From 2d5a60a89fb3995b73e17df5901d6f023e41df3d Mon Sep 17 00:00:00 2001 From: Reedy Date: Tue, 21 Feb 2017 19:20:16 +0000 Subject: [PATCH] SECURITY: Escape start argument before passing to pygments Issue identified by Yorick Koster Bug: T158689 Change-Id: Ib55f7a38edbdd39c9587794d250e22d3b26950be --- SyntaxHighlight_GeSHi.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SyntaxHighlight_GeSHi.class.php b/SyntaxHighlight_GeSHi.class.php index 8d52a935..aa8caba8 100644 --- a/SyntaxHighlight_GeSHi.class.php +++ b/SyntaxHighlight_GeSHi.class.php @@ -263,8 +263,8 @@ public static function highlight( $code, $lang = null, $args = array() ) { } // Starting line number - if ( isset( $args['start'] ) ) { - $options['linenostart'] = $args['start']; + if ( isset( $args['start'] ) && ctype_digit( $args['start'] ) ) { + $options['linenostart'] = (int)$args['start']; } if ( $inline ) {