Validate the `pageNo` in UserProfileVisitorAction::validateGetGroupedUserList()

diff --git a/wcfsetup/install/files/lib/data/user/profile/visitor/UserProfileVisitorAction.class.php b/wcfsetup/install/files/lib/data/user/profile/visitor/UserProfileVisitorAction.class.php
index cb66bb76c014b1b730a4271993247ae5056d09bb..92ba491c040b6fd8eddea50015d539bd36331547 100644 (file)
--- a/wcfsetup/install/files/lib/data/user/profile/visitor/UserProfileVisitorAction.class.php
+++ b/wcfsetup/install/files/lib/data/user/profile/visitor/UserProfileVisitorAction.class.php
@@ -47,6 +47,10 @@ class UserProfileVisitorAction extends AbstractDatabaseObjectAction implements I
                if ($this->userProfile->isProtected()) {
                        throw new PermissionDeniedException();
                }
+
+               if ($this->parameters['pageNo'] < 1) {
+                       throw new UserInputException('pageNo');
+               }
        }
        
        /**