From e2f0f1b9fdda9a0bdd62a1343337e2a7d62aa08c Mon Sep 17 00:00:00 2001
From: Oliver Bock <oliver.bock@aei.mpg.de>
Date: Wed, 9 Nov 2016 12:36:51 +0000
Subject: [PATCH] Drupal: harden team email list RPC wrapper

---
 drupal/sites/default/boinc/modules/boinccore/boinccore.module | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drupal/sites/default/boinc/modules/boinccore/boinccore.module b/drupal/sites/default/boinc/modules/boinccore/boinccore.module
index 06206fc620..f4ab52916e 100644
--- a/drupal/sites/default/boinc/modules/boinccore/boinccore.module
+++ b/drupal/sites/default/boinc/modules/boinccore/boinccore.module
@@ -1099,7 +1099,7 @@ function boinccore_team_email_list() {
   $account_key = !empty($_POST['account_key']) ? $_POST['account_key'] : $_GET['account_key'];
   $show_xml = !empty($_POST['xml']) ? $_POST['xml'] : $_GET['xml'];
   $admin_request = FALSE;
-  if ($boincteam_id) {
+  if ($boincteam_id && is_numeric($boincteam_id)) {
     if ($account_key) {
       // See if this is a team admin
       db_set_active('boinc');