From a9259af41cf261563ea561a0ac44ef2a8ab20d12 Mon Sep 17 00:00:00 2001
From: Jamie Burchell <jamie@ib3.uk>
Date: Mon, 15 Jul 2024 08:39:47 +0100
Subject: [PATCH] Cast variables to string for ctype_digit

---
 system/database/DB_driver.php                      | 2 +-
 system/database/DB_query_builder.php               | 2 +-
 system/database/drivers/oci8/oci8_driver.php       | 4 ++--
 system/database/drivers/postgre/postgre_driver.php | 2 +-
 system/libraries/Form_validation.php               | 2 +-
 system/libraries/Image_lib.php                     | 2 +-
 system/libraries/Session/Session.php               | 2 +-
 7 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index de03a418567..0ba850dddb7 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1348,7 +1348,7 @@ public function escape_identifiers($item, $split = TRUE)
 			return $item;
 		}
 		// Avoid breaking functions and literal values inside queries
-		elseif (ctype_digit($item) OR $item[0] === "'" OR ($this->_escape_char !== '"' && $item[0] === '"') OR strpos($item, '(') !== FALSE)
+		elseif (ctype_digit((string) $item) OR $item[0] === "'" OR ($this->_escape_char !== '"' && $item[0] === '"') OR strpos($item, '(') !== FALSE)
 		{
 			return $item;
 		}
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index de6aa04fc08..3a618a9aa52 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -2782,7 +2782,7 @@ protected function _is_literal($str)
 	{
 		$str = trim($str);
 
-		if (empty($str) OR ctype_digit($str) OR (string) (float) $str === $str OR in_array(strtoupper($str), array('TRUE', 'FALSE'), TRUE))
+		if (empty($str) OR ctype_digit((string) $str) OR (string) (float) $str === $str OR in_array(strtoupper($str), array('TRUE', 'FALSE'), TRUE))
 		{
 			return TRUE;
 		}
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
index 6f8b21d750f..7640ab41f5f 100644
--- a/system/database/drivers/oci8/oci8_driver.php
+++ b/system/database/drivers/oci8/oci8_driver.php
@@ -177,7 +177,7 @@ public function __construct($params)
 			return;
 		}
 		elseif ($this->hostname !== '' && strpos($this->hostname, '/') === FALSE && strpos($this->hostname, ':') === FALSE
-			&& (( ! empty($this->port) && ctype_digit($this->port)) OR $this->database !== ''))
+			&& (( ! empty($this->port) && ctype_digit((string) $this->port)) OR $this->database !== ''))
 		{
 			/* If the hostname field isn't empty, doesn't contain
 			 * ':' and/or '/' and if port and/or database aren't
@@ -187,7 +187,7 @@ public function __construct($params)
 			 * that the database field is a service name.
 			 */
 			$this->dsn = $this->hostname
-				.(( ! empty($this->port) && ctype_digit($this->port)) ? ':'.$this->port : '')
+				.(( ! empty($this->port) && ctype_digit((string) $this->port)) ? ':'.$this->port : '')
 				.($this->database !== '' ? '/'.ltrim($this->database, '/') : '');
 
 			if (preg_match($valid_dsns['ec'], $this->dsn))
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php
index 1cd473f2b5d..fe7750f6841 100644
--- a/system/database/drivers/postgre/postgre_driver.php
+++ b/system/database/drivers/postgre/postgre_driver.php
@@ -95,7 +95,7 @@ protected function _build_dsn()
 
 		$this->hostname === '' OR $this->dsn = 'host='.$this->hostname.' ';
 
-		if ( ! empty($this->port) && ctype_digit($this->port))
+		if ( ! empty($this->port) && ctype_digit((string) $this->port))
 		{
 			$this->dsn .= 'port='.$this->port.' ';
 		}
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index dd1685db193..32bfa73a117 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -1212,7 +1212,7 @@ public function valid_url($str)
 
 		// Apparently, FILTER_VALIDATE_URL doesn't reject digit-only names for some reason ...
 		// See https://github.com/bcit-ci/CodeIgniter/issues/5755
-		if (ctype_digit($str))
+		if (ctype_digit((string) $str))
 		{
 			return FALSE;
 		}
diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php
index 4e5fc7be6fc..c5ffdfbdbfb 100644
--- a/system/libraries/Image_lib.php
+++ b/system/libraries/Image_lib.php
@@ -631,7 +631,7 @@ public function initialize($props = array())
 		// Set the quality
 		$this->quality = trim(str_replace('%', '', $this->quality));
 
-		if ($this->quality === '' OR $this->quality === 0 OR ! ctype_digit($this->quality))
+		if ($this->quality === '' OR $this->quality === 0 OR ! ctype_digit((string) $this->quality))
 		{
 			$this->quality = 90;
 		}
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 2d55f822af9..47fa865863f 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -390,7 +390,7 @@ protected function _configure_sid_length()
 		if (PHP_VERSION_ID < 70100)
 		{
 			$hash_function = ini_get('session.hash_function');
-			if (ctype_digit($hash_function))
+			if (ctype_digit((string) $hash_function))
 			{
 				if ($hash_function !== '1')
 				{