fix another cross site scripting hole (CVE-2020-28727)

CHANGELOG

@@ -15,7 +15,9 @@
 - saving the settings will no longer reenable an extention with no configuration
 - put a red/green bullet before the extension name in the settings
 - escape value of dropfolderfile in input form field created by
-  SeedDMS_Bootstrap_Style::getDropFolderChooserHtml() (CVE-2020-2872)
+  SeedDMS_Bootstrap_Style::getDropFolderChooserHtml() (CVE-2020-28726)
+- prevent cross site scripting in views/bootstrap/class.DropFileChooser.php
+  folderid wasn't checked propperly for being an integer (CVE-2020-28727)
 
 --------------------------------------------------------------------------------
                      Changes in version 5.1.20

views/bootstrap/class.DropFolderChooser.php

@@ -61,7 +61,7 @@ $('.folderselect').click(function(ev) {
 		$previewwidth = $this->params['previewWidthMenuList'];
 		$timeout = $this->params['timeout'];
 		$xsendfile = $this->params['xsendfile'];
-		$folderid = isset($_GET['folderid']) ? $_GET['folderid'] : 0;
+		$folder = $this->params['folder'];
 
 		$previewer = new SeedDMS_Preview_Previewer($cachedir, $previewwidth, $timeout, $xsendfile);
 
@@ -81,7 +81,7 @@ $('.folderselect').click(function(ev) {
 						if($showfolders == 0 && !is_dir($dir.'/'.$entry)) {
 							$c++;
 							$mimetype = finfo_file($finfo, $dir.'/'.$entry);
-							$filecontent .= "<li><a".($folderid ? " href=\"../out/out.AddDocument.php?folderid=".$folderid."&dropfolderfileform1=".urldecode($entry)."\" title=\"".getMLText('menu_upload_from_dropfolder')."\"" : "").">";
+							$filecontent .= "<li><a".($folder ? " href=\"../out/out.AddDocument.php?folderid=".$folder->getId()."&dropfolderfileform1=".urldecode($entry)."\" title=\"".getMLText('menu_upload_from_dropfolder')."\"" : "").">";
 							if($previewwidth) {
 								$previewer->createRawPreview($dir.'/'.$entry, 'dropfolder/', $mimetype);
 								if($previewer->hasRawPreview($dir.'/'.$entry, 'dropfolder/')) {