[SECURITY] Prevent information disclosure of records

With a crafted url for the confirmation action, it was
possible to reveal form data of already persisted emails.

This behavior is mitigated with a check, whether the email
was already persisted or not.  If it is already persisted,
the request ist forwarded to the main form.

Classes/Controller/FormController.php

@@ -123,6 +123,9 @@ public function initializeConfirmationAction(): void
      */
     public function confirmationAction(Mail $mail): void
     {
+        if ($mail->getUid() !== null) {
+            $this->forward('form');
+        }
         $this->signalDispatch(__CLASS__, __FUNCTION__ . 'BeforeRenderView', [$mail, $this]);
         /** @noinspection PhpUnhandledExceptionInspection */
         $this->dataProcessorRunner->callDataProcessors(