From e764a7b58f8c4d54a2a36a01a5275e6353e32bd2 Mon Sep 17 00:00:00 2001
From: Achim Fritz <achim.fritz@b13.de>
Date: Tue, 6 Dec 2022 09:52:26 +0100
Subject: [PATCH] [BUGFIX] Cast integer values in Fluid ViewHelpers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Cast decimals input arguments to integer before using them in
number_format().

Resolves: #99283
Releases: main, 11.5
Change-Id: If0f49d644c99b212ffb7dd3a774e4dcba8baa2c7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76936
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benni Mack <benni@typo3.org>
---
 .../sysext/fluid/Classes/ViewHelpers/Format/BytesViewHelper.php | 2 +-
 .../fluid/Classes/ViewHelpers/Format/CurrencyViewHelper.php     | 2 +-
 .../fluid/Classes/ViewHelpers/Format/NumberViewHelper.php       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/typo3/sysext/fluid/Classes/ViewHelpers/Format/BytesViewHelper.php b/typo3/sysext/fluid/Classes/ViewHelpers/Format/BytesViewHelper.php
index 520cfa70e665..13c809402194 100644
--- a/typo3/sysext/fluid/Classes/ViewHelpers/Format/BytesViewHelper.php
+++ b/typo3/sysext/fluid/Classes/ViewHelpers/Format/BytesViewHelper.php
@@ -110,7 +110,7 @@ final class BytesViewHelper extends AbstractViewHelper
             '%s %s',
             number_format(
                 round($bytes, 4 * $arguments['decimals']),
-                $arguments['decimals'],
+                (int)$arguments['decimals'],
                 $arguments['decimalSeparator'],
                 $arguments['thousandsSeparator']
             ),
diff --git a/typo3/sysext/fluid/Classes/ViewHelpers/Format/CurrencyViewHelper.php b/typo3/sysext/fluid/Classes/ViewHelpers/Format/CurrencyViewHelper.php
index 6cc17146dd01..7566f0a4fbec 100644
--- a/typo3/sysext/fluid/Classes/ViewHelpers/Format/CurrencyViewHelper.php
+++ b/typo3/sysext/fluid/Classes/ViewHelpers/Format/CurrencyViewHelper.php
@@ -106,7 +106,7 @@ final class CurrencyViewHelper extends AbstractViewHelper
         $thousandsSeparator = $arguments['thousandsSeparator'];
         $prependCurrency = $arguments['prependCurrency'];
         $separateCurrency = $arguments['separateCurrency'];
-        $decimals = $arguments['decimals'];
+        $decimals = (int)$arguments['decimals'];
         $useDash = $arguments['useDash'];
 
         $floatToFormat = $renderChildrenClosure();
diff --git a/typo3/sysext/fluid/Classes/ViewHelpers/Format/NumberViewHelper.php b/typo3/sysext/fluid/Classes/ViewHelpers/Format/NumberViewHelper.php
index 220317190123..38afa6c94f82 100644
--- a/typo3/sysext/fluid/Classes/ViewHelpers/Format/NumberViewHelper.php
+++ b/typo3/sysext/fluid/Classes/ViewHelpers/Format/NumberViewHelper.php
@@ -71,7 +71,7 @@ final class NumberViewHelper extends AbstractViewHelper
      */
     public static function renderStatic(array $arguments, \Closure $renderChildrenClosure, RenderingContextInterface $renderingContext): string
     {
-        $decimals = $arguments['decimals'];
+        $decimals = (int)$arguments['decimals'];
         $decimalSeparator = $arguments['decimalSeparator'];
         $thousandsSeparator = $arguments['thousandsSeparator'];
         $stringToFormat = $renderChildrenClosure();
-- 
GitLab