From 91349065eab9155bccecb9309892af31cf47749d Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Mon, 12 Aug 2019 16:24:27 +0200
Subject: [PATCH] fixes #1010 prevent from SQL injection with user input check

---
 admin/cat_move.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/admin/cat_move.php b/admin/cat_move.php
index 18f94971c..1464499fe 100644
--- a/admin/cat_move.php
+++ b/admin/cat_move.php
@@ -31,7 +31,9 @@ if (isset($_POST['submit']))
 {
   if (count($_POST['selection']) > 0)
   {
-    // TODO: tests
+    check_input_parameter('selection', $_POST, true, PATTERN_ID);
+    check_input_parameter('parent', $_POST, false, PATTERN_ID);
+
     move_categories($_POST['selection'], $_POST['parent']);
   }
   else