Do not use mixed get/post forms as this is broken in some browsers
authorkink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 20 Feb 2003 10:29:37 +0000 (10:29 +0000)
committerkink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 20 Feb 2003 10:29:37 +0000 (10:29 +0000)
(they only submit the post forms and skip the get forms).

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4532 7612ce4b-ef26-0410-bec9-ea0150e637f0

functions/mailbox_display.php
src/move_messages.php

index c8211ee..c862dbc 100644 (file)
@@ -669,13 +669,18 @@ function mail_message_listing_beginning ($imapConnection,
     if (!isset($msg)) {
         $msg = '';
     }
-    $moveURL = "move_messages.php?msg=$msg&amp;mailbox=$urlMailbox"
-             . "&amp;startMessage=$start_msg";
+    $moveFields = '<input type="hidden" name="msg" value="'.htmlspecialchars($msg).'">' .
+                 '<input type="hidden" name="mailbox" value="'.htmlspecialchars($mailbox).'">' .
+                 '<input type="hidden" name="startMessage" value="'.htmlspecialchars($start_msg).'">';
+
+//    $moveURL = "move_messages.php?msg=$msg&amp;mailbox=$urlMailbox"
+//             . "&amp;startMessage=$start_msg";
     /*
      * This is the beginning of the message list table.
      * It wraps around all messages
      */
-    echo "<FORM name=\"messageList\" method=post action=\"$moveURL\">\n"
+    echo '<form name="messageList" method="post" action="move_messages.php">' ."\n"
+       . $moveFields
         . html_tag( 'table' ,
             html_tag( 'tr',
                 html_tag( 'td' ,
index 9435386..c7c159f 100644 (file)
@@ -125,21 +125,14 @@ $key  = $_COOKIE['key'];
 $onetimepad = $_SESSION['onetimepad'];
 $base_uri = $_SESSION['base_uri'];
 $delimiter = $_SESSION['delimiter'];
-if (isset($_GET['mailbox'])) {
-    $mailbox = $_GET['mailbox'];
-}
-if (isset($_GET['startMessage'])) {
-    $startMessage = $_GET['startMessage'];
-}
+
+sqGetGlobalVar('mailbox', $mailbox);
+sqGetGlobalVar('startMessage', $startMessage);
+sqGetGlobalVar('msg', $msg);
+
 if (isset($_POST['moveButton'])) {
     $moveButton = $_POST['moveButton'];
 }
-if (isset($_POST['msg'])) {
-    $msg = $_POST['msg'];
-}
-elseif (isset($_GET['msg'])) {
-    $msg = $_GET['msg'];
-}
 
 if (isset($_SESSION['msgs'])) {
     $msgs = $_SESSION['msgs'];