From 1cc04fb83cd50d55b18a9fa72e99a58fdd2f8eaa Mon Sep 17 00:00:00 2001 From: Andre Klapper Date: Fri, 3 May 2024 18:02:23 +0200 Subject: [PATCH] Explicitly cast "limit" (page size) API parameter to int Summary: Do not throw an exception when the `limit` (page size) Conduit API parameter is a float but explicitly convert to int. As an admin, I am not interested in having invalid user-committed query data trigger an error in the server logs. ``` ERROR 8192: Implicit conversion from float to int loses precision at [/var/www/html/phorge/phorge/src/view/control/AphrontCursorPagerView.php:76] ``` Closes T15810 Test Plan: Call `/conduit/method/maniphest.search/` with a float value for the `limit` field. Check the server logs or DarkConsole. Reviewers: O1 Blessed Committers, valerio.bozzolan Reviewed By: O1 Blessed Committers, valerio.bozzolan Subscribers: speck, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno Maniphest Tasks: T15810 Differential Revision: https://we.phorge.it/D25614 --- src/view/control/AphrontCursorPagerView.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/view/control/AphrontCursorPagerView.php b/src/view/control/AphrontCursorPagerView.php index cdb9562624..cf4563fb9e 100644 --- a/src/view/control/AphrontCursorPagerView.php +++ b/src/view/control/AphrontCursorPagerView.php @@ -72,8 +72,9 @@ final class AphrontCursorPagerView extends AphrontView { public function sliceResults(array $results) { if (count($results) > $this->getPageSize()) { - $offset = ($this->beforeID ? count($results) - $this->getPageSize() : 0); - $results = array_slice($results, $offset, $this->getPageSize(), true); + $page_size = (int)$this->getPageSize(); + $offset = ($this->beforeID ? count($results) - $page_size : 0); + $results = array_slice($results, $offset, $page_size, true); $this->moreResults = true; } return $results;