diff options
author | thomascube <thomas@roundcube.net> | 2006-12-22 21:45:21 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2006-12-22 21:45:21 +0000 |
commit | ee883ad73d64639eb994a71e15b1a37c07ff3cb9 (patch) | |
tree | 2dd00a5976d0cb31a006f6489b9b9d3d0438abb3 /program/steps/settings | |
parent | 8af7757525b312b001bede8b044b83e993860878 (diff) |
Applied security patches by Kees Cook (Ubuntu) + little visual enhancements
Diffstat (limited to 'program/steps/settings')
-rw-r--r-- | program/steps/settings/delete_identity.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/program/steps/settings/delete_identity.inc b/program/steps/settings/delete_identity.inc index b8f9f526c..24bf99c43 100644 --- a/program/steps/settings/delete_identity.inc +++ b/program/steps/settings/delete_identity.inc @@ -21,7 +21,7 @@ $REMOTE_REQUEST = $_GET['_remote'] ? TRUE : FALSE; -if ($_GET['_iid']) +if ($_GET['_iid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_iid'])) { $DB->query("UPDATE ".get_table_name('identities')." SET del=1 @@ -50,4 +50,4 @@ $_action = 'identities'; // overwrite action variable $OUTPUT->add_script(sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action)); -?>
\ No newline at end of file +?> |