/**
* webmail.php -- Displays the main frameset
*
- * Copyright (c) 1999-2004 The SquirrelMail development team
+ * Copyright (c) 1999-2005 The SquirrelMail Project Team
* Licensed under the GNU GPL. For full terms see the file COPYING.
*
* This file generates the main frameset. The files that are
sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
+if (sqgetGlobalVar('sort', $sort)) {
+ $sort = (int) $sort;
+}
+
+if (sqgetGlobalVar('startMessage', $startMessage)) {
+ $startMessage = (int) $startMessage;
+}
+
+if (!sqgetGlobalVar('mailbox', $mailbox)) {
+ $mailbox = 'INBOX';
+}
+
sqgetGlobalVar('right_frame', $right_frame, SQ_GET);
if ( isset($_SESSION['session_expired_post']) ) {
$output = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Frameset//EN\">\n".
"<html><head>\n" .
+ "<meta name=\"robots\" content=\"noindex,nofollow\">\n" .
"<title>$org_title</title>\n".
"</head>";
* This was done to create a pure HTML way of refreshing the folder list since
* we would like to use as little Javascript as possible.
*/
-if (!isset($right_frame)) {
+
+if (empty($right_frame) || (strpos(urldecode($right_frame), '://'))) {
$right_frame = '';
-}
+}
+
if ($right_frame == 'right_main.php') {
$urlMailbox = urlencode($mailbox);
- $right_frame_url =
- "right_main.php?mailbox=$urlMailbox&sort=$sort&startMessage=$startMessage";
+ $right_frame_url = "right_main.php?mailbox=$urlMailbox"
+ . (!empty($sort)?"&sort=$sort":'')
+ . (!empty($startMessage)?"&startMessage=$startMessage":'');
} elseif ($right_frame == 'options.php') {
$right_frame_url = 'options.php';
} elseif ($right_frame == 'folders.php') {
} else if ($right_frame == '') {
$right_frame_url = 'right_main.php';
} else {
- $right_frame_url = $right_frame;
+ $right_frame_url = htmlspecialchars($right_frame);
}
$left_frame = '<frame src="left_main.php" name="left" frameborder="1" title="'.
$output = $ret;
}
echo $output;
+
?>
</frameset>
-</html>
+</html>
\ No newline at end of file