You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I found an issue in the variable checking in round() function of the HTMLPurifier_UnitConverter.
If, for some reason, round() is called with an invalid value, it crashes.
There is no check that the passed value $n is really a number, before trying to do abs($n).
private function round($n, $sigfigs)
{
$new_log = (int)floor(log(abs($n), 10)); // Number of digits left of decimal - 1
...
At the moment, I temporary fixed my issue by patching the function with a check:
private function round($n, $sigfigs)
{
if (!is_numeric($n)) { return $n; }
$new_log = (int)floor(log(abs($n), 10)); // Number of digits left of decimal - 1
...
This is the stack trace of the call that generated the issue:
PHP Fatal error: Uncaught TypeError: abs(): Argument #1 ($num) must be of type int|float, string given in /web/admin/vendor/ezyang/htmlpurifier/library/HTMLPurifier/UnitConverter.php:264
Stack trace:
#0 /web/admin/vendor/ezyang/htmlpurifier/library/HTMLPurifier/UnitConverter.php(264): abs()
#1 /web/admin/vendor/ezyang/htmlpurifier/library/HTMLPurifier/UnitConverter.php(178): HTMLPurifier_UnitConverter->round()
#2 /web/admin/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Length.php(153): HTMLPurifier_UnitConverter->convert()
#3 /web/admin/vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Length.php(65): HTMLPurifier_Length->compareTo()
#4 /web/admin/vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Composite.php(39): HTMLPurifier_AttrDef_CSS_Length->validate()
The text was updated successfully, but these errors were encountered:
I'm preparing it, but It's a bit wider than expected: I found another similar issue (Length.php line 119). $log = (int)floor(log(abs($n), 10));
$n is by definition a STRING, because it's the return value of $length->getN(), that returns a string...
So, every time you use it with as a parameter of an arithmetic function, it must be checked and/or converted to a number before calling abs() or similar functions.
Hello, I found an issue in the variable checking in round() function of the HTMLPurifier_UnitConverter.
If, for some reason, round() is called with an invalid value, it crashes.
There is no check that the passed value $n is really a number, before trying to do abs($n).
At the moment, I temporary fixed my issue by patching the function with a check:
This is the stack trace of the call that generated the issue:
The text was updated successfully, but these errors were encountered: