From 859ad41a1923f7bd37bb5906baaec9ad5e78db6c Mon Sep 17 00:00:00 2001 From: Marcel Werk Date: Wed, 2 Apr 2014 23:47:53 +0200 Subject: [PATCH] Fixed parameter validation --- wcfsetup/install/files/lib/form/SearchForm.class.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/wcfsetup/install/files/lib/form/SearchForm.class.php b/wcfsetup/install/files/lib/form/SearchForm.class.php index 0e6e77a681..ca911571c5 100644 --- a/wcfsetup/install/files/lib/form/SearchForm.class.php +++ b/wcfsetup/install/files/lib/form/SearchForm.class.php @@ -153,7 +153,16 @@ class SearchForm extends RecaptchaForm { if (isset($_REQUEST['q'])) $this->query = StringUtil::trim($_REQUEST['q']); if (isset($_REQUEST['username'])) $this->username = StringUtil::trim($_REQUEST['username']); if (isset($_REQUEST['userID'])) $this->userID = intval($_REQUEST['userID']); - if (isset($_REQUEST['types']) && is_array($_REQUEST['types'])) $this->selectedObjectTypes = $_REQUEST['types']; + if (isset($_REQUEST['types']) && is_array($_REQUEST['types'])) { + $this->selectedObjectTypes = $_REQUEST['types']; + + // validate given values + foreach ($this->selectedObjectTypes as $objectTypeName) { + if (SearchEngine::getInstance()->getObjectType($objectTypeName) === null) { + throw new IllegalLinkException(); + } + } + } $this->submit = (!empty($_POST) || !empty($this->query) || !empty($this->username) || $this->userID); if (isset($_REQUEST['modify'])) { -- 2.20.1