X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsearch.php;h=72482acb3cd7dd66257bc664d5fb757bf4f1009f;hb=b65c5db0af524fb167e8cd73feb572e7cf0af90b;hp=b8e4b6c8a727ff3a41b4ea5b7bef690866e3e6d2;hpb=99f3175e172314d8c23ee9892beb2619c1aface1;p=squirrelmail.git

diff --git a/src/search.php b/src/search.php
index b8e4b6c8..72482acb 100644
--- a/src/search.php
+++ b/src/search.php
@@ -14,10 +14,11 @@ define('SM_PATH','../');
 
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'include/validate.php');
-require_once(SM_PATH . 'functions/imap.php');
+require_once(SM_PATH . 'functions/strings.php');
 require_once(SM_PATH . 'functions/imap_asearch.php');
 require_once(SM_PATH . 'functions/imap_mailbox.php');
-require_once(SM_PATH . 'functions/strings.php');
+require_once(SM_PATH . 'functions/imap_messages.php');
+require_once(SM_PATH . 'functions/mailbox_display.php');	//getButton()...
 
 function asearch_unhtml_strcoll($a, $b)
 {
@@ -357,7 +358,7 @@ function asearch_get_query_display($color, $mailbox_array, $biop_array, $unop_ar
 					if ($what_type == 'adate')
 						$what_display = asearch_get_date_display($what);
 					else
-						$what_display = htmlspecialchars($what);
+						$what_display = htmlentities($what);
 					$what_display = ' <B>' . $what_display . '</B>';
 				}
 			}
@@ -522,7 +523,7 @@ function asearch_print_form_row($imapConnection, $boxes, $mailbox, $biop, $unop,
 	$what_disp = str_replace('\\\\', '\\', $what_disp);
 	$what_disp = str_replace('\\"', '"', $what_disp);
 	$what_disp = str_replace('"', '&quot;', $what_disp);*/
-	$what_disp = htmlspecialchars($what, ENT_QUOTES);
+	$what_disp = htmlspecialchars($what);
 	echo html_tag('td', '<input type="text" size="35" name="what[' . $row_num . ']" value="' . $what_disp . '">', 'center') . "\n";
 
 /* Exclude criteria */
@@ -554,7 +555,7 @@ function asearch_print_form($imapConnection, $boxes, $mailbox_array, $biop_array
 			$mailbox = $boxes[0]['unformatted'];
 		$biop = strip_tags(asearch_nz($biop_array[$row_num]));
 		$unop = strip_tags(asearch_nz($unop_array[$row_num]));
-		$where = strip_tags(asearch_nz($where_array[$row_num]));
+		$where = asearch_nz($where_array[$row_num]);
 		$what = asearch_nz($what_array[$row_num]);
 		$exclude = strip_tags(asearch_nz($exclude_array[$row_num]));
 		asearch_print_form_row($imapConnection, $boxes, $mailbox, $biop, $unop, $where, $what, $exclude, $row_num);