X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=src%2Faddrbook_search.php;h=5f3a3e07384d240d27acfdba21abc403a9a216c6;hp=0f9b4bacb13698968250e807545f04223f9d3eec;hb=de00443c7d9770fbae65402e6beabde8a3db302a;hpb=ac987a56a67a53a01b7db77a02fdd9c9241b4549;ds=sidebyside

diff --git a/src/addrbook_search.php b/src/addrbook_search.php
index 0f9b4bac..5f3a3e07 100644
--- a/src/addrbook_search.php
+++ b/src/addrbook_search.php
@@ -3,7 +3,7 @@
 /**
  * addrbook_search.php
  *
- * Copyright (c) 1999-2002 The SquirrelMail Project Team
+ * Copyright (c) 1999-2004 The SquirrelMail Project Team
  * Licensed under the GNU GPL. For full terms see the file COPYING.
  *
  * Handle addressbook searching in the popup window.
@@ -12,17 +12,42 @@
  *       addrbook_search_html.html -- If you change one,
  *       change the other one too!
  *
- * $Id$
+ * @version $Id$ 
+ * @package squirrelmail
+ * @subpackage addressbook
  */
 
-require_once('../src/validate.php');
-require_once('../functions/strings.php');
-require_once('../functions/html.php');
+/**
+ * Path for SquirrelMail required files.
+ * @ignore
+ */
+define('SM_PATH','../');
+
+/** SquirrelMail required files. */
+require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/strings.php');
+require_once(SM_PATH . 'functions/global.php');
+require_once(SM_PATH . 'functions/html.php');
+require_once(SM_PATH . 'functions/forms.php');
 
-/* Function to include JavaScript code */
+/** lets get the global vars we may need */
+sqgetGlobalVar('key',       $key,           SQ_COOKIE);
+sqgetGlobalVar('username',  $username,      SQ_SESSION);
+sqgetGlobalVar('onetimepad',$onetimepad,    SQ_SESSION);
+sqgetGlobalVar('base_uri',  $base_uri,      SQ_SESSION);
+
+sqgetGlobalVar('show' ,   $show);
+sqgetGlobalVar('query',   $query,   SQ_POST);
+sqgetGlobalVar('listall', $listall, SQ_POST);
+sqgetGlobalVar('backend', $backend, SQ_POST);
+
+/**
+ * Function to include JavaScript code
+ * @return void
+ */
 function insert_javascript() {
     ?>
-    <SCRIPT LANGUAGE="Javascript"><!--
+    <script language="Javascript"><!--
 
     function to_and_close($addr) {
         to_address($addr);
@@ -80,12 +105,17 @@ function insert_javascript() {
         }
     }
 
-// --></SCRIPT>
+// --></script>
 <?php
 } /* End of included JavaScript */
 
 
-/* List search results */
+/**
+ * List search results
+ * @param array $res Array of search results
+ * @param bool $includesource [Default=true]
+ * @return void
+ */
 function display_result($res, $includesource = true) {
     global $color;
         
@@ -107,23 +137,27 @@ function display_result($res, $includesource = true) {
     echo "</tr>\n";
     
     while (list($undef, $row) = each($res)) {
-        $tr_bgcolor = '';
-        if ($line % 2) { $tr_bgcolor = $color[0]; }
+        $email = htmlspecialchars(addcslashes(AddressBook::full_address($row), "'"), ENT_QUOTES);
+        if ($line % 2) { 
+            $tr_bgcolor = $color[12];
+        } else {
+            $tr_bgcolor = $color[4];
+        }
         echo html_tag( 'tr', '', '', $tr_bgcolor, 'nowrap' ) .
         html_tag( 'td',
              '<small><a href="javascript:to_address(' . 
-                                       "'" . $row['email'] . "');\">To</A> | " .
+                                       "'" . $email . "');\">"._("To")."</a> | " .
              '<a href="javascript:cc_address(' . 
-                                       "'" . $row['email'] . "');\">Cc</A> | " .
+                                       "'" . $email . "');\">"._("Cc")."</a> | " .
              '<a href="javascript:bcc_address(' . 
-                                 "'" . $row['email'] . "');\">Bcc</A></small>",
+                                 "'" . $email . "');\">"._("Bcc")."</a></small>",
         'center', '', 'valign="top" width="5%" nowrap' ) .
-        html_tag( 'td', '&nbsp;' . $row['name'], 'left', '', 'valign="top" nowrap' ) .
+        html_tag( 'td', '&nbsp;' . htmlspecialchars($row['name']), 'left', '', 'valign="top" nowrap' ) .
         html_tag( 'td', '&nbsp;' .
              '<a href="javascript:to_and_close(' .
-                 "'" . $row['email'] . "');\">" . $row['email'] . '</A>'
+                 "'" . $email . "');\">" . htmlspecialchars($row['email']) . '</a>'
         , 'left', '', 'valign="top"' ) .
-        html_tag( 'td', $row['label'], 'left', '', 'valign="top" nowrap' );
+        html_tag( 'td', htmlspecialchars($row['label']), 'left', '', 'valign="top" nowrap' );
         if ($includesource) {
             echo html_tag( 'td', '&nbsp;' . $row['source'], 'left', '', 'valign="top" nowrap' );
         }
@@ -136,7 +170,6 @@ function display_result($res, $includesource = true) {
 
 /* ================= End of functions ================= */
     
-require_once('../functions/array.php');
 require_once('../functions/strings.php');
 require_once('../functions/addressbook.php');
     
