git a/PdfHandler_body.php b/PdfHandler_body.php
index 36a52dd..9ee2fab 100644
--- a/PdfHandler_body.php
+++ b/PdfHandler_body.php
@@ -160,9 +160,9 @@
return new TransformParameterError( $params );
}
- $width = $params['width'];
- $height = $params['height'];
- $page = $params['page'];
+ $width = (int)$params['width'];
+ $height = (int)$params['height'];
+ $page = (int)$params['page'];
if ( $page > $this->pageCount( $image ) ) {
return $this->doThumbError( $width, $height,
'pdf_page_error' );
--
To view, visit https://gerrit.wikimedia.org/r/294032
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I961a3dae5801dd116e1cb6c93808d49268d1e81e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/PdfHandler
Gerrit-Branch: master
Gerrit-Owner: Brian Wolff <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
