From 02275fe275a3f97710dab75bf4c3f967f428b22d Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Wed, 21 Feb 2018 17:34:56 +0100
Subject: [PATCH] fixes #839, check input parameters on admin/tags.php

---
 admin/tags.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/admin/tags.php b/admin/tags.php
index a56f20221..fd244a6db 100644
--- a/admin/tags.php
+++ b/admin/tags.php
@@ -32,6 +32,11 @@ check_status(ACCESS_ADMINISTRATOR);
 if (!empty($_POST))
 {
   check_pwg_token();
+  check_input_parameter('tags', $_POST, true, PATTERN_ID);
+  check_input_parameter('selectAction', $_POST, false, '/^(edit|merge|duplicate|delete)$/');
+  check_input_parameter('edit_list', $_POST, false, '/^\d+(,\d+)*$/');
+  check_input_parameter('merge_list', $_POST, false, '/^\d+(,\d+)*$/');
+  check_input_parameter('destination_tag', $_POST, false, PATTERN_ID);
 }
 
 // +-----------------------------------------------------------------------+