X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Ffolders.php;h=92c2d2ead1282a745f1c7278625b8ee53c8fa599;hb=041d360b6d4e68428aa55fdc08940938535886f9;hp=04d2a04b7c767cc0d9a800d8ee3453b5ae3e9ca0;hpb=199a9ab83772a0d98940eb68837177414a3bcee2;p=squirrelmail.git diff --git a/src/folders.php b/src/folders.php index 04d2a04b..92c2d2ea 100644 --- a/src/folders.php +++ b/src/folders.php @@ -6,7 +6,7 @@ * scripts which do most of the work. Also handles the Special * Folders. * - * @copyright © 1999-2009 The SquirrelMail Project Team + * @copyright 1999-2017 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -34,7 +34,8 @@ sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, ''); /* end of get globals */ -$imapConnection = sqimap_login ($username, false, $imapServerAddress, $imapPort, 0); +global $imap_stream_options; // in case not defined in config +$imapConnection = sqimap_login ($username, false, $imapServerAddress, $imapPort, 0, $imap_stream_options); /* switch to the right function based on what the user selected */ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { @@ -43,7 +44,7 @@ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { case 'create': // first, validate security token - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); sqgetGlobalVar('folder_name', $folder_name, SQ_POST); sqgetGlobalVar('subfolder', $subfolder, SQ_POST); @@ -61,7 +62,7 @@ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { } else { // first, validate security token - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); sqgetGlobalVar('orig', $orig, SQ_POST); sqgetGlobalVar('old_name', $old_name, SQ_POST); @@ -77,7 +78,7 @@ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { if ( sqgetGlobalVar('confirmed', $dummy, SQ_POST) ) { // first, validate security token - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); folders_delete_do($imapConnection, $delimiter, $folder_name); $td_str = _("Deleted folder successfully."); @@ -88,7 +89,7 @@ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { case 'subscribe': // first, validate security token - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); sqgetGlobalVar('folder_names', $folder_names, SQ_POST); folders_subscribe($imapConnection, $folder_names); @@ -97,7 +98,7 @@ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { case 'unsubscribe': // first, validate security token - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); sqgetGlobalVar('folder_names', $folder_names, SQ_POST); folders_unsubscribe($imapConnection, $folder_names); @@ -112,7 +113,7 @@ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { } if (isset($td_str)) { - $oTemplate->assign('note', htmlspecialchars($td_str)); + $oTemplate->assign('note', sm_encode_html_special_chars($td_str)); $oTemplate->display('note.tpl'); } @@ -197,8 +198,8 @@ if ($show_only_subscribed_folders && !$no_list_for_subscribe) { } if ($use_folder) { - $box_enc = htmlspecialchars($box_a['unformatted-dm']); - $box_disp = htmlspecialchars(imap_utf7_decode_local($box_a['unformatted-disp'])); + $box_enc = sm_encode_html_special_chars($box_a['unformatted-dm']); + $box_disp = sm_encode_html_special_chars(imap_utf7_decode_local($box_a['unformatted-disp'])); $subbox_option_list[] = array( 'Value' => $box_enc, 'Display' => $box_disp); } }