diff options
author | thomascube <thomas@roundcube.net> | 2006-08-16 08:06:31 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2006-08-16 08:06:31 +0000 |
commit | 89406f36c20e4d785bfb35c68e87475329cfbaf5 (patch) | |
tree | ae3f118ad16a87f112c3c8ef6df721d557fb8764 /program/steps/settings/save_identity.inc | |
parent | 3287e84c90d53f88a009beaed2836f337f0751f2 (diff) |
Fixed some XSS and SQL injection issues
Diffstat (limited to 'program/steps/settings/save_identity.inc')
-rw-r--r-- | program/steps/settings/save_identity.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc index 9df6c61cb..2d64dc7b3 100644 --- a/program/steps/settings/save_identity.inc +++ b/program/steps/settings/save_identity.inc @@ -55,7 +55,7 @@ if ($_POST['_iid']) WHERE identity_id=? AND user_id=? AND del<>1", - $_POST['_iid'], + get_input_value('_iid', RCUBE_INPUT_POST), $_SESSION['user_id']); $updated = $DB->affected_rows(); @@ -72,7 +72,7 @@ if ($_POST['_iid']) AND identity_id<>? AND del<>1", $_SESSION['user_id'], - $_POST['_iid']); + get_input_value('_iid', RCUBE_INPUT_POST)); if ($_POST['_framed']) { |