Better input checking on GET and POST vars

author: thomascube <thomas@roundcube.net> 2007-02-16 19:35:03 +0000
committer: thomascube <thomas@roundcube.net> 2007-02-16 19:35:03 +0000
commit: b3ce7915610a6d272cc38ecd2a8b61e04ee4aeae (patch)
tree: 19456d201c65ccd4a305817a9ffbd0f477f11d49 /program/steps/mail/folders.inc
parent: 1012ea3946d7fb9c2b8d9598704d6ba64e8db218 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/program/steps/mail/folders.inc b/program/steps/mail/folders.inc
index 2d160325a..1b7007c39 100644
--- a/program/steps/mail/folders.inc
+++ b/program/steps/mail/folders.inc
@@ -25,10 +25,10 @@ $mbox_name = $IMAP->get_mailbox_name();
 // send EXPUNGE command
 if ($_action=='expunge')
   {
-  $success = $IMAP->expunge($_GET['_mbox']);
+  $success = $IMAP->expunge(get_input_value('_mbox', RCUBE_INPUT_GET));
 
   // reload message list if current mailbox  
-  if ($success && $_GET['_reload'])
+  if ($success && !empty($_GET['_reload']))
     {
     rcube_remote_response('this.message_list.clear();', TRUE);
     $_action = 'list';
@@ -41,9 +41,9 @@ if ($_action=='expunge')
 // clear mailbox
 else if ($_action=='purge')
   {
-  $success = $IMAP->clear_mailbox($_GET['_mbox']);
+  $success = $IMAP->clear_mailbox(get_input_value('_mbox', RCUBE_INPUT_GET));
   
-  if ($success && $_GET['_reload'])
+  if ($success && !empty($_GET['_reload']))
     {
     $commands = "this.message_list.clear();\n";
     $commands .= "this.set_env('messagecount', 0);\n";
author	thomascube <thomas@roundcube.net>	2007-02-16 19:35:03 +0000
committer	thomascube <thomas@roundcube.net>	2007-02-16 19:35:03 +0000
commit	b3ce7915610a6d272cc38ecd2a8b61e04ee4aeae (patch)
tree	19456d201c65ccd4a305817a9ffbd0f477f11d49 /program/steps/mail/folders.inc
parent	1012ea3946d7fb9c2b8d9598704d6ba64e8db218 (diff)