adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-26 21:11:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixes GHSA-hq29-8hhx-5jwc [search] check input parameter ratings

Browse Source
This commit is contained in:
plegall
2026-06-25 13:29:59 +02:00
parent 2357a86d51
commit 9755d88edf
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/functions_search.inc.php
+1 -1
View File
@@ -637,7 +637,7 @@ SELECT
} }
else else
{ {
$filter_clauses[] = '(rating_score >= '.(intval($r)-1).' AND rating_score < '.$r.')'; $filter_clauses[] = '(rating_score >= '.(intval($r)-1).' AND rating_score < '.intval($r).')';
} }
} }
include/ws_functions/pwg.images.php
+8
View File
@@ -1039,6 +1039,14 @@ function ws_images_filteredSearch_create($params, $service)
if ($conf['rate'] and isset($params['ratings'])) if ($conf['rate'] and isset($params['ratings']))
{ {
foreach ($params['ratings'] as $rate)
{
if (!preg_match('/^\d+$/i', $rate))
{
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid parameter ratings');
}
}
$search['fields']['ratings'] = $params['ratings']; $search['fields']['ratings'] = $params['ratings'];
} }