From b3ce7915610a6d272cc38ecd2a8b61e04ee4aeae Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 16 Feb 2007 14:35:03 -0500
Subject: [PATCH] Better input checking on GET and POST vars

---
 program/steps/settings/delete_identity.inc |    6 ++----
 1 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/program/steps/settings/delete_identity.inc b/program/steps/settings/delete_identity.inc
index 24bf99c..560a2b1 100644
--- a/program/steps/settings/delete_identity.inc
+++ b/program/steps/settings/delete_identity.inc
@@ -19,14 +19,12 @@
 
 */
 
-$REMOTE_REQUEST = $_GET['_remote'] ? TRUE : FALSE;
-
-if ($_GET['_iid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_iid']))
+if (($ids = get_input_value('_iid', RCUBE_INPUT_GET)) && preg_match('/^[0-9]+(,[0-9]+)*$/', $ids))
   {
   $DB->query("UPDATE ".get_table_name('identities')."
               SET    del=1
               WHERE  user_id=?
-              AND    identity_id IN (".$_GET['_iid'].")",
+              AND    identity_id IN (".$ids.")",
               $_SESSION['user_id']);
 
   $count = $DB->affected_rows();

--
Gitblit v1.9.1