Validate the `pageNo` in UserFollowingAction::validateGetGroupedUserList()

diff --git a/wcfsetup/install/files/lib/data/user/follow/UserFollowingAction.class.php b/wcfsetup/install/files/lib/data/user/follow/UserFollowingAction.class.php
index 07c296b77b0ea2329e0d838a2af5f28d24638b7d..0c267b70108636e6b62cc7840e1782a97e1412e2 100644 (file)
--- a/wcfsetup/install/files/lib/data/user/follow/UserFollowingAction.class.php
+++ b/wcfsetup/install/files/lib/data/user/follow/UserFollowingAction.class.php
@@ -2,6 +2,7 @@
 namespace wcf\data\user\follow;
 use wcf\system\cache\runtime\UserProfileRuntimeCache;
 use wcf\system\exception\PermissionDeniedException;
+use wcf\system\exception\UserInputException;
 use wcf\system\user\GroupedUserList;
 use wcf\system\WCF;
 
@@ -30,6 +31,10 @@ class UserFollowingAction extends UserFollowAction {
                if ($this->userProfile->isProtected()) {
                        throw new PermissionDeniedException();
                }
+
+               if ($this->parameters['pageNo'] < 1) {
+                       throw new UserInputException('pageNo');
+               }
        }
        
        /**