information about administrative restrictions in bug_report plugin

[squirrelmail.git] / src / search.php

diff --git a/src/search.php b/src/search.php
index b08778f5e50e55c46e8c832de7780fa37066365c..4e108cfae4d44d21868e8bb59a805e000239e8bd 100644 (file)
--- a/src/search.php
+++ b/src/search.php
@@ -3,18 +3,17 @@
 /**
  * search.php
  *
- * Copyright (c) 1999-2005 The SquirrelMail Project Team
- * Licensed under the GNU GPL. For full terms see the file COPYING.
- *
  * IMAP search page
  *
  * Subfolder search idea from Patch #806075 by Thomas Pohl xraven at users.sourceforge.net. Thanks Thomas!
  *
+ * @author Alex Lemaresquier - Brainstorm <alex at brainstorm.fr>
+ * @copyright &copy; 1999-2005 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
  * @subpackage search
  * @link http://www.ietf.org/rfc/rfc3501.txt
- * @author Alex Lemaresquier - Brainstorm - alex at brainstorm.fr
  */
 
 /**
@@ -506,7 +505,7 @@ function asearch_get_query_display(&$color, &$mailbox_array, &$biop_array, &$uno
                 $cur_mailbox = 'INBOX';
             $biop = asearch_nz($biop_array[$crit_num]);
             if (($query_display == '') || ($cur_mailbox != $last_mailbox)) {
-                $mailbox_display = ' <b>' . asearch_get_mailbox_display($cur_mailbox) . '</b>';
+                $mailbox_display = ' <b>' . htmlspecialchars(asearch_get_mailbox_display($cur_mailbox)) . '</b>';
                 if ($query_display == '')
                     $biop_display = _("In");
                 else
@@ -715,7 +714,7 @@ function asearch_mailbox_exists($mailbox, &$boxes)
 function asearch_get_form_mailbox($imapConnection, &$boxes, $mailbox, $row_num = 0)
 {
     if (($mailbox != 'All Folders') && (!asearch_mailbox_exists($mailbox, $boxes))) {
-        $missing = asearch_opt($mailbox, $mailbox, '[' . _("Missing") . '] ' . asearch_get_mailbox_display($mailbox));
+        $missing = asearch_opt($mailbox, $mailbox, '[' . _("Missing") . '] ' . htmlspecialchars(asearch_get_mailbox_display($mailbox)));
     } else {
         $missing = '';
     }
@@ -727,6 +726,7 @@ function asearch_get_form_mailbox($imapConnection, &$boxes, $mailbox, $row_num =
 }
 
 /** Build the Include subfolders checkbox
+ * @todo if(function_exists('addCheckBox')) ?
  */
 function asearch_get_form_sub($sub, $row_num = 0)
 {
@@ -753,6 +753,7 @@ function asearch_get_form_what($what, $row_num = 0)
 }
 
 /** Build the Exclude criteria checkbox
+ * @todo if(function_exists('addCheckBox')) ?
  */
 function asearch_get_form_exclude($exclude, $row_num = 0)
 {
@@ -1359,7 +1360,7 @@ if (isset($aMailbox['FORWARD_SESSION'])) {
         session_write_close();
         // restart the session. Do not use sqsession_is_active because the session_id
         // isn't empty after a session_write_close
-        session_start();
+        sqsession_start();
 
         if (!preg_match("/^[0-9]{3,4}$/", $compose_width)) {
             $compose_width = '640';
@@ -1387,7 +1388,7 @@ if (isset($aMailbox['FORWARD_SESSION'])) {
 }
 
 if (isset($note)) {
-    echo html_tag( 'div', '<b>' . $note .'</b>', 'center' ) . "<br />\n";
+    echo html_tag( 'div', '<b>' . htmlspecialchars($note) .'</b>', 'center' ) . "<br />\n";
 }
 
 
@@ -1624,7 +1625,7 @@ if ($submit == $search_button_text) {
                             $mailbox_display = imap_utf7_decode_local($mbx);
                         }
 
-                        echo '<br /><b><big>' . _("Folder:") . ' '. $mailbox_display . '&nbsp;</big></b>';
+                        echo '<br /><b><big>' . _("Folder:") . ' '. htmlspecialchars($mailbox_display) . '&nbsp;</big></b>';
 
                         $oTemplate->display('message_list.tpl');
                     }
@@ -1646,4 +1647,4 @@ sqimap_logout($imapConnection);
 echo '</body></html>';
 sqsession_register($mailbox_cache,'mailbox_cache');
 
-?>
\ No newline at end of file
+?>