Fix broken'Thread' and the no-javascript 'All' links (add security tokens)
authorpdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Sat, 19 Sep 2009 20:22:15 +0000 (20:22 +0000)
committerpdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Sat, 19 Sep 2009 20:22:15 +0000 (20:22 +0000)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13848 7612ce4b-ef26-0410-bec9-ea0150e637f0

functions/mailbox_display.php

index 130ed38c0b38b23c98f0ef0cc5613c496b22c4ae..d16679a4d6373132154b04c6897a288e2b73e0cc 100644 (file)
@@ -975,7 +975,7 @@ function showMessagesForMailbox($imapConnection, &$aMailbox,$aProps, &$iError) {
         $source_url = $php_self;
     }
 
-    $baseurl = $source_url.'?mailbox=' . urlencode($aMailbox['NAME']) .'&amp;account='.$aMailbox['ACCOUNT'];
+    $baseurl = $source_url.'?mailbox=' . urlencode($aMailbox['NAME']) .'&amp;account='.$aMailbox['ACCOUNT'] . (strpos($source_url, 'src/search.php') ? '&amp;smtoken=' . sm_generate_security_token() : '');
     $where = urlencode($aMailbox['SEARCH'][$iSetIndx][0]);
     $what = urlencode($aMailbox['SEARCH'][$iSetIndx][1]);
     $baseurl .= '&amp;where=' . $where .  '&amp;what=' .  $what;