From b3ce7915610a6d272cc38ecd2a8b61e04ee4aeae Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 16 Feb 2007 14:35:03 -0500
Subject: [PATCH] Better input checking on GET and POST vars

---
 program/steps/mail/mark.inc |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/program/steps/mail/mark.inc b/program/steps/mail/mark.inc
index e6e06f9..780bf5c 100644
--- a/program/steps/mail/mark.inc
+++ b/program/steps/mail/mark.inc
@@ -25,10 +25,10 @@
                      'read' => 'SEEN',
                      'unread' => 'UNSEEN');
 
-if ($_GET['_uid'] && $_GET['_flag'])
+if (($uids = get_input_value('_uid', RCUBE_INPUT_GET)) && ($flag = get_input_value('_flag', RCUBE_INPUT_GET)))
   {
-  $flag = $a_flags_map[$_GET['_flag']] ? $a_flags_map[$_GET['_flag']] : strtoupper($_GET['_flag']);
-  $marked = $IMAP->set_flag($_GET['_uid'], $flag);
+  $flag = $a_flags_map[$flag] ? $a_flags_map[$flag] : strtoupper($flag);
+  $marked = $IMAP->set_flag($uids, $flag);
   if ($marked != -1)
     {
     $mbox_name = $IMAP->get_mailbox_name();

--
Gitblit v1.9.1