[wp-hackers] EXIF geo data
Heiko Rabe
heiko.rabe at code-styling.de
Mon Mar 2 01:58:58 GMT 2009
May be, that this is not the only fix needed:
refere to wp_exif_frac2dec() function and potential manipulated image data:
function wp_exif_frac2dec($str) {
@list( $n, $d ) = explode( '/', $str );
if ( !empty($d) )
return $n / $d;
return $str;
}
The empty() test may cover the division by zero too but not if i try
following string: "5/-0.0"
The test code (same result at function with this input):
<?php
$c = "5";
$d = "-0.0";
echo empty($d) ? "yes" : "no";
echo '<br/>';
echo $c / $d;
echo '<br/>';
?>
and the result of:
no
*Warning*: Division by zero in
*C:\xampp\_root_wordpress-offline\wp-content\themes\classic\index.php*
on line *77*
I think, an appropriated cast to (float) is nessesary to detect such
string manipulations at wp core dealing with image data.
May be some more functions been affected.
regards
Heiko Rabe
(http://www.code-styling.de)
> For reference, the ticket is http://core.trac.wordpress.org/ticket/9257
>
> That is_float() test needs to be re-thought though.
>
> -Alan
>
> On Mar 1, 2009, at 2:14 PM, Tomislav Bišćan wrote:
>> Peter, I will submit a ticket.
>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list