From bf32bd6926eca010123dbfc4ffa53d2cdc977a7b Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Thu, 25 Jan 2024 19:12:37 -0500
Subject: [PATCH] Prevent XSS throu mids

---
 web/skins/classic/views/zones.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/skins/classic/views/zones.php b/web/skins/classic/views/zones.php
index c14101f3e..a9923a3e1 100644
--- a/web/skins/classic/views/zones.php
+++ b/web/skins/classic/views/zones.php
@@ -23,7 +23,7 @@ if ( isset($_REQUEST['mid']) ) {
   $mids = array();
   $mids[] = validInt($_REQUEST['mid']);
 } else if ( isset($_REQUEST['mids']) ) {
-  $mids = $_REQUEST['mids'];
+  $mids = arrap_map(function($thing){return validInt($thing);}, $_REQUEST['mids'] );
 } else {
   $mids = dbFetchAll('SELECT Id FROM Monitors'.($user->unviewableMonitorIds() ? 'WHERE Id IN ('.$user->viewableMonitorIds().')' : ''), 'Id');
 }