Changeset 931 in subversion for trunk/roundcubemail/program/steps/mail/func.inc

Timestamp:

Nov 25, 2007 2:45:38 PM (5 years ago)

Author:

thomasb

Message:

More input sanitizing

File:

• trunk/roundcubemail/program/steps/mail/func.inc (modified) (2 diffs)

trunk/roundcubemail/program/steps/mail/func.inc

@@ -1192 +1192 @@
   global $CONFIG, $IMAP, $MESSAGE;
   
-  $part = get_input_value('_part', RCUBE_INPUT_GPC);
+  $part = asciiwords(get_input_value('_part', RCUBE_INPUT_GPC));
   if (!is_array($MESSAGE) || !is_array($MESSAGE['parts']) || !($_GET['_uid'] && $_GET['_part']) || !$MESSAGE['parts'][$part])
     return '';
@@ -1226 +1226 @@
   global $MESSAGE;
   
-  $part = $MESSAGE['parts'][get_input_value('_part', RCUBE_INPUT_GPC)];
+  $part = $MESSAGE['parts'][asciiwords(get_input_value('_part', RCUBE_INPUT_GPC))];
   $ctype_primary = strtolower($part->ctype_primary);