Alexandros Vellis: Bugfix

[squirrelmail.git] / plugins / mail_fetch / options.php

diff --git a/plugins/mail_fetch/options.php b/plugins/mail_fetch/options.php
index b2c7adc261eca6ac3dba45ab1e7134b83bb43c01..2d019413bd9a4316db519a0f290725a32b675899 100644 (file)
--- a/plugins/mail_fetch/options.php
+++ b/plugins/mail_fetch/options.php
@@ -3,7 +3,7 @@
 /**
  * mail_fetch/options.php
  *
- * Copyright (c) 1999-2002 The SquirrelMail Project Team
+ * Copyright (c) 1999-2003 The SquirrelMail Project Team
  * Licensed under the GNU GPL. For full terms see the file COPYING.
  *
  * Setup of the mailfetch plugin.
@@ -260,7 +260,7 @@ require_once(SM_PATH . 'include/load_prefs.php');
             echo '<b>' . _("Server Name:") . '</b> <select name="mf_sn">';
             for ($i=0;$i<$mailfetch_server_number;$i++) {
                 echo "<option value=\"$i\">" .
-                    (($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i]) . "</option>>";
+                    htmlspecialchars( (($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) . "</option>>";
             }
             echo '</select>'.
                  '&nbsp;&nbsp;<INPUT TYPE=submit name=mf_action value="' . _("Modify") . '">'.
@@ -286,7 +286,7 @@ require_once(SM_PATH . 'include/load_prefs.php');
                     html_tag( 'td',
                         "<INPUT TYPE=\"hidden\" NAME=\"mf_sn\" VALUE=\"$mf_sn\">" .
                         '<INPUT TYPE="hidden" NAME="mf_action" VALUE="confirm_delete">' .
-                        '<br>' . _("Selected Server:") . " <b>$mailfetch_server_[$mf_sn]</b><br>" .
+                        '<br>' . _("Selected Server:") . " <b>" . htmlentities($mailfetch_server_[$mf_sn]) . "</b><br>" .
                         _("Confirm delete of selected server?") . '<br><br>' .
                         '<input type=submit name=submit_mailfetch value="' . _("Confirm Delete") . '">' .
                         '<br></form>' ,
@@ -313,7 +313,7 @@ require_once(SM_PATH . 'include/load_prefs.php');
             html_tag( 'table' ) .
                 html_tag( 'tr',
                     html_tag( 'th', _("Server:"), 'right' ) .
-                    html_tag( 'td', '<input type="text" name="mf_server" value="' . $mailfetch_server_[$mf_sn] . '" size="40">', 'left' )
+                    html_tag( 'td', '<input type="text" name="mf_server" value="' . htmlentities($mailfetch_server_[$mf_sn]) . '" size="40">', 'left' )
                 ) .
                 html_tag( 'tr',
                     html_tag( 'th', _("Port:"), 'right' ) .
@@ -321,7 +321,7 @@ require_once(SM_PATH . 'include/load_prefs.php');
                 ) .
                 html_tag( 'tr',
                     html_tag( 'th', _("Alias:"), 'right' ) .
-                    html_tag( 'td', '<input type="text" name="mf_alias" value="' . $mailfetch_alias_[$mf_sn] . '" size="40">', 'left' )
+                    html_tag( 'td', '<input type="text" name="mf_alias" value="' . htmlentities($mailfetch_alias_[$mf_sn]) . '" size="40">', 'left' )
                 ) .
                 html_tag( 'tr',
                     html_tag( 'th', _("Username:"), 'right' ) .
@@ -339,10 +339,11 @@ require_once(SM_PATH . 'include/load_prefs.php');
         $boxes = sqimap_mailbox_list($imapConnection);
         echo '<select name="mf_subfolder">';
         $selected = 0;
-        if ( isset($mf_subfolder) )
-          $selected = array(strtolower($mf_subfolder));
-        echo sqimap_mailbox_option_list($imapConnection, $selected);
-        echo '</select></td></tr>' .
+        if ( isset($mailfetch_subfolder_[$mf_sn]) ) {
+            $selected = array(strtolower($mailfetch_subfolder_[$mf_sn]));
+       } 
+        echo sqimap_mailbox_option_list($imapConnection, $selected) .
+             '</select></td></tr>' .
 
                 html_tag( 'tr',
                     html_tag( 'th', '&nbsp;', 'right' ) .