From c7e30da5c1775b531ce9a30aac04134cd714b472 Mon Sep 17 00:00:00 2001 From: plegall Date: Sun, 26 Apr 2026 13:06:52 +0200 Subject: [PATCH] fixes GHSA-7r67-9xhq-7p2c check get.filter inputs for dimensions and filesize --- admin/batch_manager.php | 52 ++++++++++++++++++++++++++++++++++------- 1 file changed, 44 insertions(+), 8 deletions(-) diff --git a/admin/batch_manager.php b/admin/batch_manager.php index de50e3e9b..0312876d4 100644 --- a/admin/batch_manager.php +++ b/admin/batch_manager.php @@ -256,6 +256,7 @@ elseif (isset($_GET['filter'])) break; case 'dimension': + // filter=dimension-w10..1000-h100..5000-r0.70..2 $dim_map = array('w'=>'width','h'=>'height','r'=>'ratio'); foreach (explode('-', $value) as $part) { @@ -263,19 +264,54 @@ elseif (isset($_GET['filter'])) if (isset($dim_map[$part[0]])) { $type = $dim_map[$part[0]]; - list( - $_SESSION['bulk_manager_filter']['dimension']['min_'.$type], - $_SESSION['bulk_manager_filter']['dimension']['max_'.$type] - ) = $values; + + $filter_to_validate_for_type = array( + 'width' => FILTER_VALIDATE_INT, + 'height' => FILTER_VALIDATE_INT, + 'ratio' => FILTER_VALIDATE_FLOAT, + ); + + $valid = true; + foreach ($values as $value) + { + if (filter_var($value, $filter_to_validate_for_type[$type]) === false) + { + $valid = false; + } + } + + if ($valid) + { + list( + $_SESSION['bulk_manager_filter']['dimension']['min_'.$type], + $_SESSION['bulk_manager_filter']['dimension']['max_'.$type] + ) = $values; + } } } break; case 'filesize': - list( - $_SESSION['bulk_manager_filter']['filesize']['min'], - $_SESSION['bulk_manager_filter']['filesize']['max'] - ) = explode('..', $value); + // filter=filesize-1..10 + $values = explode('..', $value); + + $valid = true; + foreach ($values as $value) + { + if (filter_var($value, FILTER_VALIDATE_FLOAT) === false) + { + $valid = false; + } + } + + if ($valid) + { + list( + $_SESSION['bulk_manager_filter']['filesize']['min'], + $_SESSION['bulk_manager_filter']['filesize']['max'] + ) = $values; + } + break; default: