/**
* addrbook_search.php
*
- * Copyright (c) 1999-2002 The SquirrelMail Project Team
+ * Copyright (c) 1999-2003 The SquirrelMail Project Team
* Licensed under the GNU GPL. For full terms see the file COPYING.
*
* Handle addressbook searching in the popup window.
* addrbook_search_html.html -- If you change one,
* change the other one too!
*
- * $Id$
+ * $Id$
+ * @package squirrelmail
*/
-require_once('../src/validate.php');
-require_once('../functions/strings.php');
-require_once('../functions/html.php');
+/**
+ * Path for SquirrelMail required files.
+ */
+define('SM_PATH','../');
+
+/** SquirrelMail required files. */
+require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/strings.php');
+require_once(SM_PATH . 'functions/global.php');
+require_once(SM_PATH . 'functions/html.php');
+
+/** lets get the global vars we may need */
+sqgetGlobalVar('key', $key, SQ_COOKIE);
+sqgetGlobalVar('username', $username, SQ_SESSION);
+sqgetGlobalVar('onetimepad',$onetimepad, SQ_SESSION);
+sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
-/* Function to include JavaScript code */
+sqgetGlobalVar('show' , $show);
+sqgetGlobalVar('query', $query, SQ_POST);
+sqgetGlobalVar('listall', $listall, SQ_POST);
+sqgetGlobalVar('backend', $backend, SQ_POST);
+
+/**
+ * Function to include JavaScript code
+ * @return void
+ */
function insert_javascript() {
?>
<SCRIPT LANGUAGE="Javascript"><!--
} /* End of included JavaScript */
-/* List search results */
+/**
+ * List search results
+ * @param array $res Array of search results
+ * @param bool $includesource [Default=true]
+ * @return void
+ */
function display_result($res, $includesource = true) {
global $color;
while (list($undef, $row) = each($res)) {
$tr_bgcolor = '';
- $email = addslashes(AddressBook::full_address($row));
+ $email = htmlspecialchars(addcslashes(AddressBook::full_address($row), "'"), ENT_QUOTES);
if ($line % 2) { $tr_bgcolor = $color[0]; }
echo html_tag( 'tr', '', '', $tr_bgcolor, 'nowrap' ) .
html_tag( 'td',
'<a href="javascript:bcc_address(' .
"'" . $email . "');\">Bcc</A></small>",
'center', '', 'valign="top" width="5%" nowrap' ) .
- html_tag( 'td', ' ' . $row['name'], 'left', '', 'valign="top" nowrap' ) .
+ html_tag( 'td', ' ' . htmlspecialchars($row['name']), 'left', '', 'valign="top" nowrap' ) .
html_tag( 'td', ' ' .
'<a href="javascript:to_and_close(' .
- "'" . $email . "');\">" . $row['email'] . '</A>'
+ "'" . $email . "');\">" . htmlspecialchars($row['email']) . '</A>'
, 'left', '', 'valign="top"' ) .
- html_tag( 'td', $row['label'], 'left', '', 'valign="top" nowrap' );
+ html_tag( 'td', htmlspecialchars($row['label']), 'left', '', 'valign="top" nowrap' );
if ($includesource) {
echo html_tag( 'td', ' ' . $row['source'], 'left', '', 'valign="top" nowrap' );
}
/* ================= End of functions ================= */
-require_once('../functions/array.php');
require_once('../functions/strings.php');
require_once('../functions/addressbook.php');