From 0fea85d37c79192333b8cf4d1307ba5441065fab Mon Sep 17 00:00:00 2001
From: Sami Mazouz <sychocouldy@gmail.com>
Date: Fri, 17 Sep 2021 20:50:11 +0100
Subject: [PATCH] fix: Sanitise integer query parameters (#3064)

---
 .../core/src/Api/Controller/AbstractSerializeController.php   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/framework/core/src/Api/Controller/AbstractSerializeController.php b/framework/core/src/Api/Controller/AbstractSerializeController.php
index d3d569ba6..a0a459da4 100644
--- a/framework/core/src/Api/Controller/AbstractSerializeController.php
+++ b/framework/core/src/Api/Controller/AbstractSerializeController.php
@@ -236,7 +236,7 @@ abstract class AbstractSerializeController implements RequestHandlerInterface
      */
     protected function extractOffset(ServerRequestInterface $request)
     {
-        return $this->buildParameters($request)->getOffset($this->extractLimit($request)) ?: 0;
+        return (int) $this->buildParameters($request)->getOffset($this->extractLimit($request)) ?: 0;
     }
 
     /**
@@ -245,7 +245,7 @@ abstract class AbstractSerializeController implements RequestHandlerInterface
      */
     protected function extractLimit(ServerRequestInterface $request)
     {
-        return $this->buildParameters($request)->getLimit($this->maxLimit) ?: $this->limit;
+        return (int) $this->buildParameters($request)->getLimit($this->maxLimit) ?: $this->limit;
     }
 
     /**