* This contains functions that display mailbox information, such as the
* table row that has sender, date, subject, etc...
*
- * @copyright © 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2010 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
}
$sTmp = decodeHeader($sTmp);
if (isset($aColumnDesc[$k]['truncate']) && $aColumnDesc[$k]['truncate']) {
- $sTrunc = truncateWithEntities($sTmp, $aColumnDesc[$k]['truncate']);
+ $sTrunc = sm_truncate_string($sTmp, $aColumnDesc[$k]['truncate'], '...', TRUE);
if ($sTrunc != $sTmp) {
if (!$title) {
$title = $sTmp;
$iIndent = (isset($aIndentArray[$aId[$i]])) ? $aIndentArray[$aId[$i]] : 0;
// FIXME: don't break 8bit symbols and html entities during truncation
if (isset($aColumnDesc[$k]['truncate']) && $aColumnDesc[$k]['truncate']) {
- $sTmp = truncateWithEntities($value, $aColumnDesc[$k]['truncate']-$iIndent);
+ $sTmp = sm_truncate_string($value, $aColumnDesc[$k]['truncate']-$iIndent, '...', TRUE);
// drop any double spaces since these will be displayed in the title
$title = ($sTmp != $value) ? preg_replace('/\s{2,}/', ' ', $value) : '';
$value = $sTmp;
$source_url = $php_self;
}
- $baseurl = $source_url.'?mailbox=' . urlencode($aMailbox['NAME']) .'&account='.$aMailbox['ACCOUNT'];
+ $baseurl = $source_url.'?mailbox=' . urlencode($aMailbox['NAME']) .'&account='.$aMailbox['ACCOUNT'] . (strpos($source_url, 'src/search.php') ? '&smtoken=' . sm_generate_security_token() : '');
$where = urlencode($aMailbox['SEARCH'][$iSetIndx][0]);
$what = urlencode($aMailbox['SEARCH'][$iSetIndx][1]);
$baseurl .= '&where=' . $where . '&what=' . $what;
}
-/**
- * Truncates a string and take care of html encoded characters
- *
- * @param string $s string to truncate
- * @param int $iTrimAt Trim at nn characters
- * @return string Trimmed string
- */
-function truncateWithEntities($s, $iTrimAt) {
- global $languages, $squirrelmail_language;
-
- $ent_strlen = strlen($s);
- if (($iTrimAt <= 0) || ($ent_strlen <= $iTrimAt))
- return $s;
-
- if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
- function_exists($languages[$squirrelmail_language]['XTRA_CODE'] . '_strimwidth')) {
- return call_user_func($languages[$squirrelmail_language]['XTRA_CODE'] . '_strimwidth', $s, $iTrimAt);
- } else {
- /*
- * see if this is entities-encoded string
- * If so, Iterate through the whole string, find out
- * the real number of characters, and if more
- * than $iTrimAt, substr with an updated trim value.
- */
- $trim_val = $iTrimAt;
- $ent_offset = 0;
- $ent_loc = 0;
- while ( $ent_loc < $trim_val && (($ent_loc = strpos($s, '&', $ent_offset)) !== false) &&
- (($ent_loc_end = strpos($s, ';', $ent_loc+3)) !== false) ) {
- $trim_val += ($ent_loc_end-$ent_loc);
- $ent_offset = $ent_loc_end+1;
- }
-
- if (($trim_val > $iTrimAt) && ($ent_strlen > $trim_val) && (strpos($s,';',$trim_val) < ($trim_val + 6))) {
- $i = strpos($s,';',$trim_val);
- if ($i !== false) {
- $trim_val = strpos($s,';',$trim_val)+1;
- }
- }
- // only print '...' when we're actually dropping part of the subject
- if ($ent_strlen <= $trim_val)
- return $s;
- }
- return substr_replace($s, '...', $trim_val);
-}
-
-
/**
* Process messages list form and handle the cache gracefully. If $sButton and
* $aUid are provided as argument then you can fake a message list submit and
$aUid = (isset($msg) && is_array($msg)) ? array_values($msg) : $aUid;
if (count($aUid) && $sButton != 'expunge') {
+ // don't do anything to any messages until we have done security check
+ // FIXME: not sure this code really belongs here, but there's nowhere else to put it with this architecture
+ sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
// make sure message UIDs are sanitized (BIGINT)
foreach ($aUid as $i => $uid)
$aUid[$i] = (preg_match('/^[0-9]+$/', $uid) ? $uid : '0');
projects / squirrelmail.git / blobdiff