From 376cbfd4f2dfcf455717409b70d9d056cbeb08b1 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 15 Dec 2014 13:47:55 +0100
Subject: Fix bugs where CSRF attacks were still possible on some requests

---
 program/steps/addressbook/func.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'program/steps/addressbook/func.inc')

diff --git a/program/steps/addressbook/func.inc b/program/steps/addressbook/func.inc
index 2989dada2..625e044a4 100644
--- a/program/steps/addressbook/func.inc
+++ b/program/steps/addressbook/func.inc
@@ -879,13 +879,13 @@ function rcmail_search_update($return = false)
  *
  * @return array List of contact IDs per-source
  */
-function rcmail_get_cids($filter = null)
+function rcmail_get_cids($filter = null, $request_type = rcube_utils::INPUT_GPC)
 {
     // contact ID (or comma-separated list of IDs) is provided in two
     // forms. If _source is an empty string then the ID is a string
     // containing contact ID and source name in form: <ID>-<SOURCE>
 
-    $cid    = rcube_utils::get_input_value('_cid', rcube_utils::INPUT_GPC);
+    $cid    = rcube_utils::get_input_value('_cid', $request_type);
     $source = (string) rcube_utils::get_input_value('_source', rcube_utils::INPUT_GPC);
 
     if (is_array($cid)) {
-- 
cgit v1.2.3