summaryrefslogtreecommitdiff
path: root/plugins/acl/acl.php
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2014-12-15 13:47:55 +0100
committerAleksander Machniak <alec@alec.pl>2014-12-15 13:47:55 +0100
commit376cbfd4f2dfcf455717409b70d9d056cbeb08b1 (patch)
tree9258578b88810e0cef8e483bd2df30c9e044960d /plugins/acl/acl.php
parent753c8849accbbe0cb3ebef01e8b3e2ff3481a336 (diff)
Fix bugs where CSRF attacks were still possible on some requests
Diffstat (limited to 'plugins/acl/acl.php')
-rw-r--r--plugins/acl/acl.php12
1 files changed, 6 insertions, 6 deletions
diff --git a/plugins/acl/acl.php b/plugins/acl/acl.php
index a8b8f58ad..b440c24a1 100644
--- a/plugins/acl/acl.php
+++ b/plugins/acl/acl.php
@@ -443,10 +443,10 @@ class acl extends rcube_plugin
*/
private function action_save()
{
- $mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_GPC, true)); // UTF7-IMAP
- $user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_GPC));
- $acl = trim(rcube_utils::get_input_value('_acl', rcube_utils::INPUT_GPC));
- $oldid = trim(rcube_utils::get_input_value('_old', rcube_utils::INPUT_GPC));
+ $mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST, true)); // UTF7-IMAP
+ $user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST));
+ $acl = trim(rcube_utils::get_input_value('_acl', rcube_utils::INPUT_POST));
+ $oldid = trim(rcube_utils::get_input_value('_old', rcube_utils::INPUT_POST));
$acl = array_intersect(str_split($acl), $this->rights_supported());
$users = $oldid ? array($user) : explode(',', $user);
@@ -499,8 +499,8 @@ class acl extends rcube_plugin
*/
private function action_delete()
{
- $mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_GPC, true)); //UTF7-IMAP
- $user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_GPC));
+ $mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST, true)); //UTF7-IMAP
+ $user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST));
$user = explode(',', $user);