Fixed some potential security risks + updatedd changelog

git-svn-id: https://svn.roundcube.net/trunk@930 208e9e7b-5314-0410-a742-e7e81cd9613c

1 files changed, 3 insertions, 3 deletions

diff --git a/roundcubemail/program/steps/mail/get.inc b/roundcubemail/program/steps/mail/get.inc
index c9e40ac77..dad49d370 100644
--- a/roundcubemail/program/steps/mail/get.inc
+++ b/roundcubemail/program/steps/mail/get.inc
@@ -88,7 +88,7 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET))
       // we have to analyze the whole structure again to find inline objects
       list($new_parts, $new_attachments) =
         rcmail_parse_message($MESSAGE['structure'],
-                             array('safe' => (bool)$_GET['_safe'],
+                             array('safe' => intval($_GET['_safe']),
                                    'prefer_html' => TRUE,
                                    'get_url' => $GET_URL.'&_part=%s'));
 
@@ -102,7 +102,7 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET))
         $part->body = $IMAP->get_message_part($MESSAGE['UID'], $part->mime_id, $part);
 
       $OUTPUT = new rcube_html_page();
-      $OUTPUT->write(rcmail_print_body($part, (bool)$_GET['_safe']));
+      $OUTPUT->write(rcmail_print_body($part, intval($_GET['_safe'])));
       }
     else
       {
@@ -130,7 +130,7 @@ else
 
   $cont = ''; 
   list($MESSAGE['parts']) = rcmail_parse_message($MESSAGE['structure'],
-                                                 array('safe' => (bool)$_GET['_safe'],
+                                                 array('safe' => intval($_GET['_safe']),
                                                  'get_url' => $GET_URL.'&_part=%s'));
 
   $cont = "<html>\n<head><title></title>\n</head>\n<body>";