Better input checking on GET and POST vars

author: thomascube <thomas@roundcube.net> 2007-02-16 19:35:03 +0000
committer: thomascube <thomas@roundcube.net> 2007-02-16 19:35:03 +0000
commit: b3ce7915610a6d272cc38ecd2a8b61e04ee4aeae (patch)
tree: 19456d201c65ccd4a305817a9ffbd0f477f11d49 /program/steps/mail/func.inc
parent: 1012ea3946d7fb9c2b8d9598704d6ba64e8db218 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 037e83f29..ec257b69b 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -30,16 +30,16 @@ if (empty($_SESSION['mbox'])){
 }
 
 // set imap properties and session vars
-if (strlen($mbox = get_input_value('_mbox', RCUBE_INPUT_GET)))
+if ($mbox = get_input_value('_mbox', RCUBE_INPUT_GPC))
   {
   $IMAP->set_mailbox($mbox);
   $_SESSION['mbox'] = $mbox;
   }
 
-if (strlen($_GET['_page']))
+if (!empty($_GET['_page']))
   {
-  $IMAP->set_page($_GET['_page']);
-  $_SESSION['page'] = $_GET['_page'];
+  $IMAP->set_page((int)$_GET['_page']);
+  $_SESSION['page'] = (int)$_GET['_page'];
   }
 
 // set mailbox to INBOX if not set
@@ -59,7 +59,7 @@ if (!empty($_GET['_search']) && isset($_SESSION['search'][$_GET['_search']]))
 
 // define url for getting message parts
 if (strlen($_GET['_uid']))
-  $GET_URL = sprintf('%s&_action=get&_mbox=%s&_uid=%d', $COMM_PATH, $IMAP->get_mailbox_name(), $_GET['_uid']);
+  $GET_URL = sprintf('%s&_action=get&_mbox=%s&_uid=%d', $COMM_PATH, $IMAP->get_mailbox_name(), get_input_value('_uid', RCUBE_INPUT_GET));
 
 
 // set current mailbox in client environment
author	thomascube <thomas@roundcube.net>	2007-02-16 19:35:03 +0000
committer	thomascube <thomas@roundcube.net>	2007-02-16 19:35:03 +0000
commit	b3ce7915610a6d272cc38ecd2a8b61e04ee4aeae (patch)
tree	19456d201c65ccd4a305817a9ffbd0f477f11d49 /program/steps/mail/func.inc
parent	1012ea3946d7fb9c2b8d9598704d6ba64e8db218 (diff)