From: Marcel Werk <burntime@woltlab.com>
Date: Wed, 2 Apr 2014 21:47:53 +0000 (+0200)
Subject: Fixed parameter validation
X-Git-Tag: 2.0.5~11
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=859ad41a1923f7bd37bb5906baaec9ad5e78db6c;p=GitHub%2FWoltLab%2FWCF.git

Fixed parameter validation
---

diff --git a/wcfsetup/install/files/lib/form/SearchForm.class.php b/wcfsetup/install/files/lib/form/SearchForm.class.php
index 0e6e77a681..ca911571c5 100644
--- a/wcfsetup/install/files/lib/form/SearchForm.class.php
+++ b/wcfsetup/install/files/lib/form/SearchForm.class.php
@@ -153,7 +153,16 @@ class SearchForm extends RecaptchaForm {
 		if (isset($_REQUEST['q'])) $this->query = StringUtil::trim($_REQUEST['q']);
 		if (isset($_REQUEST['username'])) $this->username = StringUtil::trim($_REQUEST['username']);
 		if (isset($_REQUEST['userID'])) $this->userID = intval($_REQUEST['userID']);
-		if (isset($_REQUEST['types']) && is_array($_REQUEST['types'])) $this->selectedObjectTypes = $_REQUEST['types'];
+		if (isset($_REQUEST['types']) && is_array($_REQUEST['types'])) {
+			$this->selectedObjectTypes = $_REQUEST['types'];
+			
+			// validate given values
+			foreach ($this->selectedObjectTypes as $objectTypeName) {
+				if (SearchEngine::getInstance()->getObjectType($objectTypeName) === null) {
+					throw new IllegalLinkException();
+				}
+			}
+		}
 		$this->submit = (!empty($_POST) || !empty($this->query) || !empty($this->username) || $this->userID);
 		
 		if (isset($_REQUEST['modify'])) {