PaulB
Well-known member
- Affected version
- 2.2.9
The current code for filtering
This will result in an exception along the lines of the following:
To quickly generate this exception, I added the following line to the top of
unum
and num
will throw an exception when passed a sufficiently large number, as floatval
will convert those to INF
:
PHP:
php > var_export(floatval('1e99999'));
INF
php > var_export(floatval('-1e99999'));
-INF
php > var_export(strval(floatval('1e99999')) + 0);
PHP Warning: Uncaught TypeError: Unsupported operand types: string + int in php shell code:1
Stack trace:
#0 {main}
thrown in php shell code on line 1
Warning: Uncaught TypeError: Unsupported operand types: string + int in php shell code:1
Stack trace:
#0 {main}
thrown in php shell code on line 1
This will result in an exception along the lines of the following:
Code:
TypeError: Unsupported operand types: string + int in src/XF/InputFilterer.php at line 209
XF\InputFilterer->cleanInternal() in src/addons/SV/StandardLib/XF/InputFilterer.php at line 113
SV\StandardLib\XF\InputFilterer->cleanInternal() in src/XF/InputFilterer.php at line 160
XF\InputFilterer->filter() in src/XF/Http/Request.php at line 778
XF\Http\Request->filter() in src/XF/Mvc/Controller.php at line 746
XF\Mvc\Controller->filter() in src/XF/Pub/Controller/Forum.php at line 41
XF\Pub\Controller\Forum->actionList() in src/XF/Mvc/Dispatcher.php at line 352
XF\Mvc\Dispatcher->dispatchClass() in src/XF/Mvc/Dispatcher.php at line 259
XF\Mvc\Dispatcher->dispatchFromMatch() in src/XF/Mvc/Dispatcher.php at line 115
XF\Mvc\Dispatcher->dispatchLoop() in src/XF/Mvc/Dispatcher.php at line 57
XF\Mvc\Dispatcher->run() in src/XF/App.php at line 2352
XF\App->run() in src/XF.php at line 524
XF::runApp() in index.php at line 20
To quickly generate this exception, I added the following line to the top of
\XF\Pub\Controller\Forum::actionList
and visited /?a=1e99999999
:
PHP:
$this->filter('a', 'unum');