diff options
| author | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2007-02-16 19:35:03 +0000 |
|---|---|---|
| committer | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2007-02-16 19:35:03 +0000 |
| commit | 521051c553407d1417f648f8ad69448de9183f29 (patch) | |
| tree | 6edf689001936110789a4870ff496dd8207b944b /roundcubemail/program/steps/mail/func.inc | |
| parent | aee4f14da9e66092723bfea6ab8c0ca12abbfc44 (diff) | |
Better input checking on GET and POST vars
git-svn-id: https://svn.roundcube.net/trunk@483 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/program/steps/mail/func.inc')
| -rw-r--r-- | roundcubemail/program/steps/mail/func.inc | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/roundcubemail/program/steps/mail/func.inc b/roundcubemail/program/steps/mail/func.inc index 037e83f29..ec257b69b 100644 --- a/roundcubemail/program/steps/mail/func.inc +++ b/roundcubemail/program/steps/mail/func.inc @@ -30,16 +30,16 @@ if (empty($_SESSION['mbox'])){ } // set imap properties and session vars -if (strlen($mbox = get_input_value('_mbox', RCUBE_INPUT_GET))) +if ($mbox = get_input_value('_mbox', RCUBE_INPUT_GPC)) { $IMAP->set_mailbox($mbox); $_SESSION['mbox'] = $mbox; } -if (strlen($_GET['_page'])) +if (!empty($_GET['_page'])) { - $IMAP->set_page($_GET['_page']); - $_SESSION['page'] = $_GET['_page']; + $IMAP->set_page((int)$_GET['_page']); + $_SESSION['page'] = (int)$_GET['_page']; } // set mailbox to INBOX if not set @@ -59,7 +59,7 @@ if (!empty($_GET['_search']) && isset($_SESSION['search'][$_GET['_search']])) // define url for getting message parts if (strlen($_GET['_uid'])) - $GET_URL = sprintf('%s&_action=get&_mbox=%s&_uid=%d', $COMM_PATH, $IMAP->get_mailbox_name(), $_GET['_uid']); + $GET_URL = sprintf('%s&_action=get&_mbox=%s&_uid=%d', $COMM_PATH, $IMAP->get_mailbox_name(), get_input_value('_uid', RCUBE_INPUT_GET)); // set current mailbox in client environment |