Fix serveral cross site scripting bugs found by Martijn Brinkers and
[squirrelmail.git] / plugins / filters / spamoptions.php
1 <?php
2 /**
3 * Message and Spam Filter Plugin - Spam Options
4 *
5 * @version $Id$
6 * @copyright (c) 1999-2005 The SquirrelMail Project Team
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
8 * @package plugins
9 * @subpackage filters
10 */
11
12 /**
13 * Path for SquirrelMail required files.
14 * @ignore
15 */
16 define('SM_PATH','../../');
17
18 /* SquirrelMail required files. */
19 require_once(SM_PATH . 'include/validate.php');
20 include_once(SM_PATH . 'functions/imap.php');
21 include_once(SM_PATH . 'plugins/filters/filters.php');
22
23 /* get globals */
24 sqgetGlobalVar('username', $username, SQ_SESSION);
25 sqgetGlobalVar('key', $key, SQ_COOKIE);
26 sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
27 sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
28
29 sqgetGlobalVar('action', $action, SQ_GET);
30 /* end globals */
31
32 displayPageHeader($color, 'None');
33
34 if (sqgetGlobalVar('spam_submit',$spam_submit,SQ_POST)) {
35 $spam_filters = load_spam_filters();
36
37 // setting spam folder
38 sqgetGlobalVar('filters_spam_folder_set',$filters_spam_folder_set,SQ_POST);
39 if (isset($filters_spam_folder_set)) {
40 setPref($data_dir, $username, 'filters_spam_folder', $filters_spam_folder_set);
41 } else {
42 echo _("You must select a spam folder.");
43 }
44
45 // setting scan type
46 sqgetGlobalVar('filters_spam_scan_set',$filters_spam_scan_set,SQ_POST);
47 if (isset($filters_spam_scan_set)) {
48 setPref($data_dir, $username, 'filters_spam_scan', $filters_spam_scan_set);
49 } else {
50 echo _("You must select a scan type.");
51 }
52
53 foreach ($spam_filters as $Key => $Value) {
54 $input = $spam_filters[$Key]['prefname'] . '_set';
55 if ( sqgetGlobalVar($input,$input_key,SQ_POST) ) {
56 setPref( $data_dir, $username, $spam_filters[$Key]['prefname'],$input_key);
57 } else {
58 removePref($data_dir, $username, $spam_filters[$Key]['prefname']);
59 }
60 }
61 }
62
63 $filters_spam_folder = getPref($data_dir, $username, 'filters_spam_folder');
64 $filters_spam_scan = getPref($data_dir, $username, 'filters_spam_scan');
65 $filters = load_filters();
66
67 echo html_tag( 'table',
68 html_tag( 'tr',
69 html_tag( 'th', _("Spam Filtering"), 'center' )
70 ) ,
71 'center', $color[0], 'width="95%" border="0" cellpadding="2" cellspacing="0"' );
72
73 if ($SpamFilters_YourHop == ' ') {
74 echo '<br />' .
75 html_tag( 'div', '<b>' .
76 sprintf(_("WARNING! Tell the administrator to set the %s variable."), '&quot;SpamFilters_YourHop&quot;') .
77 '</b>' ,
78 'center' ) .
79 '<br />';
80 }
81
82
83 if (isset($action) && $action == 'spam') {
84 $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
85 $boxes = sqimap_mailbox_list($imapConnection);
86 sqimap_logout($imapConnection);
87 $numboxes = count($boxes);
88
89 for ($i = 0; $i < $numboxes && $filters_spam_folder == ''; $i++) {
90 if ((isset($boxes[$i]['flags'][0]) && $boxes[$i]['flags'][0] != 'noselect') &&
91 (isset($boxes[$i]['flags'][1]) && $boxes[$i]['flags'][1] != 'noselect') &&
92 (isset($boxes[$i]['flags'][2]) && $boxes[$i]['flags'][2] != 'noselect')) {
93 $filters_spam_folder = $boxes[$i]['unformatted'];
94 }
95 }
96
97 echo '<form method="post" action="spamoptions.php">'.
98 '<center>'.
99 html_tag( 'table', '', '', '', 'width="85%" border="0" cellpadding="2" cellspacing="0"' ) .
100 html_tag( 'tr' ) .
101 html_tag( 'th', _("Move spam to:"), 'right', '', 'style="white-space: nowrap;"' ) .
102 html_tag( 'td', '', 'left' ) .
103 '<select name="filters_spam_folder_set">';
104
105 $selected = 0;
106 if ( isset($filters_spam_folder) )
107 $selected = array(strtolower($filters_spam_folder));
108 echo sqimap_mailbox_option_list(0, $selected, 0, $boxes);
109 echo '</select>'.
110 '</td>'.
111 '</tr>'.
