~ubuntu-branches/ubuntu/hardy/squirrelmail/hardy-updates

Committer: Bazaar Package Importer
Author(s): Thijs Kinkhorst
Date: 2006-08-11 13:53:20 UTC
mfrom: (1.1.5 upstream)
Revision ID: james.westby@ubuntu.com-20060811135320-a54q8uf2ncuwc5es

Tags: 2:1.4.8-1

* New upstream release
  - Includes security fix: variable overwriting in compose.php
    by logged-in user [CVE-2006-4019]
  - Does not ship SquirrelMail developer's documentation anymore.

* Remove duplicate content from README.locales.

files added:
contrib/conf.pl.8

doc/ReleaseNotes/1.4/Notes-1.4.7.txt

files removed:
doc/Development

doc/Development/addressbook.txt

doc/Development/index.html

doc/Development/mime.txt

doc/Development/plugin.txt

doc/Development/rfc_documents.txt

doc/Development/tree.txt

po/charsetconvert.pl

files modified:
AUTHORS

ChangeLog

README.locales

ReleaseNotes

class/deliver/Deliver_SMTP.class.php

class/deliver/Deliver_SendMail.class.php

config/conf.pl

config/config_default.php

debian/changelog

debian/squirrelmail.docs

doc/themes.txt

functions/auth.php

functions/global.php

functions/imap_general.php

functions/imap_messages.php

functions/imap_utf7_local.php

functions/plugin.php

functions/strings.php

include/options/folder.php

include/validate.php

plugins/administrator/defines.php

plugins/filters/filters.php

plugins/fortune/INSTALL

plugins/fortune/setup.php

plugins/spamcop/spamcop.php

plugins/squirrelspell/sqspell_interface.php

plugins/squirrelspell/sqspell_options.php

po/squirrelmail.pot

src/compose.php

src/configtest.php

src/folders_create.php

src/login.php

src/read_body.php

src/redirect.php

src/search.php

src/signout.php

src/webmail.php

themes/default_theme.php

Show diffs side-by-side

added added

removed removed

src/search.php

* @license http://opensource.org/licenses/gpl-license.php GNU Public License

* @version $Id: search.php,v 1.92.2.16 2006/06/29 14:18:32 kink Exp $

* @version $Id: search.php,v 1.92.2.18 2006/07/27 18:58:48 tokul Exp $

* @package squirrelmail

* @subpackage search

sqgetGlobalVar('composenew' , $composenew, SQ_FORM);

sqgetGlobalVar('composesession' , $composesession , SQ_SESSION);

if (isset($_GET['mailbox'])) {

$mailbox = strip_tags($_GET['mailbox']);

}

if (isset($_GET['submit'])) {

$submit = strip_tags($_GET['submit']);

}

if (isset($_GET['what'])) {

$what = $_GET['what'];

}

if (isset($_GET['where'])) {

$where = strip_tags($_GET['where']);

}

if (isset($_GET['checkall'])) {

$checkall = strip_tags($_GET['checkall']);

}

if (isset($_GET['count'])) {

$count = strip_tags($_GET['count']);

if (!sqgetGlobalVar('mailbox',$mailbox,SQ_GET)) {

unset($mailbox);

}

if (!sqgetGlobalVar('submit',$submit,SQ_GET)) {

$submit = '';

}

if (!sqgetGlobalVar('what',$what,SQ_GET)) {

$what='';

}

if (! sqgetGlobalVar('where',$where,SQ_GET) ||

! in_array( $where, array('BODY','TEXT','SUBJECT','FROM','CC','TO'))) {

// make sure that 'where' is one if standard IMAP SEARCH keywords

$where = 'FROM';

}

// FIXME: what is this?

if (!sqgetGlobalVar('checkall',$checkall,SQ_GET)) {

unset($checkall);

}

if (sqgetGlobalVar('count',$count,SQ_GET)) {

$count = (int) $count;

} else {

unset($count);

}

/* end of get globals */

187

192

$saved_types = array(0 => 'saved_what', 1 => 'saved_where', 2 => 'saved_folder');

188

193

$saved_array = get_saved($username, $data_dir);

189

194

$save_index = $save_index -1;

190

$saved_count = (count($saved_array['saved_what']) + 1);

195

if (isset($saved_array['saved_what'])) {

196

$saved_count = (count($saved_array['saved_what']) + 1);

197

} else {

198

// there are no saved searches. Function is used to save first search

199

$saved_count = 1;

200

}

191

201

$attributes = get_recent ($username, $data_dir);

192

202

$n = 0;

193

203

foreach ($types as $key) {

274

284

displayPageHeader($color, $mailbox);

275

285

}

276

286

/* See how the page was called and fire off correct function */

277

if ((!isset($submit) || empty($submit)) && !empty($what)) {

287

if (empty($submit) && !empty($what)) {

278

288

$submit = _("Search");

279

289

}

280

if ( !isset( $submit ) ) {

281

$submit = '';

282

} else if ($submit == _("Search") && !empty($what)) {

290

291

if ($submit == _("Search") && !empty($what)) {

283

292

if ($recent_count > 0) {

284

293

update_recent($what, $where, $mailbox, $username, $data_dir);

