diff options
author | thomascube <thomas@roundcube.net> | 2006-04-04 21:42:54 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2006-04-04 21:42:54 +0000 |
commit | 03f85589f8ead7fd00d68e9ed74b32222bbe1539 (patch) | |
tree | d98f5b1dd7fa32baa641511f68a5b5a523a4b246 | |
parent | 0566adccd4f45c1b61c512df95d0b9518f00e2ef (diff) |
Strip tags on _auth, _action, _task parameters
-rw-r--r-- | index.php | 13 |
1 files changed, 8 insertions, 5 deletions
@@ -2,7 +2,7 @@ /* +-----------------------------------------------------------------------+ | RoundCube Webmail IMAP Client | - | Version 0.1-20060320 | + | Version 0.1-20060402 | | | | Copyright (C) 2005, RoundCube Dev. - Switzerland | | Licensed under the GNU GPL | @@ -40,7 +40,7 @@ */ -define('RCMAIL_VERSION', '0.1-20060320'); +define('RCMAIL_VERSION', '0.1-20060402'); // define global vars @@ -84,11 +84,14 @@ require_once('PEAR.php'); // catch some url/post parameters -$_auth = !empty($_POST['_auth']) ? $_POST['_auth'] : $_GET['_auth']; -$_task = !empty($_POST['_task']) ? $_POST['_task'] : (!empty($_GET['_task']) ? $_GET['_task'] : 'mail'); -$_action = !empty($_POST['_action']) ? $_POST['_action'] : (!empty($_GET['_action']) ? $_GET['_action'] : ''); +$_auth = get_input_value('_auth', RCUBE_INPUT_GPC); +$_task = get_input_value('_task', RCUBE_INPUT_GPC); +$_action = get_input_value('_action', RCUBE_INPUT_GPC); $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed'])); +if (empty($_task)) + $_task = 'mail'; + if (!empty($_GET['_remote'])) $REMOTE_REQUEST = TRUE; |