Open netdreamer opened 8 months ago
drat! send a PR?
I'm preparing it, but It's a bit wider than expected: I found another similar issue (Length.php line 119).
$log = (int)floor(log(abs($n), 10));
$n is by definition a STRING, because it's the return value of $length->getN(), that returns a string...
So, every time you use it with as a parameter of an arithmetic function, it must be checked and/or converted to a number before calling abs() or similar functions.
Sorry, I'm not very used to fixing code... I found that issue was already fixed in master: https://github.com/ezyang/htmlpurifier/commit/43f49ac9a51b81dfd07d3bc8dcfc5ec5637a5e3b But there are no releases with it.
Hello, I found an issue in the variable checking in round() function of the HTMLPurifier_UnitConverter.
If, for some reason, round() is called with an invalid value, it crashes. There is no check that the passed value $n is really a number, before trying to do abs($n).
At the moment, I temporary fixed my issue by patching the function with a check:
This is the stack trace of the call that generated the issue: