From: Alexander Ebert <ebert@woltlab.com>
Date: Sun, 8 Apr 2018 17:20:39 +0000 (+0200)
Subject: Avoid implicit type conversions
X-Git-Tag: 3.1.2~33
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=c2994e27002f24848f6e8060110091186c19c1ba;p=GitHub%2FWoltLab%2FWCF.git

Avoid implicit type conversions
---

diff --git a/wcfsetup/install/files/lib/system/html/input/HtmlInputProcessor.class.php b/wcfsetup/install/files/lib/system/html/input/HtmlInputProcessor.class.php
index 4cfdc2a676..73f5f82394 100644
--- a/wcfsetup/install/files/lib/system/html/input/HtmlInputProcessor.class.php
+++ b/wcfsetup/install/files/lib/system/html/input/HtmlInputProcessor.class.php
@@ -99,7 +99,16 @@ class HtmlInputProcessor extends AbstractHtmlProcessor {
 			$bbcodeAttributes = '';
 			foreach ($attributes as $attribute) {
 				if (!empty($bbcodeAttributes)) $bbcodeAttributes .= ',';
-				$bbcodeAttributes .= "'" . addcslashes($attribute, "'") . "'";
+				
+				if ($attribute === true) $bbcodeAttributes .= 'true';
+				else if ($attribute === false) $bbcodeAttributes .= 'false';
+				else if (is_string($attribute) || is_numeric($attribute)) {
+					$bbcodeAttributes .= "'" . addcslashes($attribute, "'") . "'";
+				}
+				else {
+					// discard anything that is not string-like
+					$bbcodeAttributes .= "''";
+				}
 			}
 			
 			$text = $metacode->ownerDocument->createTextNode('[' . $name . (!empty($bbcodeAttributes) ? '=' . $bbcodeAttributes : '') . ']');