diff options
author | thomascube <thomas@roundcube.net> | 2007-11-25 19:45:38 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2007-11-25 19:45:38 +0000 |
commit | d5342aabcfeddb959cc286befe6de5bf35fe9d76 (patch) | |
tree | 7410b56bccbae610578060555a86535d0c1b9863 /program/steps | |
parent | c5799618997716288169b6fbcd1251f76788cd49 (diff) |
More input sanitizing
Diffstat (limited to 'program/steps')
-rw-r--r-- | program/steps/mail/func.inc | 4 | ||||
-rw-r--r-- | program/steps/mail/rss.inc | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 95deaa4b9..dd3801672 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1191,7 +1191,7 @@ function rcmail_message_part_controls() { global $CONFIG, $IMAP, $MESSAGE; - $part = get_input_value('_part', RCUBE_INPUT_GPC); + $part = asciiwords(get_input_value('_part', RCUBE_INPUT_GPC)); if (!is_array($MESSAGE) || !is_array($MESSAGE['parts']) || !($_GET['_uid'] && $_GET['_part']) || !$MESSAGE['parts'][$part]) return ''; @@ -1225,7 +1225,7 @@ function rcmail_message_part_frame($attrib) { global $MESSAGE; - $part = $MESSAGE['parts'][get_input_value('_part', RCUBE_INPUT_GPC)]; + $part = $MESSAGE['parts'][asciiwords(get_input_value('_part', RCUBE_INPUT_GPC))]; $ctype_primary = strtolower($part->ctype_primary); $attrib['src'] = Q('./?'.str_replace('_frame=', ($ctype_primary=='text' ? '_show=' : '_preload='), $_SERVER['QUERY_STRING'])); diff --git a/program/steps/mail/rss.inc b/program/steps/mail/rss.inc index 49d5c0efc..0d7d3c463 100644 --- a/program/steps/mail/rss.inc +++ b/program/steps/mail/rss.inc @@ -79,7 +79,7 @@ echo ' // Check if the user wants to override the default sortingmethode if (isset($_GET['_sort'])) - list($sort_col, $sort_order) = explode('_', $_GET['_sort']); + list($sort_col, $sort_order) = explode('_', get_input_value('_sort', RCUBE_INPUT_GET)); // Add message to output if ($messagecount > 0) |