diff options
author | Aleksander Machniak <alec@alec.pl> | 2014-12-16 13:28:48 +0100 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2014-12-16 13:28:48 +0100 |
commit | 681ba6fc3c296cd6cd11050531b8f4e785141786 (patch) | |
tree | 77cd99edc9536c1e85e5ee057d231aa3aa5e0aba /plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php | |
parent | 53b7421d4419ce12c62d47e5b1231240cefdc3d5 (diff) |
Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
Diffstat (limited to 'plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php')
-rw-r--r-- | plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php b/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php index 8d0dca4d0..25016c878 100644 --- a/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php +++ b/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php @@ -349,7 +349,7 @@ class rcube_sieve_engine } } else if ($action == 'setact' && !$error) { - $script_name = rcube_utils::get_input_value('_set', rcube_utils::INPUT_GPC, true); + $script_name = rcube_utils::get_input_value('_set', rcube_utils::INPUT_POST, true); $result = $this->activate_script($script_name); $kep14 = $this->rc->config->get('managesieve_kolab_master'); @@ -363,7 +363,7 @@ class rcube_sieve_engine } } else if ($action == 'deact' && !$error) { - $script_name = rcube_utils::get_input_value('_set', rcube_utils::INPUT_GPC, true); + $script_name = rcube_utils::get_input_value('_set', rcube_utils::INPUT_POST, true); $result = $this->deactivate_script($script_name); if ($result === true) { @@ -376,7 +376,7 @@ class rcube_sieve_engine } } else if ($action == 'setdel' && !$error) { - $script_name = rcube_utils::get_input_value('_set', rcube_utils::INPUT_GPC, true); + $script_name = rcube_utils::get_input_value('_set', rcube_utils::INPUT_POST, true); $result = $this->remove_script($script_name); if ($result === true) { @@ -419,14 +419,14 @@ class rcube_sieve_engine $this->rc->output->command('managesieve_updatelist', 'list', array('list' => $result)); } else if ($action == 'ruleadd') { - $rid = rcube_utils::get_input_value('_rid', rcube_utils::INPUT_GPC); + $rid = rcube_utils::get_input_value('_rid', rcube_utils::INPUT_POST); $id = $this->genid(); $content = $this->rule_div($fid, $id, false); $this->rc->output->command('managesieve_rulefill', $content, $id, $rid); } else if ($action == 'actionadd') { - $aid = rcube_utils::get_input_value('_aid', rcube_utils::INPUT_GPC); + $aid = rcube_utils::get_input_value('_aid', rcube_utils::INPUT_POST); $id = $this->genid(); $content = $this->action_div($fid, $id, false); |