diff options
author | thomascube <thomas@roundcube.net> | 2007-11-25 19:45:38 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2007-11-25 19:45:38 +0000 |
commit | d5342aabcfeddb959cc286befe6de5bf35fe9d76 (patch) | |
tree | 7410b56bccbae610578060555a86535d0c1b9863 /program/steps/mail/func.inc | |
parent | c5799618997716288169b6fbcd1251f76788cd49 (diff) |
More input sanitizing
Diffstat (limited to 'program/steps/mail/func.inc')
-rw-r--r-- | program/steps/mail/func.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 95deaa4b9..dd3801672 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1191,7 +1191,7 @@ function rcmail_message_part_controls() { global $CONFIG, $IMAP, $MESSAGE; - $part = get_input_value('_part', RCUBE_INPUT_GPC); + $part = asciiwords(get_input_value('_part', RCUBE_INPUT_GPC)); if (!is_array($MESSAGE) || !is_array($MESSAGE['parts']) || !($_GET['_uid'] && $_GET['_part']) || !$MESSAGE['parts'][$part]) return ''; @@ -1225,7 +1225,7 @@ function rcmail_message_part_frame($attrib) { global $MESSAGE; - $part = $MESSAGE['parts'][get_input_value('_part', RCUBE_INPUT_GPC)]; + $part = $MESSAGE['parts'][asciiwords(get_input_value('_part', RCUBE_INPUT_GPC))]; $ctype_primary = strtolower($part->ctype_primary); $attrib['src'] = Q('./?'.str_replace('_frame=', ($ctype_primary=='text' ? '_show=' : '_preload='), $_SERVER['QUERY_STRING'])); |