From 7543c005b59ac11958ca2146390b3b4dcdc1960b Mon Sep 17 00:00:00 2001
From: Dan Q <github@danq.me>
Date: Thu, 12 Aug 2021 09:19:22 +0100
Subject: [PATCH] Ensure email ID is an integer

Inspired by PR #28.
---
 web/api.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/api.php b/web/api.php
index 12cc7dc..4b1839f 100644
--- a/web/api.php
+++ b/web/api.php
@@ -27,7 +27,7 @@ switch($action)
             $o = explode(',',$settings['DOMAINS']);
     break;
     case 'attachment':
-        $id = $_REQUEST['id'];
+        $id = intval($_REQUEST['id']);
         $filename = basename(realpath($_REQUEST['filename']));
         $filepath = $dir.DS.'attachments'.DS.$id.'-'.$filename;
         if(!is_dir($dir))
@@ -45,7 +45,7 @@ switch($action)
     break;
 
     case 'load':
-        $id = $_REQUEST['id'];
+        $id = intval($_REQUEST['id']);
         if(empty($email))
             $o = array('status'=>'err','reason'=>'No email address provided');
         else if(!is_dir($dir))