From 6accc81ad69e90a97d7fe422055080d848ee5fea Mon Sep 17 00:00:00 2001 From: Lothar Serra Mari Date: Wed, 20 Nov 2019 23:59:04 +0100 Subject: [PATCH] Don't allow requesting an archive page that doesn't exist Cherry picked from master branch. Signed-off-by: Thomas Hochstein --- docs/NEWS | 3 +++ include/functions_entries.inc.php | 14 +++++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/docs/NEWS b/docs/NEWS index 513ef430..084a9d31 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -1,6 +1,9 @@ Version 2.3.3-beta1 () ------------------------------------------------------------------------ + * Don't allow requesting an archive page that doesn't exist. + Thanks to @lotharsm! + * Fix: Set action to empty in functions_routing.php when serving JS; otherisw the default page has been generated at every call. diff --git a/include/functions_entries.inc.php b/include/functions_entries.inc.php index 66be2a61..c9413ab6 100644 --- a/include/functions_entries.inc.php +++ b/include/functions_entries.inc.php @@ -404,10 +404,18 @@ function &serendipity_fetchEntries($range = null, $full = true, $limit = '', $fe if (!empty($limit)) { if (isset($serendipity['GET']['page']) && ($serendipity['GET']['page'] > 1 || serendipity_db_bool($serendipity['archiveSortStable'])) && !strstr($limit, ',')) { - if (serendipity_db_bool($serendipity['archiveSortStable'])) { - $totalEntries = serendipity_getTotalEntries(); + + $totalEntries = serendipity_getTotalEntries(); + $totalPages = ceil($totalEntries / $limit); + + // Do not allow requesting a page that doesn't exist + // and do a fallback to the highest page number available + if ($serendipity['GET']['page'] > $totalPages) { + $serendipity['GET']['page'] = $totalPages; + } + + if (serendipity_db_bool($serendipity['archiveSortStable'])) { - $totalPages = ceil($totalEntries / $limit); if ($totalPages <= 0 ) { $totalPages = 1; }