From a0b95e879236f82e931f488de3cc615f9e5657df Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Mon, 4 Oct 2021 20:20:45 +0200
Subject: [PATCH] check if argument passed to setDefaultAccess() is in valid
 range

---
 SeedDMS_Core/Core/inc.ClassDocument.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/SeedDMS_Core/Core/inc.ClassDocument.php b/SeedDMS_Core/Core/inc.ClassDocument.php
index 27de15098..3475392ee 100644
--- a/SeedDMS_Core/Core/inc.ClassDocument.php
+++ b/SeedDMS_Core/Core/inc.ClassDocument.php
@@ -752,6 +752,9 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
 	function setDefaultAccess($mode, $noclean="false") { /* {{{ */
 		$db = $this->_dms->getDB();
 
+        if($mode < M_LOWEST_RIGHT || $mode > M_HIGHEST_RIGHT)
+            return false;
+
 		$queryStr = "UPDATE `tblDocuments` set `defaultAccess` = " . (int) $mode . " WHERE `id` = " . $this->_id;
 		if (!$db->getResult($queryStr))
 			return false;