From ea7c46b4f37691702b8e78dea34c3e9a3afb232d Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 03 Mar 2006 11:34:35 -0500
Subject: [PATCH] Improved reading of POST and GET values

---
 index.php |   22 ++++------------------
 1 files changed, 4 insertions(+), 18 deletions(-)

diff --git a/index.php b/index.php
index fd09c02..d3cfade 100644
--- a/index.php
+++ b/index.php
@@ -82,23 +82,6 @@
 // PEAR::setErrorHandling(PEAR_ERROR_TRIGGER, E_USER_NOTICE);
 
 
-// strip magic quotes from Superglobals...
-if ((bool)get_magic_quotes_gpc())  // by "php Pest"
-  {
-  // Really EGPCSR - Environment $_ENV, GET $_GET , POST $_POST, Cookie $_COOKIE, Server $_SERVER
-  // and their HTTP_*_VARS cousins (separate arrays, not references) and $_REQUEST
-  $fnStripMagicQuotes = create_function(
-        '&$mData, $fnSelf',
-        'if (is_array($mData)) { foreach ($mData as $mKey=>$mValue) $fnSelf($mData[$mKey], $fnSelf); return; } '.
-        '$mData = stripslashes($mData);'
-  );
-  
-  // do each set of EGPCSR as you find necessary
-  $fnStripMagicQuotes($_POST, $fnStripMagicQuotes);
-  $fnStripMagicQuotes($_GET, $fnStripMagicQuotes);
-  }
-
-
 // catch some url/post parameters
 $_auth = !empty($_POST['_auth']) ? $_POST['_auth'] : $_GET['_auth'];
 $_task = !empty($_POST['_task']) ? $_POST['_task'] : (!empty($_GET['_task']) ? $_GET['_task'] : 'mail');
@@ -144,7 +127,10 @@
     {
     show_message("cookiesdisabled", 'warning');
     }
-  else if (isset($_POST['_user']) && isset($_POST['_pass']) && rcmail_login($_POST['_user'], $_POST['_pass'], $host))
+  else if (isset($_POST['_user']) && isset($_POST['_pass']) &&
+           rcmail_login(get_input_value('_user', RCUBE_INPUT_POST),
+                        get_input_value('_pass', RCUBE_INPUT_POST),
+                        $host))
     {
     // send redirect
     header("Location: $COMM_PATH");

--
Gitblit v1.9.1