Parsing int param must not accept floats (#5544)

The previous method that parses GET parameters for integer values used
`is_numeric()`. So values like "-1.2e6" were accepted and returned with
a string type.

This violated the specifications and caused infinite loops when some
params were not integers.

Co-authored-by: François Gannaz <[email protected]>

frameworks/PHP/yii2/app/helpers/Query.php

@@ -6,12 +6,12 @@ class Query
 {
     public static function clamp($value): int
     {
-        if (!is_numeric($value) || $value < 1) {
+        if (!ctype_digit($value) || $value < 1) {
             return 1;
         } elseif ($value > 500) {
             return 500;
         } else {
-            return $value;
+            return (int) $value;
         }
     }
 }