X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Foptions_order.php;h=0681adab44d3f2f6502db8ead2366287fdbee0b8;hb=15e6162eacc97158393bc75aed3afeb7b19c24a6;hp=f253b456b4a6b9453e796d7a8c609e25cc6bfef8;hpb=245a6892bf5c780904ef9677f24d624ea17e0749;p=squirrelmail.git

diff --git a/src/options_order.php b/src/options_order.php
index f253b456..0681adab 100644
--- a/src/options_order.php
+++ b/src/options_order.php
@@ -1,48 +1,56 @@
 <?php
-   /**
-    **  options_highlight.php
-    **
-    **  Copyright (c) 1999-2000 The SquirrelMail development team
-    **  Licensed under the GNU GPL. For full terms see the file COPYING.
-    **
-    **  Displays message highlighting options
-    **
-    **  $Id$
-    **/
-
-   session_start();
-
-   if (!isset($config_php))
-      include("../config/config.php");
-   if (!isset($strings_php))
-      include("../functions/strings.php");
-   if (!isset($page_header_php))
-      include("../functions/page_header.php");
-   if (!isset($display_messages_php))
-      include("../functions/display_messages.php");
-   if (!isset($imap_php))
-      include("../functions/imap.php");
-   if (!isset($array_php))
-      include("../functions/array.php");
-   if (!isset($i18n_php))
-      include("../functions/i18n.php");
-   if (!isset($plugin_php))
-      include("../functions/plugin.php");
-
-
-   if ($action == "delete" && isset($theid)) {
+
+/**
+ * options_order.php
+ *
+ * Copyright (c) 1999-2002 The SquirrelMail Project Team
+ * Licensed under the GNU GPL. For full terms see the file COPYING.
+ *
+ * Displays message highlighting options
+ *
+ * $Id$
+ */
+
+/*****************************************************************/
+/*** THIS FILE NEEDS TO HAVE ITS FORMATTING FIXED!!!           ***/
+/*** PLEASE DO SO AND REMOVE THIS COMMENT SECTION.             ***/
+/***    + Base level indent should begin at left margin, as    ***/
+/***      the require_once below looks.                        ***/
+/***    + All identation should consist of four space blocks   ***/
+/***    + Tab characters are evil.                             ***/
+/***    + all comments should use "slash-star ... star-slash"  ***/
+/***      style -- no pound characters, no slash-slash style   ***/
+/***    + FLOW CONTROL STATEMENTS (if, while, etc) SHOULD      ***/
+/***      ALWAYS USE { AND } CHARACTERS!!!                     ***/
+/***    + Please use ' instead of ", when possible. Note "     ***/
+/***      should always be used in _( ) function calls.        ***/
+/*** Thank you for your help making the SM code more readable. ***/
+/*****************************************************************/
+
+require_once('../src/validate.php');
+require_once('../functions/display_messages.php');
+require_once('../functions/imap.php');
+require_once('../functions/array.php');
+require_once('../functions/plugin.php');
+
+
+   if (! isset($action)) { $action = ''; }
+   if ($action == 'delete' && isset($theid)) {
       removePref($data_dir, $username, "highlight$theid");
-   } else if ($action == "save") {
+   } else if ($action == 'save') {
    } 
-   include("../src/load_prefs.php");
-   displayPageHeader($color, "None");
+   displayPageHeader($color, 'None');
 ?>
    <br>
-   <table width=95% align=center border=0 cellpadding=2 cellspacing=0><tr><td bgcolor="<?php echo $color[0] ?>">
-      <center><b><?php echo _("Options") . " - " . _("Index Order"); ?></b></center>
-   </td></tr></table>
+<table width=95% align=center border=0 cellpadding=2 cellspacing=0>
+<tr><td align="center" bgcolor="<?php echo $color[0] ?>">
+
+      <b><?php echo _("Options") . " - " . _("Index Order"); ?></b>
+
+    <table width="100%" border="0" cellpadding="1" cellspacing="1">
+    <tr><td bgcolor="<?php echo $color[4] ?>" align="center"><br>
 
-   <table width=95% align=center border=0><tr><td>
+      <table width=100% cellpadding=2 cellspacing=0 border=0>
 <?php
 
    $available[1] = _("Checkbox");
@@ -52,17 +60,19 @@
    $available[5] = _("Flags");
    $available[6] = _("Size");
    
