From: Kunal Mehta Date: Sun, 10 Jun 2018 18:09:07 +0000 (-0700) Subject: parser: Validate $length in padleft/padright parser functions X-Git-Tag: 1.31.0~2^2 X-Git-Url: http://git.cyclocoop.org/data/%7B%7B%20url_for%28%27static%27%2C%20filename=%27js/%40%20%27info_date_publication_anterieure%27%20=%3E%20%27Previously%20published%20on:%27%2C%20%27info_date_referencement%27%20=%3E%20%27THIS%20SITE%20REFERENCED%20ON:%27%2C%20%27info_derniere_etape%27%20=%3E%20%27Done%21%27%2C-%27info_derniers_articles_publies%27%20=%3E%20%27Your%20most%20recently%20published%20articles%27%2C-%27info_desactiver_messagerie_personnelle%27%20=%3E%20%27You%20can%20enable%20or%20disable%20your%20personal%20messaging%20on%20this%20site.%27%2C%20%27info_descriptif%27%20=%3E%20%27Description:%27%2C%20%27info_desinstaller_plugin%27%20=%3E%20%27%20deactivates%20the%20plugin%20and%20deletes%20the%20data%27%2C%20%27info_discussion_cours%27%20=%3E%20%27Current%20discussions%27%2C%40%40%20-332%2C7%20%20284%2C6%20%40%40%20Do%20not%20submit%20this%20import%20request.%3Cp%3EFor%20more%20information%2C%20please%20see%20%3Ca%20href=?a=commitdiff_plain;h=0eb4eaefd3;p=lhc%2Fweb%2Fwiklou.git parser: Validate $length in padleft/padright parser functions $length is user input, so cast it to an int before passing it to min(). If there is nothing to add at that point, return immediately. In PHP 7.1+ this raised a warning of "A non-numeric value encountered" because min() will return the junk value, returning a string. Then we try and subtract an int from it (return value of mb_strlen()), triggering the warning. Added a parser test to verify the behavior, and confirmed that it triggers warnings without the patch. Bug: T180403 Change-Id: I614750962104f6251a864519035366ac9798fc0f (cherry picked from commit dc96f656affd1f8fab0ae72b0d96e77055e5b336) --- diff --git a/includes/parser/CoreParserFunctions.php b/includes/parser/CoreParserFunctions.php index d408c7fffb..0e30b3c867 100644 --- a/includes/parser/CoreParserFunctions.php +++ b/includes/parser/CoreParserFunctions.php @@ -882,7 +882,7 @@ class CoreParserFunctions { * Unicode-safe str_pad with the restriction that $length is forced to be <= 500 * @param Parser $parser * @param string $string - * @param int $length + * @param string $length * @param string $padding * @param int $direction * @return string @@ -897,7 +897,12 @@ class CoreParserFunctions { } # The remaining length to add counts down to 0 as padding is added - $length = min( $length, 500 ) - mb_strlen( $string ); + $length = min( (int)$length, 500 ) - mb_strlen( $string ); + if ( $length <= 0 ) { + // Nothing to add + return $string; + } + # $finalPadding is just $padding repeated enough times so that # mb_strlen( $string ) + mb_strlen( $finalPadding ) == $length $finalPadding = ''; diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index 05afefacff..679bb0a7de 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -24585,6 +24585,17 @@ abc abc

!! end +!! test +Padleft and padright with non-numerical length (T180403) +!! wikitext +{{padleft:abcdef|junk}} +{{padright:abcdef|junk}} +!! html/php +

abcdef +abcdef +

+!! end + !!test Special parser function !! wikitext