From c4b55279ff0921e8a1bd61de18521dad96b04d59 Mon Sep 17 00:00:00 2001
From: Ben Coburn <btcoburn@silicodon.net>
Date: Mon, 27 Mar 2006 22:07:00 +0200
Subject: [PATCH] fix config plugin setting_numeric pattern

The old pattern (left as a comment) allowed many PHP syntax errors
to be inserted into local.php for numeric values. This was breaking
the wiki... see bug #769.

This patch should eliminate the syntax errors by using a more restrictive
definition of numeric settings.

darcs-hash:20060327200700-05dcb-ccb8d532e5c123965fc6c8e79fb49c93170d827e.gz
---
 lib/plugins/config/settings/config.class.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php
index f3d0811b7..603ae3b83 100644
--- a/lib/plugins/config/settings/config.class.php
+++ b/lib/plugins/config/settings/config.class.php
@@ -458,7 +458,11 @@ if (!class_exists('setting_email')) {
 
 if (!class_exists('setting_numeric')) {
   class setting_numeric extends setting_string {
-    var $_pattern = '/^[-+\/*0-9 ]*$/';
+    // This allows for many PHP syntax errors...
+    // var $_pattern = '/^[-+\/*0-9 ]*$/';
+    // much more restrictive, but should eliminate syntax errors.
+    var $_pattern = '/^[-]?[0-9]+(?:[-+*][0-9]+)*$/';
+    //FIXME - make the numeric error checking better.
 
     function out($var, $fmt='php') {
 
-- 
GitLab