* Subfolder search idea from Patch #806075 by Thomas Pohl xraven at users.sourceforge.net. Thanks Thomas!
*
* @author Alex Lemaresquier - Brainstorm <alex at brainstorm.fr>
- * @copyright © 1999-2006 The SquirrelMail Project Team
+ * @copyright 1999-2020 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
* @todo explain why references are used in function calls
*/
+/** This is the search page */
+define('PAGE_NAME', 'search');
+
/**
* Include the SquirrelMail initialization file.
*/
require_once(SM_PATH . 'functions/imap_messages.php');
require_once(SM_PATH . 'functions/imap_general.php');
require_once(SM_PATH . 'functions/mime.php');
-require_once(SM_PATH . 'functions/mailbox_display.php'); //getButton()
+require_once(SM_PATH . 'functions/mailbox_display.php'); //sqm_api_mailbox_select
require_once(SM_PATH . 'functions/forms.php');
require_once(SM_PATH . 'functions/date.php');
+require_once(SM_PATH . 'functions/compose.php');
/** Prefs array ordinals. Must match $recent_prefkeys and $saved_prefkeys
*/
$cur_mailbox = 'INBOX';
$biop = asearch_nz($biop_array[$crit_num]);
if (($query_display == '') || ($cur_mailbox != $last_mailbox)) {
- $mailbox_display = ' <span class="mailbox">' . htmlspecialchars(asearch_get_mailbox_display($cur_mailbox)) . '</span>';
+ $mailbox_display = ' <span class="mailbox">' . sm_encode_html_special_chars(asearch_get_mailbox_display($cur_mailbox)) . '</span>';
if ($query_display == '')
$biop_display = _("In");
else
if ($what_type == 'adate')
$what_display = asearch_get_date_display($what);
else
- $what_display = htmlspecialchars($what);
+ $what_display = sm_encode_html_special_chars($what);
$what_display = ' <span class="value">' . $what_display . '</span>';
}
}
return $query_display;
}
-/**
- * Creates button
- *
- * @deprecated see form functions available in 1.5.1 and 1.4.3.
- * @param string $type
- * @param string $name
- * @param string $value
- * @param string $js
- * @param bool $enabled
- */
-function getButton($type, $name, $value, $js = '', $enabled = TRUE) {
- $disabled = ( $enabled ? '' : 'disabled ' );
- $js = ( $js ? $js.' ' : '' );
- return '<input '.$disabled.$js.
- 'type="'.$type.
- '" name="'.$name.
- '" value="'.$value .
- '" style="padding: 0px; margin: 0px" />';
-}
-
/**
* Print a whole query array, recent or saved
*
$oTemplate->assign('expand_collapse_toggle', '../src/search.php?'.$show_pref.'='.($show_flag==1 ? 0 : 1));
$oTemplate->assign('query_list', $a);
- $oTemplate->assign('save_recent', '../src/search.php?submit=save_recent&rownum=');
- $oTemplate->assign('do_recent', '../src/search.php?submit=search_recent&rownum=');
- $oTemplate->assign('forget_recent', '../src/search.php?submit=forget_recent&rownum=');
+ $oTemplate->assign('save_recent', '../src/search.php?submit=save_recent&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('do_recent', '../src/search.php?submit=search_recent&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('forget_recent', '../src/search.php?submit=forget_recent&smtoken=' . sm_generate_security_token() . '&rownum=');
- $oTemplate->assign('edit_saved', '../src/search.php?submit=edit_saved&rownum=');
- $oTemplate->assign('do_saved', '../src/search.php?submit=search_saved&rownum=');
- $oTemplate->assign('delete_saved', '../src/search.php?submit=delete_saved&rownum=');
+ $oTemplate->assign('edit_saved', '../src/search.php?submit=edit_saved&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('do_saved', '../src/search.php?submit=search_saved&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('delete_saved', '../src/search.php?submit=delete_saved&smtoken=' . sm_generate_security_token() . '&rownum=');
$oTemplate->display('search_list.tpl');
}
# Build the mailbox array
$a = array();
if (($mailbox != 'All Folders') && (!asearch_mailbox_exists($mailbox, $boxes))) {
- $a[$mailbox] = '[' . _("Missing") . '] ' . htmlspecialchars(asearch_get_mailbox_display($mailbox));
+ $a[$mailbox] = '[' . _("Missing") . '] ' . sm_encode_html_special_chars(asearch_get_mailbox_display($mailbox));
}
$a['All Folders'] = '[' . asearch_get_mailbox_display('All Folders') . ']';
