diff options
author | thomascube <thomas@roundcube.net> | 2007-02-16 19:35:03 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2007-02-16 19:35:03 +0000 |
commit | b3ce7915610a6d272cc38ecd2a8b61e04ee4aeae (patch) | |
tree | 19456d201c65ccd4a305817a9ffbd0f477f11d49 /program/steps/mail/folders.inc | |
parent | 1012ea3946d7fb9c2b8d9598704d6ba64e8db218 (diff) |
Better input checking on GET and POST vars
Diffstat (limited to 'program/steps/mail/folders.inc')
-rw-r--r-- | program/steps/mail/folders.inc | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/program/steps/mail/folders.inc b/program/steps/mail/folders.inc index 2d160325a..1b7007c39 100644 --- a/program/steps/mail/folders.inc +++ b/program/steps/mail/folders.inc @@ -25,10 +25,10 @@ $mbox_name = $IMAP->get_mailbox_name(); // send EXPUNGE command if ($_action=='expunge') { - $success = $IMAP->expunge($_GET['_mbox']); + $success = $IMAP->expunge(get_input_value('_mbox', RCUBE_INPUT_GET)); // reload message list if current mailbox - if ($success && $_GET['_reload']) + if ($success && !empty($_GET['_reload'])) { rcube_remote_response('this.message_list.clear();', TRUE); $_action = 'list'; @@ -41,9 +41,9 @@ if ($_action=='expunge') // clear mailbox else if ($_action=='purge') { - $success = $IMAP->clear_mailbox($_GET['_mbox']); + $success = $IMAP->clear_mailbox(get_input_value('_mbox', RCUBE_INPUT_GET)); - if ($success && $_GET['_reload']) + if ($success && !empty($_GET['_reload'])) { $commands = "this.message_list.clear();\n"; $commands .= "this.set_env('messagecount', 0);\n"; |