summaryrefslogtreecommitdiff
path: root/program/steps/mail/func.inc
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2007-11-25 19:45:38 +0000
committerthomascube <thomas@roundcube.net>2007-11-25 19:45:38 +0000
commitd5342aabcfeddb959cc286befe6de5bf35fe9d76 (patch)
tree7410b56bccbae610578060555a86535d0c1b9863 /program/steps/mail/func.inc
parentc5799618997716288169b6fbcd1251f76788cd49 (diff)
More input sanitizing
Diffstat (limited to 'program/steps/mail/func.inc')
-rw-r--r--program/steps/mail/func.inc4
1 files changed, 2 insertions, 2 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 95deaa4b9..dd3801672 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1191,7 +1191,7 @@ function rcmail_message_part_controls()
{
global $CONFIG, $IMAP, $MESSAGE;
- $part = get_input_value('_part', RCUBE_INPUT_GPC);
+ $part = asciiwords(get_input_value('_part', RCUBE_INPUT_GPC));
if (!is_array($MESSAGE) || !is_array($MESSAGE['parts']) || !($_GET['_uid'] && $_GET['_part']) || !$MESSAGE['parts'][$part])
return '';
@@ -1225,7 +1225,7 @@ function rcmail_message_part_frame($attrib)
{
global $MESSAGE;
- $part = $MESSAGE['parts'][get_input_value('_part', RCUBE_INPUT_GPC)];
+ $part = $MESSAGE['parts'][asciiwords(get_input_value('_part', RCUBE_INPUT_GPC))];
$ctype_primary = strtolower($part->ctype_primary);
$attrib['src'] = Q('./?'.str_replace('_frame=', ($ctype_primary=='text' ? '_show=' : '_preload='), $_SERVER['QUERY_STRING']));