summaryrefslogtreecommitdiff
path: root/roundcubemail/program/steps/settings/edit_identity.inc
diff options
context:
space:
mode:
authorthomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>2006-08-16 08:06:31 +0000
committerthomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>2006-08-16 08:06:31 +0000
commit6a1e26a23c7b6f58c35f2f7730a65f116a02849b (patch)
treeabf0fc3ebe12f4eabd19c4dfc0bebc3dfaa260dd /roundcubemail/program/steps/settings/edit_identity.inc
parent22e44bcebaedf1ea36443a2576399e27c64ad2be (diff)
Fixed some XSS and SQL injection issues
git-svn-id: https://svn.roundcube.net/trunk@319 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/program/steps/settings/edit_identity.inc')
-rw-r--r--roundcubemail/program/steps/settings/edit_identity.inc3
1 files changed, 1 insertions, 2 deletions
diff --git a/roundcubemail/program/steps/settings/edit_identity.inc b/roundcubemail/program/steps/settings/edit_identity.inc
index 07cd8fa02..316eec785 100644
--- a/roundcubemail/program/steps/settings/edit_identity.inc
+++ b/roundcubemail/program/steps/settings/edit_identity.inc
@@ -21,12 +21,11 @@
if (($_GET['_iid'] || $_POST['_iid']) && $_action=='edit-identity')
{
- $id = $_POST['_iid'] ? $_POST['_iid'] : $_GET['_iid'];
$DB->query("SELECT * FROM ".get_table_name('identities')."
WHERE identity_id=?
AND user_id=?
AND del<>1",
- $id,
+ get_input_value('_iid', RCUBE_INPUT_GPC),
$_SESSION['user_id']);
$IDENTITY_RECORD = $DB->fetch_assoc();
generated by cgit v1.2.3 (git 2.51.0) at 2026-05-28 17:01:55 +0000