From d2dc3253ab9c29d25c0f391dc74990975a15c031 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Sat, 7 Oct 2023 11:34:37 +0100
Subject: [PATCH] Cast the request limit to intval before we try to abs()

Signed-off-by: snipe <snipe@snipe.net>
---
 app/Providers/SettingsServiceProvider.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/Providers/SettingsServiceProvider.php b/app/Providers/SettingsServiceProvider.php
index 371fc234de..6656f284e0 100644
--- a/app/Providers/SettingsServiceProvider.php
+++ b/app/Providers/SettingsServiceProvider.php
@@ -33,12 +33,14 @@ class SettingsServiceProvider extends ServiceProvider
         // Make sure the limit is actually set, is an integer and does not exceed system limits
         \App::singleton('api_limit_value', function () {
             $limit = config('app.max_results');
+            $int_limit = intval(request('limit'));
 
-            if ((abs(intval(request('limit'))) > 0) && (abs(request('limit')) <= config('app.max_results'))) {
-                $limit = abs(request('limit'));
+            if ((abs($int_limit) > 0) && ($int_limit <= config('app.max_results'))) {
+                $limit = abs($int_limit);
             }
             \Log::debug('Max in env: '.config('app.max_results'));
             \Log::debug('Original requested limit: '.request('limit'));
+            \Log::debug('Int limit: '.$int_limit);
             \Log::debug('Modified limit: '.$limit);
             \Log::debug('------------------------------');