From b3ce7915610a6d272cc38ecd2a8b61e04ee4aeae Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 16 Feb 2007 14:35:03 -0500
Subject: [PATCH] Better input checking on GET and POST vars

---
 program/steps/settings/manage_folders.inc |   12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/program/steps/settings/manage_folders.inc b/program/steps/settings/manage_folders.inc
index 8abd2c3..4759dd2 100644
--- a/program/steps/settings/manage_folders.inc
+++ b/program/steps/settings/manage_folders.inc
@@ -26,8 +26,8 @@
 // subscribe to one or more mailboxes
 if ($_action=='subscribe')
   {
-  if (strlen($_GET['_mboxes']))
-    $IMAP->subscribe(array($_GET['_mboxes']));
+  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET))
+    $IMAP->subscribe(array($mboxes));
 
   if ($REMOTE_REQUEST)
     rcube_remote_response('// subscribed');
@@ -36,8 +36,8 @@
 // unsubscribe one or more mailboxes
 else if ($_action=='unsubscribe')
   {
-  if (strlen($_GET['_mboxes']))
-    $IMAP->unsubscribe(array($_GET['_mboxes']));
+  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET))
+    $IMAP->unsubscribe(array($mboxes));
 
   if ($REMOTE_REQUEST)
     rcube_remote_response('// unsubscribed');
@@ -95,8 +95,8 @@
 // delete an existing IMAP mailbox
 else if ($_action=='delete-folder')
   {
-  if (!empty($_GET['_mboxes']))
-    $deleted = $IMAP->delete_mailbox(array(get_input_value('_mboxes', RCUBE_INPUT_GET)));
+  if (get_input_value('_mboxes', RCUBE_INPUT_GET))
+    $deleted = $IMAP->delete_mailbox(array($mboxes));
 
   if ($REMOTE_REQUEST && $deleted)
     {

--
Gitblit v1.9.1