* Subfolder search idea from Patch #806075 by Thomas Pohl xraven at users.sourceforge.net. Thanks Thomas!
*
* @author Alex Lemaresquier - Brainstorm <alex at brainstorm.fr>
- * @copyright © 1999-2006 The SquirrelMail Project Team
+ * @copyright 1999-2018 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
* @todo explain why references are used in function calls
*/
+/** This is the search page */
+define('PAGE_NAME', 'search');
+
/**
* Include the SquirrelMail initialization file.
*/
require_once(SM_PATH . 'functions/imap_messages.php');
require_once(SM_PATH . 'functions/imap_general.php');
require_once(SM_PATH . 'functions/mime.php');
-require_once(SM_PATH . 'functions/mailbox_display.php'); //getButton()
+require_once(SM_PATH . 'functions/mailbox_display.php'); //sqm_api_mailbox_select
require_once(SM_PATH . 'functions/forms.php');
require_once(SM_PATH . 'functions/date.php');
+require_once(SM_PATH . 'functions/compose.php');
/** Prefs array ordinals. Must match $recent_prefkeys and $saved_prefkeys
*/
$cur_mailbox = 'INBOX';
$biop = asearch_nz($biop_array[$crit_num]);
if (($query_display == '') || ($cur_mailbox != $last_mailbox)) {
- $mailbox_display = ' <span class="mailbox">' . htmlspecialchars(asearch_get_mailbox_display($cur_mailbox)) . '</span>';
+ $mailbox_display = ' <span class="mailbox">' . sm_encode_html_special_chars(asearch_get_mailbox_display($cur_mailbox)) . '</span>';
if ($query_display == '')
$biop_display = _("In");
else
if ($what_type == 'adate')
$what_display = asearch_get_date_display($what);
else
- $what_display = htmlspecialchars($what);
+ $what_display = sm_encode_html_special_chars($what);
$what_display = ' <span class="value">' . $what_display . '</span>';
}
}
return $query_display;
}
-/**
- * Creates button
- *
- * @deprecated see form functions available in 1.5.1 and 1.4.3.
- * @param string $type
- * @param string $name
- * @param string $value
- * @param string $js
- * @param bool $enabled
- */
-function getButton($type, $name, $value, $js = '', $enabled = TRUE) {
- $disabled = ( $enabled ? '' : 'disabled ' );
- $js = ( $js ? $js.' ' : '' );
- return '<input '.$disabled.$js.
- 'type="'.$type.
- '" name="'.$name.
- '" value="'.$value .
- '" style="padding: 0px; margin: 0px" />';
-}
-
/**
* Print a whole query array, recent or saved
*
$oTemplate->assign('expand_collapse_toggle', '../src/search.php?'.$show_pref.'='.($show_flag==1 ? 0 : 1));
$oTemplate->assign('query_list', $a);
- $oTemplate->assign('save_recent', '../src/search.php?submit=save_recent&rownum=');
- $oTemplate->assign('do_recent', '../src/search.php?submit=search_recent&rownum=');
- $oTemplate->assign('forget_recent', '../src/search.php?submit=forget_recent&rownum=');
+ $oTemplate->assign('save_recent', '../src/search.php?submit=save_recent&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('do_recent', '../src/search.php?submit=search_recent&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('forget_recent', '../src/search.php?submit=forget_recent&smtoken=' . sm_generate_security_token() . '&rownum=');
- $oTemplate->assign('edit_saved', '../src/search.php?submit=edit_saved&rownum=');
- $oTemplate->assign('do_saved', '../src/search.php?submit=search_saved&rownum=');
- $oTemplate->assign('delete_saved', '../src/search.php?submit=delete_saved&rownum=');
+ $oTemplate->assign('edit_saved', '../src/search.php?submit=edit_saved&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('do_saved', '../src/search.php?submit=search_saved&smtoken=' . sm_generate_security_token() . '&rownum=');
+ $oTemplate->assign('delete_saved', '../src/search.php?submit=delete_saved&smtoken=' . sm_generate_security_token() . '&rownum=');
$oTemplate->display('search_list.tpl');
}
# Build the mailbox array
$a = array();
if (($mailbox != 'All Folders') && (!asearch_mailbox_exists($mailbox, $boxes))) {
- $a[$mailbox] = '[' . _("Missing") . '] ' . htmlspecialchars(asearch_get_mailbox_display($mailbox));
+ $a[$mailbox] = '[' . _("Missing") . '] ' . sm_encode_html_special_chars(asearch_get_mailbox_display($mailbox));
}
$a['All Folders'] = '[' . asearch_get_mailbox_display('All Folders') . ']';
