From fb86b4330c67d34e6fc2da279dba7bed22bfa5f5 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Mon, 4 Oct 2021 20:17:21 +0200
Subject: [PATCH] check if passed argument to setFolder() is a folder

---
 SeedDMS_Core/Core/inc.ClassDocument.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/SeedDMS_Core/Core/inc.ClassDocument.php b/SeedDMS_Core/Core/inc.ClassDocument.php
index 24125184f..d3ce04a30 100644
--- a/SeedDMS_Core/Core/inc.ClassDocument.php
+++ b/SeedDMS_Core/Core/inc.ClassDocument.php
@@ -657,6 +657,12 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
 	function setFolder($newFolder) { /* {{{ */
 		$db = $this->_dms->getDB();
 
+        if(!$newFolder)
+            return false;
+
+        if(!$newFolder->isType('folder'))
+            return false;
+
 		$queryStr = "UPDATE `tblDocuments` SET `folder` = " . $newFolder->getID() . " WHERE `id` = ". $this->_id;
 		if (!$db->getResult($queryStr))
 			return false;