[Web] Fix potential XSS in autodiscover-json.php

data/web/autodiscover-json.php

@@ -16,6 +16,6 @@ elseif (strtolower($_GET['Protocol']) == 'autodiscoverv1') {
 }
 else {
   http_response_code(400);
-  echo '{"ErrorCode":"InvalidProtocol","ErrorMessage":"The given protocol value \u0027' . $_GET['Protocol'] . '\u0027 is invalid. Supported values are \u0027ActiveSync,AutodiscoverV1\u0027"}';
+  echo '{"ErrorCode":"InvalidProtocol","ErrorMessage":"The given protocol value \u0027' . preg_replace("/[^\da-z]/i", '', $_GET['Protocol']) . '\u0027 is invalid. Supported values are \u0027ActiveSync,AutodiscoverV1\u0027"}';
 }
 ?>