From 959c75ff79c01b472621fd0eb629695b34f9bcc1 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 24 Sep 2021 10:21:32 +0200
Subject: [PATCH] check parameter $mode of addAccess()

---
 SeedDMS_Core/Core/inc.ClassFolder.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/SeedDMS_Core/Core/inc.ClassFolder.php b/SeedDMS_Core/Core/inc.ClassFolder.php
index 0431aef47..51e78ab1a 100644
--- a/SeedDMS_Core/Core/inc.ClassFolder.php
+++ b/SeedDMS_Core/Core/inc.ClassFolder.php
@@ -1375,6 +1375,9 @@ class SeedDMS_Core_Folder extends SeedDMS_Core_Object {
 	function addAccess($mode, $userOrGroupID, $isUser) { /* {{{ */
 		$db = $this->_dms->getDB();
 
+        if($mode < M_NONE || $mode > M_ALL)
+            return false;
+
 		$userOrGroup = ($isUser) ? "`userID`" : "`groupID`";
 
 		$queryStr = "INSERT INTO `tblACLs` (`target`, `targetType`, ".$userOrGroup.", `mode`) VALUES