Typo making '">' and argument, and probably messing up the posting of

[squirrelmail.git] / plugins / mail_fetch / fetch.php

diff --git a/plugins/mail_fetch/fetch.php b/plugins/mail_fetch/fetch.php
index 6e37fa7e34a5dcb2db70e7783f32aa8d0f121832..73755e9cb6fa6f60b8cd2da2c06181bd00496b9e 100644 (file)
--- a/plugins/mail_fetch/fetch.php
+++ b/plugins/mail_fetch/fetch.php
@@ -21,20 +21,20 @@ require_once(SM_PATH . 'plugins/mail_fetch/class.POP3.php');
 require_once(SM_PATH . 'plugins/mail_fetch/functions.php' );
 require_once(SM_PATH . 'functions/html.php' );
 
-    /* globals */ 
-    $username = $_SESSION['username'];
-    $key = $_COOKIE['key'];
-    $onetimepad = $_SESSION['onetimepad'];
-    $delimter = $_SESSION['delimiter'];
+/* globals */ 
+sqgetGlobalVar('username',   $username,   SQ_SESSION);
+sqgetGlobalVar('key',        $key,        SQ_COOKIE);
+sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
+sqgetGlobalVar('delimiter',  $delimiter,  SQ_SESSION);
 
-    /* This form, like the advanced identities form
-       uses dynamic post variable names so we need
-       to extract the whole $_POST array to make 
-       things work
-    */
+/* FIXME: This form, like the advanced identities form
+ * uses dynamic post variable names so we need
+ * to extract the whole $_POST array to make 
+ * things work
+ */
 
-    extract($_POST);
-    /* end globals */
+extract($_POST);
+/* end globals */
 
     function Mail_Fetch_Status($msg) {
         echo html_tag( 'table',
@@ -86,7 +86,7 @@ require_once(SM_PATH . 'functions/html.php' );
                          '<option value="all" selected>..' . _("All") . "...\n";
         for ($i=0;$i<$mailfetch_server_number;$i++) {
              echo "<option value=\"$i\">" .
-                  (($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i]) .
+                 htmlspecialchars((($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) .
                   '</option>' . "\n";
         } 
         echo            '</select>' .
@@ -98,18 +98,17 @@ require_once(SM_PATH . 'functions/html.php' );
              if ($mailfetch_pass_[$i]=='') {
                   echo html_tag( 'tr',
                               html_tag( 'td', _("Password for") . ' <b>' .
-                                  (($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i]) .
+                                  htmlspecialchars((($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) .
                                   '</b>: &nbsp; &nbsp; ',
                               'right' ) .
-                              html_tag( 'td', '<input type="password" name="pass_' . $i , '">', 'left' )
+                              html_tag( 'td', '<input type="password" name="pass_' . $i . '">', 'left' )
                           );
              }
         }
         echo html_tag( 'tr',
                    html_tag( 'td', '&nbsp;' ) .
                    html_tag( 'td', '<input type=submit name=submit_mailfetch value="' . _("Fetch Mail"). '">', 'left' )
-               );
-
+               ) .
              '</table></form>';
         exit();
     }
@@ -144,7 +143,7 @@ require_once(SM_PATH . 'functions/html.php' );
         html_tag( 'table',
             html_tag( 'tr',
                 html_tag( 'td', '<b>' . _("Fetching from ") . 
-                    (($mailfetch_alias_[$i_loop] == '')?$mailfetch_server:$mailfetch_alias_[$i_loop]) . 
+                    htmlspecialchars((($mailfetch_alias_[$i_loop] == '')?$mailfetch_server:$mailfetch_alias_[$i_loop])) . 
                     '</b>',
                 'center' ) ,
             '', $color[9] ) ,