- Security: Possible cookie theft in src/redirect.php if

[squirrelmail.git] / src / addrbook_search_html.php

diff --git a/src/addrbook_search_html.php b/src/addrbook_search_html.php
index 9abb59c546bd35637798b4c9aace3ea8aa975d90..1a722e48c74cd602eae2dc5e8e0f6516d4207078 100644 (file)
--- a/src/addrbook_search_html.php
+++ b/src/addrbook_search_html.php
@@ -1,15 +1,13 @@
 <?php
-
 /**
  * addrbook_search_html.php
  *
- * Copyright (c) 1999-2005 The SquirrelMail Project Team
- * Licensed under the GNU GPL. For full terms see the file COPYING.
- *
  * Handle addressbook searching with pure html.
  *
  * This file is included from compose.php
  *
+ * @copyright &copy; 1999-2006 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
  * @subpackage addressbook
@@ -24,7 +22,7 @@ if (! defined('SM_PATH') ) {
 }
 
 /** SquirrelMail required files. */
-require_once(SM_PATH . 'include/validate.php');
+include_once(SM_PATH . 'include/validate.php');
 include_once(SM_PATH . 'functions/global.php');
 include_once(SM_PATH . 'functions/date.php');
 include_once(SM_PATH . 'functions/display_messages.php');
@@ -67,7 +65,7 @@ function addr_insert_hidden() {
 /**
  * List search results
  * @param array $res Array containing results of search
- * @param bool $includesource UNDOCUMENTED [Default=true]
+ * @param bool $includesource If true, adds backend column to address listing
  */
 function addr_display_result($res, $includesource = true) {
     global $color, $javascript_on, $PHP_SELF, $squirrelmail_language;
@@ -79,25 +77,28 @@ function addr_display_result($res, $includesource = true) {
     addr_insert_hidden();
     $line = 0;
 
-if ($javascript_on) {
-    print
-        '<script language="JavaScript" type="text/javascript">' .
-        "\n<!-- \n" .
-        "function CheckAll(ch) {\n" .
-        "   for (var i = 0; i < document.addrbook.elements.length; i++) {\n" .
-        "       if( document.addrbook.elements[i].type == 'checkbox' &&\n" .
-        "           document.addrbook.elements[i].name.substr(0,16) == 'send_to_search['+ch ) {\n" .
-        "           document.addrbook.elements[i].checked = !(document.addrbook.elements[i].checked);\n".
-        "       }\n" .
-        "   }\n" .
-        "}\n" .
-        "//-->\n" .
-        "</script>\n";
-    $chk_all = '<a href="#" onclick="CheckAll(\'T\');">' . _("All") . '</a>&nbsp;<font color="'.$color[9].'">'._("To").'</font>'.
+    if ($javascript_on) {
+        print
+            '<script type="text/javascript">' .
+            "\n<!-- \n" .
+            "function CheckAll(ch) {\n" .
+            "   for (var i = 0; i < document.addrbook.elements.length; i++) {\n" .
+            "       if( document.addrbook.elements[i].type == 'checkbox' &&\n" .
+            "           document.addrbook.elements[i].name.substr(0,16) == 'send_to_search['+ch ) {\n" .
+            "           document.addrbook.elements[i].checked = !(document.addrbook.elements[i].checked);\n".
+            "       }\n" .
+            "   }\n" .
+            "}\n" .
+            "//-->\n" .
+            "</script>\n";
+        $chk_all = '<a href="#" onclick="CheckAll(\'T\');">'._("All").'</a>&nbsp;<font color="'.$color[9].'">'._("To").'</font>'.
             '&nbsp;&nbsp;'.
             '<a href="#" onclick="CheckAll(\'C\');">' . _("All") . '</a>&nbsp;<font color="'.$color[9].'">'._("Cc").'</font>'.
             '&nbsp;&nbsp;'.
             '<a href="#" onclick="CheckAll(\'B\');">' . _("All") . '</a>';
+    } else {
+        // check_all links are used only in JavaScript. disable links in js=off environment.
+        $chk_all = '';
     }
     echo html_tag( 'table', '', 'center', '', 'border="0" width="98%"' ) .
     html_tag( 'tr', '', '', $color[9] ) .
@@ -194,12 +195,12 @@ html_tag( 'table',
 
 
 /* Search form */
-echo '<center>' .
+echo '<div style="text-align: center;">' .
     html_tag( 'table', '', 'center', '', 'border="0"' ) .
     html_tag( 'tr' ) .
     html_tag( 'td', '', 'left', '', 'style="white-space: nowrap;" valign="middle"' ) . "\n" .
     addForm($PHP_SELF.'?html_addr_search=true', 'post', 'f').
-    "\n<center>\n" .
+    "\n<div style=\"text-align: center;\">\n" .
     '  <nobr><strong>' . _("Search for") . "</strong>\n";
 addr_insert_hidden();
 echo addInput('addrquery', $addrquery, 26);
@@ -226,8 +227,8 @@ if (isset($session)) {
 echo '<input type="submit" value="' . _("Search") . '" />' .
      '&nbsp;|&nbsp;<input type="submit" value="' . _("List all") .
      '" name="listall" />' . "\n" .
-     '</form></center></td></tr></table>' . "\n";
-echo '</center>';
+     '</form></div></td></tr></table>' . "\n";
+echo '</div>';
 do_hook('addrbook_html_search_below');
 /* End search form */
 
@@ -258,7 +259,7 @@ if ($addrquery == '' || ! empty($listall)) {
         usort($res,'alistcmp');
         addr_display_result($res, true);
     }
-    echo "\n</body></html>";
+    $oTemplate->display('footer.tpl');
     exit;
 } elseif (!empty($addrquery)) {
     /* Do the search */
@@ -272,14 +273,14 @@ if ($addrquery == '' || ! empty($listall)) {
         echo html_tag( 'p', '<b><br />' .
                        _("Your search failed with the following error(s)") .
                        ':<br />' . $abook->error . "</b>\n" ,
-                       'center' ) .
-            "\n</body></html>\n";
+                       'center' ) . "\n";
+        $oTemplate->display('footer.tpl');
     } else {
         if (sizeof($res) == 0) {
             echo html_tag( 'p', '<br /><b>' .
                            _("No persons matching your search were found") . "</b>\n" ,
-                           'center' ) .
-                "\n</body></html>\n";
+                           'center' ) . "\n";
+            $oTemplate->display('footer.tpl');
         } else {
             addr_display_result($res);
         }
@@ -293,12 +294,12 @@ if ($addrquery == '' || ! empty($listall)) {
 }
 
 if ($addrquery == '' || sizeof($res) == 0) {
-    echo '<center>'.
+    echo '<div style="text-align: center;">'.
         addForm('compose.php','post','k');
     addr_insert_hidden();
     echo '<input type="submit" value="' . _("Return") . '" name="return" />' . "\n" .
-         '</form></center></nobr>';
+         '</form></div></nobr>';
 }
 
-?>
-</body></html>
\ No newline at end of file
+$oTemplate->display('footer.tpl');
+?>
\ No newline at end of file