From ea7c46b4f37691702b8e78dea34c3e9a3afb232d Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 3 Mar 2006 16:34:35 +0000
Subject: Improved reading of POST and GET values

---
 index.php | 22 ++++------------------
 1 file changed, 4 insertions(+), 18 deletions(-)

(limited to 'index.php')

diff --git a/index.php b/index.php
index fd09c0214..d3cfadeff 100644
--- a/index.php
+++ b/index.php
@@ -82,23 +82,6 @@ require_once('PEAR.php');
 // PEAR::setErrorHandling(PEAR_ERROR_TRIGGER, E_USER_NOTICE);
 
 
-// strip magic quotes from Superglobals...
-if ((bool)get_magic_quotes_gpc())  // by "php Pest"
-  {
-  // Really EGPCSR - Environment $_ENV, GET $_GET , POST $_POST, Cookie $_COOKIE, Server $_SERVER
-  // and their HTTP_*_VARS cousins (separate arrays, not references) and $_REQUEST
-  $fnStripMagicQuotes = create_function(
-        '&$mData, $fnSelf',
-        'if (is_array($mData)) { foreach ($mData as $mKey=>$mValue) $fnSelf($mData[$mKey], $fnSelf); return; } '.
-        '$mData = stripslashes($mData);'
-  );
-  
-  // do each set of EGPCSR as you find necessary
-  $fnStripMagicQuotes($_POST, $fnStripMagicQuotes);
-  $fnStripMagicQuotes($_GET, $fnStripMagicQuotes);
-  }
-
-
 // catch some url/post parameters
 $_auth = !empty($_POST['_auth']) ? $_POST['_auth'] : $_GET['_auth'];
 $_task = !empty($_POST['_task']) ? $_POST['_task'] : (!empty($_GET['_task']) ? $_GET['_task'] : 'mail');
@@ -144,7 +127,10 @@ if ($_action=='login' && $_task=='mail')
     {
     show_message("cookiesdisabled", 'warning');
     }
-  else if (isset($_POST['_user']) && isset($_POST['_pass']) && rcmail_login($_POST['_user'], $_POST['_pass'], $host))
+  else if (isset($_POST['_user']) && isset($_POST['_pass']) &&
+           rcmail_login(get_input_value('_user', RCUBE_INPUT_POST),
+                        get_input_value('_pass', RCUBE_INPUT_POST),
+                        $host))
     {
     // send redirect
     header("Location: $COMM_PATH");
-- 
cgit v1.2.3