From 8cd80c8d4ccf8fbc5db8052e12ed4b41a11dcb1b Mon Sep 17 00:00:00 2001
From: Rob Church <robchurch@users.mediawiki.org>
Date: Mon, 21 Aug 2006 11:07:58 +0000
Subject: [PATCH] PADLEFT/PADRIGHT: * Enforce a reasonable maximum length to
 cover most uses while preventing some dickhead from doing a 500 thousand
 character expansion * Use the first padding character only for similar
 reasons * (bug 7081) More input validation and checking

---
 includes/CoreParserFunctions.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/includes/CoreParserFunctions.php b/includes/CoreParserFunctions.php
index f22f61ecaf..26e1e5669d 100644
--- a/includes/CoreParserFunctions.php
+++ b/includes/CoreParserFunctions.php
@@ -147,12 +147,20 @@ class CoreParserFunctions {
 		return $lang != '' ? $lang : $arg;
 	}
 	
+	function pad( $string = '', $length = 0, $char = 0, $direction = STR_PAD_RIGHT ) {
+		$length = min( max( $length, 0 ), 500 );
+		$char = substr( $char, 0, 1 );
+		return ( $string && (int)$length > 0 && strlen( trim( (string)$char ) ) > 0 )
+				? str_pad( $string, $length, (string)$char, $direction )
+				: '';
+	}
+	
 	function padleft( $parser, $string = '', $length = 0, $char = 0 ) {
-		return str_pad( $string, $length, (string)$char, STR_PAD_LEFT );
+		return self::pad( $string, $length, $char, STR_PAD_LEFT );
 	}
 	
 	function padright( $parser, $string = '', $length = 0, $char = 0 ) {
-		return str_pad( $string, $length, (string)$char, STR_PAD_RIGHT );
+		return self::pad( $string, $length, $char );
 	}
 	
 }
-- 
2.20.1