fix for unsafe images links. Somehow the wrong were in de view unsafe images

[squirrelmail.git] / functions / attachment_common.php

diff --git a/functions/attachment_common.php b/functions/attachment_common.php
index a6251442d6a5e824c178b091dbeccbe4077d980a..573d72c70b1edadc5353ba62f89259e401b01f94 100644 (file)
--- a/functions/attachment_common.php
+++ b/functions/attachment_common.php
@@ -3,7 +3,7 @@
 /**
  * attachment_common.php
  *
- * Copyright (c) 1999-2002 The SquirrelMail Project Team
+ * Copyright (c) 1999-2003 The SquirrelMail Project Team
  * Licensed under the GNU GPL. For full terms see the file COPYING.
  *
  * This file provides the handling of often-used attachment types.
@@ -28,6 +28,7 @@ $FileExtensionToMimeType = array('bmp'  => 'image/x-bitmap',
                                  'vcf'  => 'text/x-vcard');
 
 /* Register browser-supported image types */
+sqextractGlobalVar('attachment_common_types');
 if (isset($attachment_common_types)) {
     /* Don't run this before being logged in. That may happen
        when plugins include mime.php */
@@ -93,8 +94,8 @@ function attachment_common_link_text(&$Args)
        $Args[1]['attachment_common']['href'] = Where it links to
       
        This sets the 'href' of this plugin for a new link. */
-       
-    global $QUERY_STRING;
+    $QUERY_STRING = $_SERVER['QUERY_STRING'];;   
+
     $Args[1]['attachment_common']['href'] = '../src/view_text.php?'. $QUERY_STRING;
     $Args[1]['attachment_common']['href'] =
           set_url_var($Args[1]['attachment_common']['href'], 
@@ -128,16 +129,16 @@ function attachment_common_link_message(&$Args)
 }
 
 
-function attachment_common_link_html(&$Args)
+function attachment_common_link_html(&$Args) 
 {
-    $Args[1]['attachment_common']['href'] = '../src/download.php?startMessage=' . 
-        $Args[2] . '&passed_id=' . $Args[3] . '&mailbox=' . $Args[4] .
-       '&passed_ent_id=' . $Args[5] . '&override_type0=text&override_type1=html';
-    
-    if ($Args[8] && $Args[9]) {
-        $Args[1]['attachment_common']['href'] .= '&where=' . 
-        urlencode($Args[8]) . '&what=' . urlencode($Args[9]);
-    }
+    $QUERY_STRING = $_SERVER['QUERY_STRING'];;   
+
+    $Args[1]['attachment_common']['href'] = '../src/view_text.php?'. $QUERY_STRING.
+       /* why use the overridetype? can this be removed */
+       '&override_type0=text&override_type1=html';
+    $Args[1]['attachment_common']['href'] =
+          set_url_var($Args[1]['attachment_common']['href'], 
+         'ent_id',$Args[5]);
 
     $Args[1]['attachment_common']['text'] = _("view");
 
@@ -146,7 +147,9 @@ function attachment_common_link_html(&$Args)
 
 function attachment_common_link_image(&$Args)
 {
+    $QUERY_STRING = $_SERVER['QUERY_STRING'];;   
     global $attachment_common_show_images, $attachment_common_show_images_list;
+
     
     $info['passed_id'] = $Args[3];
     $info['mailbox'] = $Args[4];
@@ -154,7 +157,6 @@ function attachment_common_link_image(&$Args)
     
     $attachment_common_show_images_list[] = $info;
     
-    global $QUERY_STRING;
     $Args[1]['attachment_common']['href'] = '../src/image.php?'. $QUERY_STRING;
     $Args[1]['attachment_common']['href'] =
           set_url_var($Args[1]['attachment_common']['href'], 
@@ -169,7 +171,8 @@ function attachment_common_link_image(&$Args)
 
 function attachment_common_link_vcard(&$Args)
 {
-    global $QUERY_STRING;
+    $QUERY_STRING = $_SERVER['QUERY_STRING'];;   
+
     $Args[1]['attachment_common']['href'] = '../src/vcard.php?'. $QUERY_STRING;
     $Args[1]['attachment_common']['href'] =
           set_url_var($Args[1]['attachment_common']['href'],