X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsearch.php;h=c163be3c25a1eb0b7e7327ca62271728b0ba8096;hb=cffe28e2d322c2cdd46f8710caad67a00d9a2e71;hp=1606105d3caeeee5185daea19c3618e392659fe5;hpb=876fdb605dcb48b44b5c0a3a6f2f106c941e5c20;p=squirrelmail.git diff --git a/src/search.php b/src/search.php index 1606105d..c163be3c 100644 --- a/src/search.php +++ b/src/search.php @@ -8,7 +8,7 @@ * Subfolder search idea from Patch #806075 by Thomas Pohl xraven at users.sourceforge.net. Thanks Thomas! * * @author Alex Lemaresquier - Brainstorm - * @copyright © 1999-2007 The SquirrelMail Project Team + * @copyright © 1999-2009 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -17,6 +17,9 @@ * @todo explain why references are used in function calls */ +/** This is the search page */ +define('PAGE_NAME', 'search'); + /** * Include the SquirrelMail initialization file. */ @@ -671,13 +674,13 @@ function asearch_print_query_array(&$boxes, &$query_array, &$query_keys, &$actio $oTemplate->assign('expand_collapse_toggle', '../src/search.php?'.$show_pref.'='.($show_flag==1 ? 0 : 1)); $oTemplate->assign('query_list', $a); - $oTemplate->assign('save_recent', '../src/search.php?submit=save_recent&rownum='); - $oTemplate->assign('do_recent', '../src/search.php?submit=search_recent&rownum='); - $oTemplate->assign('forget_recent', '../src/search.php?submit=forget_recent&rownum='); + $oTemplate->assign('save_recent', '../src/search.php?submit=save_recent&smtoken=' . sm_generate_security_token() . '&rownum='); + $oTemplate->assign('do_recent', '../src/search.php?submit=search_recent&smtoken=' . sm_generate_security_token() . '&rownum='); + $oTemplate->assign('forget_recent', '../src/search.php?submit=forget_recent&smtoken=' . sm_generate_security_token() . '&rownum='); - $oTemplate->assign('edit_saved', '../src/search.php?submit=edit_saved&rownum='); - $oTemplate->assign('do_saved', '../src/search.php?submit=search_saved&rownum='); - $oTemplate->assign('delete_saved', '../src/search.php?submit=delete_saved&rownum='); + $oTemplate->assign('edit_saved', '../src/search.php?submit=edit_saved&smtoken=' . sm_generate_security_token() . '&rownum='); + $oTemplate->assign('do_saved', '../src/search.php?submit=search_saved&smtoken=' . sm_generate_security_token() . '&rownum='); + $oTemplate->assign('delete_saved', '../src/search.php?submit=delete_saved&smtoken=' . sm_generate_security_token() . '&rownum='); $oTemplate->display('search_list.tpl'); } @@ -803,7 +806,8 @@ function asearch_print_form($imapConnection, &$boxes, $mailbox_array, $biop_arra $oTemplate->assign('criteria', $c); - echo '
' . "\n"; + echo '' . "\n" + . addHidden('smtoken', sm_generate_security_token()) . "\n"; $oTemplate->display('search_advanced.tpl'); echo "
\n"; } @@ -863,7 +867,8 @@ function asearch_print_form_basic($imapConnection, &$boxes, $mailbox_array, $bio $oTemplate->assign('where_sel', $where); $oTemplate->assign('what_val', $what); - echo '
' . "\n"; + echo '' . "\n" + . addHidden('smtoken', sm_generate_security_token()) . "\n"; $oTemplate->display('search.tpl'); echo "
\n"; } @@ -888,10 +893,17 @@ function sqimap_asearch_get_selectable_unformatted_mailboxes(&$boxes) /* ------------------------ main ------------------------ */ /* get globals we will need */ +sqgetGlobalVar('smtoken', $submitted_token, SQ_GET, ''); sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION); -if ( sqgetGlobalVar('checkall', $temp, SQ_GET) ) { - $checkall = (int) $temp; +if (!sqgetGlobalVar('checkall',$checkall,SQ_GET)) { + $checkall = false; +} + +if (!sqgetGlobalVar('preselected', $preselected, SQ_GET) || !is_array($preselected)) { + $preselected = array(); +} else { + $preselected = array_keys($preselected); } /** @@ -1170,6 +1182,10 @@ if ((empty($submit)) && (!empty($where_array))) { if (!isset($submit)) { $submit = ''; } else { + + // first validate security token + sm_validate_security_token($submitted_token, 3600, TRUE); + switch ($submit) { case $search_button_text: if (asearch_check_query($where_array, $what_array, $exclude_array) == '') { @@ -1365,16 +1381,20 @@ if (isset($aMailbox['FORWARD_SESSION'])) { $compose_height = '550'; } // do not use &, it will break the query string and $session will not be detected!!! - $comp_uri = SM_PATH . 'src/compose.php?mailbox='. urlencode($mailbox). - '&session='.$aMailbox['FORWARD_SESSION']; + $comp_uri = $base_uri . 'src/compose.php?mailbox='. urlencode($mailbox) + . '&session='.$aMailbox['FORWARD_SESSION']['SESSION_NUMBER'] + . '&smaction=forward_as_attachment' + . '&fwduid=' . implode('_', $aMailbox['FORWARD_SESSION']['UIDS']); displayPageHeader($color, $mailbox, "comp_in_new('$comp_uri', $compose_width, $compose_height);", false); } else { // save mailboxstate sqsession_register($aMailbox,'aLastSelectedMailbox'); session_write_close(); // we have to redirect to the compose page - $location = SM_PATH . 'src/compose.php?mailbox='. urlencode($mailbox). - '&session='.$aMailbox['FORWARD_SESSION']; + $location = $base_uri . 'src/compose.php?mailbox='. urlencode($mailbox) + . '&session='.$aMailbox['FORWARD_SESSION']['SESSION_NUMBER'] + . '&smaction=forward_as_attachment' + . '&fwduid=' . implode('_', $aMailbox['FORWARD_SESSION']['UIDS']); header("Location: $location"); exit; } @@ -1613,6 +1633,15 @@ if ($submit == $search_button_text) { $oTemplate->assign('alt_index_colors', isset($alt_index_colors) ? $alt_index_colors: false); $oTemplate->assign('color', $color); $oTemplate->assign('align', $align); + $oTemplate->assign('checkall', $checkall); + $oTemplate->assign('preselected', $preselected); + + global $show_personal_names; + $oTemplate->assign('show_personal_names', $show_personal_names); + + global $accesskey_mailbox_toggle_selected, $accesskey_mailbox_thread; + $oTemplate->assign('accesskey_mailbox_toggle_selected', $accesskey_mailbox_toggle_selected); + $oTemplate->assign('accesskey_mailbox_thread', $accesskey_mailbox_thread); $oTemplate->display('message_list.tpl'); } @@ -1634,4 +1663,3 @@ sqimap_logout($imapConnection); $oTemplate->display('footer.tpl'); sqsession_register($mailbox_cache,'mailbox_cache'); -?>