From 6ce14fc95810c4bf8e1b017a2c34876c148daae6 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Tue, 13 Jun 2017 12:27:37 +0200
Subject: [PATCH] fixes #705, check user_list_backend.php input params

---
 admin/user_list_backend.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/admin/user_list_backend.php b/admin/user_list_backend.php
index 290873c87..e4fa40af4 100644
--- a/admin/user_list_backend.php
+++ b/admin/user_list_backend.php
@@ -27,7 +27,10 @@ define('IN_ADMIN', true);
 include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
 
 check_status(ACCESS_ADMINISTRATOR);
-	
+
+check_input_parameter('iDisplayStart', $_REQUEST, false, PATTERN_ID);
+check_input_parameter('iDisplayLength', $_REQUEST, false, PATTERN_ID);
+
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
  * Easy set variables
  */