$a = array_merge($a, sqimap_mailbox_option_array($imapConnection, 0, $boxes, NULL));
$oTemplate->assign('criteria', $c);
- echo '<form action="../src/search.php" name="form_asearch">' . "\n";
+ echo '<form action="../src/search.php" name="form_asearch">' . "\n"
+ . addHidden('smtoken', sm_generate_security_token()) . "\n";
$oTemplate->display('search_advanced.tpl');
echo "</form>\n";
}
# Build the mailbox array
$a = array();
if (($mailbox != 'All Folders') && (!asearch_mailbox_exists($mailbox, $boxes))) {
- $a[$mailbox] = '[' . _("Missing") . '] ' . htmlspecialchars(asearch_get_mailbox_display($mailbox));
+ $a[$mailbox] = '[' . _("Missing") . '] ' . sm_encode_html_special_chars(asearch_get_mailbox_display($mailbox));
}
$a['All Folders'] = '[' . asearch_get_mailbox_display('All Folders') . ']';
$a = array_merge($a, sqimap_mailbox_option_array($imapConnection, 0, $boxes, NULL));
$oTemplate->assign('unary_options', $imap_asearch_unops);
$oTemplate->assign('where_options', $imap_asearch_options);
- $oTemplate->assign('mailbox_sel', strtolower(htmlspecialchars($mailbox)));
+ $oTemplate->assign('mailbox_sel', strtolower(sm_encode_html_special_chars($mailbox)));
$oTemplate->assign('unary_sel', $unop);
$oTemplate->assign('where_sel', $where);
$oTemplate->assign('what_val', $what);
- echo '<form action="../src/search.php" name="form_asearch">' . "\n";
+ echo '<form action="../src/search.php" name="form_asearch">' . "\n"
+ . addHidden('smtoken', sm_generate_security_token()) . "\n";
$oTemplate->display('search.tpl');
echo "</form>\n";
}
/* ------------------------ main ------------------------ */
/* get globals we will need */
+sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
-if ( sqgetGlobalVar('checkall', $temp, SQ_GET) ) {
- $checkall = (int) $temp;
+if (!sqgetGlobalVar('checkall',$checkall,SQ_GET)) {
+ $checkall = false;
+}
+
+if (!sqgetGlobalVar('preselected', $preselected, SQ_GET) || !is_array($preselected)) {
+ $preselected = array();
+} else {
+ $preselected = array_keys($preselected);
}
/**
* @global string $submit
*/
$searchpressed = false;
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['submit'])) {
$submit = strip_tags($_GET['submit']);
}
/** Searched mailboxes
* @global array $mailbox_array
*/
-if (isset($_GET['mailbox'])) {
- $mailbox_array = $_GET['mailbox'];
- $targetmailbox = $_GET['mailbox'];
+/* when using compact paginator, mailbox might be indicated in $startMessage, so look for it now ($startMessage is then processed farther below) */
+$mailbox = '';
+$startMessage = '';
+if (sqGetGlobalVarMultiple('startMessage', $temp, 'paginator_submit', SQ_FORM)) {
+ if (strstr($temp, '_')) list($startMessage, $mailbox) = explode('_', $temp);
+ else $startMessage = $temp;
+}
+if (empty($mailbox)) sqGetGlobalVar('mailbox', $mailbox, SQ_GET, '');
+if (!empty($mailbox)) {
+ $mailbox_array = $mailbox;
+ $targetmailbox = $mailbox;
if (!is_array($mailbox_array)) {
$mailbox_array = array($mailbox_array);
}
/** Binary operators
* @global array $biop_array
*/
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['biop'])) {
$biop_array = $_GET['biop'];
if (!is_array($biop_array))
/** Unary operators
* @global array $unop_array
*/
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['unop'])) {
$unop_array = $_GET['unop'];
if (!is_array($unop_array))
/** Where to search
* @global array $where_array
*/
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['where'])) {
$where_array = $_GET['where'];
if (!is_array($where_array)) {
/** What to search
* @global array $what_array
*/
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['what'])) {
$what_array = $_GET['what'];
if (!is_array($what_array)) {
/** Whether to exclude this criteria from search
* @global array $exclude_array
*/
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['exclude'])) {
$exclude_array = $_GET['exclude'];
} else {
/** Search within subfolders
* @global array $sub_array
*/
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['sub'])) {
$sub_array = $_GET['sub'];
} else {
}
/** Row number used by recent and saved stuff
*/
+//FIXME: Why is there so much access to $_GET in this file? What's wrong with sqGetGlobalVar?
