--- squirrelmail-1.4.8.orig/doc/index.html
+++ squirrelmail-1.4.8/doc/index.html
@@ -75,15 +75,13 @@
Basic documentation that comes with distribution:
- AUTHORS - Who's behind all this?
- INSTALL - Installation instructions
- UPGRADE - Upgrading instructions
- README - Everyone should read this.
- COPYING - Licencing of SquirrelMail
- ChangeLog - Differences between SquirrelMail
- versions.
- ReleaseNotes - SquirrelMail release notes.
- ReleaseNotes archive - Notes for older SquirrelMail versions
+ AUTHORS - Who's behind all this?
+ README.Debian - README for Debian users by
+ the Debian maintainer
+ copyright - Licencing of SquirrelMail
+ changelog - Differences between official SquirrelMail versions.
+ changelog - Differences between the
+ Debian package versions of SquirrelMail.
--- squirrelmail-1.4.8.orig/src/right_main.php
+++ squirrelmail-1.4.8/src/right_main.php
@@ -154,7 +154,7 @@
if ($composenew) {
$comp_uri = SM_PATH . 'src/compose.php?mailbox='. urlencode($mailbox).
- "&session=$session";
+ "&session=" .urlencode($session);
displayPageHeader($color, $mailbox, "comp_in_new('$comp_uri');", false);
} else {
displayPageHeader($color, $mailbox);
--- squirrelmail-1.4.8.orig/src/compose.php
+++ squirrelmail-1.4.8/src/compose.php
@@ -50,31 +50,43 @@
sqgetGlobalVar('compose_messages', $compose_messages, SQ_SESSION);
/** SESSION/POST/GET VARS */
-sqgetGlobalVar('smaction',$action);
-sqgetGlobalVar('session',$session);
-sqgetGlobalVar('mailbox',$mailbox);
-sqgetGlobalVar('identity',$identity);
-sqgetGlobalVar('send_to',$send_to);
-sqgetGlobalVar('send_to_cc',$send_to_cc);
-sqgetGlobalVar('send_to_bcc',$send_to_bcc);
-sqgetGlobalVar('subject',$subject);
-sqgetGlobalVar('body',$body);
-sqgetGlobalVar('mailprio',$mailprio);
-sqgetGlobalVar('request_mdn',$request_mdn);
-sqgetGlobalVar('request_dr',$request_dr);
-sqgetGlobalVar('html_addr_search',$html_addr_search);
-sqgetGlobalVar('mail_sent',$mail_sent);
-sqgetGlobalVar('passed_id',$passed_id);
-sqgetGlobalVar('passed_ent_id',$passed_ent_id);
-sqgetGlobalVar('send',$send);
-
-sqgetGlobalVar('attach',$attach);
-
-sqgetGlobalVar('draft',$draft);
-sqgetGlobalVar('draft_id',$draft_id);
-sqgetGlobalVar('ent_num',$ent_num);
-sqgetGlobalVar('saved_draft',$saved_draft);
-sqgetGlobalVar('delete_draft',$delete_draft);
+sqgetGlobalVar('send', $send, SQ_POST);
+// Send can only be achieved by setting $_POST var. If Send = true then
+// retrieve other form fields from $_POST
+if (isset($send) && $send) {
+ $SQ_GLOBAL = SQ_POST;
+} else {
+ $SQ_GLOBAL = SQ_FORM;
+}
+sqgetGlobalVar('smaction',$action, $SQ_GLOBAL);
+sqgetGlobalVar('session',$session, $SQ_GLOBAL);
+sqgetGlobalVar('mailbox',$mailbox, $SQ_GLOBAL);
+if ( !sqgetGlobalVar('identity',$identity, $SQ_GLOBAL) ) {
+ $identity = 0;
+}
+sqgetGlobalVar('send_to',$send_to, $SQ_GLOBAL);
+sqgetGlobalVar('send_to_cc',$send_to_cc, $SQ_GLOBAL);
+sqgetGlobalVar('send_to_bcc',$send_to_bcc, $SQ_GLOBAL);
+sqgetGlobalVar('subject',$subject, $SQ_GLOBAL);
+sqgetGlobalVar('body',$body, $SQ_GLOBAL);
+sqgetGlobalVar('mailprio',$mailprio, $SQ_GLOBAL);
+sqgetGlobalVar('request_mdn',$request_mdn, $SQ_GLOBAL);
+sqgetGlobalVar('request_dr',$request_dr, $SQ_GLOBAL);
+sqgetGlobalVar('html_addr_search',$html_addr_search, SQ_FORM);
+sqgetGlobalVar('mail_sent',$mail_sent, SQ_FORM);
+sqgetGlobalVar('passed_id',$passed_id, $SQ_GLOBAL);
+sqgetGlobalVar('passed_ent_id',$passed_ent_id, $SQ_GLOBAL);
+
+sqgetGlobalVar('attach',$attach, SQ_POST);
+sqgetGlobalVar('draft',$draft, SQ_POST);
+sqgetGlobalVar('draft_id',$draft_id, $SQ_GLOBAL);
+sqgetGlobalVar('ent_num',$ent_num, $SQ_GLOBAL);
+sqgetGlobalVar('saved_draft',$saved_draft, SQ_FORM);
+
+if ( sqgetGlobalVar('delete_draft',$delete_draft) ) {
+ $delete_draft = (int)$delete_draft;
+}
+
if ( sqgetGlobalVar('startMessage',$startMessage) ) {
$startMessage = (int)$startMessage;
} else {
@@ -96,6 +108,25 @@
/** GET VARS */
sqgetGlobalVar('attachedmessages', $attachedmessages, SQ_GET);
+/**
+ * Here we decode the data passed in from mailto.php.
