From c5799618997716288169b6fbcd1251f76788cd49 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Sun, 25 Nov 2007 12:34:19 -0500
Subject: [PATCH] Fixed some potential security risks + updatedd changelog

---
 program/steps/mail/show.inc |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc
index e25da03..4dcdec3 100644
--- a/program/steps/mail/show.inc
+++ b/program/steps/mail/show.inc
@@ -57,7 +57,7 @@
   if ($MESSAGE['structure'] = $IMAP->get_structure($MESSAGE['UID']))
     list($MESSAGE['parts'], $MESSAGE['attachments']) = rcmail_parse_message(
       $MESSAGE['structure'],
-      array('safe' => (bool)$_GET['_safe'],
+      array('safe' => intval($_GET['_safe']),
             'prefer_html' => $CONFIG['prefer_html'],
             'get_url' => $GET_URL.'&_part=%s')
       );
@@ -71,7 +71,7 @@
 
   // give message uid to the client
   $OUTPUT->set_env('uid', $MESSAGE['UID']);
-  $OUTPUT->set_env('safemode', (bool)$_GET['_safe']);
+  $OUTPUT->set_env('safemode', intval($_GET['_safe']));
 
   $next = $prev = -1;
   // get previous, first, next and last message UID

--
Gitblit v1.9.1