Better input checking on GET and POST vars

author: thomascube <thomas@roundcube.net> 2007-02-16 19:35:03 +0000
committer: thomascube <thomas@roundcube.net> 2007-02-16 19:35:03 +0000
commit: b3ce7915610a6d272cc38ecd2a8b61e04ee4aeae (patch)
tree: 19456d201c65ccd4a305817a9ffbd0f477f11d49 /program/steps/mail/mark.inc
parent: 1012ea3946d7fb9c2b8d9598704d6ba64e8db218 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/program/steps/mail/mark.inc b/program/steps/mail/mark.inc
index e6e06f976..780bf5c6e 100644
--- a/program/steps/mail/mark.inc
+++ b/program/steps/mail/mark.inc
@@ -25,10 +25,10 @@ $a_flags_map = array('undelete' => 'UNDELETED',
                      'read' => 'SEEN',
                      'unread' => 'UNSEEN');
 
-if ($_GET['_uid'] && $_GET['_flag'])
+if (($uids = get_input_value('_uid', RCUBE_INPUT_GET)) && ($flag = get_input_value('_flag', RCUBE_INPUT_GET)))
   {
-  $flag = $a_flags_map[$_GET['_flag']] ? $a_flags_map[$_GET['_flag']] : strtoupper($_GET['_flag']);
-  $marked = $IMAP->set_flag($_GET['_uid'], $flag);
+  $flag = $a_flags_map[$flag] ? $a_flags_map[$flag] : strtoupper($flag);
+  $marked = $IMAP->set_flag($uids, $flag);
   if ($marked != -1)
     {
     $mbox_name = $IMAP->get_mailbox_name();
author	thomascube <thomas@roundcube.net>	2007-02-16 19:35:03 +0000
committer	thomascube <thomas@roundcube.net>	2007-02-16 19:35:03 +0000
commit	b3ce7915610a6d272cc38ecd2a8b61e04ee4aeae (patch)
tree	19456d201c65ccd4a305817a9ffbd0f477f11d49 /program/steps/mail/mark.inc
parent	1012ea3946d7fb9c2b8d9598704d6ba64e8db218 (diff)