112 html_tag( 'tr',
113 html_tag( 'td', '&nbsp;' ) .
114 html_tag( 'td',
115 _("Moving spam directly to the trash may not be a good idea at first, since messages from friends and mailing lists might accidentally be marked as spam. Whatever folder you set this to, make sure that it gets cleaned out periodically, so that you don't have an excessively large mailbox hanging around.") ,
116 'left' )
117 ) .
118 html_tag( 'tr' ) .
119 html_tag( 'th', _("What to Scan:"), 'right', '', 'style="white-space: nowrap;"' ) .
120 html_tag( 'td' ) .
121 '<select name="filters_spam_scan_set">'.
122 '<option value=""';
123 if ($filters_spam_scan == '') {
124 echo ' selected="selected"';
125 }
126 echo '>' . _("All messages") . '</option>'.
127 '<option value="new"';
128 if ($filters_spam_scan == 'new') {
129 echo ' selected="selected"';
130 }
131 echo '>' . _("Unread messages only") . '</option>' .
132 '</select>'.
133 '</td>'.
134 '</tr>'.
135 html_tag( 'tr',
136 html_tag( 'td', '&nbsp;' ) .
137 html_tag( 'td',
138 _("The more messages scanned, the longer it takes. It's recommended to scan unread messages only. If a change to the filters is made, it's recommended to set it to scan all messages, then go view the INBOX, then come back and set it to scan unread messages only. That way, the new spam filters will be applied and even the spam you didn't catch with the old filters will be scanned.") ,
139 'left' )
140 );
141
142 $spam_filters = load_spam_filters();
143
144 foreach ($spam_filters as $Key => $Value) {
145 echo html_tag( 'tr' ) .
146 html_tag( 'th', $Key, 'right', '', 'style="white-space: nowrap;"' ) ."\n" .
147 html_tag( 'td' ) .
148 '<input type="checkbox" name="' .
149 $spam_filters[$Key]['prefname'] .
150 '_set"';
151 if ($spam_filters[$Key]['enabled']) {
152 echo ' checked="checked"';
153 }
154 echo ' /> - ';
155 if ($spam_filters[$Key]['link']) {
156 echo '<a href="' .
157 $spam_filters[$Key]['link'] .
158 '" target="_blank">';
159 }
160 echo $spam_filters[$Key]['name'];
161 if ($spam_filters[$Key]['link']) {
162 echo '</a>';
163 }
164 echo '</td></tr>' .
165 html_tag( 'tr',
166 html_tag( 'td', '&nbsp;' ) .
167 html_tag( 'td', $spam_filters[$Key]['comment'], 'left' )
168 ) . "\n";
169
170 }
171 echo html_tag( 'tr',
172 html_tag( 'td', '<input type="submit" name="spam_submit" value="' . _("Save") . '" />', 'center', '', 'colspan="2"' )
173 ) . "\n" .
174 '</table>'.
175 '</center>'.
176 '</form>';
177 } else {
178 // action is not set or action is not spam
179 echo html_tag( 'p', '', 'center' ) .
180 '[<a href="spamoptions.php?action=spam">' . _("Edit") . '</a>]' .
181 ' - [<a href="../../src/options.php">' . _("Done") . '</a>]</center><br /><br />';
182 printf( _("Spam is sent to %s."), ($filters_spam_folder?'<b>'.htmlspecialchars(imap_utf7_decode_local($filters_spam_folder)).'</b>':'[<i>'._("not set yet").'</i>]' ) );
183 echo '<br />';
184 printf( _("Spam scan is limited to %s."), '<b>' . ( ($filters_spam_scan == 'new')?_("Unread messages only"):_("All messages") ) . '</b>' );
185 echo '</p>'.
186 '<table border="0" cellpadding="3" cellspacing="0" align="center" bgcolor="' . $color[0] . "\">\n";
187
188 $spam_filters = load_spam_filters();
189
190 foreach ($spam_filters as $Key => $Value) {
191 echo html_tag( 'tr' ) .
192 html_tag( 'th', '', 'center' );
193
194 if ($spam_filters[$Key]['enabled']) {
195 echo _("ON");
196 } else {
197 echo _("OFF");
198 }
199
200 echo '</th>' .
201 html_tag( 'td', '&nbsp;-&nbsp;', 'left' ) .
202 html_tag( 'td', '', 'left' );
203
204 if ($spam_filters[$Key]['link']) {
205 echo '<a href="' .
206 $spam_filters[$Key]['link'] .
207 '" target="_blank">';
208 }
209
210 echo $spam_filters[$Key]['name'];
211 if ($spam_filters[$Key]['link']) {
212 echo '</a>';
213 }
214 echo "</td></tr>\n";
215 }
216 echo '</table>';
217 }
218 ?>
219 </body></html>