From b3ce7915610a6d272cc38ecd2a8b61e04ee4aeae Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 16 Feb 2007 14:35:03 -0500
Subject: [PATCH] Better input checking on GET and POST vars

---
 program/steps/mail/move_del.inc |   19 ++++++++++---------
 1 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/program/steps/mail/move_del.inc b/program/steps/mail/move_del.inc
index b0079f7..8d31e3a 100644
--- a/program/steps/mail/move_del.inc
+++ b/program/steps/mail/move_del.inc
@@ -22,10 +22,11 @@
 $REMOTE_REQUEST = TRUE;
 
 // move messages
-if ($_action=='moveto' && $_GET['_uid'] && $_GET['_target_mbox'])
+if ($_action=='moveto' && !empty($_GET['_uid']) && !empty($_GET['_target_mbox']))
   {
-  $count = sizeof(explode(',', $_GET['_uid']));
-  $moved = $IMAP->move_message($_GET['_uid'], $_GET['_target_mbox'], $_GET['_mbox']);
+  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET))));
+  $target = get_input_value('_target_mbox', RCUBE_INPUT_GET);
+  $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_GET));
   
   if (!$moved)
     {
@@ -38,10 +39,10 @@
   }
 
 // delete messages 
-else if ($_action=='delete' && $_GET['_uid'])
+else if ($_action=='delete' && !empty($_GET['_uid']))
   {
-  $count = sizeof(explode(',', $_GET['_uid']));
-  $del = $IMAP->delete_message($_GET['_uid'], $_GET['_mbox']);
+  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET))));
+  $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_GET));
   
   if (!$del)
     {
@@ -60,7 +61,7 @@
   }
 
 // refresh saved seach set after moving some messages
-if (($search_request = $_GET['_search']) && $IMAP->search_set)
+if (($search_request = get_input_value('_search', RCUBE_INPUT_GPC)) && $IMAP->search_set)
   $_SESSION['search'][$search_request] = $IMAP->refresh_search();
 
 
@@ -75,8 +76,8 @@
 $mbox = $IMAP->get_mailbox_name();
 $commands .= sprintf("this.set_unread_count('%s', %d);\n", $mbox, $IMAP->messagecount($mbox, 'UNSEEN'));
 
-if ($_action=='moveto')
-  $commands .= sprintf("this.set_unread_count('%s', %d);\n", $_GET['_target_mbox'], $IMAP->messagecount($_GET['_target_mbox'], 'UNSEEN'));
+if ($_action=='moveto' && $target)
+  $commands .= sprintf("this.set_unread_count('%s', %d);\n", $target, $IMAP->messagecount($target, 'UNSEEN'));
 
 $commands .= sprintf("this.set_quota('%s');\n", $IMAP->get_quota()); 
 

--
Gitblit v1.9.1