Validate the `pageNo` in UserProfileVisitorAction::validateGetGroupedUserList()
authorTim Düsterhus <duesterhus@woltlab.com>
Wed, 9 Mar 2022 12:45:05 +0000 (13:45 +0100)
committerTim Düsterhus <duesterhus@woltlab.com>
Wed, 9 Mar 2022 12:45:05 +0000 (13:45 +0100)
wcfsetup/install/files/lib/data/user/profile/visitor/UserProfileVisitorAction.class.php

index cb66bb76c014b1b730a4271993247ae5056d09bb..92ba491c040b6fd8eddea50015d539bd36331547 100644 (file)
@@ -47,6 +47,10 @@ class UserProfileVisitorAction extends AbstractDatabaseObjectAction implements I
                if ($this->userProfile->isProtected()) {
                        throw new PermissionDeniedException();
                }
+
+               if ($this->parameters['pageNo'] < 1) {
+                       throw new UserInputException('pageNo');
+               }
        }
        
        /**