X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fdelete_message.php;h=09c2fef64e30faaac62ee09b30ec143c63707436;hb=98d42122fd9b0346374c5b1468e1c0cbb3767b24;hp=8a5657c86f3fd7720ac4ee130f98952ef75d5a5a;hpb=0b97a708e71c931153cd1ceee1495c9f4e1e209b;p=squirrelmail.git diff --git a/src/delete_message.php b/src/delete_message.php index 8a5657c8..09c2fef6 100644 --- a/src/delete_message.php +++ b/src/delete_message.php @@ -3,7 +3,7 @@ /** * delete_message.php * - * Copyright (c) 1999-2002 The SquirrelMail Project Team + * Copyright (c) 1999-2003 The SquirrelMail Project Team * Licensed under the GNU GPL. For full terms see the file COPYING. * * Deletes a meesage from the IMAP server @@ -19,27 +19,34 @@ require_once(SM_PATH . 'include/validate.php'); require_once(SM_PATH . 'functions/display_messages.php'); require_once(SM_PATH . 'functions/imap.php'); -$key = $_COOKIE['key']; -$username = $_SESSION['username']; -$onetimepad = $_SESSION['onetimepad']; +/* get globals */ +sqgetGlobalVar('username', $username, SQ_SESSION); +sqgetGlobalVar('key', $key, SQ_COOKIE); +sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION); -$message = $_GET['message']; -$mailbox = $_GET['mailbox']; +sqgetGlobalVar('message', $message, SQ_GET); +sqgetGlobalVar('mailbox', $mailbox, SQ_GET); +/* end globals */ if (isset($_GET['saved_draft'])) { - $saved_draft = $_GET['saved_draft']; + $saved_draft = urlencode($_GET['saved_draft']); } if (isset($_GET['mail_sent'])) { - $mail_sent = $_GET['mail_sent']; + $mail_sent = urlencode($_GET['mail_sent']); +} +if (isset($_GET['sort'])) { + $sort = (int) $_GET['sort']; +} + +if (isset($_GET['startMessage'])) { + $startMessage = (int) $_GET['startMessage']; } -$sort = $_GET['sort']; -$startMessage = $_GET['startMessage']; if(isset($_GET['where'])) { - $where = $_GET['where']; + $where = urlencode($_GET['where']); } if(isset($_GET['what'])) { - $what = $_GET['what']; + $what = urlencode($_GET['what']); } $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); @@ -61,8 +68,8 @@ if (!isset($mail_sent)) { $location = get_location(); if (isset($where) && isset($what)) { - header("Location: $location/search.php?where=" . urlencode($where) . - '&what=' . urlencode($what) . '&mailbox=' . urlencode($mailbox)); + header("Location: $location/search.php?where=" . $where . + '&what=' . $what . '&mailbox=' . urlencode($mailbox)); } else { if (!empty($saved_draft) || !empty($mail_sent)) { header("Location: $location/compose.php?mail_sent=$mail_sent&saved_draft=$saved_draft");