From b4cd6b8628324a5c2036d7f000e41470355026a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20S=C3=BC=C3=9Fenguth?=
 <christian.suessenguth@ecogood.org>
Date: Tue, 1 Feb 2022 13:12:28 +0100
Subject: [PATCH] Security check if list parameter is not set for edit_list and
 save_list

---
 edit_list.php | 2 +-
 save_list.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/edit_list.php b/edit_list.php
index ef494c3..f8472b3 100644
--- a/edit_list.php
+++ b/edit_list.php
@@ -28,7 +28,7 @@ if ( strlen($list_name) > 30 )
 }
 
 // Test list existence
-if( !is_dir("$lists_path/$domain/$list_name") )
+if( !is_dir("$lists_path/$domain/$list_name") || $list_name == "" ) )
 {
     header("Location: error.php");
     exit();
diff --git a/save_list.php b/save_list.php
index 608b87d..2223e3c 100644
--- a/save_list.php
+++ b/save_list.php
@@ -46,7 +46,7 @@ if ( strlen($list_name) > 30 )
 }
 
 // Test list existence
-if( !is_dir("$lists_path/$domain/$list_name") )
+if( !is_dir("$lists_path/$domain/$list_name") || $list_name == "" )
 {
     header("Location: error.php");
     exit();