Happy New Year

[squirrelmail.git] / plugins / spamcop / spamcop.php

diff --git a/plugins/spamcop/spamcop.php b/plugins/spamcop/spamcop.php
index 5dc226b25af00d4575262c9a02feae6ed2af30bd..1a5bbc0fc9378ca1d07ec1893f6dbdf05001bc01 100644 (file)
--- a/plugins/spamcop/spamcop.php
+++ b/plugins/spamcop/spamcop.php
@@ -3,7 +3,7 @@
 /**
  * spamcop.php -- SpamCop plugin -- main page
  *
- * @copyright © 1999-2006 The SquirrelMail Project Team
+ * @copyright 1999-2018 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
@@ -14,20 +14,21 @@
  * Include the SquirrelMail initialization file.
  */
 require('../../include/init.php');
-
+/* IMAP functions depend on date and mime */
+include_once(SM_PATH . 'functions/date.php');
+include_once(SM_PATH . 'functions/mime.php');
+/* IMAP functions */
 include_once(SM_PATH . 'functions/imap_general.php');
 include_once(SM_PATH . 'functions/imap_messages.php');
 /* plugin functions */
 include_once(SM_PATH . 'plugins/spamcop/functions.php');
 
-/* GLOBALS */
+include_once(SM_PATH . 'functions/compose.php');
 
-sqgetGlobalVar('username', $username, SQ_SESSION);
-sqgetGlobalVar('key',      $key,      SQ_COOKIE);
-sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
+/* GLOBALS */
 
 sqgetGlobalVar('mailbox', $mailbox, SQ_GET);
-sqgetGlobalVar('passed_id', $passed_id, SQ_GET);
+sqgetGlobalVar('passed_id', $passed_id, SQ_GET, NULL, SQ_TYPE_BIGINT);
 sqgetGlobalVar('js_web', $js_web, SQ_GET);
 
 if (! sqgetGlobalVar('startMessage', $startMessage, SQ_GET) ) {
@@ -59,13 +60,14 @@ if ($js_web) {
 
 /** is spamcop plugin disabled */
 if (! is_plugin_enabled('spamcop')) {
-    error_box(_("Plugin is disabled."),$color);
-    echo "\n</body></html>\n";
+    error_box(_("Plugin is disabled."));
+    // display footer (closes html tags) and stop script execution
+    $oTemplate->display('footer.tpl');
     exit();
 }
 
-    $imap_stream = sqimap_login($username, $key, $imapServerAddress,
-       $imapPort, 0);
+    global $imap_stream_options; // in case not defined in config
+    $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imap_stream_options);
     sqimap_mailbox_select($imap_stream, $mailbox);
 
     if ($spamcop_method == 'quick_email' ||
@@ -118,9 +120,9 @@ echo "</p>";
   echo '<form method="post" action="javascript:return false">';
   echo '<input type="button" value="' . _("Close Window") . "\" onclick=\"window.close(); return true;\" />\n";
 } else {
-   ?><form method="post" action="../../src/right_main.php">
-  <input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox) ?>" />
-  <input type="hidden" name="startMessage" value="<?php echo htmlspecialchars($startMessage) ?>" />
+   ?><form method="post" action="<?php echo sqm_baseuri(); ?>src/right_main.php">
+  <input type="hidden" name="mailbox" value="<?php echo sm_encode_html_special_chars($mailbox) ?>" />
+  <input type="hidden" name="startMessage" value="<?php echo sm_encode_html_special_chars($startMessage) ?>" />
 <?php
   echo '<input type="submit" value="' . _("Cancel / Done") . "\" />";
 }
@@ -133,16 +135,17 @@ echo "</p>";
       $report_email = 'submit.' . $spamcop_id . '@spam.spamcop.net';
    else
       $report_email = 'quick.' . $spamcop_id . '@spam.spamcop.net';
-   $form_action = SM_PATH . 'src/compose.php';
+   $form_action = sqm_baseuri() . 'src/compose.php';
 ?>  <form method="post" action="<?php echo $form_action?>">
-  <input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox) ?>" />
-  <input type="hidden" name="spamcop_is_composing" value="<?php echo htmlspecialchars($passed_id) ?>" />
-  <input type="hidden" name="send_to" value="<?php echo htmlspecialchars($report_email)?>" />
+  <input type="hidden" name="smtoken" value="<?php echo sm_generate_security_token() ?>" />
+  <input type="hidden" name="mailbox" value="<?php echo sm_encode_html_special_chars($mailbox) ?>" />
+  <input type="hidden" name="spamcop_is_composing" value="<?php echo sm_encode_html_special_chars($passed_id) ?>" />
+  <input type="hidden" name="send_to" value="<?php echo sm_encode_html_special_chars($report_email)?>" />
   <input type="hidden" name="subject" value="reply anyway" />
   <input type="hidden" name="identity" value="0" />
   <input type="hidden" name="session" value="<?php echo $session?>" />
 <?php
-  echo '<input type="submit" name="send" value="' . _("Send Spam Report") . "\" />\n";
+  echo '<input type="submit" name="send1" value="' . _("Send Spam Report") . "\" />\n";
 } else {
    $spam_message = mime_fetch_body ($imap_stream, $passed_id, $passed_ent_id, 50000);
 
@@ -150,11 +153,8 @@ echo "</p>";
       $Warning = "\n[truncated by SpamCop]\n";
       $spam_message = substr($spam_message, 0, 50000 - strlen($Warning)) . $Warning;
    }
-   if ($spamcop_type=='member') {
-     $action_url="http://members.spamcop.net/sc";
-   } else {
-     $action_url="http://www.spamcop.net/sc";
-   }
+   $action_url="http://members.spamcop.net/sc";
+
    if (isset($js_web) && $js_web) {
      echo "<form method=\"post\" action=\"$action_url\" name=\"submitspam\"".
        " enctype=\"multipart/form-data\">\n";
@@ -164,8 +164,7 @@ echo "</p>";
    } ?>
   <input type="hidden" name="action" value="submit" />
   <input type="hidden" name="oldverbose" value="1" />
-  <input type="hidden" name="code" value="<?php echo htmlspecialchars($spamcop_id) ?>" />
-  <input type="hidden" name="spam" value="<?php echo htmlspecialchars($spam_message); ?>" />
+  <input type="hidden" name="spam" value="<?php echo sm_encode_html_special_chars($spam_message); ?>" />
     <?php
         echo '<input type="submit" name="x1" value="' . _("Send Spam Report") . "\" />\n";
     }
@@ -174,4 +173,4 @@ echo "</p>";
 </tr>
 </table>
 </body>
-</html>
\ No newline at end of file
+</html>