Changeset b3ce791 in github


Ignore:
Timestamp:
Feb 16, 2007 2:35:03 PM (6 years ago)
Author:
thomascube <thomas@…>
Branches:
master, HEAD, courier-fix, dev-browser-capabilities, pdo, release-0.6, release-0.7, release-0.8
Children:
191667e
Parents:
1012ea3
Message:

Better input checking on GET and POST vars

Location:
program
Files:
9 edited

Legend:

Unmodified
Added
Removed

  • program/include/main.inc

    r18e2a3ef rb3ce791  
    16901690  { 
    16911691  $attrib = array(); 
    1692   preg_match_all('/\s*([-_a-z]+)=["]([^"]+)["]?/i', stripslashes($str), $regs, PREG_SET_ORDER); 
     1692  preg_match_all('/\s*([-_a-z]+)=(["\'])([^"]+)\2/Ui', stripslashes($str), $regs, PREG_SET_ORDER); 
    16931693 
    16941694  // convert attributes to an associative array (name => value) 
    16951695  if ($regs) 
    16961696    foreach ($regs as $attr) 
    1697       $attrib[strtolower($attr[1])] = $attr[2]; 
     1697      $attrib[strtolower($attr[1])] = $attr[3]; 
    16981698 
    16991699  return $attrib; 

  • program/steps/mail/folders.inc

    rd64c2e4 rb3ce791  
    2626if ($_action=='expunge') 
    2727  { 
    28   $success = $IMAP->expunge($_GET['_mbox']); 
     28  $success = $IMAP->expunge(get_input_value('_mbox', RCUBE_INPUT_GET)); 
    2929 
    3030  // reload message list if current mailbox   
    31   if ($success && $_GET['_reload']) 
     31  if ($success && !empty($_GET['_reload'])) 
    3232    { 
    3333    rcube_remote_response('this.message_list.clear();', TRUE); 
     
    4242else if ($_action=='purge') 
    4343  { 
    44   $success = $IMAP->clear_mailbox($_GET['_mbox']); 
     44  $success = $IMAP->clear_mailbox(get_input_value('_mbox', RCUBE_INPUT_GET)); 
    4545   
    46   if ($success && $_GET['_reload']) 
     46  if ($success && !empty($_GET['_reload'])) 
    4747    { 
    4848    $commands = "this.message_list.clear();\n"; 

  • program/steps/mail/func.inc

    r1012ea3 rb3ce791  
    3131 
    3232// set imap properties and session vars 
    33 if (strlen($mbox = get_input_value('_mbox', RCUBE_INPUT_GET))) 
     33if ($mbox = get_input_value('_mbox', RCUBE_INPUT_GPC)) 
    3434  { 
    3535  $IMAP->set_mailbox($mbox); 
     
    3737  } 
    3838 
    39 if (strlen($_GET['_page'])) 
    40   { 
    41   $IMAP->set_page($_GET['_page']); 
    42   $_SESSION['page'] = $_GET['_page']; 
     39if (!empty($_GET['_page'])) 
     40  { 
     41  $IMAP->set_page((int)$_GET['_page']); 
     42  $_SESSION['page'] = (int)$_GET['_page']; 
    4343  } 
    4444 
     
    6060// define url for getting message parts 
    6161if (strlen($_GET['_uid'])) 
    62   $GET_URL = sprintf('%s&_action=get&_mbox=%s&_uid=%d', $COMM_PATH, $IMAP->get_mailbox_name(), $_GET['_uid']); 
     62  $GET_URL = sprintf('%s&_action=get&_mbox=%s&_uid=%d', $COMM_PATH, $IMAP->get_mailbox_name(), get_input_value('_uid', RCUBE_INPUT_GET)); 
    6363 
    6464 

  • program/steps/mail/list.inc

    r04c6180 rb3ce791  
    2323$OUTPUT_TYPE = 'js'; 
    2424 
    25 $sort = isset($_GET['_sort']) ? $_GET['_sort'] : false; 
    26  
    2725// is there a sort type for this request? 
    28 if ($sort) 
     26if ($sort = get_input_value('_sort', RCUBE_INPUT_GET)) 
    2927  { 
    3028  // yes, so set the sort vars 

  • program/steps/mail/mark.inc

    rc5ac073 rb3ce791  
    2626                     'unread' => 'UNSEEN'); 
    2727 
    28 if ($_GET['_uid'] && $_GET['_flag']) 
     28if (($uids = get_input_value('_uid', RCUBE_INPUT_GET)) && ($flag = get_input_value('_flag', RCUBE_INPUT_GET))) 
    2929  { 
    30   $flag = $a_flags_map[$_GET['_flag']] ? $a_flags_map[$_GET['_flag']] : strtoupper($_GET['_flag']); 
    31   $marked = $IMAP->set_flag($_GET['_uid'], $flag); 
     30  $flag = $a_flags_map[$flag] ? $a_flags_map[$flag] : strtoupper($flag); 
     31  $marked = $IMAP->set_flag($uids, $flag); 
    3232  if ($marked != -1) 
    3333    { 

