Corrected regexp for numeric _to parameter

19 years ago · 4fd971598d
parent 30a75147a0
commit 4fd971598d
1 changed files with 1 additions and 1 deletions
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@ -98,7 +98,7 @@ function rcmail_compose_headers($attrib)
      $header = 'to';

      // we have contact id's as get parameters
-      if (!empty($_GET['_to']) && preg_match('/^([0-9]+,?)+$/', $_GET['_to']))
+      if (!empty($_GET['_to']) && preg_match('/^[0-9]+(,[0-9]+)*$/', $_GET['_to']))
        {
        $a_recipients = array();
        $sql_result = $DB->query("SELECT name, email