From dc96f656affd1f8fab0ae72b0d96e77055e5b336 Mon Sep 17 00:00:00 2001
From: Kunal Mehta
Date: Sun, 10 Jun 2018 11:09:07 -0700
Subject: [PATCH] parser: Validate $length in padleft/padright parser functions
$length is user input, so cast it to an int before passing it to min().
If there is nothing to add at that point, return immediately.
In PHP 7.1+ this raised a warning of "A non-numeric value encountered"
because min() will return the junk value, returning a string. Then we
try and subtract an int from it (return value of mb_strlen()),
triggering the warning.
Added a parser test to verify the behavior, and confirmed that it
triggers warnings without the patch.
Bug: T180403
Change-Id: I614750962104f6251a864519035366ac9798fc0f
---
includes/parser/CoreParserFunctions.php | 9 +++++++--
tests/parser/parserTests.txt | 11 +++++++++++
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/includes/parser/CoreParserFunctions.php b/includes/parser/CoreParserFunctions.php
index 7f6dbe530e..1ff8859cfb 100644
--- a/includes/parser/CoreParserFunctions.php
+++ b/includes/parser/CoreParserFunctions.php
@@ -882,7 +882,7 @@ class CoreParserFunctions {
* Unicode-safe str_pad with the restriction that $length is forced to be <= 500
* @param Parser $parser
* @param string $string
- * @param int $length
+ * @param string $length
* @param string $padding
* @param int $direction
* @return string
@@ -897,7 +897,12 @@ class CoreParserFunctions {
}
# The remaining length to add counts down to 0 as padding is added
- $length = min( $length, 500 ) - mb_strlen( $string );
+ $length = min( (int)$length, 500 ) - mb_strlen( $string );
+ if ( $length <= 0 ) {
+ // Nothing to add
+ return $string;
+ }
+
# $finalPadding is just $padding repeated enough times so that
# mb_strlen( $string ) + mb_strlen( $finalPadding ) == $length
$finalPadding = '';
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index b109e3967d..afddd78553 100644
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -24649,6 +24649,17 @@ abc
abc
!! end
+!! test
+Padleft and padright with non-numerical length (T180403)
+!! wikitext
+{{padleft:abcdef|junk}}
+{{padright:abcdef|junk}}
+!! html/php
+abcdef
+abcdef
+
+!! end
+
!!test
Special parser function
!! wikitext
--
2.20.1