From 9d4e026112d4a950bba270b43b04e10d7e13f448 Mon Sep 17 00:00:00 2001
From: Alan Knowles <alan@roojs.com>
Date: Fri, 14 Sep 2012 13:55:15 +0800
Subject: [PATCH] GroupRights.php

---
 GroupRights.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/GroupRights.php b/GroupRights.php
index 848761d..c3976f8 100644
--- a/GroupRights.php
+++ b/GroupRights.php
@@ -32,6 +32,12 @@ class Pman_Admin_GroupRights extends Pman
         if (!$this->hasPerm( 'Core.Groups','S')) { // listing groups..
             $this->jerr("PERMISSION DENIED");
         }
+        
+        $g = DB_DataObject::Factory('group');
+        if (!$g->get($_GET['group_id'])) {
+            $this->jerr("group is invalid");
+        }
+        
          //   DB_DataObject::debugLevel(1);
         $p = DB_DataObject::factory('group_rights');
         $p->group_id = (int)$_GET['group_id'];
-- 
2.39.2