Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

CHANGELOG

@@ -197,7 +197,9 @@
 - saving the settings will no longer reenable an extention with no configuration
 - put a red/green bullet before the extension name in the settings
 - escape value of dropfolderfile in input form field created by
-  SeedDMS_Bootstrap_Style::getDropFolderChooserHtml() (CVE-2020-2872)
+  SeedDMS_Bootstrap_Style::getDropFolderChooserHtml() (CVE-2020-28726)
+- prevent cross site scripting in views/bootstrap/class.DropFileChooser.php
+  folderid wasn't checked propperly for being an integer (CVE-2020-28727)
 
 --------------------------------------------------------------------------------
                      Changes in version 5.1.20

views/bootstrap/class.DropFolderChooser.php

@@ -61,7 +61,7 @@ $('.folderselect').click(function(ev) {
 		$previewwidth = $this->params['previewWidthMenuList'];
 		$timeout = $this->params['timeout'];
 		$xsendfile = $this->params['xsendfile'];
-		$folderid = isset($_GET['folderid']) ? $_GET['folderid'] : 0;
+		$folder = $this->params['folder'];
 
 		$previewer = new SeedDMS_Preview_Previewer($cachedir, $previewwidth, $timeout, $xsendfile);
 
@@ -82,7 +82,7 @@ $('.folderselect').click(function(ev) {
 							$c++;
 							$mimetype = finfo_file($finfo, $dir.'/'.$entry);
 							if(file_exists($dir.'/'.$entry)) {
-								$filecontent .= "<li><a".($folderid ? " href=\"../out/out.AddDocument.php?folderid=".$folderid."&dropfolderfileform1=".urldecode($entry)."\" title=\"".getMLText('menu_upload_from_dropfolder')."\"" : "").">";
+								$filecontent .= "<li><a".($folder ? " href=\"../out/out.AddDocument.php?folderid=".$folder->getId()."&dropfolderfileform1=".urldecode($entry)."\" title=\"".getMLText('menu_upload_from_dropfolder')."\"" : "").">";
 								if($previewwidth) {
 									$previewer->createRawPreview($dir.'/'.$entry, 'dropfolder/', $mimetype);
 									if($previewer->hasRawPreview($dir.'/'.$entry, 'dropfolder/')) {