Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
xss: System Email
This mitigates a vulnerability reported by @Edr4 where XSS is possible
via System Email. This adds sanitization to the email before
saving/displaying. This also forces the other options (topic,
department, etc.) to int so there is no chance of XSS.
  • Loading branch information
JediKev committed Mar 8, 2023
1 parent 86f9693 commit 091ddba
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions include/class.email.php
Expand Up @@ -408,12 +408,12 @@ function update($vars, &$errors=false) {

$this->mail_errors = 0;
$this->mail_lastfetch = null;
$this->email = $vars['email'];
$this->email = Format::sanitize($vars['email']);
$this->name = Format::striptags($vars['name']);
$this->dept_id = $vars['dept_id'];
$this->priority_id = $vars['priority_id'];
$this->topic_id = $vars['topic_id'];
$this->noautoresp = $vars['noautoresp'];
$this->dept_id = (int) $vars['dept_id'];
$this->priority_id = (int) (isset($vars['priority_id']) ? $vars['priority_id'] : 0);
$this->topic_id = (int) $vars['topic_id'];
$this->noautoresp = (int) $vars['noautoresp'];
$this->userid = $vars['userid'];
$this->mail_active = $vars['mail_active'];
$this->mail_host = $vars['mail_host'];
Expand Down

0 comments on commit 091ddba

Please sign in to comment.