From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Wed, 9 Mar 2022 12:45:05 +0000 (+0100)
Subject: Validate the `pageNo` in UserProfileVisitorAction::validateGetGroupedUserList()
X-Git-Tag: 5.4.15_dev_1~8^2~9
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=436530f1b6ba379f612bf50197a3ce605d810c20;p=GitHub%2FWoltLab%2FWCF.git

Validate the `pageNo` in UserProfileVisitorAction::validateGetGroupedUserList()
---

diff --git a/wcfsetup/install/files/lib/data/user/profile/visitor/UserProfileVisitorAction.class.php b/wcfsetup/install/files/lib/data/user/profile/visitor/UserProfileVisitorAction.class.php
index cb66bb76c0..92ba491c04 100644
--- a/wcfsetup/install/files/lib/data/user/profile/visitor/UserProfileVisitorAction.class.php
+++ b/wcfsetup/install/files/lib/data/user/profile/visitor/UserProfileVisitorAction.class.php
@@ -47,6 +47,10 @@ class UserProfileVisitorAction extends AbstractDatabaseObjectAction implements I
 		if ($this->userProfile->isProtected()) {
 			throw new PermissionDeniedException();
 		}
+
+		if ($this->parameters['pageNo'] < 1) {
+			throw new UserInputException('pageNo');
+		}
 	}
 	
 	/**