* Subfolder search idea from Patch #806075 by Thomas Pohl xraven at users.sourceforge.net. Thanks Thomas!
*
* @author Alex Lemaresquier - Brainstorm <alex at brainstorm.fr>
- * @copyright © 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2010 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
$oTemplate->assign('expand_collapse_toggle', '../src/search.php?'.$show_pref.'='.($show_flag==1 ? 0 : 1));
$oTemplate->assign('query_list', $a);
- $oTemplate->assign('save_recent', '../src/search.php?submit=save_recent&rownum=');
- $oTemplate->assign('do_recent', '../src/search.php?submit=search_recent&rownum=');
- $oTemplate->assign('forget_recent', '../src/search.php?submit=forget_recent&rownum=');
+ $oTemplate->assign('save_recent', '../src/search.php?submit=save_recent&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('do_recent', '../src/search.php?submit=search_recent&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('forget_recent', '../src/search.php?submit=forget_recent&smtoken=' . sm_generate_security_token() . '&rownum=');
- $oTemplate->assign('edit_saved', '../src/search.php?submit=edit_saved&rownum=');
- $oTemplate->assign('do_saved', '../src/search.php?submit=search_saved&rownum=');
- $oTemplate->assign('delete_saved', '../src/search.php?submit=delete_saved&rownum=');
+ $oTemplate->assign('edit_saved', '../src/search.php?submit=edit_saved&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('do_saved', '../src/search.php?submit=search_saved&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('delete_saved', '../src/search.php?submit=delete_saved&smtoken=' . sm_generate_security_token() . '&rownum=');
$oTemplate->display('search_list.tpl');
}
$oTemplate->assign('criteria', $c);
- echo '<form action="../src/search.php" name="form_asearch">' . "\n";
+ echo '<form action="../src/search.php" name="form_asearch">' . "\n"
+ . addHidden('smtoken', sm_generate_security_token()) . "\n";
$oTemplate->display('search_advanced.tpl');
echo "</form>\n";
}
$oTemplate->assign('where_sel', $where);
$oTemplate->assign('what_val', $what);
- echo '<form action="../src/search.php" name="form_asearch">' . "\n";
+ echo '<form action="../src/search.php" name="form_asearch">' . "\n"
+ . addHidden('smtoken', sm_generate_security_token()) . "\n";
$oTemplate->display('search.tpl');
echo "</form>\n";
}
/* ------------------------ main ------------------------ */
/* get globals we will need */
+sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
if (!sqgetGlobalVar('checkall',$checkall,SQ_GET)) {
if (!isset($submit)) {
$submit = '';
} else {
+
+ // first validate security token
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
switch ($submit) {
case $search_button_text:
if (asearch_check_query($where_array, $what_array, $exclude_array) == '') {
$compose_height = '550';
}
// do not use &, it will break the query string and $session will not be detected!!!
- $comp_uri = SM_PATH . 'src/compose.php?mailbox='. urlencode($mailbox).
- '&session='.$aMailbox['FORWARD_SESSION'];
+ $comp_uri = $base_uri . 'src/compose.php?mailbox='. urlencode($mailbox)
+ . '&session='.$aMailbox['FORWARD_SESSION']['SESSION_NUMBER']
+ . '&smaction=forward_as_attachment'
+ . '&fwduid=' . implode('_', $aMailbox['FORWARD_SESSION']['UIDS']);
displayPageHeader($color, $mailbox, "comp_in_new('$comp_uri', $compose_width, $compose_height);", false);
} else {
// save mailboxstate
sqsession_register($aMailbox,'aLastSelectedMailbox');
session_write_close();
// we have to redirect to the compose page
- $location = SM_PATH . 'src/compose.php?mailbox='. urlencode($mailbox).
- '&session='.$aMailbox['FORWARD_SESSION'];
+ $location = $base_uri . 'src/compose.php?mailbox='. urlencode($mailbox)
+ . '&session='.$aMailbox['FORWARD_SESSION']['SESSION_NUMBER']
+ . '&smaction=forward_as_attachment'
+ . '&fwduid=' . implode('_', $aMailbox['FORWARD_SESSION']['UIDS']);
header("Location: $location");
exit;
}
*/
if ($aMailbox['EXISTS'] > 0) {
if ($iError) {
- // TODO
+ // TODO: Implement an error handler in the search page.
echo "ERROR occured, errorhandler will be implemented very soon";
} else {
foreach ($aTemplate as $k => $v) {