+ */
+if ( sqgetGlobalVar('mailtodata', $mailtodata, SQ_GET) ) {
+ $trtable = array('to' => 'send_to',
+ 'cc' => 'send_to_cc',
+ 'bcc' => 'send_to_bcc',
+ 'body' => 'body',
+ 'subject' => 'subject');
+ $mtdata = unserialize($mailtodata);
+
+ foreach ($trtable as $f => $t) {
+ if ( !empty($mtdata[$f]) ) {
+ $$t = $mtdata[$f];
+ }
+ }
+ unset($mailtodata,$mtdata, $trtable);
+}
+
/* Location (For HTTP 1.1 Header("Location: ...") redirects) */
$location = get_location();
@@ -296,6 +327,8 @@
if (!isset($composesession)) {
$composesession = 0;
sqsession_register(0,'composesession');
+} else {
+ $composesession = (int)$composesession;
}
if (!isset($session) || (isset($newmessage) && $newmessage)) {
--- squirrelmail-1.4.8.orig/src/redirect.php
+++ squirrelmail-1.4.8/src/redirect.php
@@ -52,8 +52,8 @@
$squirrelmail_language = $squirrelmail_default_language;
}
-if (!sqgetGlobalVar('mailto', $mailto)) {
- $mailto = '';
+if (!sqgetGlobalVar('mailtodata', $mailtodata)) {
+ $mailtodata = '';
}
@@ -159,9 +159,9 @@
unset($session_expired_location);
}
-if($mailto != '') {
- $redirect_url = $location . '/webmail.php?right_frame=compose.php&mailto=';
- $redirect_url .= urlencode($mailto);
+if($mailtodata != '') {
+ $redirect_url = $location . '/webmail.php?right_frame=compose.php&mailtodata=';
+ $redirect_url .= urlencode($mailtodata);
}
--- squirrelmail-1.4.8.orig/src/login.php
+++ squirrelmail-1.4.8/src/login.php
@@ -112,11 +112,10 @@
$password_form_name = 'secretkey';
do_hook('login_top');
-
-if(sqgetGlobalVar('mailto', $mailto)) {
- $rcptaddress = addHidden('mailto', $mailto);
+if(sqgetGlobalVar('mailtodata', $mailtodata)) {
+ $mailtofield = addHidden('mailtodata', $mailtodata);
} else {
- $rcptaddress = '';
+ $mailtofield = '';
}
/* If they don't have a logo, don't bother.. */
@@ -169,7 +168,7 @@
html_tag( 'td',
addPwField($password_form_name).
addHidden('js_autodetect_results', SMPREF_JS_OFF).
- $rcptaddress .
+ $mailtofield .
addHidden('just_logged_in', '1'),
'left', '', 'width="*"' )
) ,
--- squirrelmail-1.4.8.orig/src/view_text.php
+++ squirrelmail-1.4.8/src/view_text.php
@@ -75,10 +75,10 @@
}
if ($type1 == 'html' || (isset($override_type1) && $override_type1 == 'html')) {
- $body = MagicHTML( $body, $passed_id, $message, $mailbox);
// html attachment with character set information
if (! empty($charset))
$body = charset_decode($charset,$body,false,true);
+ $body = magicHTML( $body, $passed_id, $message, $mailbox);
} else {
translateText($body, $wrap_at, $charset);
}
@@ -102,4 +102,4 @@
|
-