From: Brian Wolff Date: Thu, 15 May 2014 00:48:43 +0000 (-0300) Subject: Make validation for page more strict on djvu to take only numbers X-Git-Tag: 1.31.0-rc.0~15692^2 X-Git-Url: https://git.cyclocoop.org/%7B%24admin_url%7Dcompta/operations/modifier.php?a=commitdiff_plain;h=552b6a12e16a5c8ab0e089eb32bc4442e29797ca;p=lhc%2Fweb%2Fwiklou.git Make validation for page more strict on djvu to take only numbers This change causes wiki syntax like [[File:Foo.djvu|thumb|Page 7 of document]] to be interpreted as a caption instead, of saying select page 7 of the djvu. Previously it eventually ran intval( '7 of document' ), so flipped to page 7. Only possible downside I could see is this would cause things like left-to-right marks and weird unicode spaces to no longer be ignored. I don't think that's a big deal. Change-Id: Ie8c953009a38557876a274bf0f71ab470f66ef4e --- diff --git a/includes/media/DjVu.php b/includes/media/DjVu.php index aeba6470e5..566efb2b6e 100644 --- a/includes/media/DjVu.php +++ b/includes/media/DjVu.php @@ -73,6 +73,11 @@ class DjVuHandler extends ImageHandler { * @return bool */ function validateParam( $name, $value ) { + if ( $name === 'page' && trim( $value ) !== (string) intval( $value ) ) { + // Extra junk on the end of page, probably actually a caption + // e.g. [[File:Foo.djvu|thumb|Page 3 of the document shows foo]] + return false; + } if ( in_array( $name, array( 'width', 'height', 'page' ) ) ) { if ( $value <= 0 ) { return false;