if (isset($_GET['rownum'])) {
$submit_rownum = strip_tags($_GET['rownum']);
}
asearch_edit_last(1);
// asearch_push_recent($mailbox_array, $biop_array, $unop_array, $where_array, $what_array, $exclude_array, $sub_array);
}
-if (sqgetGlobalVar('startMessage', $temp, SQ_GET)) {
- $startMessage = (int) $temp;
+/* already retrieved startMessage above */
+if (!empty($startMessage)) {
+ $startMessage = (int) $startMessage;
asearch_edit_last(1);
// asearch_push_recent($mailbox_array, $biop_array, $unop_array, $where_array, $what_array, $exclude_array, $sub_array);
}
if (!isset($submit)) {
$submit = '';
} else {
+
+ // first validate security token
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
switch ($submit) {
case $search_button_text:
if (asearch_check_query($where_array, $what_array, $exclude_array) == '') {
uasort($imap_asearch_options, 'asearch_unhtml_strcoll');
/* open IMAP connection */
-$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
+global $imap_stream_options; // in case not defined in config
+$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imap_stream_options);
/* get mailboxes once here */
$boxes = sqimap_mailbox_list($imapConnection);
/* ensure we have a valid default mailbox name */
$mailbox = asearch_nz($mailbox_array[0]);
-if (($mailbox == '') || ($mailbox == 'None')) //Workaround for sm quirk IMHO (what if I really have a mailbox called None?)
+if ($mailbox == '')
$mailbox = $boxes[0]['unformatted']; //Usually INBOX ;)
$compose_height = '550';
}
// do not use &, it will break the query string and $session will not be detected!!!
- $comp_uri = SM_PATH . 'src/compose.php?mailbox='. urlencode($mailbox).
- '&session='.$aMailbox['FORWARD_SESSION'];
+ $comp_uri = $base_uri . 'src/compose.php?mailbox='. urlencode($mailbox)
+ . '&session='.$aMailbox['FORWARD_SESSION']['SESSION_NUMBER']
+ . '&smaction=forward_as_attachment'
+ . '&fwduid=' . implode('_', $aMailbox['FORWARD_SESSION']['UIDS']);
displayPageHeader($color, $mailbox, "comp_in_new('$comp_uri', $compose_width, $compose_height);", false);
} else {
// save mailboxstate
sqsession_register($aMailbox,'aLastSelectedMailbox');
session_write_close();
// we have to redirect to the compose page
- $location = SM_PATH . 'src/compose.php?mailbox='. urlencode($mailbox).
- '&session='.$aMailbox['FORWARD_SESSION'];
+ $location = $base_uri . 'src/compose.php?mailbox='. urlencode($mailbox)
+ . '&session='.$aMailbox['FORWARD_SESSION']['SESSION_NUMBER']
+ . '&smaction=forward_as_attachment'
+ . '&fwduid=' . implode('_', $aMailbox['FORWARD_SESSION']['UIDS']);
header("Location: $location");
exit;
}
$oTemplate->display('note.tpl');
}
-do_hook('search_before_form');
+do_hook('search_before_form', $null);
if (!$search_silent) {
asearch_print_saved($boxes);
}
}
-do_hook('search_after_form');
+do_hook('search_after_form', $null);
if ($submit == $search_button_text) {
$msgsfound = false;
*/
if ($aMailbox['EXISTS'] > 0) {
if ($iError) {
- // TODO
+ // TODO: Implement an error handler in the search page.
echo "ERROR occured, errorhandler will be implemented very soon";
} else {
foreach ($aTemplate as $k => $v) {
$mailbox_display = imap_utf7_decode_local($mbx);
}
- $oTemplate->assign('mailbox_name', htmlspecialchars($mailbox_display));
+ $oTemplate->assign('mailbox_name', sm_encode_html_special_chars($mailbox_display));
$oTemplate->display('search_result_mailbox.tpl');
$oTemplate->assign('page_selector', $page_selector);
$oTemplate->assign('page_selector_max', $page_selector_max);
$oTemplate->assign('compact_paginator', $compact_paginator);
- $oTemplate->assign('javascript_on', $javascript_on);
+ $oTemplate->assign('javascript_on', checkForJavascript());
+ $oTemplate->assign('base_uri', sqm_baseuri());
$oTemplate->assign('enablesort', (isset($aProps['config']['enablesort'])) ? $aProps['config']['enablesort'] : false);
$oTemplate->assign('icon_theme_path', $icon_theme_path);
$oTemplate->assign('use_icons', (isset($use_icons)) ? $use_icons : false);
$oTemplate->assign('alt_index_colors', isset($alt_index_colors) ? $alt_index_colors: false);
$oTemplate->assign('color', $color);
$oTemplate->assign('align', $align);
+ $oTemplate->assign('checkall', $checkall);
+ $oTemplate->assign('preselected', $preselected);
+
+ global $show_personal_names;
+ $oTemplate->assign('show_personal_names', $show_personal_names);
+
+ global $accesskey_mailbox_toggle_selected, $accesskey_mailbox_thread;
+ $oTemplate->assign('accesskey_mailbox_toggle_selected', $accesskey_mailbox_toggle_selected);
+ $oTemplate->assign('accesskey_mailbox_thread', $accesskey_mailbox_thread);
$oTemplate->display('message_list.tpl');
}
}
}
-do_hook('search_bottom');
+do_hook('search_bottom', $null);
sqimap_logout($imapConnection);
$oTemplate->display('footer.tpl');
sqsession_register($mailbox_cache,'mailbox_cache');
-?>
\ No newline at end of file