Fix XXS "hole" (you can only target yourself...) in calendar: make sure

that each of the request-vars concerning dates is numeric.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@6026 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/plugins/calendar/event_delete.php b/plugins/calendar/event_delete.php
index 0ae820a1310e05cdd281050c8ff55f2d7792b39d..b7908ec1012e650bb586a2bcf688048035c5d3b9 100644 (file)
--- a/plugins/calendar/event_delete.php
+++ b/plugins/calendar/event_delete.php
@@ -27,52 +27,52 @@ require_once(SM_PATH . 'functions/page_header.php');
 require_once(SM_PATH . 'include/load_prefs.php');
 require_once(SM_PATH . 'functions/html.php');
 /* get globals */
-if (isset($_GET['month'])) {
+if (isset($_GET['month']) && is_numeric($_GET['month'])) {
     $month = $_GET['month'];
 }
-elseif (isset($_POST['month'])) {
+elseif (isset($_POST['month']) && is_numeric($_GET['month'])) {
     $month = $_POST['month'];
 }
-if (isset($_GET['year'])) {
+if (isset($_GET['year']) && is_numeric($_GET['year'])) {
     $year = $_GET['year'];
 }
-elseif (isset($_POST['year'])) {
+elseif (isset($_POST['year']) && is_numeric($_POST['year'])) {
     $year = $_POST['year'];
 }
-if (isset($_GET['day'])) {
+if (isset($_GET['day']) && is_numeric($_GET['day'])) {
     $day = $_GET['day'];
 }
-elseif (isset($_POST['day'])) {
+elseif (isset($_POST['day']) && is_numeric($_POST['day'])) {
     $day = $_POST['day'];
 }
-if (isset($_GET['dyear'])) {
+if (isset($_GET['dyear']) && is_numeric($_GET['dyear'])) {
     $dyear = $_GET['dyear'];
 }
-elseif (isset($_POST['dyear'])) {
+elseif (isset($_POST['dyear']) && is_numeric($_POST['dyear'])) {
     $dyear = $_POST['dyear'];
 }
-if (isset($_GET['dmonth'])) {
+if (isset($_GET['dmonth']) && is_numeric($_GET['dmonth'])) {
     $dmonth = $_GET['dmonth'];
 }
-elseif (isset($_POST['dmonth'])) {
+elseif (isset($_POST['dmonth']) && is_numeric($_POST['dmonth'])) {
     $dmonth = $_POST['dmonth'];
 }
-if (isset($_GET['dday'])) {
+if (isset($_GET['dday']) && is_numeric($_GET['dday'])) {
     $dday = $_GET['dday'];
 }
-elseif (isset($_POST['dday'])) {
+elseif (isset($_POST['dday']) && is_numeric($_POST['dday'])) {
     $dday = $_POST['dday'];
 }
-if (isset($_GET['dhour'])) {
+if (isset($_GET['dhour']) && is_numeric($_GET['dhour'])) {
     $dhour = $_GET['dhour'];
 }
-elseif (isset($_POST['dhour'])) {
+elseif (isset($_POST['dhour']) && is_numeric($_POST['dhour'])) {
     $dhour = $_POST['dhour'];
 }
-if (isset($_GET['dminute'])) {
+if (isset($_GET['dminute']) && is_numeric($_GET['dminute'])) {
     $dminute = $_GET['dminute'];
 }
-elseif (isset($_POST['dminute'])) {
+elseif (isset($_POST['dminute']) && is_numeric($_POST['dminute'])) {
     $dminute = $_POST['dminute'];
 }
 if (isset($_POST['confirmed'])) {