summaryrefslogtreecommitdiff
path: root/plugins/managesieve
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2014-12-15 13:47:55 +0100
committerAleksander Machniak <alec@alec.pl>2014-12-15 13:47:55 +0100
commit376cbfd4f2dfcf455717409b70d9d056cbeb08b1 (patch)
tree9258578b88810e0cef8e483bd2df30c9e044960d /plugins/managesieve
parent753c8849accbbe0cb3ebef01e8b3e2ff3481a336 (diff)
Fix bugs where CSRF attacks were still possible on some requests
Diffstat (limited to 'plugins/managesieve')
-rw-r--r--plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php10
1 files changed, 5 insertions, 5 deletions
diff --git a/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php b/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
index a93e389b9..7d7ea99d3 100644
--- a/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
+++ b/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
@@ -310,7 +310,7 @@ class rcube_sieve_engine
}
}
else if ($action == 'setact' && !$error) {
- $script_name = rcube_utils::get_input_value('_set', rcube_utils::INPUT_GPC, true);
+ $script_name = rcube_utils::get_input_value('_set', rcube_utils::INPUT_POST, true);
$result = $this->activate_script($script_name);
$kep14 = $this->rc->config->get('managesieve_kolab_master');
@@ -324,7 +324,7 @@ class rcube_sieve_engine
}
}
else if ($action == 'deact' && !$error) {
- $script_name = rcube_utils::get_input_value('_set', rcube_utils::INPUT_GPC, true);
+ $script_name = rcube_utils::get_input_value('_set', rcube_utils::INPUT_POST, true);
$result = $this->deactivate_script($script_name);
if ($result === true) {
@@ -337,7 +337,7 @@ class rcube_sieve_engine
}
}
else if ($action == 'setdel' && !$error) {
- $script_name = rcube_utils::get_input_value('_set', rcube_utils::INPUT_GPC, true);
+ $script_name = rcube_utils::get_input_value('_set', rcube_utils::INPUT_POST, true);
$result = $this->remove_script($script_name);
if ($result === true) {
@@ -381,14 +381,14 @@ class rcube_sieve_engine
$this->rc->output->command('managesieve_updatelist', 'list', array('list' => $result));
}
else if ($action == 'ruleadd') {
- $rid = rcube_utils::get_input_value('_rid', rcube_utils::INPUT_GPC);
+ $rid = rcube_utils::get_input_value('_rid', rcube_utils::INPUT_POST);
$id = $this->genid();
$content = $this->rule_div($fid, $id, false);
$this->rc->output->command('managesieve_rulefill', $content, $id, $rid);
}
else if ($action == 'actionadd') {
- $aid = rcube_utils::get_input_value('_aid', rcube_utils::INPUT_GPC);
+ $aid = rcube_utils::get_input_value('_aid', rcube_utils::INPUT_POST);
$id = $this->genid();
$content = $this->action_div($fid, $id, false);