Context Navigation

← Previous Changeset
Next Changeset →

Changeset 482 in subversion

Timestamp:

Feb 16, 2007 9:38:12 AM (6 years ago)

Author:

robin

Message:

Fix XSS vulnerability (closes #1484254).

File:

: 1 edited

trunk/roundcubemail/program/steps/mail/func.inc (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/roundcubemail/program/steps/mail/func.inc

-                      r451
+                      r482
 // set imap properties and session vars
 if (strlen($_GET['_mbox']))
+  {
   $IMAP->set_mailbox($_GET['_mbox']);
   $_SESSION['mbox'] = $_GET['_mbox'];
+if (strlen($mbox = get_input_value('_mbox', RCUBE_INPUT_GET)))
+  {
+  $IMAP->set_mailbox($mbox);
+  $_SESSION['mbox'] = $mbox;
+  }

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: