diff options
| author | robin <robin@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2007-02-16 14:38:12 +0000 |
|---|---|---|
| committer | robin <robin@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2007-02-16 14:38:12 +0000 |
| commit | aee4f14da9e66092723bfea6ab8c0ca12abbfc44 (patch) | |
| tree | 919370010666b705786abb7282441a7aa9d7165d | |
| parent | e54e18269ee2461f796bf77f23a5fc33819a7a95 (diff) | |
Fix XSS vulnerability (closes #1484254).
git-svn-id: https://svn.roundcube.net/trunk@482 208e9e7b-5314-0410-a742-e7e81cd9613c
| -rw-r--r-- | roundcubemail/program/steps/mail/func.inc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/roundcubemail/program/steps/mail/func.inc b/roundcubemail/program/steps/mail/func.inc index a44d81a1d..037e83f29 100644 --- a/roundcubemail/program/steps/mail/func.inc +++ b/roundcubemail/program/steps/mail/func.inc @@ -30,10 +30,10 @@ if (empty($_SESSION['mbox'])){ } // set imap properties and session vars -if (strlen($_GET['_mbox'])) +if (strlen($mbox = get_input_value('_mbox', RCUBE_INPUT_GET))) { - $IMAP->set_mailbox($_GET['_mbox']); - $_SESSION['mbox'] = $_GET['_mbox']; + $IMAP->set_mailbox($mbox); + $_SESSION['mbox'] = $mbox; } if (strlen($_GET['_page'])) |