Sanitize integer option fields - only digits allowed

[squirrelmail.git] / functions / folder_manip.php

diff --git a/functions/folder_manip.php b/functions/folder_manip.php
index c93d6750d05264e950bd5a5e498899b847b6402e..4b3971c129cd93dff1421f9478530ceaed9e7636 100644 (file)
--- a/functions/folder_manip.php
+++ b/functions/folder_manip.php
@@ -7,7 +7,7 @@
  * (un)subscribe, create, rename, delete.
  *
  * @author Thijs Kinkhorst <kink at squirrelmail.org>
- * @copyright &copy; 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2011 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -226,7 +226,7 @@ function folders_delete_do ($imapConnection, $delimiter, $folder_name)
 
     /** lets see if we CAN move folders to the trash.. otherwise,
         ** just delete them **/
-    if ($delete_folder || preg_match('/^' . $trash_folder . '.+/i', $folder_name) ) {
+    if ($delete_folder || preg_match('/^' . preg_quote($trash_folder, '/') . '.+/i', $folder_name) ) {
         $can_move_to_trash = FALSE;
     } else {
     /* Otherwise, check if trash folder exits and support sub-folders */