From 3d9950792c0aef20643ce1c5f81670e1f7194af9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= <nicolas@loeuillet.org>
Date: Tue, 17 Jan 2017 10:09:04 +0100
Subject: Fixed possible JS injection via the title edition

---
 var/SymfonyRequirements.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'var')

diff --git a/var/SymfonyRequirements.php b/var/SymfonyRequirements.php
index 7e7723af..7e7a99de 100644
--- a/var/SymfonyRequirements.php
+++ b/var/SymfonyRequirements.php
@@ -780,7 +780,11 @@ class SymfonyRequirements extends RequirementCollection
     {
         $size = ini_get('realpath_cache_size');
         $size = trim($size);
-        $unit = strtolower(substr($size, -1, 1));
+        $unit = '';
+        if (!ctype_digit($size)) {
+            $unit = strtolower(substr($size, -1, 1));
+            $size = (int) substr($size, 0, -1);
+        }
         switch ($unit) {
             case 'g':
                 return $size * 1024 * 1024 * 1024;
-- 
cgit v1.2.3