From fbf02ab360cbe003b9b90efb878969d82a3fc240 Mon Sep 17 00:00:00 2001
From: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Fri, 22 Dec 2006 21:45:21 +0000
Subject: Applied security patches by Kees Cook (Ubuntu) + little visual
 enhancements

git-svn-id: https://svn.roundcube.net/trunk@425 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 roundcubemail/program/steps/addressbook/delete.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'roundcubemail/program/steps/addressbook')

diff --git a/roundcubemail/program/steps/addressbook/delete.inc b/roundcubemail/program/steps/addressbook/delete.inc
index b95988d12..3e33cd864 100644
--- a/roundcubemail/program/steps/addressbook/delete.inc
+++ b/roundcubemail/program/steps/addressbook/delete.inc
@@ -21,7 +21,7 @@
 
 $REMOTE_REQUEST = TRUE;
 
-if ($_GET['_cid'])
+if ($_GET['_cid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_cid']))
   {
   $DB->query("UPDATE ".get_table_name('contacts')."
               SET    del=1
@@ -96,4 +96,4 @@ if ($_GET['_cid'])
   }
 
 exit;
-?>
\ No newline at end of file
+?>
-- 
cgit v1.2.3