PATCH: only allow limits to be set when logged in as ADMIN

code/tasks/EcommerceTaskCartCleanup.php

@@ -68,7 +68,7 @@ public function run($request)
         //LIMITS ...
         if ($request) {
             $limitFromGetVar = $request->getVar('limit');
-            if ($limitFromGetVar) {
+            if ($limitFromGetVar && Permission::check('ADMIN')) {
                 $maximumNumberOfObjectsDeleted = intval($limitFromGetVar);
             }
         }