From ee883ad73d64639eb994a71e15b1a37c07ff3cb9 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 22 Dec 2006 21:45:21 +0000
Subject: Applied security patches by Kees Cook (Ubuntu) + little visual
 enhancements

---
 program/steps/settings/delete_identity.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'program/steps/settings')

diff --git a/program/steps/settings/delete_identity.inc b/program/steps/settings/delete_identity.inc
index b8f9f526c..24bf99c43 100644
--- a/program/steps/settings/delete_identity.inc
+++ b/program/steps/settings/delete_identity.inc
@@ -21,7 +21,7 @@
 
 $REMOTE_REQUEST = $_GET['_remote'] ? TRUE : FALSE;
 
-if ($_GET['_iid'])
+if ($_GET['_iid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_iid']))
   {
   $DB->query("UPDATE ".get_table_name('identities')."
               SET    del=1
@@ -50,4 +50,4 @@ $_action = 'identities';
 
 // overwrite action variable  
 $OUTPUT->add_script(sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action));
-?>
\ No newline at end of file
+?>
-- 
cgit v1.2.3