Plugin update: validate Priority parameter

Plugin Priority must be a number from 1 to 5. Trigger an error if the parameter's value is outside of that range. Fixes #27284
mantisbt · Sep 23, 2020 · fe3a91c · fe3a91c
1 parent 8d9fbb5
commit fe3a91c
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/manage_plugin_update.php b/manage_plugin_update.php
@@ -64,6 +64,11 @@
 	}
 
 	$f_priority = gpc_get_int( 'priority_'.$t_basename, 3 );
+	if( $f_priority < 1 || $f_priority > 5 ) {
+		error_parameters( 'priority_' . $t_basename );
+		trigger_error( ERROR_INVALID_FIELD_VALUE, ERROR );
+	}
+
 	$f_protected = gpc_get_bool( 'protected_'.$t_basename, 0 );
 
 	$t_update_query->bind( 'basename', $t_basename );