X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fmailbox_display.php;h=17cbca41b64ce57026406704d66d3fead939000b;hp=3b917b741ab322a450b8f5cfe7a08ce205b6afb4;hb=d0e7f324898b4eaf7786c1c4cadcc12e97e2756f;hpb=199a9ab83772a0d98940eb68837177414a3bcee2 diff --git a/functions/mailbox_display.php b/functions/mailbox_display.php index 3b917b74..17cbca41 100644 --- a/functions/mailbox_display.php +++ b/functions/mailbox_display.php @@ -6,7 +6,7 @@ * This contains functions that display mailbox information, such as the * table row that has sender, date, subject, etc... * - * @copyright © 1999-2009 The SquirrelMail Project Team + * @copyright 1999-2009 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -975,7 +975,7 @@ function showMessagesForMailbox($imapConnection, &$aMailbox,$aProps, &$iError) { $source_url = $php_self; } - $baseurl = $source_url.'?mailbox=' . urlencode($aMailbox['NAME']) .'&account='.$aMailbox['ACCOUNT']; + $baseurl = $source_url.'?mailbox=' . urlencode($aMailbox['NAME']) .'&account='.$aMailbox['ACCOUNT'] . (strpos($source_url, 'src/search.php') ? '&smtoken=' . sm_generate_security_token() : ''); $where = urlencode($aMailbox['SEARCH'][$iSetIndx][0]); $what = urlencode($aMailbox['SEARCH'][$iSetIndx][1]); $baseurl .= '&where=' . $where . '&what=' . $what; @@ -1343,8 +1343,7 @@ function handleMessageListForm($imapConnection, &$aMailbox, $sButton='', // don't do anything to any messages until we have done security check // FIXME: not sure this code really belongs here, but there's nowhere else to put it with this architecture - // FIXME: we might need to open this up to SQ_FORM instead, especially for plugins (?) - sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, ''); + sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, ''); sm_validate_security_token($submitted_token, 3600, TRUE); // make sure message UIDs are sanitized (BIGINT)