/**
* webmail.php -- Displays the main frameset
*
- * Copyright (c) 1999-2004 The SquirrelMail development team
+ * Copyright (c) 1999-2005 The SquirrelMail Project Team
* Licensed under the GNU GPL. For full terms see the file COPYING.
*
* This file generates the main frameset. The files that are
* shown can be given as parameters. If the user is not logged in
* this file will verify username and password.
*
- * $Id$
+ * @version $Id$
* @package squirrelmail
*/
-/** Path for SquirrelMail required files. */
+/**
+ * Path for SquirrelMail required files.
+ * @ignore
+ */
define('SM_PATH','../');
/* SquirrelMail required files. */
sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
+if (sqgetGlobalVar('sort', $sort)) {
+ $sort = (int) $sort;
+}
+
+if (sqgetGlobalVar('startMessage', $startMessage)) {
+ $startMessage = (int) $startMessage;
+}
+
+if (!sqgetGlobalVar('mailbox', $mailbox)) {
+ $mailbox = 'INBOX';
+}
+
sqgetGlobalVar('right_frame', $right_frame, SQ_GET);
if ( isset($_SESSION['session_expired_post']) ) {
$output = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Frameset//EN\">\n".
"<html><head>\n" .
+ "<meta name=\"robots\" content=\"noindex,nofollow\">\n" .
"<title>$org_title</title>\n".
"</head>";
if ($err==2) {
echo $output.
"<body>\n".
- "<p>You need to have php4 installed with the multibyte string function \n".
- "enabled (using configure option --enable-mbstring).</p>\n".
- "<p>System assumed that you accidently switched to Japanese translation \n".
+ "<p>You need to have php4 installed with the multibyte string function \n".
+ "enabled (using configure option --enable-mbstring).</p>\n".
+ "<p>System assumed that you accidently switched to Japanese translation \n".
"and reverted your language preference to English.</p>\n".
- "<p>Please refresh this page in order to use webmail.</p>\n".
- "</body></html>";
+ "<p>Please refresh this page in order to use webmail.</p>\n".
+ "</body></html>";
return;
}
* This was done to create a pure HTML way of refreshing the folder list since
* we would like to use as little Javascript as possible.
*/
-if (!isset($right_frame)) {
+
+if (empty($right_frame) || (strpos(urldecode($right_frame), '://'))) {
$right_frame = '';
-}
+}
+
if ($right_frame == 'right_main.php') {
$urlMailbox = urlencode($mailbox);
- $right_frame_url =
- "right_main.php?mailbox=$urlMailbox&sort=$sort&startMessage=$startMessage";
+ $right_frame_url = "right_main.php?mailbox=$urlMailbox"
+ . (!empty($sort)?"&sort=$sort":'')
+ . (!empty($startMessage)?"&startMessage=$startMessage":'');
} elseif ($right_frame == 'options.php') {
$right_frame_url = 'options.php';
} elseif ($right_frame == 'folders.php') {
} else if ($right_frame == '') {
$right_frame_url = 'right_main.php';
} else {
- $right_frame_url = $right_frame;
+ $right_frame_url = htmlspecialchars($right_frame);
}
$left_frame = '<frame src="left_main.php" name="left" frameborder="1" title="'.
$output = $ret;
}
echo $output;
+
?>
</frameset>
-</html>
+</html>
\ No newline at end of file