From 1012ea3946d7fb9c2b8d9598704d6ba64e8db218 Mon Sep 17 00:00:00 2001
From: svncommit <devs@roundcube.net>
Date: Fri, 16 Feb 2007 09:38:12 -0500
Subject: [PATCH] Fix XSS vulnerability (closes #1484254).

---
 program/steps/mail/func.inc |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index a44d81a..037e83f 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -30,10 +30,10 @@
 }
 
 // set imap properties and session vars
-if (strlen($_GET['_mbox']))
+if (strlen($mbox = get_input_value('_mbox', RCUBE_INPUT_GET)))
   {
-  $IMAP->set_mailbox($_GET['_mbox']);
-  $_SESSION['mbox'] = $_GET['_mbox'];
+  $IMAP->set_mailbox($mbox);
+  $_SESSION['mbox'] = $mbox;
   }
 
 if (strlen($_GET['_page']))

--
Gitblit v1.9.1