[cvs] commit: horde/services prefs.php

[Chuck Hagenbuch]

Quoting Michael M Slusarz <slusarz at horde.org>:

>   Log:
>   sanitize url input.

This still lets you cause any PHP file to be included, such as config  
files - not inherently vulnerable, but combined with some other small  
thing, quite possibly. Can you backtrack and explain why this is  
necessary?

-chuck

-- 
"I have concerns that we are not behaving like a mature, responsible,  
collection of interdependent organisms." - Rick O.