Permalink
Browse files

Adding checks to force limit to always be a positive integer. Fixes p…

…otential out of bounds type queries with paginate(). Fixes #418
  • Loading branch information...
1 parent 104da15 commit 64c627a35241cf9766a035fc02cdd78a908755ef @markstory markstory committed Mar 11, 2010
Showing with 14 additions and 1 deletion.
  1. +6 −1 cake/libs/controller/controller.php
  2. +8 −0 cake/tests/cases/libs/controller/controller.test.php
View
7 cake/libs/controller/controller.php
@@ -1046,8 +1046,13 @@ function paginate($object = null, $scope = array(), $whitelist = array()) {
$type = $defaults[0];
unset($defaults[0]);
}
+
$options = array_merge(array('page' => 1, 'limit' => 20), $defaults, $options);
- $options['limit'] = (empty($options['limit']) || !is_numeric($options['limit'])) ? 1 : $options['limit'];
+ $options['limit'] = (int) $options['limit'];
+ if (empty($options['limit']) || $options['limit'] < 1) {
+ $options['limit'] = 1;
+ }
+
extract($options);
if (is_array($scope) && !empty($scope)) {
View
8 cake/tests/cases/libs/controller/controller.test.php
@@ -526,6 +526,14 @@ function testPaginate() {
$this->assertIdentical($Controller->params['paging']['ControllerPost']['pageCount'], 3);
$this->assertIdentical($Controller->params['paging']['ControllerPost']['prevPage'], false);
$this->assertIdentical($Controller->params['paging']['ControllerPost']['nextPage'], true);
+
+ $Controller->passedArgs = array();
+ $Controller->paginate = array('limit' => '-1');
+ $Controller->paginate('ControllerPost');
+ $this->assertIdentical($Controller->params['paging']['ControllerPost']['page'], 1);
+ $this->assertIdentical($Controller->params['paging']['ControllerPost']['pageCount'], 3);
+ $this->assertIdentical($Controller->params['paging']['ControllerPost']['prevPage'], false);
+ $this->assertIdentical($Controller->params['paging']['ControllerPost']['nextPage'], true);
}
/**
* testPaginateExtraParams method

0 comments on commit 64c627a

Please sign in to comment.