Applied security patches by Kees Cook (Ubuntu) + little visual enhancements

git-svn-id: https://svn.roundcube.net/trunk@425 208e9e7b-5314-0410-a742-e7e81cd9613c
author: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2006-12-22 21:45:21 +0000
committer: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2006-12-22 21:45:21 +0000
commit: fbf02ab360cbe003b9b90efb878969d82a3fc240 (patch)
tree: 3304274f10ad0fda2b49a307b38d1cd755ac94bc /roundcubemail/program/steps/settings
parent: 55491988926ec76a2a31914c3eb766790ca82b06 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/roundcubemail/program/steps/settings/delete_identity.inc b/roundcubemail/program/steps/settings/delete_identity.inc
index b8f9f526c..24bf99c43 100644
--- a/roundcubemail/program/steps/settings/delete_identity.inc
+++ b/roundcubemail/program/steps/settings/delete_identity.inc
@@ -21,7 +21,7 @@
 
 $REMOTE_REQUEST = $_GET['_remote'] ? TRUE : FALSE;
 
-if ($_GET['_iid'])
+if ($_GET['_iid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_iid']))
   {
   $DB->query("UPDATE ".get_table_name('identities')."
               SET    del=1
@@ -50,4 +50,4 @@ $_action = 'identities';
 
 // overwrite action variable  
 $OUTPUT->add_script(sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action));
-?>
-\ No newline at end of file
+?>
author	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2006-12-22 21:45:21 +0000
committer	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2006-12-22 21:45:21 +0000
commit	fbf02ab360cbe003b9b90efb878969d82a3fc240 (patch)
tree	3304274f10ad0fda2b49a307b38d1cd755ac94bc /roundcubemail/program/steps/settings
parent	55491988926ec76a2a31914c3eb766790ca82b06 (diff)