switched doctype to standard compliance mode

[squirrelmail.git] / src / webmail.php

diff --git a/src/webmail.php b/src/webmail.php
index d17cd636daac87969def839fb7c805758db8b46f..3ad1f06cce7eef25427504c862c52592780cfbfa 100644 (file)
--- a/src/webmail.php
+++ b/src/webmail.php
@@ -3,13 +3,12 @@
 /**
  * webmail.php -- Displays the main frameset
  *
- * Copyright (c) 1999-2004 The SquirrelMail development team
- * Licensed under the GNU GPL. For full terms see the file COPYING.
- *
  * This file generates the main frameset. The files that are
  * shown can be given as parameters. If the user is not logged in
  * this file will verify username and password.
  *
+ * @copyright © 1999-2006 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
  */
@@ -41,6 +40,18 @@ sqgetGlobalVar('username', $username, SQ_SESSION);
 sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
 sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
 
+if (sqgetGlobalVar('sort', $sort)) {
+    $sort = (int) $sort;
+}
+
+if (sqgetGlobalVar('startMessage', $startMessage)) {
+    $startMessage = (int) $startMessage;
+}
+
+if (!sqgetGlobalVar('mailbox', $mailbox)) {
+    $mailbox = 'INBOX';
+}
+
 sqgetGlobalVar('right_frame', $right_frame, SQ_GET);
 
 if ( isset($_SESSION['session_expired_post']) ) {
@@ -63,13 +74,15 @@ do_hook('webmail_top');
  */
 $my_language = getPref($data_dir, $username, 'language');
 if ($my_language != $squirrelmail_language) {
-    setcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri);
+    sqsetcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri);
 }
 
 $err=set_up_language(getPref($data_dir, $username, 'language'));
 
-$output = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Frameset//EN\">\n".
+$output = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Frameset//EN\"\n".
+          "  \"http://www.w3.org/TR/1999/REC-html401-19991224/frameset.dtd\">\n".
           "<html><head>\n" .
+          "<meta name=\"robots\" content=\"noindex,nofollow\">\n" .
           "<title>$org_title</title>\n".
           "</head>";
 
@@ -77,12 +90,12 @@ $output = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Frameset//EN\">\n".
 if ($err==2) {
     echo $output.
          "<body>\n".
-        "<p>You need to have php4 installed with the multibyte string function \n".
-        "enabled (using configure option --enable-mbstring).</p>\n".
-        "<p>System assumed that you accidently switched to Japanese translation \n".
+         "<p>You need to have PHP installed with the multibyte string function \n".
+         "enabled (using configure option --enable-mbstring).</p>\n".
+         "<p>System assumed that you accidently switched to Japanese translation \n".
          "and reverted your language preference to English.</p>\n".
-        "<p>Please refresh this page in order to use webmail.</p>\n".
-        "</body></html>";
+         "<p>Please refresh this page in order to use webmail.</p>\n".
+         "</body></html>";
     return;
 }
 
@@ -128,26 +141,38 @@ else {
  *
  * This was done to create a pure HTML way of refreshing the folder list since
  * we would like to use as little Javascript as possible.
+ *
+ * The test for // should catch any attempt to include off-site webpages into
+ * our frameset.
  */
-if (!isset($right_frame)) {
+
+if (empty($right_frame) || (strpos(urldecode($right_frame), '//') !== false)) {
     $right_frame = '';
-} 
-if ($right_frame == 'right_main.php') {
-    $urlMailbox = urlencode($mailbox);
-    $right_frame_url =
-        "right_main.php?mailbox=$urlMailbox&amp;sort=$sort&amp;startMessage=$startMessage";
-} elseif ($right_frame == 'options.php') {
-    $right_frame_url = 'options.php';
-} elseif ($right_frame == 'folders.php') {
-    $right_frame_url = 'folders.php';
-} elseif ($right_frame == 'compose.php') {
-    $right_frame_url = 'compose.php?' . $mailto;
-} else if ($right_frame == '') {
-    $right_frame_url = 'right_main.php';
-} else {
-    $right_frame_url =  $right_frame;
 }
 
+switch($right_frame) {
+    case 'right_main.php':
+        $right_frame_url = "right_main.php?mailbox=".urlencode($mailbox)
+                       . (!empty($sort)?"&amp;sort=$sort":'')
+                       . (!empty($startMessage)?"&amp;startMessage=$startMessage":'');
+        break;
+    case 'options.php':
+        $right_frame_url = 'options.php';
+        break;
+    case 'folders.php':
+        $right_frame_url = 'folders.php';
+        break;
+    case 'compose.php':
+        $right_frame_url = 'compose.php?' . $mailto;
+        break;
+    case '':
+        $right_frame_url = 'right_main.php';
+        break;
+    default:
+        $right_frame_url =  urlencode($right_frame);
+        break;
+} 
+
 $left_frame  = '<frame src="left_main.php" name="left" frameborder="1" title="'.
                _("Folder List") ."\" />\n";
 $right_frame = '<frame src="'.$right_frame_url.'" name="right" frameborder="1" title="'.
@@ -164,6 +189,7 @@ if($ret != '') {
     $output = $ret;
 }
 echo $output;
+
 ?>
 </frameset>
 </html>