From d8270226853caab1a28a695da6d77afde075d6df Mon Sep 17 00:00:00 2001
From: kink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Mon, 27 Oct 2003 11:12:28 +0000
Subject: [PATCH] Fix XXS "hole" (you can only target yourself...) in calendar:
 make sure that each of the request-vars concerning dates is numeric.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@6026 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 plugins/calendar/event_delete.php | 32 +++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/plugins/calendar/event_delete.php b/plugins/calendar/event_delete.php
index 0ae820a1..b7908ec1 100644
--- a/plugins/calendar/event_delete.php
+++ b/plugins/calendar/event_delete.php
@@ -27,52 +27,52 @@ require_once(SM_PATH . 'functions/page_header.php');
 require_once(SM_PATH . 'include/load_prefs.php');
 require_once(SM_PATH . 'functions/html.php');
 /* get globals */
-if (isset($_GET['month'])) {
+if (isset($_GET['month']) && is_numeric($_GET['month'])) {
     $month = $_GET['month'];
 }
-elseif (isset($_POST['month'])) {
+elseif (isset($_POST['month']) && is_numeric($_GET['month'])) {
     $month = $_POST['month'];
 }
-if (isset($_GET['year'])) {
+if (isset($_GET['year']) && is_numeric($_GET['year'])) {
     $year = $_GET['year'];
 }
-elseif (isset($_POST['year'])) {
+elseif (isset($_POST['year']) && is_numeric($_POST['year'])) {
     $year = $_POST['year'];
 }
-if (isset($_GET['day'])) {
+if (isset($_GET['day']) && is_numeric($_GET['day'])) {
     $day = $_GET['day'];
 }
-elseif (isset($_POST['day'])) {
+elseif (isset($_POST['day']) && is_numeric($_POST['day'])) {
     $day = $_POST['day'];
 }
-if (isset($_GET['dyear'])) {
+if (isset($_GET['dyear']) && is_numeric($_GET['dyear'])) {
     $dyear = $_GET['dyear'];
 }
-elseif (isset($_POST['dyear'])) {
+elseif (isset($_POST['dyear']) && is_numeric($_POST['dyear'])) {
     $dyear = $_POST['dyear'];
 }
-if (isset($_GET['dmonth'])) {
+if (isset($_GET['dmonth']) && is_numeric($_GET['dmonth'])) {
     $dmonth = $_GET['dmonth'];
 }
-elseif (isset($_POST['dmonth'])) {
+elseif (isset($_POST['dmonth']) && is_numeric($_POST['dmonth'])) {
     $dmonth = $_POST['dmonth'];
 }
-if (isset($_GET['dday'])) {
+if (isset($_GET['dday']) && is_numeric($_GET['dday'])) {
     $dday = $_GET['dday'];
 }
-elseif (isset($_POST['dday'])) {
+elseif (isset($_POST['dday']) && is_numeric($_POST['dday'])) {
     $dday = $_POST['dday'];
 }
-if (isset($_GET['dhour'])) {
+if (isset($_GET['dhour']) && is_numeric($_GET['dhour'])) {
     $dhour = $_GET['dhour'];
 }
-elseif (isset($_POST['dhour'])) {
+elseif (isset($_POST['dhour']) && is_numeric($_POST['dhour'])) {
     $dhour = $_POST['dhour'];
 }
-if (isset($_GET['dminute'])) {
+if (isset($_GET['dminute']) && is_numeric($_GET['dminute'])) {
     $dminute = $_GET['dminute'];
 }
-elseif (isset($_POST['dminute'])) {
+elseif (isset($_POST['dminute']) && is_numeric($_POST['dminute'])) {
     $dminute = $_POST['dminute'];
 }
 if (isset($_POST['confirmed'])) {
-- 
2.25.1