@@ -149,22 +182,22 @@ if (!isset($backend)) { $backend = ''; }
 
 /* Choose correct colors for top and bottom frame */
 if ($show == 'form' && !isset($listall)) {
-    echo '<BODY TEXT="' . $color[6] . '" BGCOLOR="' . $color[3] . '" ' .
-               'LINK="' . $color[6] . '" VLINK="'   . $color[6] . '" ' .
-                                        'ALINK="'   . $color[6] . '" ' .
+    echo '<body text="' . $color[6] . '" bgcolor="' . $color[3] . '" ' .
+               'link="' . $color[6] . '" vlink="'   . $color[6] . '" ' .
+                                        'alink="'   . $color[6] . '" ' .
          'OnLoad="document.sform.query.focus();">';
 } else {
-    echo '<BODY TEXT="' . $color[8] . '" BGCOLOR="' . $color[4] . '" ' .
-               'LINK="' . $color[7] . '" VLINK="'   . $color[7] . '" ' .
-                                        'ALINK="'   . $color[7] . "\">\n";
+    echo '<body text="' . $color[8] . '" bgcolor="' . $color[4] . '" ' .
+               'link="' . $color[7] . '" vlink="'   . $color[7] . '" ' .
+                                        'alink="'   . $color[7] . "\">\n";
 }
 
 /* Empty search */
 if (empty($query) && empty($show) && empty($listall)) {
-    echo html_tag( 'p', '<br>' .
-                      _("No persons matching your search was found"),
+    echo html_tag( 'p', '<br />' .
+                      _("No persons matching your search were found"),
             'center' ) .
-          "\n</BODY></HTML>\n",
+          "\n</body></html>\n";
     exit;
 }
 
@@ -173,37 +206,37 @@ $abook = addressbook_init();
 
 /* Create search form */
 if ($show == 'form' && empty($listall)) {
-    echo '<FORM NAME=sform TARGET=abookres ACTION="addrbook_search.php'. 
-         '" METHOD="POST">' . "\n" .
+    echo '<form name="sform" target="abookres" action="addrbook_search.php'. 
+            '" method="post">' . "\n" .
          html_tag( 'table', '', '', '', 'border="0" width="100%" height="100%"' ) .
          html_tag( 'tr' ) .
          html_tag( 'td', '  <strong>' . _("Search for") . "</strong>\n", 'left', '', 'nowrap valign="middle" width="10%"' ) .
          html_tag( 'td', '', 'left', '', '' ) .
-                 '<INPUT TYPE=text NAME=query VALUE="' . htmlspecialchars($query) .
-                 "\" SIZE=28>\n";
+         addInput('query', $query, 28);
 
     /* List all backends to allow the user to choose where to search */
     if ($abook->numbackends > 1) {
-        echo '<STRONG>' . _("in") . '</STRONG>&nbsp;<SELECT NAME=backend>'."\n".
-             '<OPTION VALUE=-1 SELECTED>' . _("All address books") . "\n";
+        echo '<strong>' . _("in") . '</strong>&nbsp;'."\n".
+             $selopts['-1'] = _("All address books");
+
         $ret = $abook->get_backend_list();
         while (list($undef,$v) = each($ret)) {
-            echo '<OPTION VALUE=' . $v->bnum . '>' . $v->sname . "\n";
+            $selopts[$v->bnum] = $v->sname;
         }
-        echo "</SELECT>\n";
+        echo addSelect('backend', $selopts, '-1', TRUE);
     } else {
-        echo '<INPUT TYPE=hidden NAME=backend VALUE=-1>' . "\n";
+        echo addHidden('backend', '-1');
     }
         
     echo '</td></tr>' .
     html_tag( 'tr',
                     html_tag( 'td', '', 'left' ) .
                     html_tag( 'td',
-                            '<INPUT TYPE=submit VALUE="' . _("Search") . '" NAME=show>' .
-                            '&nbsp;|&nbsp;<INPUT TYPE=submit VALUE="' . _("List all") .
-                            '" NAME=listall>' . "\n" .
-                            '&nbsp;|&nbsp;<INPUT TYPE=button VALUE="' . _("Close") .
-                            '" onclick="parent.close();">' . "\n" ,
+                            '<input type="submit" value="' . _("Search") . '" name="show" />' .
+                            '&nbsp;|&nbsp;<input type="submit" value="' . _("List all") .
+                            '" name="listall" />' . "\n" .
+                            '&nbsp;|&nbsp;<input type="button" value="' . _("Close") .
+                            '" onclick="parent.close();" />' . "\n" ,
                     'left' )
             ) .
          '</table></form>' . "\n";
@@ -248,19 +281,19 @@ if ($show == 'form' && empty($listall)) {
             }
         
             if (!is_array($res)) {
-                echo html_tag( 'p', '<b><br>' .
+                echo html_tag( 'p', '<b><br />' .
                                  _("Your search failed with the following error(s)") .
-                                 ':<br>' . $abook->error . "</b>\n" ,
+                                 ':<br />' . $abook->error . "</b>\n" ,
                        'center' ) .
-                "\n</BODY></HTML>\n";
+                "\n</body></html>\n";
                 exit;
             }
         
             if (sizeof($res) == 0) {
-                echo html_tag( 'p', '<br><b>' .
-                                 _("No persons matching your search was found") . "</b>\n" ,
+                echo html_tag( 'p', '<br /><b>' .
+                                 _("No persons matching your search were found") . "</b>\n" ,
                        'center' ) .
-                "\n</BODY></HTML>\n";
+                "\n</body></html>\n";
                 exit;
             }
         
@@ -269,7 +302,5 @@ if ($show == 'form' && empty($listall)) {
     }
    
 }
-
-echo "</BODY></HTML>\n";
-   
 ?>
+</body></html>