projects / squirrelmail.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
4) XSS in help.php:
[squirrelmail.git] / src / addrbook_search_html.php
1 <?php
2
3 /**
4 * addrbook_search_html.php
5 *
6 * Copyright (c) 1999-2002 The SquirrelMail Project Team
7 * Licensed under the GNU GPL. For full terms see the file COPYING.
8 *
9 * Handle addressbook searching with pure html.
10 *
11 * This file is included from compose.php
12 *
13 * NOTE: A lot of this code is similar to the code in
14 * addrbook_search.html -- If you change one, change
15 * the other one too!
16 *
17 * $Id$
18 */
19
20 /* Path for SquirrelMail required files. */
21 define('SM_PATH','../');
22
23 /* SquirrelMail required files. */
24 require_once(SM_PATH . 'include/validate.php');
25 require_once(SM_PATH . 'functions/date.php');
26 require_once(SM_PATH . 'functions/smtp.php');
27 require_once(SM_PATH . 'functions/display_messages.php');
28 require_once(SM_PATH . 'functions/addressbook.php');
29 require_once(SM_PATH . 'functions/plugin.php');
30 require_once(SM_PATH . 'functions/strings.php');
31 require_once(SM_PATH . 'functions/html.php');
32
33 /* Insert hidden data */
34 function addr_insert_hidden() {
35 global $body, $subject, $send_to, $send_to_cc, $send_to_bcc, $mailbox,
36 $identity, $session;
37
38 echo '<input type=hidden value="';
39 if (substr($body, 0, 1) == "\r") {
40 echo "\n";
41 }
42 echo htmlspecialchars($body) . '" name=body>' . "\n" .
43 '<input type=hidden value="' . $session . '" name=session>' . "\n" .
44 '<input type=hidden value="' . htmlspecialchars($subject) .
45 '" name=subject>' . "\n" .
46 '<input type=hidden value="' . htmlspecialchars($send_to) .
47 '" name=send_to>' . "\n" .
48 '<input type=hidden value="' . htmlspecialchars($send_to_cc) .
49 '" name=send_to_cc>' . "\n" .
50 '<input type=hidden value="' . htmlspecialchars($send_to_bcc) .
51 '" name=send_to_bcc>' . "\n" .
52 '<input type=hidden value="' . htmlspecialchars($identity) .
53 '" name=identity>' . "\n" .
54 '<input type=hidden name=mailbox value="' . htmlspecialchars($mailbox) .
55 "\">\n" . '<input type=hidden value="true" name=from_htmladdr_search>' .
56 "\n";
57 }
58
59
60 /* List search results */
61 function addr_display_result($res, $includesource = true) {
62 global $color, $javascript_on, $PHP_SELF;
63
64 if (sizeof($res) <= 0) return;
65
66 echo '<form method=post action="' . $PHP_SELF . '" name="addrbook">'."\n" .
67 '<input type=hidden name="html_addr_search_done" value="true">' . "\n";
68 addr_insert_hidden();
69 $line = 0;
70
71 if ($javascript_on) {
72 print
73 '<script language="JavaScript" type="text/javascript">' .
74 "\n<!-- \n" .
75 "function CheckAll(ch) {\n" .
76 " for (var i = 0; i < document.addrbook.elements.length; i++) {\n" .
77 " if( document.addrbook.elements[i].type == 'checkbox' &&\n" .
78 " document.addrbook.elements[i].name.substr(0,16) == 'send_to_search['+ch ) {\n" .
79 " document.addrbook.elements[i].checked = !(document.addrbook.elements[i].checked);\n".
80 " }\n" .
81 " }\n" .
82 "}\n" .
83 "//-->\n" .
84 "</script>\n";
85 $chk_all = '<a href="#" onClick="CheckAll(\'T\');">' . _("All") . '</a>&nbsp;<font color="'.$color[9].'">To</font>'.
86 '&nbsp;&nbsp;'.
87 '<a href="#" onClick="CheckAll(\'C\');">' . _("All") . '</a>&nbsp;<font color="'.$color[9].'">Cc</font>'.
88 '&nbsp;&nbsp;'.
