diff options
| author | thomascube <thomas@roundcube.net> | 2007-11-25 19:45:38 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2007-11-25 19:45:38 +0000 |
| commit | d5342aabcfeddb959cc286befe6de5bf35fe9d76 (patch) | |
| tree | 7410b56bccbae610578060555a86535d0c1b9863 /program/include | |
| parent | c5799618997716288169b6fbcd1251f76788cd49 (diff) | |
More input sanitizing
Diffstat (limited to 'program/include')
| -rw-r--r-- | program/include/main.inc | 8 | ||||
| -rw-r--r-- | program/include/rcube_imap.inc | 30 |
2 files changed, 24 insertions, 14 deletions
diff --git a/program/include/main.inc b/program/include/main.inc index f0c603090..55cd8efce 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -1279,6 +1279,14 @@ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) return $value; } +/** + * Remove all non-ascii and non-word chars + * except . and - + */ +function asciiwords($str) +{ + return preg_replace('/[^a-z0-9.-_]/i', '', $str); +} /** * Remove single and double quotes from given string diff --git a/program/include/rcube_imap.inc b/program/include/rcube_imap.inc index 8fea05667..5a9994c02 100644 --- a/program/include/rcube_imap.inc +++ b/program/include/rcube_imap.inc @@ -5,7 +5,7 @@ | program/include/rcube_imap.inc | | | | This file is part of the RoundCube Webmail client | - | Copyright (C) 2005-2006, RoundCube Dev. - Switzerland | + | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland | | Licensed under the GNU GPL | | | | PURPOSE: | @@ -35,7 +35,7 @@ require_once('lib/mime.inc'); * * @package Mail * @author Thomas Bruederli <roundcube@gmail.com> - * @version 1.39 + * @version 1.40 * @link http://ilohamail.org */ class rcube_imap @@ -527,10 +527,7 @@ class rcube_imap if ($this->search_string && $mailbox == $this->mailbox) return $this->_list_header_set($mailbox, $this->search_set, $page, $sort_field, $sort_order); - if ($sort_field!=NULL) - $this->sort_field = $sort_field; - if ($sort_order!=NULL) - $this->sort_order = strtoupper($sort_order); + $this->_set_sort_order($sort_field, $sort_order); $max = $this->_messagecount($mailbox); $start_msg = ($this->list_page-1) * $this->page_size; @@ -647,10 +644,7 @@ class rcube_imap if (!strlen($mailbox) || empty($msgs)) return array(); - if ($sort_field!=NULL) - $this->sort_field = $sort_field; - if ($sort_order!=NULL) - $this->sort_order = strtoupper($sort_order); + $this->_set_sort_order($sort_field, $sort_order); $max = count($msgs); $start_msg = ($this->list_page-1) * $this->page_size; @@ -764,10 +758,7 @@ class rcube_imap */ function message_index($mbox_name='', $sort_field=NULL, $sort_order=NULL) { - if ($sort_field!=NULL) - $this->sort_field = $sort_field; - if ($sort_order!=NULL) - $this->sort_order = strtoupper($sort_order); + $this->_set_sort_order($sort_field, $sort_order); $mailbox = $mbox_name ? $this->_mod_mailbox($mbox_name) : $this->mailbox; $key = "$mbox:".$this->sort_field.":".$this->sort_order.".msgi"; @@ -2445,6 +2436,17 @@ class rcube_imap return $mbox_name; } + /** + * Validate the given input and save to local properties + * @access private + */ + function _set_sort_order($sort_field, $sort_order) + { + if ($sort_field != null) + $this->sort_field = asciiwords($sort_field); + if ($sort_order != null) + $this->sort_order = strtoupper($sort_order) == 'DESC' ? 'DESC' : 'ASC'; + } /** * Sort mailboxes first by default folders and then in alphabethical order |