diff options
| author | thomascube <thomas@roundcube.net> | 2006-08-16 08:06:31 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2006-08-16 08:06:31 +0000 |
| commit | 89406f36c20e4d785bfb35c68e87475329cfbaf5 (patch) | |
| tree | ae3f118ad16a87f112c3c8ef6df721d557fb8764 /program/steps/settings/edit_identity.inc | |
| parent | 3287e84c90d53f88a009beaed2836f337f0751f2 (diff) | |
Fixed some XSS and SQL injection issues
Diffstat (limited to 'program/steps/settings/edit_identity.inc')
| -rw-r--r-- | program/steps/settings/edit_identity.inc | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc index 07cd8fa02..316eec785 100644 --- a/program/steps/settings/edit_identity.inc +++ b/program/steps/settings/edit_identity.inc @@ -21,12 +21,11 @@ if (($_GET['_iid'] || $_POST['_iid']) && $_action=='edit-identity') { - $id = $_POST['_iid'] ? $_POST['_iid'] : $_GET['_iid']; $DB->query("SELECT * FROM ".get_table_name('identities')." WHERE identity_id=? AND user_id=? AND del<>1", - $id, + get_input_value('_iid', RCUBE_INPUT_GPC), $_SESSION['user_id']); $IDENTITY_RECORD = $DB->fetch_assoc(); |