diff options
-rw-r--r-- | packages/spamd_db.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/packages/spamd_db.php b/packages/spamd_db.php index 9105709a..ae934a70 100644 --- a/packages/spamd_db.php +++ b/packages/spamd_db.php @@ -50,14 +50,16 @@ if($_GET['action'] or $_POST['action']) { if($_POST['action']) $action = escapeshellarg($_POST['action']); if($_GET['srcip']) - $srcip = escapeshellarg($_GET['srcip']); + $srcip = $_GET['srcip']; if($_POST['srcip']) - $srcip = escapeshellarg($_POST['srcip']); + $srcip = $_POST['srcip']; if($_POST['toaddress']) $toaddress = escapeshellarg($_POST['toaddress']); $srcip = str_replace("<","",$srcip); $srcip = str_replace(">","",$srcip); $srcip = str_replace(" ","",$srcip); + // Make input safe + $srcip = escapeshellarg($srcip); /* execute spamdb command */ if($action == "'whitelist'") { if(!is_ipaddr($srcip)) { |