From ebdacd3e8312a11e7abb568729afe145cb3540f4 Mon Sep 17 00:00:00 2001 From: plegall Date: Fri, 23 Mar 2018 10:01:06 +0100 Subject: [PATCH] fixes #853, less strict check on user input "selectAction" for tag manager ... for compatibility with plugin Colored Tags (typetags) and maybe other in the future. --- admin/tags.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin/tags.php b/admin/tags.php index fd244a6db..166e09073 100644 --- a/admin/tags.php +++ b/admin/tags.php @@ -33,7 +33,7 @@ if (!empty($_POST)) { check_pwg_token(); check_input_parameter('tags', $_POST, true, PATTERN_ID); - check_input_parameter('selectAction', $_POST, false, '/^(edit|merge|duplicate|delete)$/'); + check_input_parameter('selectAction', $_POST, false, '/^[a-zA-Z0-9_-]+$/'); check_input_parameter('edit_list', $_POST, false, '/^\d+(,\d+)*$/'); check_input_parameter('merge_list', $_POST, false, '/^\d+(,\d+)*$/'); check_input_parameter('destination_tag', $_POST, false, PATTERN_ID);