X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=src%2Fwebmail.php;h=86ac26545285f96b3590bcab58dc3a1c6497abb5;hp=8836f1ba499e07408f38909df71ea9921cba783a;hb=2be6e3fc90746bcafa7a200b599e6d48409b5e43;hpb=134e4174c8919790bcc463587e90ac37cabc2f90

diff --git a/src/webmail.php b/src/webmail.php
index 8836f1ba..86ac2654 100644
--- a/src/webmail.php
+++ b/src/webmail.php
@@ -3,13 +3,12 @@
 /**
  * webmail.php -- Displays the main frameset
  *
- * Copyright (c) 1999-2004 The SquirrelMail development team
- * Licensed under the GNU GPL. For full terms see the file COPYING.
- *
  * This file generates the main frameset. The files that are
  * shown can be given as parameters. If the user is not logged in
  * this file will verify username and password.
  *
+ * @copyright © 1999-2006 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
  */
@@ -21,6 +20,7 @@
 define('SM_PATH','../');
 
 /* SquirrelMail required files. */
+require_once(SM_PATH . 'functions/global.php');
 require_once(SM_PATH . 'functions/strings.php');
 require_once(SM_PATH . 'config/config.php');
 require_once(SM_PATH . 'functions/prefs.php');
@@ -28,11 +28,7 @@ require_once(SM_PATH . 'functions/imap.php');
 require_once(SM_PATH . 'functions/plugin.php');
 require_once(SM_PATH . 'functions/i18n.php');
 require_once(SM_PATH . 'functions/auth.php');
-require_once(SM_PATH . 'functions/global.php');
 
-if (!function_exists('sqm_baseuri')){
-    require_once(SM_PATH . 'functions/display_messages.php');
-}
 $base_uri = sqm_baseuri();
 
 sqsession_is_active();
@@ -41,6 +37,18 @@ sqgetGlobalVar('username', $username, SQ_SESSION);
 sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
 sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
 
+if (sqgetGlobalVar('sort', $sort)) {
+    $sort = (int) $sort;
+}
+
+if (sqgetGlobalVar('startMessage', $startMessage)) {
+    $startMessage = (int) $startMessage;
+}
+
+if (!sqgetGlobalVar('mailbox', $mailbox)) {
+    $mailbox = 'INBOX';
+}
+
 sqgetGlobalVar('right_frame', $right_frame, SQ_GET);
 
 if ( isset($_SESSION['session_expired_post']) ) {
@@ -63,13 +71,15 @@ do_hook('webmail_top');
  */
 $my_language = getPref($data_dir, $username, 'language');
 if ($my_language != $squirrelmail_language) {
-    setcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri);
+    sqsetcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri);
 }
 
 $err=set_up_language(getPref($data_dir, $username, 'language'));
 
-$output = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Frameset//EN\">\n".
+$output = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Frameset//EN\"\n".
+          "  \"http://www.w3.org/TR/1999/REC-html401-19991224/frameset.dtd\">\n".
           "<html><head>\n" .
+          "<meta name=\"robots\" content=\"noindex,nofollow\">\n" .
           "<title>$org_title</title>\n".
           "</head>";
 
@@ -77,7 +87,7 @@ $output = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Frameset//EN\">\n".
 if ($err==2) {
     echo $output.
          "<body>\n".
-         "<p>You need to have php4 installed with the multibyte string function \n".
+         "<p>You need to have PHP installed with the multibyte string function \n".
          "enabled (using configure option --enable-mbstring).</p>\n".
          "<p>System assumed that you accidently switched to Japanese translation \n".
          "and reverted your language preference to English.</p>\n".
@@ -128,26 +138,44 @@ else {
  *
  * This was done to create a pure HTML way of refreshing the folder list since
  * we would like to use as little Javascript as possible.
+ *
+ * The test for // should catch any attempt to include off-site webpages into
+ * our frameset.
  */
-if (!isset($right_frame)) {
+
+if (empty($right_frame) || (strpos(urldecode($right_frame), '//') !== false)) {
     $right_frame = '';
-} 
-if ($right_frame == 'right_main.php') {
-    $urlMailbox = urlencode($mailbox);
-    $right_frame_url =
-        "right_main.php?mailbox=$urlMailbox&amp;sort=$sort&amp;startMessage=$startMessage";
-} elseif ($right_frame == 'options.php') {
-    $right_frame_url = 'options.php';
-} elseif ($right_frame == 'folders.php') {
-    $right_frame_url = 'folders.php';
-} elseif ($right_frame == 'compose.php') {
-    $right_frame_url = 'compose.php?' . $mailto;
-} else if ($right_frame == '') {
-    $right_frame_url = 'right_main.php';
+}
+
+if ( strpos($right_frame,'?') ) {
+    $right_frame_file = substr($right_frame,0,strpos($right_frame,'?'));
 } else {
-    $right_frame_url =  $right_frame;
+    $right_frame_file = $right_frame;
 }
 
+switch($right_frame) {
+    case 'right_main.php':
+        $right_frame_url = "right_main.php?mailbox=".urlencode($mailbox)
+                       . (!empty($sort)?"&amp;sort=$sort":'')
+                       . (!empty($startMessage)?"&amp;startMessage=$startMessage":'');
+        break;
+    case 'options.php':
+        $right_frame_url = 'options.php';
+        break;
+    case 'folders.php':
+        $right_frame_url = 'folders.php';
+        break;
+    case 'compose.php':
+        $right_frame_url = 'compose.php?' . $mailto;
+        break;
+    case '':
+        $right_frame_url = 'right_main.php';
+        break;
+    default:
+        $right_frame_url =  urlencode($right_frame);
+        break;
+} 
+
 $left_frame  = '<frame src="left_main.php" name="left" frameborder="1" title="'.
                _("Folder List") ."\" />\n";
 $right_frame = '<frame src="'.$right_frame_url.'" name="right" frameborder="1" title="'.
@@ -164,6 +192,7 @@ if($ret != '') {
     $output = $ret;
 }
 echo $output;
+
 ?>
 </frameset>
 </html>