diff options
author | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2017-01-17 10:09:04 +0100 |
---|---|---|
committer | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2017-01-17 10:09:04 +0100 |
commit | 3d9950792c0aef20643ce1c5f81670e1f7194af9 (patch) | |
tree | 0eb9a92112c2e5913015abf01ff4e0b9e14c6d85 /var | |
parent | 96e2827605ab459bfc61ff96438eab8285d2a0c7 (diff) | |
download | wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.tar.gz wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.tar.zst wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.zip |
Fixed possible JS injection via the title edition
Diffstat (limited to 'var')
-rw-r--r-- | var/SymfonyRequirements.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/var/SymfonyRequirements.php b/var/SymfonyRequirements.php index 7e7723af..7e7a99de 100644 --- a/var/SymfonyRequirements.php +++ b/var/SymfonyRequirements.php | |||
@@ -780,7 +780,11 @@ class SymfonyRequirements extends RequirementCollection | |||
780 | { | 780 | { |
781 | $size = ini_get('realpath_cache_size'); | 781 | $size = ini_get('realpath_cache_size'); |
782 | $size = trim($size); | 782 | $size = trim($size); |
783 | $unit = strtolower(substr($size, -1, 1)); | 783 | $unit = ''; |
784 | if (!ctype_digit($size)) { | ||
785 | $unit = strtolower(substr($size, -1, 1)); | ||
786 | $size = (int) substr($size, 0, -1); | ||
787 | } | ||
784 | switch ($unit) { | 788 | switch ($unit) { |
785 | case 'g': | 789 | case 'g': |
786 | return $size * 1024 * 1024 * 1024; | 790 | return $size * 1024 * 1024 * 1024; |