Skip to content

[1.x] fix(tags): sanitize page param in Tag #4170

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 10, 2025
Merged

[1.x] fix(tags): sanitize page param in Tag #4170

merged 1 commit into from
Feb 10, 2025

Conversation

rob006
Copy link
Contributor

@rob006 rob006 commented Jan 27, 2025

Fix errors for requests like https://discuss.flarum.org/t/sandbox?page=%27nvOpzp;%20AND%201=1%20OR%20(%3C%27%22%3EiKO))

PHP Warning:  A non-numeric value encountered in vendor/flarum/tags/src/Content/Tag.php on line 84

Uses the same solution as in:

framework/framework/core/src/Forum/Content/Index.php

Line 70 in 1d27f62

$page = max(1, intval(Arr::pull($queryParams, 'page')));

@rob006 rob006 requested a review from a team as a code owner January 27, 2025 20:17
@rob006 rob006 changed the title Sanitize page param in Tag [1.x] fix(tags): sanitize page param in Tag Jan 27, 2025
@imorland imorland added this to the 1.8.10 milestone Feb 10, 2025
@imorland imorland merged commit 9a43105 into flarum:1.x Feb 10, 2025
322 checks passed
@rob006 rob006 deleted the sanitize-page branch February 10, 2025 08:57
SychO9 pushed a commit that referenced this pull request Apr 18, 2025
@rob006 @SychO9
Sanitize page in Tag (#4170)
15112c2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@imorland imorland imorland approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.8.10
Development

Successfully merging this pull request may close these issues.
2 participants
@rob006 @imorland