From c5799618997716288169b6fbcd1251f76788cd49 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Sun, 25 Nov 2007 12:34:19 -0500
Subject: [PATCH] Fixed some potential security risks + updatedd changelog

---
 program/include/rcmail_template.inc |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/program/include/rcmail_template.inc b/program/include/rcmail_template.inc
index 15752f8..558bd4b 100644
--- a/program/include/rcmail_template.inc
+++ b/program/include/rcmail_template.inc
@@ -831,12 +831,12 @@
         }
     }
       
-    $fields['host'] = isset($select_host) ? $select_host->show($_POST['_host']) : null;
+    $fields['host'] = isset($select_host) ? $select_host->show(get_input_value('_host', RCUBE_INPUT_POST)) : null;
     }
   else if (!strlen($CONFIG['default_host']))
     {
     $input_host = new textfield(array('name' => '_host', 'id' => 'rcmloginhost', 'size' => 30));
-    $fields['host'] = $input_host->show($_POST['_host']);
+    $fields['host'] = $input_host->show(get_input_value('_host', RCUBE_INPUT_POST));
     }
 
   $form_name = strlen($attrib['form']) ? $attrib['form'] : 'form';

--
Gitblit v1.9.1