Index: /trunk/roundcubemail/program/steps/error.inc
===================================================================
--- /trunk/roundcubemail/program/steps/error.inc	(revision 318)
+++ /trunk/roundcubemail/program/steps/error.inc	(revision 319)
@@ -54,5 +54,5 @@
   {
   $__error_title = "REQUEST FAILED/FILE NOT FOUND";
-  $request_url = $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
+  $request_url = htmlentities($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
   $__error_text  = <<<EOF
 The requested page was not found!<br />
Index: /trunk/roundcubemail/program/steps/settings/edit_identity.inc
===================================================================
--- /trunk/roundcubemail/program/steps/settings/edit_identity.inc	(revision 318)
+++ /trunk/roundcubemail/program/steps/settings/edit_identity.inc	(revision 319)
@@ -22,10 +22,9 @@
 if (($_GET['_iid'] || $_POST['_iid']) && $_action=='edit-identity')
   {
-  $id = $_POST['_iid'] ? $_POST['_iid'] : $_GET['_iid'];
   $DB->query("SELECT * FROM ".get_table_name('identities')."
               WHERE  identity_id=?
               AND    user_id=?
               AND    del<>1",
-              $id,
+              get_input_value('_iid', RCUBE_INPUT_GPC),
               $_SESSION['user_id']);
   
Index: /trunk/roundcubemail/program/steps/settings/save_identity.inc
===================================================================
--- /trunk/roundcubemail/program/steps/settings/save_identity.inc	(revision 318)
+++ /trunk/roundcubemail/program/steps/settings/save_identity.inc	(revision 319)
@@ -56,5 +56,5 @@
                 AND    user_id=?
                 AND    del<>1",
-                $_POST['_iid'],
+                get_input_value('_iid', RCUBE_INPUT_POST),
                 $_SESSION['user_id']);
                        
@@ -73,5 +73,5 @@
                 AND    del<>1",
                 $_SESSION['user_id'],
-                $_POST['_iid']);
+                get_input_value('_iid', RCUBE_INPUT_POST));
     
     if ($_POST['_framed'])