Identify SquirrelMail with User-Agent, not X-Mailer. Some researching learns

[squirrelmail.git] / src / image.php

diff --git a/src/image.php b/src/image.php
index 33b8efaf148951e2b2b16ee55acb8b95196e6e07..b27a47244774da1e023e144bad29483da5faf15a 100644 (file)
--- a/src/image.php
+++ b/src/image.php
@@ -3,7 +3,7 @@
 /**
  * image.php
  *
- * Copyright (c) 1999-2002 The SquirrelMail Project Team
+ * Copyright (c) 1999-2003 The SquirrelMail Project Team
  * Licensed under the GNU GPL. For full terms see the file COPYING.
  *
  * This file shows an attached image
@@ -24,10 +24,10 @@ require_once(SM_PATH . 'include/load_prefs.php');
 displayPageHeader($color, 'None');
 
 /* globals */
-
 $mailbox = $_GET['mailbox'];
-$passed_id = $_GET['passed_id'];
-
+$passed_id = (int) $_GET['passed_id'];
+$ent_id = $_GET['ent_id'];
+$QUERY_STRING = $_SERVER['QUERY_STRING'];
 /* end globals */
 
 echo '<BR>' . 
@@ -37,14 +37,14 @@ echo '<BR>' .
     '<B><CENTER>' .
     _("Viewing an image attachment") . " - ";
 
-$msg_url = 'read_body.php?' . $QUERY_STRING;
+$msg_url = 'read_body.php?' . urlencode(strip_tags(urldecode($QUERY_STRING)));
 $msg_url = set_url_var($msg_url, 'ent_id', 0);
 echo '<a href="'.$msg_url.'">'. _("View message") . '</a>';
 
 
 $DownloadLink = '../src/download.php?passed_id=' . $passed_id .
                '&amp;mailbox=' . urlencode($mailbox) . 
-               '&amp;ent_id=' . $ent_id . '&amp;absolute_dl=true';
+               '&amp;ent_id=' . urlencode($ent_id) . '&amp;absolute_dl=true';
 
 echo '</b></td></tr>' . "\n" .
     '<tr><td align=center><A HREF="' . $DownloadLink . '">' .