bug 3202 fixed: additional input check for filter_level

git-svn-id: http://piwigo.org/svn/trunk@30952 68402e56-0260-453c-a942-63ccdbb3a9ee
2026-03-28 17:42:57 +01:00 · 2015-02-12 14:39:09 +00:00
parent 3c28040ca8
commit 6de82cb36f
1 changed files with 2 additions and 0 deletions
--- a/admin/batch_manager.php
+++ b/admin/batch_manager.php
@@ -116,6 +116,8 @@ if (isset($_POST['submitFilter']))

  if (isset($_POST['filter_level_use']))
  {
+    check_input_parameter('filter_level', $_POST, false, '/^\d+$/');
+    
    if (in_array($_POST['filter_level'], $conf['available_permission_levels']))
    {
      $_SESSION['bulk_manager_filter']['level'] = $_POST['filter_level'];