From: Alexander Ebert <ebert@woltlab.com>
Date: Tue, 27 Dec 2016 12:28:46 +0000 (+0100)
Subject: Enforce sane values for integer input
X-Git-Tag: 3.0.0_RC_3~33
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ed5531ea88639edae7ae991b559befe93af178a4;p=GitHub%2FWoltLab%2FWCF.git

Enforce sane values for integer input
---

diff --git a/wcfsetup/install/files/lib/acp/form/StyleAddForm.class.php b/wcfsetup/install/files/lib/acp/form/StyleAddForm.class.php
index a4574e3f71..2f963d40d1 100644
--- a/wcfsetup/install/files/lib/acp/form/StyleAddForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/StyleAddForm.class.php
@@ -229,7 +229,7 @@ class StyleAddForm extends AbstractForm {
 		foreach ($this->globals as $variableName) {
 			if (isset($_POST[$variableName]) && is_numeric($_POST[$variableName])) {
 				if (isset($_POST[$variableName.'_unit']) && in_array($_POST[$variableName.'_unit'], $this->availableUnits)) {
-					$this->variables[$variableName] = $_POST[$variableName].$_POST[$variableName.'_unit'];
+					$this->variables[$variableName] = abs($_POST[$variableName]).$_POST[$variableName.'_unit'];
 				}
 			}
 			else {
@@ -239,8 +239,11 @@ class StyleAddForm extends AbstractForm {
 		}
 		
 		// read specialized variables
+		$integerValues = ['pageLogoHeight', 'pageLogoWidth'];
 		foreach ($this->specialVariables as $variableName) {
-			if (isset($_POST[$variableName])) $this->variables[$variableName] = StringUtil::trim($_POST[$variableName]);
+			if (isset($_POST[$variableName])) {
+				$this->variables[$variableName] = (in_array($variableName, $integerValues)) ? abs(intval($_POST[$variableName])) : StringUtil::trim($_POST[$variableName]);
+			}
 		}
 		$this->variables['useFluidLayout'] = isset($_POST['useFluidLayout']) ? 1 : 0;
 		$this->variables['useGoogleFont'] = isset($_POST['useGoogleFont']) ? 1 : 0;