From 552b6a12e16a5c8ab0e089eb32bc4442e29797ca Mon Sep 17 00:00:00 2001 From: Brian Wolff Date: Wed, 14 May 2014 21:48:43 -0300 Subject: [PATCH] Make validation for page more strict on djvu to take only numbers This change causes wiki syntax like [[File:Foo.djvu|thumb|Page 7 of document]] to be interpreted as a caption instead, of saying select page 7 of the djvu. Previously it eventually ran intval( '7 of document' ), so flipped to page 7. Only possible downside I could see is this would cause things like left-to-right marks and weird unicode spaces to no longer be ignored. I don't think that's a big deal. Change-Id: Ie8c953009a38557876a274bf0f71ab470f66ef4e --- includes/media/DjVu.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/includes/media/DjVu.php b/includes/media/DjVu.php index aeba6470e5..566efb2b6e 100644 --- a/includes/media/DjVu.php +++ b/includes/media/DjVu.php @@ -73,6 +73,11 @@ class DjVuHandler extends ImageHandler { * @return bool */ function validateParam( $name, $value ) { + if ( $name === 'page' && trim( $value ) !== (string) intval( $value ) ) { + // Extra junk on the end of page, probably actually a caption + // e.g. [[File:Foo.djvu|thumb|Page 3 of the document shows foo]] + return false; + } if ( in_array( $name, array( 'width', 'height', 'page' ) ) ) { if ( $value <= 0 ) { return false; -- 2.20.1