[wp-hackers] EXIF geo data

Tomislav Bišćan tbiscan at gmail.com
Mon Mar 2 09:14:19 GMT 2009


Didn't edit existing wp_exif_frac2dec() but also think it is necessary to
fix that part.
My part of the code also need some additional float checks.

wp_exif_frac2dec() is one of the reasons why I opened discussion here and
not just a ticket.

B-Scan

On Mon, Mar 2, 2009 at 2:58 AM, Heiko Rabe <heiko.rabe at code-styling.de>wrote:

> May be, that this is not the only fix needed:
>
> refere to wp_exif_frac2dec() function and potential manipulated image data:
>
> function wp_exif_frac2dec($str) {
>   @list( $n, $d ) = explode( '/', $str );
>   if ( !empty($d) )
>       return $n / $d;
>   return $str;
> }
>
> The empty() test may cover the division by zero too but not if i try
> following string:  "5/-0.0"
> The test code (same result at function with this input):
>
> <?php
>       $c = "5";
>       $d = "-0.0";
>       echo empty($d) ? "yes" : "no";
>       echo '<br/>';
>       echo $c / $d;
>       echo '<br/>';
>   ?>
> and the result of:
>
> no
> *Warning*: Division by zero in
> *C:\xampp\_root_wordpress-offline\wp-content\themes\classic\index.php* on
> line *77*
>
> I think, an appropriated cast to (float) is nessesary to detect such string
> manipulations at wp core dealing with image data.
> May be some more functions been affected.
>
> regards
>
> Heiko Rabe
> (http://www.code-styling.de)


More information about the wp-hackers mailing list