* Subfolder search idea from Patch #806075 by Thomas Pohl xraven at users.sourceforge.net. Thanks Thomas!
*
* @author Alex Lemaresquier - Brainstorm <alex at brainstorm.fr>
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2020 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
* @todo explain why references are used in function calls
*/
+/** This is the search page */
+define('PAGE_NAME', 'search');
+
/**
* Include the SquirrelMail initialization file.
*/
require_once(SM_PATH . 'functions/imap_messages.php');
require_once(SM_PATH . 'functions/imap_general.php');
require_once(SM_PATH . 'functions/mime.php');
-//FIXME - comment on next line seems to indicate this require is for the since removed getButton() function... the next line is thus being commented out... if this proves to be correct, please remove this and the next line completely
-//require_once(SM_PATH . 'functions/mailbox_display.php'); //getButton()
+require_once(SM_PATH . 'functions/mailbox_display.php'); //sqm_api_mailbox_select
require_once(SM_PATH . 'functions/forms.php');
require_once(SM_PATH . 'functions/date.php');
require_once(SM_PATH . 'functions/compose.php');
$cur_mailbox = 'INBOX';
$biop = asearch_nz($biop_array[$crit_num]);
if (($query_display == '') || ($cur_mailbox != $last_mailbox)) {
- $mailbox_display = ' <span class="mailbox">' . htmlspecialchars(asearch_get_mailbox_display($cur_mailbox)) . '</span>';
+ $mailbox_display = ' <span class="mailbox">' . sm_encode_html_special_chars(asearch_get_mailbox_display($cur_mailbox)) . '</span>';
if ($query_display == '')
$biop_display = _("In");
else
if ($what_type == 'adate')
$what_display = asearch_get_date_display($what);
else
- $what_display = htmlspecialchars($what);
+ $what_display = sm_encode_html_special_chars($what);
$what_display = ' <span class="value">' . $what_display . '</span>';
}
}
$oTemplate->assign('expand_collapse_toggle', '../src/search.php?'.$show_pref.'='.($show_flag==1 ? 0 : 1));
$oTemplate->assign('query_list', $a);
- $oTemplate->assign('save_recent', '../src/search.php?submit=save_recent&rownum=');
- $oTemplate->assign('do_recent', '../src/search.php?submit=search_recent&rownum=');
- $oTemplate->assign('forget_recent', '../src/search.php?submit=forget_recent&rownum=');
+ $oTemplate->assign('save_recent', '../src/search.php?submit=save_recent&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('do_recent', '../src/search.php?submit=search_recent&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('forget_recent', '../src/search.php?submit=forget_recent&smtoken=' . sm_generate_security_token() . '&rownum=');
- $oTemplate->assign('edit_saved', '../src/search.php?submit=edit_saved&rownum=');
- $oTemplate->assign('do_saved', '../src/search.php?submit=search_saved&rownum=');
- $oTemplate->assign('delete_saved', '../src/search.php?submit=delete_saved&rownum=');
+ $oTemplate->assign('edit_saved', '../src/search.php?submit=edit_saved&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('do_saved', '../src/search.php?submit=search_saved&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('delete_saved', '../src/search.php?submit=delete_saved&smtoken=' . sm_generate_security_token() . '&rownum=');
$oTemplate->display('search_list.tpl');
}
# Build the mailbox array
$a = array();
if (($mailbox != 'All Folders') && (!asearch_mailbox_exists($mailbox, $boxes))) {
- $a[$mailbox] = '[' . _("Missing") . '] ' . htmlspecialchars(asearch_get_mailbox_display($mailbox));
+ $a[$mailbox] = '[' . _("Missing") . '] ' . sm_encode_html_special_chars(asearch_get_mailbox_display($mailbox));
}
$a['All Folders'] = '[' . asearch_get_mailbox_display('All Folders') . ']';
$a = array_merge($a, sqimap_mailbox_option_array($imapConnection, 0, $boxes, NULL));
$oTemplate->assign('criteria', $c);
- echo '<form action="../src/search.php" name="form_asearch">' . "\n";
+ echo '<form action="../src/search.php" name="form_asearch">' . "\n"
+ . addHidden('smtoken', sm_generate_security_token()) . "\n";
$oTemplate->display('search_advanced.tpl');
echo "</form>\n";
}
# Build the mailbox array
$a = array();
if (($mailbox != 'All Folders') && (!asearch_mailbox_exists($mailbox, $boxes))) {
- $a[$mailbox] = '[' . _("Missing") . '] ' . htmlspecialchars(asearch_get_mailbox_display($mailbox));
+ $a[$mailbox] = '[' . _("Missing") . '] ' . sm_encode_html_special_chars(asearch_get_mailbox_display($mailbox));
}
$a['All Folders'] = '[' . asearch_get_mailbox_display('All Folders') . ']';
