From 721384ffc4a6b0d79b673028c1a5a45ee723b6c9 Mon Sep 17 00:00:00 2001
From: MatthieuLP <matthieu.leproux@gmail.com>
Date: Wed, 1 Mar 2023 12:04:18 +0100
Subject: [PATCH] fixed #1876 Added check_input_parameter for $_GET parameters

---
 admin/history.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/admin/history.php b/admin/history.php
index 974590855..d4be0a69e 100644
--- a/admin/history.php
+++ b/admin/history.php
@@ -39,6 +39,10 @@ $display_thumbnails = array('no_display_thumbnail' => l10n('No display'),
 
 check_status(ACCESS_ADMINISTRATOR);
 
+check_input_parameter('filter_ip', $_GET, false, '/^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/');
+check_input_parameter('filter_image_id', $_GET, false, '/^\d+$/');
+check_input_parameter('filter_user_id', $_GET, false, '/^\d+$/');
+
 // +-----------------------------------------------------------------------+
 // |                             template init                             |
 // +-----------------------------------------------------------------------+