From 77ebd8abd775713e972930828602e14bdb3e0d65 Mon Sep 17 00:00:00 2001
From: Elliot Kendall <elliotkendall@gmail.com>
Date: Mon, 25 Jul 2022 09:52:27 -0700
Subject: [PATCH] Cast $needle in calls to strpos/stripos to string to avoid
 automatic ordinal conversion of integer patterns

---
 scan.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scan.php b/scan.php
index 33c0738..ad4d9fc 100644
--- a/scan.php
+++ b/scan.php
@@ -709,14 +709,14 @@ class MalwareScanner
     //Returns true if the raw string exists in the file contents.
     private function scanFunc_STR(&$pattern, &$content)
     {
-        return strpos($content, $pattern);
+        return strpos($content, (string)$pattern);
     }
 
     //Performs raw string, case insensitive matching.
     //Returns true if the raw string exists in the file contents, ignoring case.
     private function scanFunc_STRI(&$pattern, &$content)
     {
-        return stripos($content, $pattern);
+        return stripos($content, (string)$pattern);
     }
 
     //Performs regular expression matching.