diff -up squirrelmail-1.4.20/functions/global.php.biguid squirrelmail-1.4.20/functions/global.php --- squirrelmail-1.4.20/functions/global.php.biguid 2010-01-28 00:35:26.000000000 +0100 +++ squirrelmail-1.4.20/functions/global.php 2010-03-08 09:45:27.325832342 +0100 @@ -609,3 +609,16 @@ function file_has_long_lines($filename, return FALSE; } +/** + * Restrict value to be numeric string + * + * @param string $value The value to be checked + * + * @return $value if it is numeric string, "0" otherwise + * + * @since 1.4.18 + */ +function sqrestrict_to_num($value) +{ + return preg_match('/^[0-9]+$/', $value) ? $value : '0'; +} diff -up squirrelmail-1.4.20/functions/imap_messages.php.biguid squirrelmail-1.4.20/functions/imap_messages.php --- squirrelmail-1.4.20/functions/imap_messages.php.biguid 2010-01-25 03:47:41.000000000 +0100 +++ squirrelmail-1.4.20/functions/imap_messages.php 2010-03-08 09:45:27.326828209 +0100 @@ -1025,7 +1025,7 @@ function sqimap_get_message($imap_stream global $uid_support; // typecast to int to prohibit 1:* msgs sets - $id = (int) $id; + $id = sqrestrict_to_num($id); $flags = array(); $read = sqimap_run_command($imap_stream, "FETCH $id (FLAGS BODYSTRUCTURE)", true, $response, $message, $uid_support); if ($read) { diff -up squirrelmail-1.4.20/plugins/delete_move_next/setup.php.biguid squirrelmail-1.4.20/plugins/delete_move_next/setup.php --- squirrelmail-1.4.20/plugins/delete_move_next/setup.php.biguid 2010-02-20 20:31:44.000000000 +0100 +++ squirrelmail-1.4.20/plugins/delete_move_next/setup.php 2010-03-08 15:51:22.927624535 +0100 @@ -170,11 +170,11 @@ function delete_move_next_read($currloc) $prev_if_del = $prev; $next_if_del = $next; if (!$uid_support && ($auto_expunge || $move_to_trash)) { - if ($prev_if_del > $passed_id) { - $prev_if_del--; + if (((float)$prev_if_del) > ((float)$passed_id)) { + $prev_if_del = (string) (((float)$prev_if_del) -1); } - if ($next_if_del > $passed_id) { - $next_if_del--; + if (((float)$next_if_del) > ((float)$passed_id)) { + $next_if_del = (string) (((float)$next_if_del) -1); } } @@ -185,7 +185,7 @@ function delete_move_next_read($currloc) '<tr>'. "<td bgcolor=\"$color[9]\" width=\"100%\" align=\"center\"><small>"; - if ($prev > 0){ + if (((float)$prev) > 0){ echo "<a href=\"read_body.php?passed_id=$prev_if_del&mailbox=$urlMailbox&sort=$sort&startMessage=$startMessage&show_more=0&delete_id=$passed_id&smtoken=" . sm_generate_security_token() . "\">" . _("Delete & Prev") . "</a>" . " | "; if ($delete_move_next_show_unread == 'on') { echo "<a href=\"read_body.php?passed_id=$prev_if_del&mailbox=$urlMailbox&sort=$sort&startMessage=$startMessage&show_more=0&unread_id=$passed_id&smtoken=" . sm_generate_security_token() . "\">" . _("Unread & Prev") . "</a>" . " | "; @@ -197,7 +197,7 @@ function delete_move_next_read($currloc) echo _("Unread & Prev") . " | "; } } - if ($next > 0){ + if (((float)$next) > 0){ if ($delete_move_next_show_unread == 'on') { echo "<a href=\"read_body.php?passed_id=$next_if_del&mailbox=$urlMailbox&sort=$sort&startMessage=$startMessage&show_more=0&unread_id=$passed_id&smtoken=" . sm_generate_security_token() . "\">" . _("Unread & Next") . "</a> | "; } @@ -210,18 +210,18 @@ function delete_move_next_read($currloc) } echo '</small></td></tr>'; - if ($next_if_del < 0) { + if (((float)$next_if_del) < 0) { $next_if_del = $prev_if_del; } if (($delete_move_next_formATtop == 'on') && ($currloc == 'top')) { - if ($next_if_del > 0) { + if (((float)$next_if_del) > 0) { delete_move_next_moveNextForm($next_if_del); } else { delete_move_next_moveRightMainForm(); } } if (($delete_move_next_formATbottom != 'off') && ($currloc == 'bottom')) { - if ($next_if_del > 0) { + if (((float)$next_if_del) > 0) { delete_move_next_moveNextForm($next_if_del); } else { delete_move_next_moveRightMainForm(); diff -up squirrelmail-1.4.20/src/compose.php.biguid squirrelmail-1.4.20/src/compose.php --- squirrelmail-1.4.20/src/compose.php.biguid 2010-02-16 21:17:13.000000000 +0100 +++ squirrelmail-1.4.20/src/compose.php 2010-03-08 09:45:27.368576639 +0100 @@ -95,7 +95,7 @@ sqgetGlobalVar('ent_num',$ent_num, $SQ_G sqgetGlobalVar('saved_draft',$saved_draft, SQ_FORM); if ( sqgetGlobalVar('delete_draft',$delete_draft) ) { - $delete_draft = (int)$delete_draft; + $delete_draft = sqrestrict_to_num($delete_draft); } if ( sqgetGlobalVar('startMessage',$startMessage) ) { diff -up squirrelmail-1.4.20/src/download.php.biguid squirrelmail-1.4.20/src/download.php --- squirrelmail-1.4.20/src/download.php.biguid 2010-01-25 03:47:41.000000000 +0100 +++ squirrelmail-1.4.20/src/download.php 2010-03-08 09:45:27.368576639 +0100 @@ -38,7 +38,7 @@ sqgetGlobalVar('mailbox', $mailbox, sqgetGlobalVar('ent_id', $ent_id, SQ_GET); sqgetGlobalVar('absolute_dl',$absolute_dl, SQ_GET); if ( sqgetGlobalVar('passed_id', $temp, SQ_GET) ) { - $passed_id = (int) $temp; + $passed_id = sqrestrict_to_num($temp); } global $default_charset; diff -up squirrelmail-1.4.20/src/image.php.biguid squirrelmail-1.4.20/src/image.php --- squirrelmail-1.4.20/src/image.php.biguid 2010-01-25 03:47:41.000000000 +0100 +++ squirrelmail-1.4.20/src/image.php 2010-03-08 09:45:27.369702769 +0100 @@ -32,7 +32,7 @@ displayPageHeader($color, 'None'); /* globals */ if ( sqgetGlobalVar('passed_id', $temp, SQ_GET) ) { - $passed_id = (int) $temp; + $passed_id = sqrestrict_to_num($temp); } sqgetGlobalVar('mailbox', $mailbox, SQ_GET); sqgetGlobalVar('ent_id', $ent_id, SQ_GET); diff -up squirrelmail-1.4.20/src/printer_friendly_main.php.biguid squirrelmail-1.4.20/src/printer_friendly_main.php --- squirrelmail-1.4.20/src/printer_friendly_main.php.biguid 2010-01-25 03:47:41.000000000 +0100 +++ squirrelmail-1.4.20/src/printer_friendly_main.php 2010-03-08 09:45:27.370701998 +0100 @@ -29,7 +29,7 @@ if ( ! sqgetGlobalVar('mailbox',$mailbox ! sqgetGlobalVar('passed_id',$passed_id,SQ_GET)) { error_box(_("Invalid URL"),$color); } else { - $passed_id= (int) $passed_id; + $passed_id= sqrestrict_to_num($passed_id); $view_unsafe_images = (bool) $_GET['view_unsafe_images']; /* end globals */ displayHtmlHeader( _("Printer Friendly"), '', false, true ); diff -up squirrelmail-1.4.20/src/read_body.php.biguid squirrelmail-1.4.20/src/read_body.php --- squirrelmail-1.4.20/src/read_body.php.biguid 2010-02-14 00:06:30.000000000 +0100 +++ squirrelmail-1.4.20/src/read_body.php 2010-03-08 09:45:27.370701998 +0100 @@ -759,7 +759,7 @@ sqgetGlobalVar('passed_ent_id', $passed_ sqgetGlobalVar('mailbox', $mailbox); if ( sqgetGlobalVar('passed_id', $temp) ) { - $passed_id = (int) $temp; + $passed_id = sqrestrict_to_num($temp); } if ( sqgetGlobalVar('sort', $temp) ) { $sort = (int) $temp; diff -up squirrelmail-1.4.20/src/view_header.php.biguid squirrelmail-1.4.20/src/view_header.php --- squirrelmail-1.4.20/src/view_header.php.biguid 2010-01-25 03:47:41.000000000 +0100 +++ squirrelmail-1.4.20/src/view_header.php 2010-03-08 09:45:27.417576628 +0100 @@ -120,7 +120,7 @@ function view_header($header, $mailbox, /* get global vars */ if ( sqgetGlobalVar('passed_id', $temp, SQ_GET) ) { - $passed_id = (int) $temp; + $passed_id = sqrestrict_to_num($temp); } if ( sqgetGlobalVar('mailbox', $temp, SQ_GET) ) { $mailbox = $temp;