Fixed some potential security risks + updatedd changelog

author: thomascube <thomas@roundcube.net> 2007-11-25 17:34:19 +0000
committer: thomascube <thomas@roundcube.net> 2007-11-25 17:34:19 +0000
commit: c5799618997716288169b6fbcd1251f76788cd49 (patch)
tree: 79e74cc848f8b6322ff223b77e300bd4e2a854b4 /program/steps/mail/show.inc
parent: 76b6bff70b3f7d8ff7eed261f7f9896cccae21f9 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc
index e25da03a6..4dcdec362 100644
--- a/program/steps/mail/show.inc
+++ b/program/steps/mail/show.inc
@@ -57,7 +57,7 @@ if ($_GET['_uid'])
   if ($MESSAGE['structure'] = $IMAP->get_structure($MESSAGE['UID']))
     list($MESSAGE['parts'], $MESSAGE['attachments']) = rcmail_parse_message(
       $MESSAGE['structure'],
-      array('safe' => (bool)$_GET['_safe'],
+      array('safe' => intval($_GET['_safe']),
             'prefer_html' => $CONFIG['prefer_html'],
             'get_url' => $GET_URL.'&_part=%s')
       );
@@ -71,7 +71,7 @@ if ($_GET['_uid'])
 
   // give message uid to the client
   $OUTPUT->set_env('uid', $MESSAGE['UID']);
-  $OUTPUT->set_env('safemode', (bool)$_GET['_safe']);
+  $OUTPUT->set_env('safemode', intval($_GET['_safe']));
 
   $next = $prev = -1;
   // get previous, first, next and last message UID
author	thomascube <thomas@roundcube.net>	2007-11-25 17:34:19 +0000
committer	thomascube <thomas@roundcube.net>	2007-11-25 17:34:19 +0000
commit	c5799618997716288169b6fbcd1251f76788cd49 (patch)
tree	79e74cc848f8b6322ff223b77e300bd4e2a854b4 /program/steps/mail/show.inc
parent	76b6bff70b3f7d8ff7eed261f7f9896cccae21f9 (diff)