Enforce sane values for integer input

diff --git a/wcfsetup/install/files/lib/acp/form/StyleAddForm.class.php b/wcfsetup/install/files/lib/acp/form/StyleAddForm.class.php
index a4574e3f71df3e2ee488b0c4804fad7925e30461..2f963d40d1d8b0231c129be2bacc32ab8f5d8511 100644 (file)
--- a/wcfsetup/install/files/lib/acp/form/StyleAddForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/StyleAddForm.class.php
@@ -229,7 +229,7 @@ class StyleAddForm extends AbstractForm {
                foreach ($this->globals as $variableName) {
                        if (isset($_POST[$variableName]) && is_numeric($_POST[$variableName])) {
                                if (isset($_POST[$variableName.'_unit']) && in_array($_POST[$variableName.'_unit'], $this->availableUnits)) {
-                                       $this->variables[$variableName] = $_POST[$variableName].$_POST[$variableName.'_unit'];
+                                       $this->variables[$variableName] = abs($_POST[$variableName]).$_POST[$variableName.'_unit'];
                                }
                        }
                        else {
@@ -239,8 +239,11 @@ class StyleAddForm extends AbstractForm {
                }
                
                // read specialized variables
+               $integerValues = ['pageLogoHeight', 'pageLogoWidth'];
                foreach ($this->specialVariables as $variableName) {
-                       if (isset($_POST[$variableName])) $this->variables[$variableName] = StringUtil::trim($_POST[$variableName]);
+                       if (isset($_POST[$variableName])) {
+                               $this->variables[$variableName] = (in_array($variableName, $integerValues)) ? abs(intval($_POST[$variableName])) : StringUtil::trim($_POST[$variableName]);
+                       }
                }
                $this->variables['useFluidLayout'] = isset($_POST['useFluidLayout']) ? 1 : 0;
                $this->variables['useGoogleFont'] = isset($_POST['useGoogleFont']) ? 1 : 0;