$a = array_merge($a, sqimap_mailbox_option_array($imapConnection, 0, $boxes, NULL));
$oTemplate->assign('criteria', $c);
- echo '<form action="../src/search.php" name="form_asearch">' . "\n";
+ echo '<form action="../src/search.php" name="form_asearch">' . "\n"
+ . addHidden('smtoken', sm_generate_security_token()) . "\n";
$oTemplate->display('search_advanced.tpl');
echo "</form>\n";
}
# Build the mailbox array
$a = array();
if (($mailbox != 'All Folders') && (!asearch_mailbox_exists($mailbox, $boxes))) {
- $a[$mailbox] = '[' . _("Missing") . '] ' . htmlspecialchars(asearch_get_mailbox_display($mailbox));
+ $a[$mailbox] = '[' . _("Missing") . '] ' . sm_encode_html_special_chars(asearch_get_mailbox_display($mailbox));
}
$a['All Folders'] = '[' . asearch_get_mailbox_display('All Folders') . ']';
$a = array_merge($a, sqimap_mailbox_option_array($imapConnection, 0, $boxes, NULL));
$oTemplate->assign('unary_options', $imap_asearch_unops);
$oTemplate->assign('where_options', $imap_asearch_options);
- $oTemplate->assign('mailbox_sel', strtolower(htmlspecialchars($mailbox)));
+ $oTemplate->assign('mailbox_sel', strtolower(sm_encode_html_special_chars($mailbox)));
$oTemplate->assign('unary_sel', $unop);
$oTemplate->assign('where_sel', $where);
$oTemplate->assign('what_val', $what);
- echo '<form action="../src/search.php" name="form_asearch">' . "\n";
+ echo '<form action="../src/search.php" name="form_asearch">' . "\n"
+ . addHidden('smtoken', sm_generate_security_token()) . "\n";
$oTemplate->display('search.tpl');
echo "</form>\n";
}
/* ------------------------ main ------------------------ */
/* get globals we will need */
+sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
-if ( sqgetGlobalVar('checkall', $temp, SQ_GET) ) {
- $checkall = (int) $temp;
+if (!sqgetGlobalVar('checkall',$checkall,SQ_GET)) {
+ $checkall = false;
+}
+
+if (!sqgetGlobalVar('preselected', $preselected, SQ_GET) || !is_array($preselected)) {
+ $preselected = array();
+} else {
+ $preselected = array_keys($preselected);
}
/**
* @global string $submit
*/
$searchpressed = false;
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['submit'])) {
$submit = strip_tags($_GET['submit']);
}
/** Searched mailboxes
* @global array $mailbox_array
*/
-if (isset($_GET['mailbox'])) {
- $mailbox_array = $_GET['mailbox'];
- $targetmailbox = $_GET['mailbox'];
+/* when using compact paginator, mailbox might be indicated in $startMessage, so look for it now ($startMessage is then processed farther below) */
+$mailbox = '';
+$startMessage = '';
+if (sqGetGlobalVarMultiple('startMessage', $temp, 'paginator_submit', SQ_FORM)) {
+ if (strstr($temp, '_')) list($startMessage, $mailbox) = explode('_', $temp);
+ else $startMessage = $temp;
+}
+if (empty($mailbox)) sqGetGlobalVar('mailbox', $mailbox, SQ_GET, '');
+if (!empty($mailbox)) {
+ $mailbox_array = $mailbox;
+ $targetmailbox = $mailbox;
if (!is_array($mailbox_array)) {
$mailbox_array = array($mailbox_array);
}
/** Binary operators
* @global array $biop_array
*/
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['biop'])) {
$biop_array = $_GET['biop'];
if (!is_array($biop_array))
/** Unary operators
* @global array $unop_array
*/
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['unop'])) {
$unop_array = $_GET['unop'];
if (!is_array($unop_array))
/** Where to search
* @global array $where_array
*/
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['where'])) {
$where_array = $_GET['where'];
if (!is_array($where_array)) {
/** What to search
* @global array $what_array
*/
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['what'])) {
$what_array = $_GET['what'];
if (!is_array($what_array)) {
/** Whether to exclude this criteria from search
* @global array $exclude_array
*/
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['exclude'])) {
$exclude_array = $_GET['exclude'];
} else {
/** Search within subfolders
* @global array $sub_array
*/
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['sub'])) {
$sub_array = $_GET['sub'];
} else {
}
/** Row number used by recent and saved stuff
*/
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['rownum'])) {
$submit_rownum = strip_tags($_GET['rownum']);
