Skip to content
Permalink
Browse files

Adding checks to force limit to always be a positive integer. Fixes p…

…otential out of bounds type queries with paginate(). Fixes #418
  • Loading branch information...
markstory committed Mar 11, 2010
1 parent 104da15 commit 64c627a35241cf9766a035fc02cdd78a908755ef
Showing with 14 additions and 1 deletion.
  1. +6 −1 cake/libs/controller/controller.php
  2. +8 −0 cake/tests/cases/libs/controller/controller.test.php
@@ -1046,8 +1046,13 @@ function paginate($object = null, $scope = array(), $whitelist = array()) {
$type = $defaults[0];
unset($defaults[0]);
}
$options = array_merge(array('page' => 1, 'limit' => 20), $defaults, $options);
$options['limit'] = (empty($options['limit']) || !is_numeric($options['limit'])) ? 1 : $options['limit'];
$options['limit'] = (int) $options['limit'];
if (empty($options['limit']) || $options['limit'] < 1) {
$options['limit'] = 1;
}
extract($options);
if (is_array($scope) && !empty($scope)) {
@@ -526,6 +526,14 @@ function testPaginate() {
$this->assertIdentical($Controller->params['paging']['ControllerPost']['pageCount'], 3);
$this->assertIdentical($Controller->params['paging']['ControllerPost']['prevPage'], false);
$this->assertIdentical($Controller->params['paging']['ControllerPost']['nextPage'], true);
$Controller->passedArgs = array();
$Controller->paginate = array('limit' => '-1');
$Controller->paginate('ControllerPost');
$this->assertIdentical($Controller->params['paging']['ControllerPost']['page'], 1);
$this->assertIdentical($Controller->params['paging']['ControllerPost']['pageCount'], 3);
$this->assertIdentical($Controller->params['paging']['ControllerPost']['prevPage'], false);
$this->assertIdentical($Controller->params['paging']['ControllerPost']['nextPage'], true);
}
/**
* testPaginateExtraParams method

0 comments on commit 64c627a

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.