From 091ddba965132d26bdbeb004fcc44bd8fd056b71 Mon Sep 17 00:00:00 2001 From: JediKev Date: Wed, 8 Mar 2023 10:35:10 -0600 Subject: [PATCH] xss: System Email This mitigates a vulnerability reported by @edr4 where XSS is possible via System Email. This adds sanitization to the email before saving/displaying. This also forces the other options (topic, department, etc.) to int so there is no chance of XSS. --- include/class.email.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/include/class.email.php b/include/class.email.php index 51d034ce84..c7464258cd 100644 --- a/include/class.email.php +++ b/include/class.email.php @@ -408,12 +408,12 @@ function update($vars, &$errors=false) { $this->mail_errors = 0; $this->mail_lastfetch = null; - $this->email = $vars['email']; + $this->email = Format::sanitize($vars['email']); $this->name = Format::striptags($vars['name']); - $this->dept_id = $vars['dept_id']; - $this->priority_id = $vars['priority_id']; - $this->topic_id = $vars['topic_id']; - $this->noautoresp = $vars['noautoresp']; + $this->dept_id = (int) $vars['dept_id']; + $this->priority_id = (int) (isset($vars['priority_id']) ? $vars['priority_id'] : 0); + $this->topic_id = (int) $vars['topic_id']; + $this->noautoresp = (int) $vars['noautoresp']; $this->userid = $vars['userid']; $this->mail_active = $vars['mail_active']; $this->mail_host = $vars['mail_host'];