mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-07-03 16:32:22 +02:00
(cp 9755d88ed) fixes GHSA-hq29-8hhx-5jwc [search] check input parameter ratings
This commit is contained in:
@@ -1039,6 +1039,14 @@ function ws_images_filteredSearch_create($params, $service)
|
||||
|
||||
if ($conf['rate'] and isset($params['ratings']))
|
||||
{
|
||||
foreach ($params['ratings'] as $rate)
|
||||
{
|
||||
if (!preg_match('/^\d+$/i', $rate))
|
||||
{
|
||||
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid parameter ratings');
|
||||
}
|
||||
}
|
||||
|
||||
$search['fields']['ratings'] = $params['ratings'];
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user