From e41c4f405ea203ceea5ec9b5b34da34904092f4f Mon Sep 17 00:00:00 2001
From: joebordes <joe@tsolucio.com>
Date: Wed, 24 Aug 2022 15:55:25 +0200
Subject: [PATCH] sec(Emails) Reflected XSS via idlist parameter

---
 modules/Emails/mailSelect.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/Emails/mailSelect.php b/modules/Emails/mailSelect.php
index 1217fccac4..257d7b11d8 100644
--- a/modules/Emails/mailSelect.php
+++ b/modules/Emails/mailSelect.php
@@ -13,6 +13,14 @@
 global $app_strings,$mod_strings,$current_user,$theme,$adb;
 $image_path = 'themes/'.$theme.'/images/';
 $idlist = vtlib_purify($_REQUEST['idlist']);
+$idlist = explode(':', $idlist);
+array_walk(
+	$idlist,
+	function (&$val, $key) {
+		$val = filter_var($val, FILTER_SANITIZE_NUMBER_INT);
+	}
+);
+$idlist = implode(':', $idlist);
 $pmodule=vtlib_purify($_REQUEST['return_module']);
 $excludedRecords = isset($_REQUEST['excludedRecords']) ? vtlib_purify($_REQUEST['excludedRecords']) : '';