From d5342aabcfeddb959cc286befe6de5bf35fe9d76 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Sun, 25 Nov 2007 14:45:38 -0500
Subject: [PATCH] More input sanitizing

---
 program/steps/mail/get.inc |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index c9e40ac..dad49d3 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -88,7 +88,7 @@
       // we have to analyze the whole structure again to find inline objects
       list($new_parts, $new_attachments) =
         rcmail_parse_message($MESSAGE['structure'],
-                             array('safe' => (bool)$_GET['_safe'],
+                             array('safe' => intval($_GET['_safe']),
                                    'prefer_html' => TRUE,
                                    'get_url' => $GET_URL.'&_part=%s'));
 
@@ -102,7 +102,7 @@
         $part->body = $IMAP->get_message_part($MESSAGE['UID'], $part->mime_id, $part);
 
       $OUTPUT = new rcube_html_page();
-      $OUTPUT->write(rcmail_print_body($part, (bool)$_GET['_safe']));
+      $OUTPUT->write(rcmail_print_body($part, intval($_GET['_safe'])));
       }
     else
       {
@@ -130,7 +130,7 @@
 
   $cont = ''; 
   list($MESSAGE['parts']) = rcmail_parse_message($MESSAGE['structure'],
-                                                 array('safe' => (bool)$_GET['_safe'],
+                                                 array('safe' => intval($_GET['_safe']),
                                                  'get_url' => $GET_URL.'&_part=%s'));
 
   $cont = "<html>\n<head><title></title>\n</head>\n<body>";

--
Gitblit v1.9.1