-   if ($method == "up" && $num > 1) {
+   if (! isset($method)) { $method = ''; }
+
+   if ($method == 'up' && $num > 1) {
       $prev = $num-1;
       $tmp = $index_order[$prev];
       $index_order[$prev] = $index_order[$num];
       $index_order[$num] = $tmp;
-   } else if ($method == "down" && $num < count($index_order)) {
+   } else if ($method == 'down' && $num < count($index_order)) {
       $next = $num++;
       $tmp = $index_order[$next];
       $index_order[$next] = $index_order[$num];
       $index_order[$num] = $tmp;
-   } else if ($method == "remove" && $num) {
+   } else if ($method == 'remove' && $num) {
       for ($i=1; $i < 8; $i++) {
          removePref($data_dir, $username, "order$i"); 
       }
@@ -75,9 +85,13 @@
       $index_order = array();
       $index_order = $new_ary;
       if (count($index_order) < 1) {
-         include "../src/load_prefs.php";
+         include_once('../src/load_prefs.php');
       }
-   } else if ($method == "add" && $add) {
+   } else if ($method == 'add' && $add) {
+      // User should not be able to insert PHP-code here
+      $add = str_replace ('<?', '..', $add);
+      $add = ereg_replace ('<.*script.*language.*php.*>', '..', $add);
+      $add = str_replace ('<%', '..', $add);
       $index_order[count($index_order)+1] = $add;
    }
 
@@ -86,57 +100,61 @@
          setPref($data_dir, $username, "order$i", $index_order[$i]);
       }
    }
-   echo "<center>";
-   echo "<table cellspacing=0 cellpadding=0 border=0 width=65%><tr><td>\n";
+   echo '<table cellspacing="0" cellpadding="0" border="0" width="65%"><tr><td>' . "\n";
    echo _("The index order is the order that the columns are arranged in the message index.  You can add, remove, and move columns around to customize them to fit your needs.");
-   echo "</td></tr></table></center><br>";
+   echo '</td></tr></table><br>';
 
    if (count($index_order))
    {
-      echo "<center>";
-      echo "<table cellspacing=0 cellpadding=0 border=0>\n";
+      echo '<table cellspacing="0" cellpadding="0" border="0">' . "\n";
       for ($i=1; $i <= count($index_order); $i++) {
          $tmp = $index_order[$i];
-         echo "<tr>";
+         echo '<tr>';
          echo "<td><small><a href=\"options_order.php?method=up&num=$i\">". _("up") ."</a></small></td>\n";
-         echo "<td><small>&nbsp;|&nbsp;</small></td>\n";
+         echo '<td><small>&nbsp;|&nbsp;</small></td>' . "\n";
          echo "<td><small><a href=\"options_order.php?method=down&num=$i\">". _("down") . "</a></small></td>\n";
-         echo "<td><small>&nbsp;|&nbsp;</small></td>\n";
-         echo "<td>";
+         echo '<td><small>&nbsp;|&nbsp;</small></td>' . "\n";
+         echo '<td>';
          // Always show the subject
          if ($tmp != 4)
-            echo "<small><a href=\"options_order.php?method=remove&num=$i\">" . _("remove") . "</a></small>";
+            echo "<small><a href=\"options_order.php?method=remove&num=$i\">" . _("remove") . '</a></small>';
          echo "</td>\n";
-         echo "<td><small>&nbsp;-&nbsp;</small></td>\n";
-         echo "<td>" . $available[$tmp] . "</td>\n";
+         echo '<td><small>&nbsp;-&nbsp;</small></td>' . "\n";
+         echo '<td>' . $available[$tmp] . "</td>\n";
          echo "</tr>\n";
       }
       echo "</table>\n";
-      echo "</center>";
    }
    
    if (count($index_order) != count($available)) {
-   echo "<center><form name=f method=post action=options_order.php>";
-   echo "<select name=add>";
-   for ($i=1; $i <= count($available); $i++) {
-      $found = false;
-      for ($j=1; $j <= count($index_order); $j++) {
-         if ($index_order[$j] == $i) {
-            $found = true;
+      echo '<form name="f" method="post" action="options_order.php">';
+      echo '<select name="add">';
+      for ($i=1; $i <= count($available); $i++) {
+         $found = false;
+         for ($j=1; $j <= count($index_order); $j++) {
+            if ($index_order[$j] == $i) {
+               $found = true;
+            }
+         }
+         if (!$found) {
+            echo "<option value=\"$i\">$available[$i]</option>";
          }
       }
-      if (!$found) {
-         echo "<option value=$i>$available[$i]</option>";
-      }
-   }
-   echo "</select>";
-   echo "<input type=hidden value=add name=method>";
-   echo "<input type=submit value=\""._("Add")."\" name=submit>";
-   echo "</form></center>";
+      echo '</select>';
+      echo '<input type="hidden" value="add" name="method">';
+      echo '<input type="submit" value="'._("Add").'" name="submit">';
+      echo '</form>';
    }
 
-   echo "<br><center><a href=\"../src/options.php\">" . _("Return to options page") . "</a></center>";
+   echo '<p><a href="../src/options.php">' . _("Return to options page") . '</a></p><br>';
 
 ?>
-   </td></tr></table>
+   </td></tr>
+   </table>
+
+    </td></tr>
+    </table>
+
+</td></tr>
+</table>
 </body></html>