diff options
author | svncommit <devs@roundcube.net> | 2007-02-16 14:38:12 +0000 |
---|---|---|
committer | svncommit <devs@roundcube.net> | 2007-02-16 14:38:12 +0000 |
commit | 1012ea3946d7fb9c2b8d9598704d6ba64e8db218 (patch) | |
tree | 36b12333d458fa4e364904e69edbaaf951a4ba9f /program | |
parent | 6a8684d382da72a716c08eb4a66f42c6434f3262 (diff) |
Fix XSS vulnerability (closes #1484254).
Diffstat (limited to 'program')
-rw-r--r-- | program/steps/mail/func.inc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index a44d81a1d..037e83f29 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -30,10 +30,10 @@ if (empty($_SESSION['mbox'])){ } // set imap properties and session vars -if (strlen($_GET['_mbox'])) +if (strlen($mbox = get_input_value('_mbox', RCUBE_INPUT_GET))) { - $IMAP->set_mailbox($_GET['_mbox']); - $_SESSION['mbox'] = $_GET['_mbox']; + $IMAP->set_mailbox($mbox); + $_SESSION['mbox'] = $mbox; } if (strlen($_GET['_page'])) |