X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=src%2Fwebmail.php;h=3ad1f06cce7eef25427504c862c52592780cfbfa;hb=151562a780a0919b32e04d204ba7f33fb215bd84;hp=1f3dd9ce72630f583542e0d756cdf13f87d7ff51;hpb=f3fa1c1031e01b37e0450eb815329d3aa7b7422b;p=squirrelmail.git
diff --git a/src/webmail.php b/src/webmail.php
index 1f3dd9ce..3ad1f06c 100644
--- a/src/webmail.php
+++ b/src/webmail.php
@@ -3,13 +3,12 @@
/**
* webmail.php -- Displays the main frameset
*
- * Copyright (c) 1999-2005 The SquirrelMail development team
- * Licensed under the GNU GPL. For full terms see the file COPYING.
- *
* This file generates the main frameset. The files that are
* shown can be given as parameters. If the user is not logged in
* this file will verify username and password.
*
+ * @copyright © 1999-2006 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
*/
@@ -41,6 +40,18 @@ sqgetGlobalVar('username', $username, SQ_SESSION);
sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
+if (sqgetGlobalVar('sort', $sort)) {
+ $sort = (int) $sort;
+}
+
+if (sqgetGlobalVar('startMessage', $startMessage)) {
+ $startMessage = (int) $startMessage;
+}
+
+if (!sqgetGlobalVar('mailbox', $mailbox)) {
+ $mailbox = 'INBOX';
+}
+
sqgetGlobalVar('right_frame', $right_frame, SQ_GET);
if ( isset($_SESSION['session_expired_post']) ) {
@@ -63,13 +74,15 @@ do_hook('webmail_top');
*/
$my_language = getPref($data_dir, $username, 'language');
if ($my_language != $squirrelmail_language) {
- setcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri);
+ sqsetcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri);
}
$err=set_up_language(getPref($data_dir, $username, 'language'));
-$output = "\n".
+$output = "\n".
"\n" .
+ "\n" .
"$org_title\n".
"";
@@ -77,7 +90,7 @@ $output = "\n".
if ($err==2) {
echo $output.
"\n".
- "You need to have php4 installed with the multibyte string function \n".
+ "
You need to have PHP installed with the multibyte string function \n".
"enabled (using configure option --enable-mbstring).
\n".
"System assumed that you accidently switched to Japanese translation \n".
"and reverted your language preference to English.
\n".
@@ -128,27 +141,37 @@ else {
*
* This was done to create a pure HTML way of refreshing the folder list since
* we would like to use as little Javascript as possible.
+ *
+ * The test for // should catch any attempt to include off-site webpages into
+ * our frameset.
*/
-if (empty($right_frame) || (strpos(urldecode($right_frame), '://'))) {
+if (empty($right_frame) || (strpos(urldecode($right_frame), '//') !== false)) {
$right_frame = '';
}
-if ($right_frame == 'right_main.php') {
- $urlMailbox = urlencode($mailbox);
- $right_frame_url =
- "right_main.php?mailbox=$urlMailbox&sort=$sort&startMessage=$startMessage";
-} elseif ($right_frame == 'options.php') {
- $right_frame_url = 'options.php';
-} elseif ($right_frame == 'folders.php') {
- $right_frame_url = 'folders.php';
-} elseif ($right_frame == 'compose.php') {
- $right_frame_url = 'compose.php?' . $mailto;
-} else if ($right_frame == '') {
- $right_frame_url = 'right_main.php';
-} else {
- $right_frame_url = $right_frame;
-}
+switch($right_frame) {
+ case 'right_main.php':
+ $right_frame_url = "right_main.php?mailbox=".urlencode($mailbox)
+ . (!empty($sort)?"&sort=$sort":'')
+ . (!empty($startMessage)?"&startMessage=$startMessage":'');
+ break;
+ case 'options.php':
+ $right_frame_url = 'options.php';
+ break;
+ case 'folders.php':
+ $right_frame_url = 'folders.php';
+ break;
+ case 'compose.php':
+ $right_frame_url = 'compose.php?' . $mailto;
+ break;
+ case '':
+ $right_frame_url = 'right_main.php';
+ break;
+ default:
+ $right_frame_url = urlencode($right_frame);
+ break;
+}
$left_frame = '\n";
@@ -166,6 +189,7 @@ if($ret != '') {
$output = $ret;
}
echo $output;
+
?>