From 9dd92959f6975099e0c62163a846a4648a6a920f Mon Sep 17 00:00:00 2001 From: plegall Date: Mon, 19 Dec 2016 11:33:09 +0100 Subject: [PATCH] fixes #572, check $_GET['mode'] against hacking attempt --- admin/batch_manager.php | 1 + 1 file changed, 1 insertion(+) diff --git a/admin/batch_manager.php b/admin/batch_manager.php index cbeb0ebe9..792cb1f54 100644 --- a/admin/batch_manager.php +++ b/admin/batch_manager.php @@ -593,6 +593,7 @@ $manager_link = get_root_url().'admin.php?page=batch_manager&mode='; if (isset($_GET['mode'])) { + check_input_parameter('mode', $_GET, false, '/^(global|unit)$/'); $page['tab'] = $_GET['mode']; } else