Prevent XSS silliness in memorized searches.

[squirrelmail.git] / src / image.php

diff --git a/src/image.php b/src/image.php
index b695b5d33d3516d1ed7f19c1ec7a32784fb4c884..5702e44809cc15b04d7f97097f272de8fa63e096 100644 (file)
--- a/src/image.php
+++ b/src/image.php
@@ -3,7 +3,7 @@
 /**
  * image.php
  *
- * Copyright (c) 1999-2002 The SquirrelMail Project Team
+ * Copyright (c) 1999-2003 The SquirrelMail Project Team
  * Licensed under the GNU GPL. For full terms see the file COPYING.
  *
  * This file shows an attached image
@@ -25,7 +25,7 @@ displayPageHeader($color, 'None');
 
 /* globals */
 $mailbox = $_GET['mailbox'];
-$passed_id = $_GET['passed_id'];
+$passed_id = (int) $_GET['passed_id'];
 $ent_id = $_GET['ent_id'];
 $QUERY_STRING = $_SERVER['QUERY_STRING'];
 /* end globals */
@@ -44,7 +44,7 @@ echo '<a href="'.$msg_url.'">'. _("View message") . '</a>';
 
 $DownloadLink = '../src/download.php?passed_id=' . $passed_id .
                '&amp;mailbox=' . urlencode($mailbox) . 
-               '&amp;ent_id=' . $ent_id . '&amp;absolute_dl=true';
+               '&amp;ent_id=' . urlencode($ent_id) . '&amp;absolute_dl=true';
 
 echo '</b></td></tr>' . "\n" .
     '<tr><td align=center><A HREF="' . $DownloadLink . '">' .