From 666cd6d89a224bbf3715b07be5f2430c4c226a03 Mon Sep 17 00:00:00 2001
From: Steve Clay <steve@mrclay.org>
Date: Mon, 4 Jun 2012 11:49:44 -0400
Subject: [PATCH] Fixes #261: verify query string params are not arrays

---
 min/lib/Minify/Controller/MinApp.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/min/lib/Minify/Controller/MinApp.php b/min/lib/Minify/Controller/MinApp.php
index d47c60d..22776c0 100644
--- a/min/lib/Minify/Controller/MinApp.php
+++ b/min/lib/Minify/Controller/MinApp.php
@@ -38,6 +38,10 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
         $firstMissingResource = null;
         
         if (isset($_GET['g'])) {
+            if (! is_string($_GET['g'])) {
+                $this->log("GET param 'g' was invalid");
+                return $options;
+            }
             // add group(s)
             $this->selectionId .= 'g=' . $_GET['g'];
             $keys = explode(',', $_GET['g']);
@@ -92,6 +96,10 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
             }
         }
         if (! $cOptions['groupsOnly'] && isset($_GET['f'])) {
+            if (! is_string($_GET['f'])) {
+                $this->log("GET param 'f' was invalid");
+                return $options;
+            }
             // try user files
             // The following restrictions are to limit the URLs that minify will
             // respond to.
@@ -120,7 +128,8 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
             }
             if (isset($_GET['b'])) {
                 // check for validity
-                if (preg_match('@^[^/]+(?:/[^/]+)*$@', $_GET['b'])
+                if (is_string($_GET['b'])
+                    && preg_match('@^[^/]+(?:/[^/]+)*$@', $_GET['b'])
                     && false === strpos($_GET['b'], '..')
                     && $_GET['b'] !== '.') {
                     // valid base