From 061d80b9213c3da40f9dc9a3b6c111a4cf852926 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Fri, 5 May 2023 09:53:01 +0200
Subject: [PATCH] fixes #1911 check url input parameter

---
 admin/profile.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/admin/profile.php b/admin/profile.php
index 5249f3453..82514082e 100644
--- a/admin/profile.php
+++ b/admin/profile.php
@@ -8,6 +8,8 @@
 
 if( !defined("PHPWG_ROOT_PATH") ) die ("Hacking attempt!");
 
+check_input_parameter('user_id', $_GET, false, PATTERN_ID);
+
 $edit_user = build_user( $_GET['user_id'], false );
 
 if (!empty($_POST))