FUNCTION: pager_query() in pager.inc

BUG: Function does not validate $limit.

SUGGESTED FIX: I think the function should trap out if $limit is not an integer > 0.

Comments

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented

Has this caused an actual error somewhere on your site or during module development?

I think that this is a documented part of the function, and therefore easily avoided by developers.

jasonsafro’s picture

jasonsafro commented

Yes. It did cause a problem on my site. I dont remember what blew up anymore... it was 2 or 3 months ago. But, documented or not, some developers are allowing their functions to feed the pager a 0 value. Is there a good reason not to protect the pager against division by zero?

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented

There's already a default value set ($limit = 10) and should return FALSE if it fails.

node_load() and user_load() don't explicitly check for valid parameters. It is assumed that developers will use those functions corretly.

Do we really need to add an IF check to make sure that contributors don't pass explicit zero values? Or pass the correct values?

I don't think so. These errors should be caught during module development.

ricabrantes’s picture

ricabrantes commented
Status: Active » Closed (fixed)

4.x is no longer supported..