summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsvncommit <devs@roundcube.net>2007-02-16 14:38:12 +0000
committersvncommit <devs@roundcube.net>2007-02-16 14:38:12 +0000
commit1012ea3946d7fb9c2b8d9598704d6ba64e8db218 (patch)
tree36b12333d458fa4e364904e69edbaaf951a4ba9f
parent6a8684d382da72a716c08eb4a66f42c6434f3262 (diff)
Fix XSS vulnerability (closes #1484254).
-rw-r--r--program/steps/mail/func.inc6
1 files changed, 3 insertions, 3 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index a44d81a1d..037e83f29 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -30,10 +30,10 @@ if (empty($_SESSION['mbox'])){
}
// set imap properties and session vars
-if (strlen($_GET['_mbox']))
+if (strlen($mbox = get_input_value('_mbox', RCUBE_INPUT_GET)))
{
- $IMAP->set_mailbox($_GET['_mbox']);
- $_SESSION['mbox'] = $_GET['_mbox'];
+ $IMAP->set_mailbox($mbox);
+ $_SESSION['mbox'] = $mbox;
}
if (strlen($_GET['_page']))