From ee883ad73d64639eb994a71e15b1a37c07ff3cb9 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 22 Dec 2006 16:45:21 -0500
Subject: [PATCH] Applied security patches by Kees Cook (Ubuntu) + little visual enhancements

---
 program/steps/addressbook/delete.inc |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/program/steps/addressbook/delete.inc b/program/steps/addressbook/delete.inc
index b95988d..3e33cd8 100644
--- a/program/steps/addressbook/delete.inc
+++ b/program/steps/addressbook/delete.inc
@@ -21,7 +21,7 @@
 
 $REMOTE_REQUEST = TRUE;
 
-if ($_GET['_cid'])
+if ($_GET['_cid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_cid']))
   {
   $DB->query("UPDATE ".get_table_name('contacts')."
               SET    del=1
@@ -96,4 +96,4 @@
   }
 
 exit;
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1