Skip to content

Commit

Permalink
Fix crop URL parameter sanitization
Browse files Browse the repository at this point in the history 
Crop width and height can be empty strings, which were being turned
into 0.
  • Loading branch information
@samwilson
samwilson committed Nov 27, 2023
1 parent d01e314 commit 37cbd16
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion src/Controller/OcrController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,10 @@ private function setup(): void {
static::$params['langs'] = $this->getLangs( $this->request );
static::$params['image_hosts'] = $this->engine->getImageHosts();
$crop = $this->request->query->get( 'crop' );
if ( !is_array( $crop ) ) {
if ( !is_array( $crop )
|| isset( $crop['width'] ) && !$crop['width']
|| isset( $crop['height'] ) && !$crop['height']
) {
$crop = [];
}
static::$params['crop'] = array_map( 'intval', $crop );
Expand Down

0 comments on commit 37cbd16

Please sign in to comment.