Allow more liberal reuse of tokens to avoid cross-frame conflicts

[squirrelmail.git] / functions / imap_mailbox.php

diff --git a/functions/imap_mailbox.php b/functions/imap_mailbox.php
index d7898efe9cc911e52e46f6867290ec606da1b5d0..23bf83825441708d560d3a90f3b23a52d36d0a4c 100755 (executable)
--- a/functions/imap_mailbox.php
+++ b/functions/imap_mailbox.php
@@ -5,7 +5,7 @@
  *
  * This implements all functions that manipulate mailboxes
  *
- * @copyright 1999-2011 The SquirrelMail Project Team
+ * @copyright 1999-2012 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -220,6 +220,7 @@ function isBoxBelow( $subbox, $parentbox ) {
  *
  * Since 1.4.3 hook supports more than one plugin.
  *
+//FIXME: make $subfolders_of_inbox_are_special a configuration setting in conf.pl and config.php
  * Since 1.4.22/1.5.2, the administrator can add
  * $subfolders_of_inbox_are_special = TRUE;
  * to config/config_local.php and all subfolders
@@ -431,7 +432,7 @@ function sqimap_mailbox_select ($imap_stream, $mailbox) {
      */
     if (strstr($mailbox, '../') || substr($mailbox, 0, 1) == '/') {
         global $oTemplate;
-        error_box(sprintf(_("Invalid mailbox name: %s"),htmlspecialchars($mailbox)));
+        error_box(sprintf(_("Invalid mailbox name: %s"),sm_encode_html_special_chars($mailbox)));
         sqimap_logout($imap_stream);
         $oTemplate->display('footer.tpl');
         die();
@@ -783,7 +784,7 @@ function sqimap_mailbox_option_array($imap_stream, $folder_skip = 0, $boxes = 0,
                           // i18n: Name of Drafts folder
                           $box2 = $pad . _("Drafts");
                       } else {
-                          $box2 = str_replace('  ', '. ', htmlspecialchars($boxes_part['formatted']));
+                          $box2 = str_replace('  ', '. ', sm_encode_html_special_chars($boxes_part['formatted']));
                       }
                     break;
                   case SMPREF_MAILBOX_SELECT_INDENTED:
@@ -797,16 +798,16 @@ function sqimap_mailbox_option_array($imap_stream, $folder_skip = 0, $boxes = 0,
                           $pad = str_pad('',12 * (count(explode($delimiter,$boxes_part['unformatted-dm']))-1),'  ');
                           $box2 = $pad . _("Drafts");
                       } else {
-                          $box2 = str_replace('  ', '  ', htmlspecialchars($boxes_part['formatted']));
+                          $box2 = str_replace('  ', '  ', sm_encode_html_special_chars($boxes_part['formatted']));
                       }
                     break;
                   default:  /* default, long names, style = 0 */
-                    $box2 = str_replace(' ', ' ', htmlspecialchars(imap_utf7_decode_local($boxes_part['unformatted-disp'])));
+                    $box2 = str_replace(' ', ' ', sm_encode_html_special_chars(imap_utf7_decode_local($boxes_part['unformatted-disp'])));
                     break;
                 }
             }
             
-            $a[htmlspecialchars($box)] = $box2;
+            $a[sm_encode_html_special_chars($box)] = $box2;
         }
     }
     
@@ -842,12 +843,12 @@ function sqimap_mailbox_option_list($imap_stream, $show_selected = 0, $folder_sk
     
     $str = '';
     foreach ($boxes as $value=>$option) {
-        $lowerbox = strtolower(htmlspecialchars($value));
+        $lowerbox = strtolower(sm_encode_html_special_chars($value));
         $sel = false;
         if ($show_selected != 0) {
             reset($show_selected);
             while (!$sel && (list($x, $val) = each($show_selected))) {
-                if (strtolower($value) == strtolower(htmlspecialchars($val))) {
+                if (strtolower($value) == strtolower(sm_encode_html_special_chars($val))) {
                     $sel = true;
                 }
             }