Ukrainian Language , Oleg Baranovsky

[squirrelmail.git] / src / image.php

diff --git a/src/image.php b/src/image.php
index 776549db8118e25506c5abf3c5276d1f8800757d..73ceb6f71f55855bb4f7487d167f7bd0fbde6705 100644 (file)
--- a/src/image.php
+++ b/src/image.php
@@ -11,14 +11,25 @@
  * $Id$
  */
 
-require_once('../src/validate.php');
-require_once('../functions/date.php');
-require_once('../functions/page_header.php');
-require_once('../functions/html.php');
-require_once('../src/load_prefs.php');
+/* Path for SquirrelMail required files. */
+define('SM_PATH','../');
+
+/* SquirrelMail required files. */
+require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/date.php');
+require_once(SM_PATH . 'functions/page_header.php');
+require_once(SM_PATH . 'functions/html.php');
+require_once(SM_PATH . 'include/load_prefs.php');
 
 displayPageHeader($color, 'None');
 
+/* globals */
+$mailbox = $_GET['mailbox'];
+$passed_id = (int) $_GET['passed_id'];
+$ent_id = $_GET['ent_id'];
+$QUERY_STRING = $_SERVER['QUERY_STRING'];
+/* end globals */
+
 echo '<BR>' . 
     '<TABLE WIDTH="100%" BORDER=0 CELLSPACING=0 CELLPADDING=2 ALIGN=CENTER>' .
     "\n" .
@@ -26,14 +37,14 @@ echo '<BR>' .
     '<B><CENTER>' .
     _("Viewing an image attachment") . " - ";
 
-$msg_url = 'read_body.php?' . $QUERY_STRING;
+$msg_url = 'read_body.php?' . urlencode(strip_tags(urldecode($QUERY_STRING)));
 $msg_url = set_url_var($msg_url, 'ent_id', 0);
 echo '<a href="'.$msg_url.'">'. _("View message") . '</a>';
 
 
 $DownloadLink = '../src/download.php?passed_id=' . $passed_id .
                '&amp;mailbox=' . urlencode($mailbox) . 
-               '&amp;ent_id=' . $ent_id . '&amp;absolute_dl=true';
+               '&amp;ent_id=' . urlencode($ent_id) . '&amp;absolute_dl=true';
 
 echo '</b></td></tr>' . "\n" .
     '<tr><td align=center><A HREF="' . $DownloadLink . '">' .