X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Faddrbook_search_html.php;h=f6c28fe75bb2355ee6ef59a73a3e7650ea318c0d;hb=383bc373eb3ee90c0aabc1e66dd483f4439f1299;hp=1e71b23dc7b6c0d7dd1cd77af42ada670b7e43e8;hpb=3d0cada30b60e39d6627ab1df7b44b3e9c2e3c91;p=squirrelmail.git

diff --git a/src/addrbook_search_html.php b/src/addrbook_search_html.php
index 1e71b23d..f6c28fe7 100644
--- a/src/addrbook_search_html.php
+++ b/src/addrbook_search_html.php
@@ -17,14 +17,30 @@
  * $Id$
  */
 
-require_once('../src/validate.php');
-require_once('../functions/date.php');
-require_once('../functions/smtp.php');
-require_once('../functions/display_messages.php');
-require_once('../functions/addressbook.php');
-require_once('../functions/plugin.php');
-require_once('../functions/strings.php');
-require_once('../functions/html.php');
+/* Path for SquirrelMail required files. */
+define('SM_PATH','../');
+
+/* SquirrelMail required files. */
+require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/date.php');
+require_once(SM_PATH . 'functions/smtp.php');
+require_once(SM_PATH . 'functions/display_messages.php');
+require_once(SM_PATH . 'functions/addressbook.php');
+require_once(SM_PATH . 'functions/plugin.php');
+require_once(SM_PATH . 'functions/strings.php');
+require_once(SM_PATH . 'functions/html.php');
+
+$session = $_POST['session'];
+$mailbox = $_POST['mailbox'];
+if ( isset($_POST['addrquery']) ) {
+    $addrquery = $_POST['addrquery'];
+}
+if ( isset($_POST['listall']) ) {
+    $listall = $_POST['listall'];
+}
+if ( isset($_POST['backend'] ) ) {
+    $backend = $_POST['backend'];
+}
 
 /* Insert hidden data */
 function addr_insert_hidden() {
@@ -110,9 +126,9 @@ if ($javascript_on) {
              '<input type=checkbox name="send_to_search[B' . $line . ']" value = "' .
              htmlspecialchars($email) . '">&nbsp;' . _("Bcc") . '&nbsp;' ,
         'center', '', 'width="5%" nowrap' ) .
-        html_tag( 'td', '&nbsp;' . $row['name'] . '&nbsp;', 'left', '', 'nowrap' ) .
-        html_tag( 'td', '&nbsp;' . $row['email'] . '&nbsp;', 'left', '', 'nowrap' ) .
-        html_tag( 'td', '&nbsp;' . $row['label'] . '&nbsp;', 'left', '', 'nowrap' );
+        html_tag( 'td', '&nbsp;' . htmlspecialchars($row['name']) . '&nbsp;', 'left', '', 'nowrap' ) .
+        html_tag( 'td', '&nbsp;' . htmlspecialchars($row['email']) . '&nbsp;', 'left', '', 'nowrap' ) .
+        html_tag( 'td', '&nbsp;' . htmlspecialchars($row['label']) . '&nbsp;', 'left', '', 'nowrap' );
 
          if ($includesource) {
              echo html_tag( 'td', '&nbsp;' . $row['source'] . '&nbsp;', 'left', '', 'nowrap' );
@@ -134,7 +150,6 @@ if ($javascript_on) {
 
 /* --- End functions --- */
 
-global $mailbox;
 if ($compose_new_win == '1') {
     compose_Header($color, $mailbox);
 }