diff options
| author | thomascube <thomas@roundcube.net> | 2007-02-16 19:35:03 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2007-02-16 19:35:03 +0000 |
| commit | b3ce7915610a6d272cc38ecd2a8b61e04ee4aeae (patch) | |
| tree | 19456d201c65ccd4a305817a9ffbd0f477f11d49 /program/steps/settings/delete_identity.inc | |
| parent | 1012ea3946d7fb9c2b8d9598704d6ba64e8db218 (diff) | |
Better input checking on GET and POST vars
Diffstat (limited to 'program/steps/settings/delete_identity.inc')
| -rw-r--r-- | program/steps/settings/delete_identity.inc | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/program/steps/settings/delete_identity.inc b/program/steps/settings/delete_identity.inc index 24bf99c43..560a2b10b 100644 --- a/program/steps/settings/delete_identity.inc +++ b/program/steps/settings/delete_identity.inc @@ -19,14 +19,12 @@ */ -$REMOTE_REQUEST = $_GET['_remote'] ? TRUE : FALSE; - -if ($_GET['_iid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_iid'])) +if (($ids = get_input_value('_iid', RCUBE_INPUT_GET)) && preg_match('/^[0-9]+(,[0-9]+)*$/', $ids)) { $DB->query("UPDATE ".get_table_name('identities')." SET del=1 WHERE user_id=? - AND identity_id IN (".$_GET['_iid'].")", + AND identity_id IN (".$ids.")", $_SESSION['user_id']); $count = $DB->affected_rows(); |