X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=functions%2Fmailbox_display.php;h=a3673bf8430146f087f2f20dd8d3bfc5084f0d32;hb=d887e067a0f745e8dc6eb327069d4189acd61a53;hp=e6e16d269e6a92b1a4c4f02a4b30028d407f8617;hpb=1a75323982539550517e4ec6a17f5a0f8df65aac;p=squirrelmail.git

diff --git a/functions/mailbox_display.php b/functions/mailbox_display.php
index e6e16d26..a3673bf8 100644
--- a/functions/mailbox_display.php
+++ b/functions/mailbox_display.php
@@ -6,7 +6,7 @@
  * This contains functions that display mailbox information, such as the
  * table row that has sender, date, subject, etc...
  *
- * @copyright © 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2010 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -566,7 +566,7 @@ function prepareMessageList(&$aMailbox, $aProps) {
                         }
                         $sTmp = decodeHeader($sTmp);
                         if (isset($aColumnDesc[$k]['truncate']) && $aColumnDesc[$k]['truncate']) {
-                            $sTrunc = truncateWithEntities($sTmp, $aColumnDesc[$k]['truncate']);
+                            $sTrunc = sm_truncate_string($sTmp, $aColumnDesc[$k]['truncate'], '...', TRUE);
                             if ($sTrunc != $sTmp) {
                                 if (!$title) {
                                     $title = $sTmp;
@@ -591,7 +591,7 @@ function prepareMessageList(&$aMailbox, $aProps) {
                     $iIndent = (isset($aIndentArray[$aId[$i]])) ? $aIndentArray[$aId[$i]] : 0;
                     // FIXME: don't break 8bit symbols and html entities during truncation
                     if (isset($aColumnDesc[$k]['truncate']) && $aColumnDesc[$k]['truncate']) {
-                        $sTmp = truncateWithEntities($value, $aColumnDesc[$k]['truncate']-$iIndent);
+                        $sTmp = sm_truncate_string($value, $aColumnDesc[$k]['truncate']-$iIndent, '...', TRUE);
                         // drop any double spaces since these will be displayed in the title
                         $title = ($sTmp != $value) ? preg_replace('/\s{2,}/', ' ', $value) : '';
                         $value = $sTmp;
@@ -975,7 +975,7 @@ function showMessagesForMailbox($imapConnection, &$aMailbox,$aProps, &$iError) {
         $source_url = $php_self;
     }
 
-    $baseurl = $source_url.'?mailbox=' . urlencode($aMailbox['NAME']) .'&account='.$aMailbox['ACCOUNT'];
+    $baseurl = $source_url.'?mailbox=' . urlencode($aMailbox['NAME']) .'&account='.$aMailbox['ACCOUNT'] . (strpos($source_url, 'src/search.php') ? '&smtoken=' . sm_generate_security_token() : '');
     $where = urlencode($aMailbox['SEARCH'][$iSetIndx][0]);
     $what = urlencode($aMailbox['SEARCH'][$iSetIndx][1]);
     $baseurl .= '&where=' . $where .  '&what=' .  $what;
@@ -1253,53 +1253,6 @@ function showMessagesForMailbox($imapConnection, &$aMailbox,$aProps, &$iError) {
 }
 
 
-/**
- * Truncates a string and take care of html encoded characters
- *
- * @param string  $s string to truncate
- * @param int $iTrimAt Trim at nn characters
- * @return string  Trimmed string
- */
-function truncateWithEntities($s, $iTrimAt) {
-    global $languages, $squirrelmail_language;
-
-    $ent_strlen = strlen($s);
-    if (($iTrimAt <= 0) || ($ent_strlen <= $iTrimAt))
-        return $s;
-
-    if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
-        function_exists($languages[$squirrelmail_language]['XTRA_CODE'] . '_strimwidth')) {
-        return call_user_func($languages[$squirrelmail_language]['XTRA_CODE'] . '_strimwidth', $s, $iTrimAt);
-    } else {
-        /*
-         * see if this is entities-encoded string
-         * If so, Iterate through the whole string, find out
-         * the real number of characters, and if more
-         * than $iTrimAt, substr with an updated trim value.
-         */
-        $trim_val = $iTrimAt;
-        $ent_offset = 0;
-        $ent_loc = 0;
-        while ( $ent_loc < $trim_val && (($ent_loc = strpos($s, '&', $ent_offset)) !== false) &&
-                (($ent_loc_end = strpos($s, ';', $ent_loc+3)) !== false) ) {
-            $trim_val += ($ent_loc_end-$ent_loc);
-            $ent_offset  = $ent_loc_end+1;
-        }
-
-        if (($trim_val > $iTrimAt) && ($ent_strlen > $trim_val) && (strpos($s,';',$trim_val) < ($trim_val + 6))) {
-            $i = strpos($s,';',$trim_val);
-            if ($i !== false) {
-                $trim_val = strpos($s,';',$trim_val)+1;
-            }
-        }
-        // only print '...' when we're actually dropping part of the subject
-        if ($ent_strlen <= $trim_val)
-            return $s;
-    }
-    return substr_replace($s, '...', $trim_val);
-}
-
-
 /**
  * Process messages list form and handle the cache gracefully. If $sButton and
  * $aUid are provided as argument then you can fake a message list submit and
@@ -1341,6 +1294,11 @@ function handleMessageListForm($imapConnection, &$aMailbox, $sButton='',
     $aUid = (isset($msg) && is_array($msg)) ? array_values($msg) : $aUid;
     if (count($aUid) && $sButton != 'expunge') {
 
+        // don't do anything to any messages until we have done security check
+        // FIXME: not sure this code really belongs here, but there's nowhere else to put it with this architecture
+        sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
+        sm_validate_security_token($submitted_token, 3600, TRUE);
+
         // make sure message UIDs are sanitized (BIGINT)
         foreach ($aUid as $i => $uid)
            $aUid[$i] = (preg_match('/^[0-9]+$/', $uid) ? $uid : '0');