X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fimap_messages.php;h=50f89836e40f95cba61d94ddc554b3d956f57fdf;hb=7b2092f1298addb768a06c390935599c672e2eca;hp=af49b5767d00b80fb1ab834f1089f94836485e03;hpb=d3defffebb0040a4be445abef6edf7b54fa33615;p=squirrelmail.git

diff --git a/functions/imap_messages.php b/functions/imap_messages.php
index af49b576..50f89836 100755
--- a/functions/imap_messages.php
+++ b/functions/imap_messages.php
@@ -6,7 +6,7 @@
  * This implements functions that manipulate messages
  * NOTE: Quite a few functions in this file are obsolete
  *
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2018 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -622,7 +622,7 @@ function parseFetch(&$aResponse,$aMessageList = array()) {
         $aMsg['ID'] = $id;
         $fetch = substr($read,$i_space+1,5);
         if (!is_numeric($id) && $fetch !== 'FETCH') {
-            $aMsg['ERROR'] = $read; // htmlspecialchars should be done just before display. this is backend code
+            $aMsg['ERROR'] = $read; // sm_encode_html_special_chars should be done just before display. this is backend code
             break;
         }
         $i = strpos($read,'(',$i_space+5);
@@ -895,7 +895,10 @@ function sqimap_parse_address($read, &$i) {
  */
 function sqimap_get_message($imap_stream, $id, $mailbox, $hide=0) {
     // typecast to int to prohibit 1:* msgs sets
-    $id = (int) $id;
+    // Update: $id should always be sanitized into a BIGINT so this
+    // is being removed; leaving this code here in case something goes
+    // wrong, however
+    //$id = (int) $id;
     $flags = array();
     $read = sqimap_run_command($imap_stream, "FETCH $id (FLAGS BODYSTRUCTURE)", true, $response, $message, TRUE);
     if ($read) {