Handle invalid entityids when favorting Questions or Users

[q2apro]

In \qa-include\ajax\favorite.php the incoming values are not validated.

$entitytype = qa_post_text('entitytype');
$entityid = qa_post_text('entityid');
$setfavorite = qa_post_text('favorite');

It should be probably be validated like this:

$entitytype = qa_post_text('entitytype'); // Q, U, T, C
$entityid = qa_post_text('entityid'); // bigint, e.g. 123456
$setfavorite = (int)qa_post_text('favorite'); // 0 or 1, so cast to int

// validate data
$entitytypes = ['Q', 'U', 'T', 'C'];
if(!in_array($entitytype, $entitytypes))
{
	echo "QA_AJAX_RESPONSE\n0\n" . "Wrong entity type";
}

$entityid = preg_replace('/[^0-9]/', '', $entityid);
// or checking with ctype_digit($blobid)

Similar to #919