From 436530f1b6ba379f612bf50197a3ce605d810c20 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Wed, 9 Mar 2022 13:45:05 +0100
Subject: [PATCH] Validate the `pageNo` in
 UserProfileVisitorAction::validateGetGroupedUserList()

---
 .../user/profile/visitor/UserProfileVisitorAction.class.php   | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wcfsetup/install/files/lib/data/user/profile/visitor/UserProfileVisitorAction.class.php b/wcfsetup/install/files/lib/data/user/profile/visitor/UserProfileVisitorAction.class.php
index cb66bb76c0..92ba491c04 100644
--- a/wcfsetup/install/files/lib/data/user/profile/visitor/UserProfileVisitorAction.class.php
+++ b/wcfsetup/install/files/lib/data/user/profile/visitor/UserProfileVisitorAction.class.php
@@ -47,6 +47,10 @@ class UserProfileVisitorAction extends AbstractDatabaseObjectAction implements I
 		if ($this->userProfile->isProtected()) {
 			throw new PermissionDeniedException();
 		}
+
+		if ($this->parameters['pageNo'] < 1) {
+			throw new UserInputException('pageNo');
+		}
 	}
 	
 	/**
-- 
2.20.1