summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2006-08-16 08:06:31 +0000
committerthomascube <thomas@roundcube.net>2006-08-16 08:06:31 +0000
commit89406f36c20e4d785bfb35c68e87475329cfbaf5 (patch)
treeae3f118ad16a87f112c3c8ef6df721d557fb8764
parent3287e84c90d53f88a009beaed2836f337f0751f2 (diff)
Fixed some XSS and SQL injection issues
-rw-r--r--program/steps/error.inc2
-rw-r--r--program/steps/settings/edit_identity.inc3
-rw-r--r--program/steps/settings/save_identity.inc4
3 files changed, 4 insertions, 5 deletions
diff --git a/program/steps/error.inc b/program/steps/error.inc
index aa8036afe..2d87a9da4 100644
--- a/program/steps/error.inc
+++ b/program/steps/error.inc
@@ -53,7 +53,7 @@ else if ($ERROR_CODE==401)
else if ($ERROR_CODE==404)
{
$__error_title = "REQUEST FAILED/FILE NOT FOUND";
- $request_url = $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
+ $request_url = htmlentities($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
$__error_text = <<<EOF
The requested page was not found!<br />
Please contact your server-administrator.
diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc
index 07cd8fa02..316eec785 100644
--- a/program/steps/settings/edit_identity.inc
+++ b/program/steps/settings/edit_identity.inc
@@ -21,12 +21,11 @@
if (($_GET['_iid'] || $_POST['_iid']) && $_action=='edit-identity')
{
- $id = $_POST['_iid'] ? $_POST['_iid'] : $_GET['_iid'];
$DB->query("SELECT * FROM ".get_table_name('identities')."
WHERE identity_id=?
AND user_id=?
AND del<>1",
- $id,
+ get_input_value('_iid', RCUBE_INPUT_GPC),
$_SESSION['user_id']);
$IDENTITY_RECORD = $DB->fetch_assoc();
diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc
index 9df6c61cb..2d64dc7b3 100644
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@@ -55,7 +55,7 @@ if ($_POST['_iid'])
WHERE identity_id=?
AND user_id=?
AND del<>1",
- $_POST['_iid'],
+ get_input_value('_iid', RCUBE_INPUT_POST),
$_SESSION['user_id']);
$updated = $DB->affected_rows();
@@ -72,7 +72,7 @@ if ($_POST['_iid'])
AND identity_id<>?
AND del<>1",
$_SESSION['user_id'],
- $_POST['_iid']);
+ get_input_value('_iid', RCUBE_INPUT_POST));
if ($_POST['_framed'])
{