From bf268b4a7823be3147d24cd1565b64e2687ecd1e Mon Sep 17 00:00:00 2001
From: Eric Mann <eric@eamann.com>
Date: Tue, 21 Nov 2017 20:52:22 -0800
Subject: [PATCH] Protect against divide-by-Watson errors. Props @bswatson

---
 php/functions.php         |  5 +++++
 test/phpunit/CoreTest.php | 16 ++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/php/functions.php b/php/functions.php
index 67e9e28..b4d0bb5 100644
--- a/php/functions.php
+++ b/php/functions.php
@@ -111,6 +111,11 @@ function calc_totp($key, $step_count = false, $digits = 6, $hash = 'sha1', $time
             throw new \InvalidArgumentException('Invalid hash type specified!');
     }
 
+    $time_step = intval($time_step);
+    if ($time_step <= 0) {
+        throw new \InvalidArgumentException('Time step must be greater than zero');
+    }
+
     if (false === $step_count) {
         $step_count = floor(time() / $time_step);
     }
diff --git a/test/phpunit/CoreTest.php b/test/phpunit/CoreTest.php
index 79b5df5..c13cad3 100644
--- a/test/phpunit/CoreTest.php
+++ b/test/phpunit/CoreTest.php
@@ -86,4 +86,20 @@ public function test_invalid_hash()
         $key = new Key();
         calc_totp($key, false, 6, 'md5');
     }
+
+    public function test_time_step_nonzero()
+    {
+        $this->expectException(\InvalidArgumentException::class);
+
+        $key = new Key();
+        calc_totp($key, false, 6, 'sha1', 0);
+    }
+
+    public function test_time_step_positive()
+    {
+        $this->expectException(\InvalidArgumentException::class);
+
+        $key = new Key();
+        calc_totp($key, false, 6, 'sha1', -30);
+    }
 }
\ No newline at end of file