githubFork/roundcubemail.git

githubFork / roundcubemail

Roundcubemail devel

summary
reflog
commits
tree
docs
forks
compare

parent: 6a8684d3 | patch | commit | ignore whitespace

Fix XSS vulnerability (closes #1484254).

svncommit

2007-02-16 1012ea3946d7fb9c2b8d9598704d6ba64e8db218

Fix XSS vulnerability (closes #1484254).

1 files modified

program/steps/mail/func.inc

6 ●●●●● patch | view | raw | blame | history

 program/steps/mail/func.inc

@@ -30,10 +30,10 @@
}

// set imap properties and session vars
if (strlen($_GET['_mbox']))
if (strlen($mbox = get_input_value('_mbox', RCUBE_INPUT_GET)))
  {
  $IMAP->set_mailbox($_GET['_mbox']);
  $_SESSION['mbox'] = $_GET['_mbox'];
  $IMAP->set_mailbox($mbox);
  $_SESSION['mbox'] = $mbox;
  }

if (strlen($_GET['_page']))

			@@ -30,10 +30,10 @@
			}

			// set imap properties and session vars
			if (strlen($_GET['_mbox']))
			if (strlen($mbox = get_input_value('_mbox', RCUBE_INPUT_GET)))
			{
			$IMAP->set_mailbox($_GET['_mbox']);
			$_SESSION['mbox'] = $_GET['_mbox'];
			$IMAP->set_mailbox($mbox);
			$_SESSION['mbox'] = $mbox;
			}

			if (strlen($_GET['_page']))