Perform input validation for file $page at some strategic locations

 * Not a holistic solution, but these are the places that currently
   assume a natural number for $page.

Bug: T100453
Change-Id: Ic611e5379dc8d138034b62ff8d678dfc68ced023

diff --git a/includes/filerepo/file/LocalFile.php b/includes/filerepo/file/LocalFile.php
index 292fc80..9ec7e00 100644 (file)
--- a/includes/filerepo/file/LocalFile.php
+++ b/includes/filerepo/file/LocalFile.php
@@ -716,6 +716,11 @@ class LocalFile extends File {
         * @return int
         */
        public function getWidth( $page = 1 ) {
+               $page = (int)$page;
+               if ( $page < 1 ) {
+                       $page = 1;
+               }
+
                $this->load();
 
                if ( $this->isMultipage() ) {
@@ -743,6 +748,11 @@ class LocalFile extends File {
         * @return int
         */
        public function getHeight( $page = 1 ) {
+               $page = (int)$page;
+               if ( $page < 1 ) {
+                       $page = 1;
+               }
+
                $this->load();
 
                if ( $this->isMultipage() ) {

diff --git a/includes/filerepo/file/UnregisteredLocalFile.php b/includes/filerepo/file/UnregisteredLocalFile.php
index 5ee25cd..b22f8cb 100644 (file)
--- a/includes/filerepo/file/UnregisteredLocalFile.php
+++ b/includes/filerepo/file/UnregisteredLocalFile.php
@@ -111,6 +111,11 @@ class UnregisteredLocalFile extends File {
         * @return bool
         */
        private function cachePageDimensions( $page = 1 ) {
+               $page = (int)$page;
+               if ( $page < 1 ) {
+                       $page = 1;
+               }
+
                if ( !isset( $this->dims[$page] ) ) {
                        if ( !$this->getHandler() ) {
                                return false;