Security: Remove unused 'page' parameter from session user forms.

See advisory GHSA-h3m8-53j3-xjx8

Author: AngelFQC

main/session/add_users_to_session.php

@@ -38,8 +38,6 @@
     $add_type = Security::remove_XSS($_REQUEST['add_type']);
 }
 
-$page = isset($_GET['page']) ? Security::remove_XSS($_GET['page']) : null;
-
 // Checking for extra field with filter on
 $extra_field_list = UserManager::get_extra_fields();
 
@@ -701,7 +699,7 @@ function loadAllUsers() {
         ?>
     </div>
     <form name="formulaire" method="post"
-          action="<?php echo api_get_self(); ?>?page=<?php echo $page; ?>&id_session=<?php echo $id_session; ?><?php if (!empty($addProcess)) {
+          action="<?php echo api_get_self(); ?>?id_session=<?php echo $id_session; ?><?php if (!empty($addProcess)) {
             echo '&add=true';
         } ?>" <?php if ($ajax_search) {
             echo ' onsubmit="valide();"';

main/user/add_users_to_session.php

@@ -51,8 +51,6 @@
         $add_type = Security::remove_XSS($_REQUEST['add_type']);
     }
 
-    $page = isset($_GET['page']) ? Security::remove_XSS($_GET['page']) : null;
-
     // Checking for extra field with filter on
     $extra_field_list = UserManager::get_extra_fields();
     $new_field_list = [];
@@ -480,7 +478,7 @@ function change_select(val) {
         <?php echo $link_add_type_unique; ?>&nbsp;|&nbsp;<?php echo $link_add_type_multiple; ?>&nbsp;|&nbsp;<?php echo $link_add_group; ?>
     </div>
     <form name="formulaire" method="post"
-          action="<?php echo api_get_self(); ?>?page=<?php echo $page; ?>&id_session=<?php echo $id_session; ?><?php if (!empty($_GET['add'])) {
+          action="<?php echo api_get_self(); ?>?id_session=<?php echo $id_session; ?><?php if (!empty($_GET['add'])) {
                 echo '&add=true';
             } ?>" style="margin:0px;" <?php if ($ajax_search) {
                 echo ' onsubmit="valide();"';