$a = array_merge($a, sqimap_mailbox_option_array($imapConnection, 0, $boxes, NULL));
$oTemplate->assign('unary_options', $imap_asearch_unops);
$oTemplate->assign('where_options', $imap_asearch_options);
- $oTemplate->assign('mailbox_sel', strtolower(htmlspecialchars($mailbox)));
+ $oTemplate->assign('mailbox_sel', strtolower(sm_encode_html_special_chars($mailbox)));
$oTemplate->assign('unary_sel', $unop);
$oTemplate->assign('where_sel', $where);
$oTemplate->assign('what_val', $what);
- echo '<form action="../src/search.php" name="form_asearch">' . "\n";
+ echo '<form action="../src/search.php" name="form_asearch">' . "\n"
+ . addHidden('smtoken', sm_generate_security_token()) . "\n";
$oTemplate->display('search.tpl');
echo "</form>\n";
}
/* ------------------------ main ------------------------ */
/* get globals we will need */
+sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
-if ( sqgetGlobalVar('checkall', $temp, SQ_GET) ) {
- $checkall = (int) $temp;
+if (!sqgetGlobalVar('checkall',$checkall,SQ_GET)) {
+ $checkall = false;
+}
+
+if (!sqgetGlobalVar('preselected', $preselected, SQ_GET) || !is_array($preselected)) {
+ $preselected = array();
+} else {
+ $preselected = array_keys($preselected);
}
/**
if (!isset($submit)) {
$submit = '';
} else {
+
+ // first validate security token
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
switch ($submit) {
case $search_button_text:
if (asearch_check_query($where_array, $what_array, $exclude_array) == '') {
uasort($imap_asearch_options, 'asearch_unhtml_strcoll');
/* open IMAP connection */
-$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
+global $imap_stream_options; // in case not defined in config
+$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imap_stream_options);
/* get mailboxes once here */
$boxes = sqimap_mailbox_list($imapConnection);
/* ensure we have a valid default mailbox name */
$mailbox = asearch_nz($mailbox_array[0]);
-if (($mailbox == '') || ($mailbox == 'None')) //Workaround for sm quirk IMHO (what if I really have a mailbox called None?)
+if ($mailbox == '')
$mailbox = $boxes[0]['unformatted']; //Usually INBOX ;)
$compose_height = '550';
}
// do not use &, it will break the query string and $session will not be detected!!!
- $comp_uri = SM_PATH . 'src/compose.php?mailbox='. urlencode($mailbox).
- '&session='.$aMailbox['FORWARD_SESSION'];
+ $comp_uri = $base_uri . 'src/compose.php?mailbox='. urlencode($mailbox)
+ . '&session='.$aMailbox['FORWARD_SESSION']['SESSION_NUMBER']
+ . '&smaction=forward_as_attachment'
+ . '&fwduid=' . implode('_', $aMailbox['FORWARD_SESSION']['UIDS']);
displayPageHeader($color, $mailbox, "comp_in_new('$comp_uri', $compose_width, $compose_height);", false);
} else {
// save mailboxstate
sqsession_register($aMailbox,'aLastSelectedMailbox');
session_write_close();
// we have to redirect to the compose page
- $location = SM_PATH . 'src/compose.php?mailbox='. urlencode($mailbox).
- '&session='.$aMailbox['FORWARD_SESSION'];
+ $location = $base_uri . 'src/compose.php?mailbox='. urlencode($mailbox)
+ . '&session='.$aMailbox['FORWARD_SESSION']['SESSION_NUMBER']
+ . '&smaction=forward_as_attachment'
+ . '&fwduid=' . implode('_', $aMailbox['FORWARD_SESSION']['UIDS']);
header("Location: $location");
exit;
}
*/
if ($aMailbox['EXISTS'] > 0) {
if ($iError) {
- // TODO
+ // TODO: Implement an error handler in the search page.
echo "ERROR occured, errorhandler will be implemented very soon";
} else {
foreach ($aTemplate as $k => $v) {
$mailbox_display = imap_utf7_decode_local($mbx);
}
- $oTemplate->assign('mailbox_name', htmlspecialchars($mailbox_display));
+ $oTemplate->assign('mailbox_name', sm_encode_html_special_chars($mailbox_display));
$oTemplate->display('search_result_mailbox.tpl');
$oTemplate->assign('page_selector', $page_selector);
$oTemplate->assign('alt_index_colors', isset($alt_index_colors) ? $alt_index_colors: false);
$oTemplate->assign('color', $color);
$oTemplate->assign('align', $align);
+ $oTemplate->assign('checkall', $checkall);
+ $oTemplate->assign('preselected', $preselected);
+
+ global $show_personal_names;
+ $oTemplate->assign('show_personal_names', $show_personal_names);
+
+ global $accesskey_mailbox_toggle_selected, $accesskey_mailbox_thread;
+ $oTemplate->assign('accesskey_mailbox_toggle_selected', $accesskey_mailbox_toggle_selected);
+ $oTemplate->assign('accesskey_mailbox_thread', $accesskey_mailbox_thread);
$oTemplate->display('message_list.tpl');
}
$oTemplate->display('footer.tpl');
sqsession_register($mailbox_cache,'mailbox_cache');
-?>