89 '<a href="#" onClick="CheckAll(\'B\');">' . _("All") . '</a>';
90 }
91 echo html_tag( 'table', '', 'center', '', 'border="0" width="98%"' ) .
92 html_tag( 'tr', '', '', $color[9] ) .
93 html_tag( 'th', '&nbsp;' . $chk_all, 'left' ) .
94 html_tag( 'th', '&nbsp;' . _("Name"), 'left' ) .
95 html_tag( 'th', '&nbsp;' . _("E-mail"), 'left' ) .
96 html_tag( 'th', '&nbsp;' . _("Info"), 'left' );
97
98 if ($includesource) {
99 echo html_tag( 'th', '&nbsp;' . _("Source"), 'left', '', 'width="10%"' );
100 }
101
102 echo "</tr>\n";
103
104 foreach ($res as $row) {
105 $tr_bgcolor = '';
106 $email = AddressBook::full_address($row);
107 if ($line % 2) { $tr_bgcolor = $color[0]; }
108 echo html_tag( 'tr', '', '', $tr_bgcolor, 'nowrap' ) .
109 html_tag( 'td',
110 '<input type=checkbox name="send_to_search[T' . $line . ']" value = "' .
111 htmlspecialchars($email) . '">&nbsp;' . _("To") . '&nbsp;' .
112 '<input type=checkbox name="send_to_search[C' . $line . ']" value = "' .
113 htmlspecialchars($email) . '">&nbsp;' . _("Cc") . '&nbsp;' .
114 '<input type=checkbox name="send_to_search[B' . $line . ']" value = "' .
115 htmlspecialchars($email) . '">&nbsp;' . _("Bcc") . '&nbsp;' ,
116 'center', '', 'width="5%" nowrap' ) .
117 html_tag( 'td', '&nbsp;' . htmlspecialchars($row['name']) . '&nbsp;', 'left', '', 'nowrap' ) .
118 html_tag( 'td', '&nbsp;' . htmlspecialchars($row['email']) . '&nbsp;', 'left', '', 'nowrap' ) .
119 html_tag( 'td', '&nbsp;' . htmlspecialchars($row['label']) . '&nbsp;', 'left', '', 'nowrap' );
120
121 if ($includesource) {
122 echo html_tag( 'td', '&nbsp;' . $row['source'] . '&nbsp;', 'left', '', 'nowrap' );
123 }
124 echo "</tr>\n";
125 $line ++;
126 }
127 if ($includesource) { $td_colspan = '5'; } else { $td_colspan = '4'; }
128 echo html_tag( 'tr',
129 html_tag( 'td',
130 '<INPUT TYPE=submit NAME="addr_search_done" VALUE="' .
131 _("Use Addresses") . '">' ,
132 'center', '', 'colspan="'. $td_colspan .'"' )
133 ) .
134 '</TABLE>' .
135 '<INPUT TYPE=hidden VALUE=1 NAME="html_addr_search_done">' .
136 '</FORM>';
137 }
138
139 /* --- End functions --- */
140
141 global $mailbox;
142 if ($compose_new_win == '1') {
143 compose_Header($color, $mailbox);
144 }
145 else {
146 displayPageHeader($color, $mailbox);
147 }
148 /* Initialize addressbook */
149 $abook = addressbook_init();
150
151
152 echo '<br>' .
153 html_tag( 'table',
154 html_tag( 'tr',
155 html_tag( 'td', '<b>' . _("Address Book Search") . '</b>', 'center', $color[0] )
156 ) ,
157 'center', '', 'width="95%" cellpadding="2" cellspacing="2" border="0"' );
158
159
160 /* Search form */
161 echo '<center>' .
162 html_tag( 'table', '', 'center', '', 'border="0"' ) .
163 html_tag( 'tr' ) .
164 html_tag( 'td', '', 'left', '', 'nowrap valign="middle"' ) . "\n" .
165 '<FORM METHOD=post NAME=f ACTION="' . $PHP_SELF .
166 '?html_addr_search=true">' . "\n<CENTER>\n" .
167 ' <nobr><STRONG>' . _("Search for") . "</STRONG>\n";
168 addr_insert_hidden();
169 if (! isset($addrquery))
170 $addrquery = '';
171 echo ' <INPUT TYPE=text NAME=addrquery VALUE="' .
