From d5342aabcfeddb959cc286befe6de5bf35fe9d76 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Sun, 25 Nov 2007 14:45:38 -0500
Subject: [PATCH] More input sanitizing

---
 program/steps/mail/func.inc |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 95deaa4..dd38016 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1191,7 +1191,7 @@
   {
   global $CONFIG, $IMAP, $MESSAGE;
   
-  $part = get_input_value('_part', RCUBE_INPUT_GPC);
+  $part = asciiwords(get_input_value('_part', RCUBE_INPUT_GPC));
   if (!is_array($MESSAGE) || !is_array($MESSAGE['parts']) || !($_GET['_uid'] && $_GET['_part']) || !$MESSAGE['parts'][$part])
     return '';
     
@@ -1225,7 +1225,7 @@
   {
   global $MESSAGE;
   
-  $part = $MESSAGE['parts'][get_input_value('_part', RCUBE_INPUT_GPC)];
+  $part = $MESSAGE['parts'][asciiwords(get_input_value('_part', RCUBE_INPUT_GPC))];
   $ctype_primary = strtolower($part->ctype_primary);
 
   $attrib['src'] = Q('./?'.str_replace('_frame=', ($ctype_primary=='text' ? '_show=' : '_preload='), $_SERVER['QUERY_STRING']));

--
Gitblit v1.9.1