replace mysql_escape_string with the characterset safe mysql_real_escape_string.

[squirrelmail.git] / plugins / message_details / message_details_main.php

diff --git a/plugins/message_details/message_details_main.php b/plugins/message_details/message_details_main.php
index cfe0139f29bb9e2dcb561de51b92925a86adde19..72f309e04ee15d945f15458c2f7b290a01df2b3f 100644 (file)
--- a/plugins/message_details/message_details_main.php
+++ b/plugins/message_details/message_details_main.php
@@ -23,12 +23,17 @@ displayHtmlHeader( _("Message Details"), '', FALSE );
 
 sqgetGlobalVar('mailbox', $mailbox, SQ_GET);
 sqgetGlobalVar('passed_id', $passed_id, SQ_GET);
+if (!sqgetGlobalVar('passed_ent_id', $passed_ent_id, SQ_GET))
+    $passed_ent_id = 0;
 
+//FIXME: Don't echo HTML directly - need to "templatize" this
 echo "<frameset rows=\"60, *\" >\n";
-echo '<frame src="message_details_top.php?mailbox=' . urlencode($mailbox) .'&amp;passed_id=' . "$passed_id".
-    '" name="top_frame" scrolling="no" noresize="noresize" frameborder="0" />';
-echo '<frame src="message_details_bottom.php?mailbox=' . urlencode($mailbox) .
-    '&amp;get_message_details=yes&amp;passed_id=' . "$passed_id" .
-    '" name="bottom_frame" frameborder="0" />';
+echo '<frame src="message_details_top.php?mailbox=' . urlencode($mailbox) .'&amp;passed_id=' . $passed_id 
+    . '&amp;passed_ent_id=' . $passed_ent_id
+    . '" name="top_frame" scrolling="no" noresize="noresize" frameborder="0" />';
+echo '<frame src="message_details_bottom.php?mailbox=' . urlencode($mailbox) 
+    . '&amp;get_message_details=yes&amp;passed_id=' . $passed_id 
+    . '&amp;passed_ent_id=' . $passed_ent_id
+    . '" name="bottom_frame" frameborder="0" />';
 echo  '</frameset>'."\n"."</html>\n";
-?>
\ No newline at end of file
+?>