From aede490a0b3a6c246f1f4689ca86c8fee377a7ae Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Thu, 25 Jun 2026 13:31:12 +0200
Subject: [PATCH] (cp 9755d88ed) fixes GHSA-hq29-8hhx-5jwc [search] check input
 parameter ratings

---
 include/functions_search.inc.php    | 2 +-
 include/ws_functions/pwg.images.php | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/include/functions_search.inc.php b/include/functions_search.inc.php
index dc25f545b..ec183069e 100644
--- a/include/functions_search.inc.php
+++ b/include/functions_search.inc.php
@@ -637,7 +637,7 @@ SELECT
       }
       else
       {
-        $filter_clauses[] = '(rating_score >= '.(intval($r)-1).' AND rating_score < '.$r.')';
+        $filter_clauses[] = '(rating_score >= '.(intval($r)-1).' AND rating_score < '.intval($r).')';
       }
     }
 
diff --git a/include/ws_functions/pwg.images.php b/include/ws_functions/pwg.images.php
index 54a58d4dc..cb4f73ee9 100644
--- a/include/ws_functions/pwg.images.php
+++ b/include/ws_functions/pwg.images.php
@@ -1039,6 +1039,14 @@ function ws_images_filteredSearch_create($params, $service)
 
   if ($conf['rate'] and isset($params['ratings']))
   {
+    foreach ($params['ratings'] as $rate)
+    {
+      if (!preg_match('/^\d+$/i', $rate))
+      {
+        return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid parameter ratings');
+      }
+    }
+
     $search['fields']['ratings'] = $params['ratings'];
   }