From e430aa19ab65eb31a17e7149a1646e5c329ec03a Mon Sep 17 00:00:00 2001
From: Arlo Breault <abreault@wikimedia.org>
Date: Fri, 28 Apr 2017 08:57:04 -0400
Subject: [PATCH] Perform input validation for file $page at some strategic
 locations

 * Not a holistic solution, but these are the places that currently
   assume a natural number for $page.

Bug: T100453
Change-Id: Ic611e5379dc8d138034b62ff8d678dfc68ced023
---
 includes/filerepo/file/LocalFile.php             | 10 ++++++++++
 includes/filerepo/file/UnregisteredLocalFile.php |  5 +++++
 2 files changed, 15 insertions(+)

diff --git a/includes/filerepo/file/LocalFile.php b/includes/filerepo/file/LocalFile.php
index 292fc80381..9ec7e006d7 100644
--- a/includes/filerepo/file/LocalFile.php
+++ b/includes/filerepo/file/LocalFile.php
@@ -716,6 +716,11 @@ class LocalFile extends File {
 	 * @return int
 	 */
 	public function getWidth( $page = 1 ) {
+		$page = (int)$page;
+		if ( $page < 1 ) {
+			$page = 1;
+		}
+
 		$this->load();
 
 		if ( $this->isMultipage() ) {
@@ -743,6 +748,11 @@ class LocalFile extends File {
 	 * @return int
 	 */
 	public function getHeight( $page = 1 ) {
+		$page = (int)$page;
+		if ( $page < 1 ) {
+			$page = 1;
+		}
+
 		$this->load();
 
 		if ( $this->isMultipage() ) {
diff --git a/includes/filerepo/file/UnregisteredLocalFile.php b/includes/filerepo/file/UnregisteredLocalFile.php
index 5ee25cd86c..b22f8cb34e 100644
--- a/includes/filerepo/file/UnregisteredLocalFile.php
+++ b/includes/filerepo/file/UnregisteredLocalFile.php
@@ -111,6 +111,11 @@ class UnregisteredLocalFile extends File {
 	 * @return bool
 	 */
 	private function cachePageDimensions( $page = 1 ) {
+		$page = (int)$page;
+		if ( $page < 1 ) {
+			$page = 1;
+		}
+
 		if ( !isset( $this->dims[$page] ) ) {
 			if ( !$this->getHandler() ) {
 				return false;
-- 
2.20.1