  • program/steps/mail/move_del.inc

    r04c6180 rb3ce791  
    2323 
    2424// move messages 
    25 if ($_action=='moveto' && $_GET['_uid'] && $_GET['_target_mbox']) 
     25if ($_action=='moveto' && !empty($_GET['_uid']) && !empty($_GET['_target_mbox'])) 
    2626  { 
    27   $count = sizeof(explode(',', $_GET['_uid'])); 
    28   $moved = $IMAP->move_message($_GET['_uid'], $_GET['_target_mbox'], $_GET['_mbox']); 
     27  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET)))); 
     28  $target = get_input_value('_target_mbox', RCUBE_INPUT_GET); 
     29  $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_GET)); 
    2930   
    3031  if (!$moved) 
     
    3940 
    4041// delete messages  
    41 else if ($_action=='delete' && $_GET['_uid']) 
     42else if ($_action=='delete' && !empty($_GET['_uid'])) 
    4243  { 
    43   $count = sizeof(explode(',', $_GET['_uid'])); 
    44   $del = $IMAP->delete_message($_GET['_uid'], $_GET['_mbox']); 
     44  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET)))); 
     45  $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_GET)); 
    4546   
    4647  if (!$del) 
     
    6162 
    6263// refresh saved seach set after moving some messages 
    63 if (($search_request = $_GET['_search']) && $IMAP->search_set) 
     64if (($search_request = get_input_value('_search', RCUBE_INPUT_GPC)) && $IMAP->search_set) 
    6465  $_SESSION['search'][$search_request] = $IMAP->refresh_search(); 
    6566 
     
    7677$commands .= sprintf("this.set_unread_count('%s', %d);\n", $mbox, $IMAP->messagecount($mbox, 'UNSEEN')); 
    7778 
    78 if ($_action=='moveto') 
    79   $commands .= sprintf("this.set_unread_count('%s', %d);\n", $_GET['_target_mbox'], $IMAP->messagecount($_GET['_target_mbox'], 'UNSEEN')); 
     79if ($_action=='moveto' && $target) 
     80  $commands .= sprintf("this.set_unread_count('%s', %d);\n", $target, $IMAP->messagecount($target, 'UNSEEN')); 
    8081 
    8182$commands .= sprintf("this.set_quota('%s');\n", $IMAP->get_quota());  

  • program/steps/mail/show.inc

    r97c8d33 rb3ce791  
    6565  // mark message as read 
    6666  if (!$MESSAGE['headers']->seen && $_action != 'preview') 
    67     $IMAP->set_flag($_GET['_uid'], 'SEEN'); 
     67    $IMAP->set_flag($MESSAGE['UID'], 'SEEN'); 
    6868 
    6969  // give message uid to the client 

  • program/steps/settings/delete_identity.inc

    ree883ad rb3ce791  
    2020*/ 
    2121 
    22 $REMOTE_REQUEST = $_GET['_remote'] ? TRUE : FALSE; 
    23  
    24 if ($_GET['_iid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_iid'])) 
     22if (($ids = get_input_value('_iid', RCUBE_INPUT_GET)) && preg_match('/^[0-9]+(,[0-9]+)*$/', $ids)) 
    2523  { 
    2624  $DB->query("UPDATE ".get_table_name('identities')." 
    2725              SET    del=1 
    2826              WHERE  user_id=? 
    29               AND    identity_id IN (".$_GET['_iid'].")", 
     27              AND    identity_id IN (".$ids.")", 
    3028              $_SESSION['user_id']); 
    3129 

  • program/steps/settings/manage_folders.inc

    r2bca6e1 rb3ce791  
    2727if ($_action=='subscribe') 
    2828  { 
    29   if (strlen($_GET['_mboxes'])) 
    30     $IMAP->subscribe(array($_GET['_mboxes'])); 
     29  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET)) 
     30    $IMAP->subscribe(array($mboxes)); 
    3131 
    3232  if ($REMOTE_REQUEST) 
     
    3737else if ($_action=='unsubscribe') 
    3838  { 
    39   if (strlen($_GET['_mboxes'])) 
    40     $IMAP->unsubscribe(array($_GET['_mboxes'])); 
     39  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET)) 
     40    $IMAP->unsubscribe(array($mboxes)); 
    4141 
    4242  if ($REMOTE_REQUEST) 
     
    9696else if ($_action=='delete-folder') 
    9797  { 
    98   if (!empty($_GET['_mboxes'])) 
    99     $deleted = $IMAP->delete_mailbox(array(get_input_value('_mboxes', RCUBE_INPUT_GET))); 
     98  if (get_input_value('_mboxes', RCUBE_INPUT_GET)) 
     99    $deleted = $IMAP->delete_mailbox(array($mboxes)); 
    100100 
    101101  if ($REMOTE_REQUEST && $deleted) 
Note: See TracChangeset for help on using the changeset viewer.