Skip to content

Commit

Permalink
sec(Emails) Reflected XSS via idlist parameter
Browse files Browse the repository at this point in the history
  • Loading branch information
@joebordes
joebordes committed Aug 24, 2022
1 parent 537c117 commit e41c4f4
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions modules/Emails/mailSelect.php
View file
Expand Up @@ -13,6 +13,14 @@
global $app_strings,$mod_strings,$current_user,$theme,$adb;
$image_path = 'themes/'.$theme.'/images/';
$idlist = vtlib_purify($_REQUEST['idlist']);
$idlist = explode(':', $idlist);
array_walk(
$idlist,
function (&$val, $key) {
$val = filter_var($val, FILTER_SANITIZE_NUMBER_INT);
}
);
$idlist = implode(':', $idlist);
$pmodule=vtlib_purify($_REQUEST['return_module']);
$excludedRecords = isset($_REQUEST['excludedRecords']) ? vtlib_purify($_REQUEST['excludedRecords']) : '';

Expand Down

0 comments on commit e41c4f4

Please sign in to comment.