285

294

}

286

295

}

287

elseif ($submit == 'forget') {

296

elseif ($submit == 'forget' && isset($count)) {

288

297

forget_recent($count, $username, $data_dir);

289

298

}

290

elseif ($submit == 'save') {

299

elseif ($submit == 'save' && isset($count)) {

291

300

save_recent($count, $username, $data_dir);

292

301

}

293

elseif ($submit == 'delete') {

302

elseif ($submit == 'delete' && isset($count)) {

294

303

delete_saved($count, $username, $data_dir);

295

304

}

296

305

317

326

echo "<br />\n"

318

327

. html_tag( 'table', '', 'center', $color[9], 'width="95%" cellpadding="1" cellspacing="1" border="0"' )

319

328

. html_tag( 'tr',

320

html_tag( 'td', '<b>Saved Searches</b>', 'center' )

329

html_tag( 'td', '<b>'._("Saved Searches") . '</b>', 'center' )

321

330

)

322

331

. html_tag( 'tr' )

323

332

. html_tag( 'td' )

328

337

} else {

329

338

echo html_tag( 'tr', '', '', $color[4] );

330

339

}

331

echo html_tag( 'td', imap_utf7_decode_local($saved_attributes['saved_folder'][$i + 1]), 'left', '', 'width="35%"' )

332

. html_tag( 'td', $saved_attributes['saved_what'][$i + 1], 'left' )

333

. html_tag( 'td', $saved_attributes['saved_where'][$i + 1], 'center' )

340

echo html_tag( 'td', htmlspecialchars(imap_utf7_decode_local($saved_attributes['saved_folder'][$i + 1])), 'left', '', 'width="35%"' )

341

. html_tag( 'td', htmlspecialchars($saved_attributes['saved_what'][$i + 1]), 'left' )

342

. html_tag( 'td', htmlspecialchars($saved_attributes['saved_where'][$i + 1]), 'center' )

334

343

. html_tag( 'td', '', 'right' )

335

344

. '<a href="search.php'

336

. '?mailbox=' . htmlspecialchars($saved_attributes['saved_folder'][$i + 1])

337

. '&what=' . htmlspecialchars($saved_attributes['saved_what'][$i + 1])

338

. '&where=' . htmlspecialchars($saved_attributes['saved_where'][$i + 1])

345

. '?mailbox=' . urlencode($saved_attributes['saved_folder'][$i + 1])

346

. '&what=' . urlencode($saved_attributes['saved_what'][$i + 1])

347

. '&where=' . urlencode($saved_attributes['saved_where'][$i + 1])

339

348

. '">' . _("edit") . '</a>'

340

349

. ' | '

341

350

. '<a href="search.php'

375

384

}

376

385

if (isset($attributes['search_what'][$i]) &&

377

386

!empty($attributes['search_what'][$i])) {

378

echo html_tag( 'td', imap_utf7_decode_local($attributes['search_folder'][$i]), 'left', '', 'width="35%"' )

387

echo html_tag( 'td', htmlspecialchars(imap_utf7_decode_local($attributes['search_folder'][$i])), 'left', '', 'width="35%"' )

379

388

. html_tag( 'td', htmlspecialchars($attributes['search_what'][$i]), 'left' )

380

. html_tag( 'td', $attributes['search_where'][$i], 'center' )

389

. html_tag( 'td', htmlspecialchars($attributes['search_where'][$i]), 'center' )

381

390

. html_tag( 'td', '', 'right' )

382

391

. "<a href=\"search.php?count=$i&submit=save\">"

383

392

. _("save")

399

408

echo '</table></td></tr></table><br />';

400

409

}

401

410

402

411

/** FIXME: remove or fix it. $newsort is not set and not extracted from request

403

412

if (isset($newsort)) {

404

413

$sort = $newsort;

405

414

sqsession_register($sort, 'sort');

406

}

415

}*/

407

416

408

417

/*********************************************************************

409

418

* Check to see if we can use cache or not. Currently the only time *

411

420

* used. Also check to make sure we actually have the array in the *

412

421

* registered session data. :) *

413

422

*********************************************************************/

423

424

/** FIXME: remove or fix it. $use_mailbox_cache is not set and not extracted from request

414

425

if (! isset($use_mailbox_cache)) {

415

426

$use_mailbox_cache = 0;

416

}

427

}*/

417

428

418

429

/* There is a problem with registered vars in 4.1 */

419

430

440

451

441

452

echo ' </select>'.

442

453

" </td>\n";

443

if ( !isset( $what ) ) {

444

$what = '';

445

}

446

if ( !isset( $where ) ) {

447

$where = 'FROM';

448

}

449

450

454

455

// FIXME: explain all str_replace calls.

451

456

$what_disp = str_replace(',', ' ', $what);

452

457

$what_disp = str_replace('\\\\', '\\', $what_disp);

453

458

$what_disp = str_replace('\\"', '"', $what_disp);

534

539

/* must have search terms to search */

535

540

if ($submit == _("Search") && empty($what)) {

536

541

echo '<br />'

537

. html_tag( 'div', '<b>Please enter something to search for</b>', 'center' ) . "\n";

542

. html_tag( 'div', '<b>' . _("Please enter something to search for") . '</b>', 'center' ) . "\n";

538

543

}

539

544

540

545

$allow_thread_sort = $old_value;

Older »