*
* Displays messagelist column order options
*
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2020 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
* @subpackage prefs
*/
+/** This is the options_order page */
+define('PAGE_NAME', 'options_order');
+
/**
* Include the SquirrelMail initialization file.
*/
if (!sqgetGlobalVar('method', $method)) {
$method = '';
} else {
- $method = htmlspecialchars($method);
+ $method = sm_encode_html_special_chars($method);
}
if (!sqgetGlobalVar('positions', $pos, SQ_GET)) {
$pos = 0;
}
if (sqgetGlobalVar('mailbox', $mailbox, SQ_GET)) {
- $aMailboxPrefs = unserialize(getPref($data_dir, $username, "pref_".$iAccount.'_'.urldecode($mailbox)));
+ $aMailboxPrefs = unserialize(getPref($data_dir, $username, "pref_".$iAccount.'_'.$mailbox));
if (isset($aMailboxPrefs[MBX_PREF_COLUMNS])) {
$index_order = $aMailboxPrefs[MBX_PREF_COLUMNS];
}
}
}
+// FIXME: why are we using this? $PHP_SELF is already a global var processed (and therefore trustworthy) by init.php
sqgetGlobalVar('PHP_SELF', $PHP_SELF, SQ_SERVER);
$x = isset($mailbox) && $mailbox ? '&mailbox='.urlencode($mailbox) : '';
$oTemplate->assign('not_used', $opts);
$oTemplate->assign('always_show', array(SQM_COL_SUBJ, SQM_COL_FLAGS));
+// FIXME: (related to the above) $PHP_SELF might already have a query string... don't assume otherwise here by adding the ? sign!!
$oTemplate->assign('move_up', $PHP_SELF .'?method=move&positions=-1'. $x .'&num=');
$oTemplate->assign('move_down', $PHP_SELF .'?method=move&positions=1'. $x .'&num=');
$oTemplate->assign('remove', $PHP_SELF .'?method=remove'. $x .'&num=');
$oTemplate->display('options_order.tpl');
$oTemplate->display('footer.tpl');
-?>
projects / squirrelmail.git / blobdiff