From 9969411a1acad59482d4626293eef0e38b29c321 Mon Sep 17 00:00:00 2001 From: pdontthink Date: Sat, 19 Sep 2009 20:11:13 +0000 Subject: [PATCH] Fix broken search pagination (add security tokens) git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13847 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- functions/template/paginator_util.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/functions/template/paginator_util.php b/functions/template/paginator_util.php index d65afe11..8b1a4055 100644 --- a/functions/template/paginator_util.php +++ b/functions/template/paginator_util.php @@ -28,7 +28,8 @@ include_once(SM_PATH . 'functions/forms.php'); */ function get_paginator_link($box, $start_msg, $text, $accesskey='NONE') { sqgetGlobalVar('PHP_SELF',$php_self,SQ_SERVER); - return create_hyperlink("$php_self?startMessage=$start_msg&mailbox=$box", + return create_hyperlink("$php_self?startMessage=$start_msg&mailbox=$box" + . (strpos($php_self, 'src/search.php') ? '&smtoken=' . sm_generate_security_token() : ''), $text, '', '', '', '', '', ($accesskey == 'NONE' ? array() @@ -122,8 +123,7 @@ function get_compact_paginator_str($box, $iOffset, $iTotal, $iLimit, $bShowAll, } } else { global $accesskey_mailbox_all_paginate; - $pg_str = create_hyperlink("$php_self?showall=0&startMessage=1&mailbox=$box", _("Paginate"), '', '', '', '', '', ($accesskeys_constructed ? array() : array('accesskey' => -$accesskey_mailbox_all_paginate))); + $pg_str = create_hyperlink("$php_self?showall=0&startMessage=1&mailbox=$box" . (strpos($php_self, 'src/search.php') ? '&smtoken=' . sm_generate_security_token() : ''), _("Paginate"), '', '', '', '', '', ($accesskeys_constructed ? array() : array('accesskey' => $accesskey_mailbox_all_paginate))); } /* Put all the pieces of the paginator string together. */ @@ -136,12 +136,12 @@ $accesskey_mailbox_all_paginate))); /* Compute the 'show all' string. */ global $accesskey_mailbox_all_paginate; - $all_str = create_hyperlink("$php_self?showall=1&startMessage=1&mailbox=$box", _("Show All"), '', '', '', '', '', ($accesskeys_constructed ? array() : array('accesskey' => $accesskey_mailbox_all_paginate))); + $all_str = create_hyperlink("$php_self?showall=1&startMessage=1&mailbox=$box" . (strpos($php_self, 'src/search.php') ? '&smtoken=' . sm_generate_security_token() : ''), _("Show All"), '', '', '', '', '', ($accesskeys_constructed ? array() : array('accesskey' => $accesskey_mailbox_all_paginate))); $result .= '[' . get_paginator_link($box, 1, '<<') . ']'; $result .= '[' . $prv_str . ']'; - $pg_url = $php_self . '?mailbox=' . $box; + $pg_url = $php_self . '?mailbox=' . $box . (strpos($php_self, 'src/search.php') ? '&smtoken=' . sm_generate_security_token() : ''); $result .= '[' . $nxt_str . ']'; $result .= '[' . get_paginator_link($box, $last_grp, '>>') . ']'; @@ -372,7 +372,7 @@ function get_paginator_str($box, $iOffset, $iTotal, $iLimit, $bShowAll,$page_sel } } else { global $accesskey_mailbox_all_paginate; - $pg_str = create_hyperlink("$php_self?showall=0&startMessage=1&mailbox=$box", _("Paginate"), '', '', '', '', '', ($accesskeys_constructed ? array() : array('accesskey' => + $pg_str = create_hyperlink("$php_self?showall=0&startMessage=1&mailbox=$box" . (strpos($php_self, 'src/search.php') ? '&smtoken=' . sm_generate_security_token() : ''), _("Paginate"), '', '', '', '', '', ($accesskeys_constructed ? array() : array('accesskey' => $accesskey_mailbox_all_paginate))); } @@ -386,7 +386,7 @@ $accesskey_mailbox_all_paginate))); /* Compute the 'show all' string. */ global $accesskey_mailbox_all_paginate; - $all_str = create_hyperlink("$php_self?showall=1&startMessage=1&mailbox=$box", _("Show All"), '', '', '', '', '', ($accesskeys_constructed ? array() : array('accesskey' => + $all_str = create_hyperlink("$php_self?showall=1&startMessage=1&mailbox=$box" . (strpos($php_self, 'src/search.php') ? '&smtoken=' . sm_generate_security_token() : ''), _("Show All"), '', '', '', '', '', ($accesskeys_constructed ? array() : array('accesskey' => $accesskey_mailbox_all_paginate))); $result .= '['; -- 2.25.1