From 313f04ff8366805bef279179c85276906ad2cf28 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Wed, 9 Mar 2022 13:49:18 +0100
Subject: [PATCH] Validate the `pageNo` in
 UserTrophyAction::validateGetGroupedUserTrophyList()

---
 .../files/lib/data/user/trophy/UserTrophyAction.class.php     | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wcfsetup/install/files/lib/data/user/trophy/UserTrophyAction.class.php b/wcfsetup/install/files/lib/data/user/trophy/UserTrophyAction.class.php
index 3cff83342a..8e84d34a08 100644
--- a/wcfsetup/install/files/lib/data/user/trophy/UserTrophyAction.class.php
+++ b/wcfsetup/install/files/lib/data/user/trophy/UserTrophyAction.class.php
@@ -180,6 +180,10 @@ class UserTrophyAction extends AbstractDatabaseObjectAction {
 		if (!$this->userProfile->isAccessible('canViewTrophies') && $this->userProfile->userID != WCF::getSession()->userID) {
 			throw new PermissionDeniedException();
 		}
+
+		if ($this->parameters['pageNo'] < 1) {
+			throw new UserInputException('pageNo');
+		}
 	}
 	
 	/**
-- 
2.20.1