}
asearch_edit_last(1);
// asearch_push_recent($mailbox_array, $biop_array, $unop_array, $where_array, $what_array, $exclude_array, $sub_array);
}
-//FIXME: the following gets the right startMessage value, but there is no indication of what form it came from (thus what mailbox folder needs to be paginated), so when using the compact paginator without javascript turned on, pagination is broken
-if (sqGetGlobalVarMultiple('startMessage', $temp, 'paginator_submit', SQ_FORM)) {
- $startMessage = (int) $temp;
+/* already retrieved startMessage above */
+if (!empty($startMessage)) {
+ $startMessage = (int) $startMessage;
asearch_edit_last(1);
// asearch_push_recent($mailbox_array, $biop_array, $unop_array, $where_array, $what_array, $exclude_array, $sub_array);
}
if (!isset($submit)) {
$submit = '';
} else {
+
+ // first validate security token
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
switch ($submit) {
case $search_button_text:
if (asearch_check_query($where_array, $what_array, $exclude_array) == '') {
uasort($imap_asearch_options, 'asearch_unhtml_strcoll');
/* open IMAP connection */
-$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
+global $imap_stream_options; // in case not defined in config
+$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imap_stream_options);
/* get mailboxes once here */
$boxes = sqimap_mailbox_list($imapConnection);
/* ensure we have a valid default mailbox name */
$mailbox = asearch_nz($mailbox_array[0]);
-if (($mailbox == '') || ($mailbox == 'None')) //Workaround for sm quirk IMHO (what if I really have a mailbox called None?)
+if ($mailbox == '')
$mailbox = $boxes[0]['unformatted']; //Usually INBOX ;)
$compose_height = '550';
}
// do not use &, it will break the query string and $session will not be detected!!!
- $comp_uri = SM_PATH . 'src/compose.php?mailbox='. urlencode($mailbox).
- '&session='.$aMailbox['FORWARD_SESSION'];
+ $comp_uri = $base_uri . 'src/compose.php?mailbox='. urlencode($mailbox)
+ . '&session='.$aMailbox['FORWARD_SESSION']['SESSION_NUMBER']
+ . '&smaction=forward_as_attachment'
+ . '&fwduid=' . implode('_', $aMailbox['FORWARD_SESSION']['UIDS']);
displayPageHeader($color, $mailbox, "comp_in_new('$comp_uri', $compose_width, $compose_height);", false);
} else {
// save mailboxstate
sqsession_register($aMailbox,'aLastSelectedMailbox');
session_write_close();
// we have to redirect to the compose page
- $location = SM_PATH . 'src/compose.php?mailbox='. urlencode($mailbox).
- '&session='.$aMailbox['FORWARD_SESSION'];
+ $location = $base_uri . 'src/compose.php?mailbox='. urlencode($mailbox)
+ . '&session='.$aMailbox['FORWARD_SESSION']['SESSION_NUMBER']
+ . '&smaction=forward_as_attachment'
+ . '&fwduid=' . implode('_', $aMailbox['FORWARD_SESSION']['UIDS']);
header("Location: $location");
exit;
}
*/
if ($aMailbox['EXISTS'] > 0) {
if ($iError) {
- // TODO
+ // TODO: Implement an error handler in the search page.
echo "ERROR occured, errorhandler will be implemented very soon";
} else {
foreach ($aTemplate as $k => $v) {
$mailbox_display = imap_utf7_decode_local($mbx);
}
- $oTemplate->assign('mailbox_name', htmlspecialchars($mailbox_display));
+ $oTemplate->assign('mailbox_name', sm_encode_html_special_chars($mailbox_display));
$oTemplate->display('search_result_mailbox.tpl');
$oTemplate->assign('page_selector', $page_selector);
$oTemplate->assign('alt_index_colors', isset($alt_index_colors) ? $alt_index_colors: false);
$oTemplate->assign('color', $color);
$oTemplate->assign('align', $align);
+ $oTemplate->assign('checkall', $checkall);
+ $oTemplate->assign('preselected', $preselected);
+
+ global $show_personal_names;
+ $oTemplate->assign('show_personal_names', $show_personal_names);
+
+ global $accesskey_mailbox_toggle_selected, $accesskey_mailbox_thread;
+ $oTemplate->assign('accesskey_mailbox_toggle_selected', $accesskey_mailbox_toggle_selected);
+ $oTemplate->assign('accesskey_mailbox_thread', $accesskey_mailbox_thread);
$oTemplate->display('message_list.tpl');
}
$oTemplate->display('footer.tpl');
sqsession_register($mailbox_cache,'mailbox_cache');
-?>
projects / squirrelmail.git / blobdiff