* This contains functions that display mailbox information, such as the
* table row that has sender, date, subject, etc...
*
- * @copyright © 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2009 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
$source_url = $php_self;
}
- $baseurl = $source_url.'?mailbox=' . urlencode($aMailbox['NAME']) .'&account='.$aMailbox['ACCOUNT'];
+ $baseurl = $source_url.'?mailbox=' . urlencode($aMailbox['NAME']) .'&account='.$aMailbox['ACCOUNT'] . (strpos($source_url, 'src/search.php') ? '&smtoken=' . sm_generate_security_token() : '');
$where = urlencode($aMailbox['SEARCH'][$iSetIndx][0]);
$what = urlencode($aMailbox['SEARCH'][$iSetIndx][1]);
$baseurl .= '&where=' . $where . '&what=' . $what;
// don't do anything to any messages until we have done security check
// FIXME: not sure this code really belongs here, but there's nowhere else to put it with this architecture
- // FIXME: we might need to open this up to SQ_FORM instead, especially for plugins (?)
- sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
+ sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
sm_validate_security_token($submitted_token, 3600, TRUE);
// make sure message UIDs are sanitized (BIGINT)