Add comments reminding someone to make a fix here

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@12405 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/src/options_order.php b/src/options_order.php
index 8f081acd3875dd2b164f9216b24aa8453cababcf..02cbf19e66c7b94ced4cea55c50ac612b7a87e57 100644 (file)
--- a/src/options_order.php
+++ b/src/options_order.php
@@ -142,6 +142,7 @@ if (count($index_order) != count($available)) {
     }
 }
 
+// FIXME: why are we using this?  $PHP_SELF is already a global var processed (and therefore trustworthy) by init.php
 sqgetGlobalVar('PHP_SELF', $PHP_SELF, SQ_SERVER);
 $x = isset($mailbox) && $mailbox ? '&mailbox='.urlencode($mailbox) : '';
 
@@ -150,6 +151,7 @@ $oTemplate->assign('current_order', $index_order);
 $oTemplate->assign('not_used', $opts);
 $oTemplate->assign('always_show', array(SQM_COL_SUBJ, SQM_COL_FLAGS));
 
+// FIXME: (related to the above) $PHP_SELF might already have a query string... don't assume otherwise here by adding the ? sign!!
 $oTemplate->assign('move_up', $PHP_SELF .'?method=move&positions=-1'. $x .'&num=');
 $oTemplate->assign('move_down', $PHP_SELF .'?method=move&positions=1'. $x .'&num=');
 $oTemplate->assign('remove', $PHP_SELF .'?method=remove'. $x .'&num=');