From ec4cbb0464a8e205598bbb7f7eb26ee68632021f Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Sun, 1 Jan 2017 19:03:20 +0100
Subject: [PATCH] fixes #572, check $_GET['mode'] against hacking attempt

git cherry-pick 9dd92959f6975099e0c62163a846a4648a6a920f
---
 admin/batch_manager.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/admin/batch_manager.php b/admin/batch_manager.php
index e81c59f0a..8d8508703 100644
--- a/admin/batch_manager.php
+++ b/admin/batch_manager.php
@@ -566,6 +566,7 @@ $manager_link = get_root_url().'admin.php?page=batch_manager&amp;mode=';
 
 if (isset($_GET['mode']))
 {
+  check_input_parameter('mode', $_GET, false, '/^(global|unit)$/');
   $page['tab'] = $_GET['mode'];
 }
 else