Skip to content

Commit

Permalink
SECURITY: Escape start argument before passing to pygments
Browse files Browse the repository at this point in the history 
Issue identified by Yorick Koster

Bug: T158689
Change-Id: Ib55f7a38edbdd39c9587794d250e22d3b26950be
  • Loading branch information
@reedy
reedy authored and Chad Horohoe committed Apr 6, 2017
1 parent 56a61d5 commit 2d5a60a
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions SyntaxHighlight_GeSHi.class.php
View file
Expand Up @@ -263,8 +263,8 @@ public static function highlight( $code, $lang = null, $args = array() ) {
}

// Starting line number
if ( isset( $args['start'] ) ) {
$options['linenostart'] = $args['start'];
if ( isset( $args['start'] ) && ctype_digit( $args['start'] ) ) {
$options['linenostart'] = (int)$args['start'];
}

if ( $inline ) {
Expand Down

0 comments on commit 2d5a60a

Please sign in to comment.