From b038ee58e28b49fdd80fd0c8985d3371d58ded9b Mon Sep 17 00:00:00 2001
From: Reedy <reedy@wikimedia.org>
Date: Tue, 21 Feb 2017 19:20:16 +0000
Subject: [PATCH] SECURITY: Escape start argument before passing to pygments

Issue identified by Yorick Koster

Bug: T158689
Change-Id: Ib55f7a38edbdd39c9587794d250e22d3b26950be
---
 SyntaxHighlight_GeSHi.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SyntaxHighlight_GeSHi.class.php b/SyntaxHighlight_GeSHi.class.php
index 8d52a93..aa8caba 100644
--- a/SyntaxHighlight_GeSHi.class.php
+++ b/SyntaxHighlight_GeSHi.class.php
@@ -263,8 +263,8 @@ class SyntaxHighlight_GeSHi {
 		}
 
 		// Starting line number
-		if ( isset( $args['start'] ) ) {
-			$options['linenostart'] = $args['start'];
+		if ( isset( $args['start'] ) && ctype_digit( $args['start'] ) ) {
+			$options['linenostart'] = (int)$args['start'];
 		}
 
 		if ( $inline ) {
-- 
2.9.3