* This contains functions that display mailbox information, such as the
* table row that has sender, date, subject, etc...
*
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright © 1999-2009 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
$aFlagColumn = array('seen' => false,
'deleted'=>false,
'answered'=>false,
+ 'forwarded'=>false,
'flagged' => false,
'draft' => false);
if(!is_array($value)) $value = array();
foreach ($value as $sFlag => $v) {
switch ($sFlag) {
- case '\\seen' : $aFlagColumn['seen'] = true; break;
- case '\\deleted' : $aFlagColumn['deleted'] = true; break;
- case '\\answered': $aFlagColumn['answered'] = true; break;
- case '\\flagged' : $aFlagColumn['flagged'] = true; break;
- case '\\draft' : $aFlagColumn['draft'] = true; break;
+ case '\\seen' : $aFlagColumn['seen'] = true; break;
+ case '\\deleted' : $aFlagColumn['deleted'] = true; break;
+ case '\\answered': $aFlagColumn['answered'] = true; break;
+ case '$forwarded': $aFlagColumn['forwarded'] = true; break;
+ case '\\flagged' : $aFlagColumn['flagged'] = true; break;
+ case '\\draft' : $aFlagColumn['draft'] = true; break;
default: break;
}
}
$source_url = $php_self;
}
- $baseurl = $source_url.'?mailbox=' . urlencode($aMailbox['NAME']) .'&account='.$aMailbox['ACCOUNT'];
+ $baseurl = $source_url.'?mailbox=' . urlencode($aMailbox['NAME']) .'&account='.$aMailbox['ACCOUNT'] . (strpos($source_url, 'src/search.php') ? '&smtoken=' . sm_generate_security_token() : '');
$where = urlencode($aMailbox['SEARCH'][$iSetIndx][0]);
$what = urlencode($aMailbox['SEARCH'][$iSetIndx][1]);
$baseurl .= '&where=' . $where . '&what=' . $what;
$aUid = (isset($msg) && is_array($msg)) ? array_values($msg) : $aUid;
if (count($aUid) && $sButton != 'expunge') {
+ // don't do anything to any messages until we have done security check
+ // FIXME: not sure this code really belongs here, but there's nowhere else to put it with this architecture
+ sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
// make sure message UIDs are sanitized (BIGINT)
foreach ($aUid as $i => $uid)
$aUid[$i] = (preg_match('/^[0-9]+$/', $uid) ? $uid : '0');
if (count($aMsgHeaders)) {
$composesession = attachSelectedMessages($imapConnection,$aMsgHeaders);
// dirty hack, add info to $aMailbox
- $aMailbox['FORWARD_SESSION'] = $composesession;
+ $aMailbox['FORWARD_SESSION']['SESSION_NUMBER'] = $composesession;
+ $aMailbox['FORWARD_SESSION']['UIDS'] = $aUid;
}
break;
default:
$message = $aMailbox['MSG_HEADERS'][$iUid]['MESSAGE_OBJECT'];
$message->is_seen = false;
$message->is_answered = false;
+ $message->is_forwarded = false;
$message->is_deleted = false;
$message->is_flagged = false;
$message->is_mdnsent = false;
$message->is_seen = true;
else if (strtolower($flag) == '\\answered' && $value)
$message->is_answered = true;
+ else if (strtolower($flag) == '$forwarded' && $value)
+ $message->is_forwarded = true;
else if (strtolower($flag) == '\\deleted' && $value)
$message->is_deleted = true;
else if (strtolower($flag) == '\\flagged' && $value)