X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fmailbox_display.php;h=9fb3725cf0ffbbed200071e9f0c018736a8a7b6f;hp=4085c9662b728b37a407db47c347f17787606473;hb=f99c446918b4b7452891d487df62e871ea03f19b;hpb=02def6a1abebeff3a3ee0d2ee7b31e3d5e29b74b diff --git a/functions/mailbox_display.php b/functions/mailbox_display.php index 4085c966..9fb3725c 100644 --- a/functions/mailbox_display.php +++ b/functions/mailbox_display.php @@ -569,7 +569,7 @@ function prepareMessageList(&$aMailbox, $aProps) { $sTrunc = truncateWithEntities($sTmp, $aColumnDesc[$k]['truncate']); if ($sTrunc != $sTmp) { if (!$title) { - $title = htmlspecialchars($sTmp); + $title = $sTmp; } else if ($title_maybe) { $title = $title .', '.$title_maybe; $title = substr($title,0,-2); // strip ', '; @@ -606,7 +606,8 @@ function prepareMessageList(&$aMailbox, $aProps) { // $onclick, $link_extra, $title, and so forth) // plugins are responsible for sharing nicely (such as for // setting the target, etc) - do_hook('subject_link', $temp=array(&$iPageOffset, &$sSearch, &$aSearch, $aMsg)); + $temp = array(&$iPageOffset, &$sSearch, &$aSearch, $aMsg); + do_hook('subject_link', $temp); } $value = (trim($value)) ? $value : _("(no subject)"); /* add thread indentation */ @@ -627,7 +628,7 @@ function prepareMessageList(&$aMailbox, $aProps) { 'draft' => false); if(!is_array($value)) $value = array(); - foreach ($value as $sFlag => $value) { + foreach ($value as $sFlag => $v) { switch ($sFlag) { case '\\seen' : $aFlagColumn['seen'] = true; break; case '\\deleted' : $aFlagColumn['deleted'] = true; break; @@ -1299,14 +1300,17 @@ function handleAsSent($mailbox) { * use it i.e. in read_body.php for del move next and update the cache * * @param resource $imapConnection imap connection - * @param array $aMailbox (reference) cached mailbox - * @param string $sButton fake a submit button - * @param array $aUid fake the $msg array + * @param array $aMailbox (reference) cached mailbox + * @param string $sButton fake a submit button + * @param array $aUid fake the $msg array + * @param string $targetMailbox fake the target mailbox for move operations + * @param boolean $bypass_trash fake the bypass trash checkbox for delete operations * @return string $sError error string in case of an error * @since 1.5.1 * @author Marc Groot Koerkamp */ -function handleMessageListForm($imapConnection,&$aMailbox,$sButton='',$aUid = array()) { +function handleMessageListForm($imapConnection, &$aMailbox, $sButton='', + $aUid = array(), $targetMailbox='', $bypass_trash=NULL) { /* incoming formdata */ $sButton = (sqgetGlobalVar('moveButton', $sTmp, SQ_FORM)) ? 'move' : $sButton; $sButton = (sqgetGlobalVar('copyButton', $sTmp, SQ_FORM)) ? 'copy' : $sButton; @@ -1318,8 +1322,8 @@ function handleMessageListForm($imapConnection,&$aMailbox,$sButton='',$aUid = ar $sButton = (sqgetGlobalVar('markUnread', $sTmp, SQ_FORM)) ? 'unsetSeen' : $sButton; $sButton = (sqgetGlobalVar('markFlagged', $sTmp, SQ_FORM)) ? 'setFlagged' : $sButton; $sButton = (sqgetGlobalVar('markUnflagged', $sTmp, SQ_FORM)) ? 'unsetFlagged' : $sButton; - sqgetGlobalVar('targetMailbox', $targetMailbox, SQ_FORM); - sqgetGlobalVar('bypass_trash', $bypass_trash, SQ_FORM); + if (empty($targetMailbox)) sqgetGlobalVar('targetMailbox', $targetMailbox, SQ_FORM); + if (is_null($bypass_trash)) sqgetGlobalVar('bypass_trash', $bypass_trash, SQ_FORM); sqgetGlobalVar('msg', $msg, SQ_FORM); if (sqgetGlobalVar('account', $iAccount, SQ_FORM) === false) { $iAccount = 0; @@ -1330,6 +1334,11 @@ function handleMessageListForm($imapConnection,&$aMailbox,$sButton='',$aUid = ar /* retrieve the check boxes */ $aUid = (isset($msg) && is_array($msg)) ? array_values($msg) : $aUid; if (count($aUid) && $sButton != 'expunge') { + + // make sure message UIDs are sanitized (BIGINT) + foreach ($aUid as $i => $uid) + $aUid[$i] = (preg_match('/^[0-9]+$/', $uid) ? $uid : '0'); + $aUpdatedMsgs = false; $bExpunge = false; switch ($sButton) { @@ -1377,7 +1386,8 @@ function handleMessageListForm($imapConnection,&$aMailbox,$sButton='',$aUid = ar break; default: // Hook for plugin buttons - do_hook('mailbox_display_button_action', $aUid); + $temp = array(&$sButton, &$aMailbox, $iAccount, $aMailbox['NAME'], &$aUid); + do_hook('mailbox_display_button_action', $temp); break; } /** @@ -1486,7 +1496,15 @@ function handleMessageListForm($imapConnection,&$aMailbox,$sButton='',$aUid = ar sqimap_run_command($imapConnection,'CLOSE',false,$result,$message); $aMailbox = sqm_api_mailbox_select($imapConnection,$iAccount, $aMailbox['NAME'],array(),array()); } else { - if ($sButton) { + // this is the same hook as above, but here it is called in the + // context of not having had any messages selected and if any + // plugin handles the situation, it should return TRUE so we + // know this was not an erroneous user action + // + global $null; + $temp = array(&$sButton, &$aMailbox, $iAccount, $aMailbox['NAME'], $null); + if (!boolean_hook_function('mailbox_display_button_action', $temp, 1) + && $sButton) { $sError = _("No messages were selected."); } } @@ -1545,8 +1563,7 @@ function attachSelectedMessages($imapConnection,$aMsgHeaders) { fwrite ($fp, $body); fclose($fp); - $composeMessage->initAttachment('message/rfc822',$subject.'.msg', - $filename); + $composeMessage->initAttachment('message/rfc822', $subject . '.eml', $filename); } }