svncommit
2007-02-16 1012ea3946d7fb9c2b8d9598704d6ba64e8db218
Fix XSS vulnerability (closes #1484254).


1 files modified
6 ■■■■ changed files
program/steps/mail/func.inc 6 ●●●● patch | view | raw | blame | history
program/steps/mail/func.inc
@@ -30,10 +30,10 @@
}
// set imap properties and session vars
if (strlen($_GET['_mbox']))
if (strlen($mbox = get_input_value('_mbox', RCUBE_INPUT_GET)))
  {
  $IMAP->set_mailbox($_GET['_mbox']);
  $_SESSION['mbox'] = $_GET['_mbox'];
  $IMAP->set_mailbox($mbox);
  $_SESSION['mbox'] = $mbox;
  }
if (strlen($_GET['_page']))