172 htmlspecialchars($addrquery) . "\" SIZE=26>\n";
173
174 /* List all backends to allow the user to choose where to search */
175 if (!isset($backend)) { $backend = ''; }
176 if ($abook->numbackends > 1) {
177 echo '<STRONG>' . _("in") . '</STRONG>&nbsp;<SELECT NAME=backend>' . "\n" .
178 '<OPTION VALUE=-1';
179 if ($backend == -1) { echo ' SELECTED'; }
180 echo '>' . _("All address books") . "\n";
181 $ret = $abook->get_backend_list();
182 while (list($undef,$v) = each($ret)) {
183 echo '<OPTION VALUE=' . $v->bnum;
184 if ($backend == $v->bnum) { echo ' SELECTED'; }
185 echo '>' . $v->sname . "\n";
186 }
187 echo "</SELECT>\n";
188 } else {
189 echo '<INPUT TYPE=hidden NAME=backend VALUE=-1>' . "\n";
190 }
191 if (isset($session)) {
192 echo "<input type=hidden name=\"session\" value=\"$session\">";
193 }
194
195 echo '<INPUT TYPE=submit VALUE="' . _("Search") . '">' .
196 '&nbsp;|&nbsp;<INPUT TYPE=submit VALUE="' . _("List all") .
197 '" NAME=listall>' . "\n" .
198 '</FORM></center></TD></TR></TABLE>' . "\n";
199 addr_insert_hidden();
200 echo '</center>';
201 do_hook('addrbook_html_search_below');
202 /* End search form */
203
204 /* Show personal addressbook */
205
206 if ( !empty( $listall ) ){
207 $addrquery = '*';
208 }
209
210 if ($addrquery == '' && empty($listall)) {
211
212 if (! isset($backend) || $backend != -1 || $addrquery == '') {
213 if ($addrquery == '') {
214 $backend = $abook->localbackend;
215 }
216
217 /* echo '<H3 ALIGN=center>' . $abook->backends[$backend]->sname) . "</H3>\n"; */
218
219 $res = $abook->list_addr($backend);
220
221 if (is_array($res)) {
222 usort($res,'alistcmp');
223 addr_display_result($res, false);
224 } else {
225 echo html_tag( 'p', '<strong><br>' .
226 sprintf(_("Unable to list addresses from %s"),
227 $abook->backends[$backend]->sname) . "</strong>\n" ,
228 'center' );
229 }
230
231 } else {
232 $res = $abook->list_addr();
233 usort($res,'alistcmp');
234 addr_display_result($res, true);
235 }
236 exit;
237 }
238 else {
239
240 /* Do the search */
241 if (!empty($addrquery)) {
242
243 if ($backend == -1) {
244 $res = $abook->s_search($addrquery);
245 } else {
246 $res = $abook->s_search($addrquery, $backend);
247 }
248
249 if (!is_array($res)) {
250 echo html_tag( 'p', '<b><br>' .
251 _("Your search failed with the following error(s)") .
252 ':<br>' . $abook->error . "</b>\n" ,
253 'center' ) .
254 "\n</BODY></HTML>\n";
255 } else {
256 if (sizeof($res) == 0) {
257 echo html_tag( 'p', '<br><b>' .
258 _("No persons matching your search was found") . "</b>\n" ,
259 'center' ) .
260 "\n</BODY></HTML>\n";
261 } else {
262 addr_display_result($res);
263 }
264 }
265 }
266 }
267
268 if ($addrquery == '' || sizeof($res) == 0) {
269 /* printf('<center><FORM METHOD=post NAME=k ACTION="compose.php">'."\n", $PHP_SELF); */
270 echo '<center><FORM METHOD=post NAME=k ACTION="compose.php">' . "\n";
271 addr_insert_hidden();
272 echo '<INPUT TYPE=submit VALUE="' . _("Return") . '" NAME=return>' . "\n" .
273 '</form></center></nobr>';
274 }
275
276 ?>
277 </body></html>
Unnamed repository; edit this file 'description' to name the repository.