Sanitize integer option fields - only digits allowed

[squirrelmail.git] / functions / folder_manip.php

diff --git a/functions/folder_manip.php b/functions/folder_manip.php
index 775b0f4fd5d4a164503dacfddbb476556b7011d3..4b3971c129cd93dff1421f9478530ceaed9e7636 100644 (file)
--- a/functions/folder_manip.php
+++ b/functions/folder_manip.php
@@ -7,7 +7,7 @@
  * (un)subscribe, create, rename, delete.
  *
  * @author Thijs Kinkhorst <kink at squirrelmail.org>
- * @copyright &copy; 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2011 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -106,7 +106,7 @@ function folders_rename_getname ($imapConnection, $delimiter, $old) {
     $old = imap_utf7_decode_local($old);
 
     if (strpos($old, $delimiter)) {
-        $old_name = substr($old, strrpos($old, $delimiter)+1, strlen($old));
+        $old_name = substr($old, strrpos($old, $delimiter)+1);
         // hide default prefix (INBOX., mail/ or other)
         $quoted_prefix=preg_quote($default_folder_prefix,'/');
         $prefix_length=(preg_match("/^$quoted_prefix/",$old) ? strlen($default_folder_prefix) : 0);
@@ -226,7 +226,7 @@ function folders_delete_do ($imapConnection, $delimiter, $folder_name)
 
     /** lets see if we CAN move folders to the trash.. otherwise,
         ** just delete them **/
-    if ($delete_folder || eregi('^'.$trash_folder.'.+', $folder_name) ) {
+    if ($delete_folder || preg_match('/^' . preg_quote($trash_folder, '/') . '.+/i', $folder_name) ) {
         $can_move_to_trash = FALSE;
     } else {
     /* Otherwise, check if trash folder exits and support sub-folders */