summaryrefslogtreecommitdiff
path: root/program/steps/settings
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2006-12-22 21:45:21 +0000
committerthomascube <thomas@roundcube.net>2006-12-22 21:45:21 +0000
commitee883ad73d64639eb994a71e15b1a37c07ff3cb9 (patch)
tree2dd00a5976d0cb31a006f6489b9b9d3d0438abb3 /program/steps/settings
parent8af7757525b312b001bede8b044b83e993860878 (diff)
Applied security patches by Kees Cook (Ubuntu) + little visual enhancements
Diffstat (limited to 'program/steps/settings')
-rw-r--r--program/steps/settings/delete_identity.inc4
1 files changed, 2 insertions, 2 deletions
diff --git a/program/steps/settings/delete_identity.inc b/program/steps/settings/delete_identity.inc
index b8f9f526c..24bf99c43 100644
--- a/program/steps/settings/delete_identity.inc
+++ b/program/steps/settings/delete_identity.inc
@@ -21,7 +21,7 @@
$REMOTE_REQUEST = $_GET['_remote'] ? TRUE : FALSE;
-if ($_GET['_iid'])
+if ($_GET['_iid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_iid']))
{
$DB->query("UPDATE ".get_table_name('identities')."
SET del=1
@@ -50,4 +50,4 @@ $_action = 'identities';
// overwrite action variable
$OUTPUT->add_script(sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action));
-?> \ No newline at end of file
+?>