From aee4f14da9e66092723bfea6ab8c0ca12abbfc44 Mon Sep 17 00:00:00 2001
From: robin <robin@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Fri, 16 Feb 2007 14:38:12 +0000
Subject: Fix XSS vulnerability (closes #1484254).

git-svn-id: https://svn.roundcube.net/trunk@482 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 roundcubemail/program/steps/mail/func.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'roundcubemail/program')

diff --git a/roundcubemail/program/steps/mail/func.inc b/roundcubemail/program/steps/mail/func.inc
index a44d81a1d..037e83f29 100644
--- a/roundcubemail/program/steps/mail/func.inc
+++ b/roundcubemail/program/steps/mail/func.inc
@@ -30,10 +30,10 @@ if (empty($_SESSION['mbox'])){
 }
 
 // set imap properties and session vars
-if (strlen($_GET['_mbox']))
+if (strlen($mbox = get_input_value('_mbox', RCUBE_INPUT_GET)))
   {
-  $IMAP->set_mailbox($_GET['_mbox']);
-  $_SESSION['mbox'] = $_GET['_mbox'];
+  $IMAP->set_mailbox($mbox);
+  $_SESSION['mbox'] = $mbox;
   }
 
 if (strlen($_GET['_page']))
-- 
cgit v1.2.3