security: User Ticket Creation

JediKev · JediKev · commit 37cf8350ea21 · 2023-10-25T09:59:53.000-05:00
This addresses an issue with Topic ID param abuse on User Ticket
Creation via portal.
diff --git a/include/class.ticket.php b/include/class.ticket.php
@@ -4237,7 +4237,8 @@ static function create($vars, &$errors, $origin, $autorespond=true,
             $errors += $form->errors();
 
         if ($vars['topicId']) {
-            if (($topic=Topic::lookup($vars['topicId']))
+            if (is_numeric($vars['topicId'])
+                    && ($topic=Topic::lookup((int) $vars['topicId']))
                     && $topic->isActive()) {
                 foreach ($topic_forms as $topic_form) {
                     $TF = $topic_form->getForm($vars);
