summaryrefslogtreecommitdiff
path: root/roundcubemail/program/steps/settings/save_identity.inc
diff options
context:
space:
mode:
authorthomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>2006-08-16 08:06:31 +0000
committerthomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>2006-08-16 08:06:31 +0000
commit6a1e26a23c7b6f58c35f2f7730a65f116a02849b (patch)
treeabf0fc3ebe12f4eabd19c4dfc0bebc3dfaa260dd /roundcubemail/program/steps/settings/save_identity.inc
parent22e44bcebaedf1ea36443a2576399e27c64ad2be (diff)
Fixed some XSS and SQL injection issues
git-svn-id: https://svn.roundcube.net/trunk@319 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/program/steps/settings/save_identity.inc')
-rw-r--r--roundcubemail/program/steps/settings/save_identity.inc4
1 files changed, 2 insertions, 2 deletions
diff --git a/roundcubemail/program/steps/settings/save_identity.inc b/roundcubemail/program/steps/settings/save_identity.inc
index 9df6c61cb..2d64dc7b3 100644
--- a/roundcubemail/program/steps/settings/save_identity.inc
+++ b/roundcubemail/program/steps/settings/save_identity.inc
@@ -55,7 +55,7 @@ if ($_POST['_iid'])
WHERE identity_id=?
AND user_id=?
AND del<>1",
- $_POST['_iid'],
+ get_input_value('_iid', RCUBE_INPUT_POST),
$_SESSION['user_id']);
$updated = $DB->affected_rows();
@@ -72,7 +72,7 @@ if ($_POST['_iid'])
AND identity_id<>?
AND del<>1",
$_SESSION['user_id'],
- $_POST['_iid']);
+ get_input_value('_iid', RCUBE_INPUT_POST));
if ($_POST['_framed'])
{
generated by cgit v1.2.3 (git 2.51.0) at 2026-05-30 00:25:40 +0000