From 6bb08b05e0e12babd634a837466bee1c52686673 Mon Sep 17 00:00:00 2001
From: ranjit-git <pahan.ranjit0201@gmail.com>
Date: Wed, 21 Jul 2021 14:20:17 +0530
Subject: [PATCH] Update Download.php

fix xss via fileid
---
 includes/Classes/Download.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/Classes/Download.php b/includes/Classes/Download.php
index e8b20f613..9394e077c 100644
--- a/includes/Classes/Download.php
+++ b/includes/Classes/Download.php
@@ -52,7 +52,7 @@ public function returnFilesIds($file_ids)
 			if (current_role_in($this->check_level)) {
 				$file_list = array();
 				foreach($file_ids as $key => $data) {
-					$file_list[] = $data['value'];
+					$file_list[] = int($data['value']); //file-id must be int
 				}
 				ob_clean();
 				flush();