Changeset 382 in subversion
- Timestamp:
- Nov 22, 2006 6:42:37 AM (7 years ago)
- Location:
- trunk/roundcubemail
- Files:
-
- 2 edited
-
index.php (modified) (4 diffs)
-
program/include/main.inc (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/roundcubemail/index.php
r344 r382 3 3 +-----------------------------------------------------------------------+ 4 4 | RoundCube Webmail IMAP Client | 5 | Version 0.1-2006 0907|5 | Version 0.1-20061122 | 6 6 | | 7 7 | Copyright (C) 2005-2006, RoundCube Dev. - Switzerland | … … 41 41 */ 42 42 43 define('RCMAIL_VERSION', '0.1-2006 0907');43 define('RCMAIL_VERSION', '0.1-20061122'); 44 44 45 45 // define global vars … … 91 91 92 92 // catch some url/post parameters 93 $_task = get_input_value('_task', RCUBE_INPUT_GPC);94 $_action = get_input_value('_action', RCUBE_INPUT_GPC);93 $_task = strip_quotes(get_input_value('_task', RCUBE_INPUT_GPC)); 94 $_action = strip_quotes(get_input_value('_action', RCUBE_INPUT_GPC)); 95 95 $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed'])); 96 96 97 if (empty($_task)) 97 // use main task if empty or invalid value 98 if (empty($_task) || !in_array($_task, $MAIN_TASKS)) 98 99 $_task = 'mail'; 99 100 … … 373 374 374 375 // parse main template 375 // only allow these templates to be included 376 if (in_array($_task, $MAIN_TASKS)) 377 parse_template($_task); 376 parse_template($_task); 378 377 379 378 -
trunk/roundcubemail/program/include/main.inc
r371 r382 1064 1064 } 1065 1065 1066 1066 /** 1067 * Remove single and double quotes from given string 1068 */ 1069 function strip_quotes($str) 1070 { 1071 return preg_replace('/[\'"]/', '', $str); 1072 } 1067 1073 1068 1074
Note: See TracChangeset
for help on using the changeset viewer.
