* scripts which do most of the work. Also handles the Special
* Folders.
*
- * @copyright © 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2018 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
/* get globals we may need */
sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
sqgetGlobalVar('smaction', $action, SQ_POST);
+sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
/* end of get globals */
-$imapConnection = sqimap_login ($username, false, $imapServerAddress, $imapPort, 0);
+global $imap_stream_options; // in case not defined in config
+$imapConnection = sqimap_login ($username, false, $imapServerAddress, $imapPort, 0, $imap_stream_options);
/* switch to the right function based on what the user selected */
if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) {
switch ($action)
{
case 'create':
+
+ // first, validate security token
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
sqgetGlobalVar('folder_name', $folder_name, SQ_POST);
sqgetGlobalVar('subfolder', $subfolder, SQ_POST);
sqgetGlobalVar('contain_subs', $contain_subs, SQ_POST);
sqgetGlobalVar('old_name', $old_name, SQ_POST);
folders_rename_getname($imapConnection, $delimiter, $old_name);
} else {
+
+ // first, validate security token
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
sqgetGlobalVar('orig', $orig, SQ_POST);
sqgetGlobalVar('old_name', $old_name, SQ_POST);
folders_rename_do($imapConnection, $delimiter, $orig, $old_name, $new_name);
}
sqgetGlobalVar('folder_name', $folder_name, SQ_POST);
if ( sqgetGlobalVar('confirmed', $dummy, SQ_POST) ) {
+
+ // first, validate security token
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
folders_delete_do($imapConnection, $delimiter, $folder_name);
$td_str = _("Deleted folder successfully.");
} else {
}
break;
case 'subscribe':
+
+ // first, validate security token
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
sqgetGlobalVar('folder_names', $folder_names, SQ_POST);
folders_subscribe($imapConnection, $folder_names);
$td_str = _("Subscribed successfully.");
break;
case 'unsubscribe':
+
+ // first, validate security token
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
sqgetGlobalVar('folder_names', $folder_names, SQ_POST);
folders_unsubscribe($imapConnection, $folder_names);
$td_str = _("Unsubscribed successfully.");
}
if (isset($td_str)) {
- $oTemplate->assign('note', htmlspecialchars($td_str));
+ $oTemplate->assign('note', sm_encode_html_special_chars($td_str));
$oTemplate->display('note.tpl');
}
}
if ($use_folder) {
- $box_enc = htmlspecialchars($box_a['unformatted-dm']);
- $box_disp = htmlspecialchars(imap_utf7_decode_local($box_a['unformatted-disp']));
+ $box_enc = sm_encode_html_special_chars($box_a['unformatted-dm']);
+ $box_disp = sm_encode_html_special_chars(imap_utf7_decode_local($box_a['unformatted-disp']));
$subbox_option_list[] = array( 'Value' => $box_enc, 'Display' => $box_disp);
}
}