Use HTTP-POST requests for actions that change application state

author: thomascube <thomas@roundcube.net> 2007-05-18 11:29:25 +0000
committer: thomascube <thomas@roundcube.net> 2007-05-18 11:29:25 +0000
commit: 8d07583f3920f27186ccc16ea1ecb49104f1e32d (patch)
tree: d78dc7781c357e9323313585c1cb20104a3a61ee /program/steps
parent: 3c3b3517c1d806c1602d09b216348954f17a8750 (diff)
8 files changed, 28 insertions, 28 deletions
diff --git a/program/steps/addressbook/delete.inc b/program/steps/addressbook/delete.inc
index e5c762844..f91b9ac42 100644
--- a/program/steps/addressbook/delete.inc
+++ b/program/steps/addressbook/delete.inc
@@ -19,7 +19,7 @@
 
 */
 
-if (($cid = get_input_value('_cid', RCUBE_INPUT_GPC)) && preg_match('/^[0-9]+(,[0-9]+)*$/', $cid))
+if (($cid = get_input_value('_cid', RCUBE_INPUT_POST)) && preg_match('/^[0-9]+(,[0-9]+)*$/', $cid))
   {
   $deleted = $CONTACTS->delete($cid);
   if (!$deleted)
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index 4e73b4ba1..a956ecffc 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -29,7 +29,7 @@ define('RCUBE_COMPOSE_DRAFT', 0x0108);
 
 
 // remove an attachment
-if ($_action=='remove-attachment' && preg_match('/^rcmfile([0-9]+)$/', $_GET['_file'], $regs))
+if ($_action=='remove-attachment' && preg_match('/^rcmfile([0-9]+)$/', $_POST['_file'], $regs))
   {
   $id = $regs[1];
   if (is_array($_SESSION['compose']['attachments'][$id]))
diff --git a/program/steps/mail/folders.inc b/program/steps/mail/folders.inc
index a97057e2c..1df51cd02 100644
--- a/program/steps/mail/folders.inc
+++ b/program/steps/mail/folders.inc
@@ -21,12 +21,12 @@
 $mbox_name = $IMAP->get_mailbox_name();
 
 // send EXPUNGE command
-if ($_action=='expunge')
+if ($_action=='expunge' && ($mbox = get_input_value('_mbox', RCUBE_INPUT_POST)))
 {
-  $success = $IMAP->expunge(get_input_value('_mbox', RCUBE_INPUT_GET));
+  $success = $IMAP->expunge($mbox);
 
   // reload message list if current mailbox  
-  if ($success && !empty($_GET['_reload']))
+  if ($success && !empty($_REQUEST['_reload']))
   {
     $OUTPUT->command('message_list.clear');
     $_action = 'list';
@@ -37,11 +37,11 @@ if ($_action=='expunge')
 }
 
 // clear mailbox
-else if ($_action=='purge')
+else if ($_action=='purge' && ($mbox = get_input_value('_mbox', RCUBE_INPUT_POST)))
 {
-  $success = $IMAP->clear_mailbox(get_input_value('_mbox', RCUBE_INPUT_GET));
+  $success = $IMAP->clear_mailbox($mbox);
   
-  if ($success && !empty($_GET['_reload']))
+  if ($success && !empty($_REQUEST['_reload']))
   {
     $OUTPUT->set_env('messagecount', 0);
     $OUTPUT->set_env('pagecount', 0);
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 991c3c168..3fa089037 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -52,8 +52,8 @@ if (!isset($_SESSION['sort_order']))
   $_SESSION['sort_order'] = $CONFIG['message_sort_order'];
 
 // set message set for search result
-if (!empty($_GET['_search']) && isset($_SESSION['search'][$_GET['_search']]))
-  $IMAP->set_search_set($_SESSION['search'][$_GET['_search']]);
+if (!empty($_REQUEST['_search']) && isset($_SESSION['search'][$_REQUEST['_search']]))
+  $IMAP->set_search_set($_SESSION['search'][$_REQUEST['_search']]);
 
 
 // define url for getting message parts
diff --git a/program/steps/mail/list.inc b/program/steps/mail/list.inc
index 162624c36..a246254d1 100644
--- a/program/steps/mail/list.inc
+++ b/program/steps/mail/list.inc
@@ -42,7 +42,7 @@ else
 if ($count = $IMAP->messagecount())
   $a_headers = $IMAP->list_headers($mbox_name, NULL, $sort_col, $sort_order);
 
-$unseen = $IMAP->messagecount($mbox_name, 'UNSEEN', !empty($_GET['_refresh']) ? TRUE : FALSE);
+$unseen = $IMAP->messagecount($mbox_name, 'UNSEEN', !empty($_REQUEST['_refresh']) ? TRUE : FALSE);
 
 // update message count display
 $pages = ceil($count/$IMAP->page_size);
diff --git a/program/steps/mail/mark.inc b/program/steps/mail/mark.inc
index 0dd781e08..74510abe9 100644
--- a/program/steps/mail/mark.inc
+++ b/program/steps/mail/mark.inc
@@ -24,7 +24,7 @@ $a_flags_map = array(
   'read' => 'SEEN',
   'unread' => 'UNSEEN');
 
-if (($uids = get_input_value('_uid', RCUBE_INPUT_GET)) && ($flag = get_input_value('_flag', RCUBE_INPUT_GET)))
+if (($uids = get_input_value('_uid', RCUBE_INPUT_POST)) && ($flag = get_input_value('_flag', RCUBE_INPUT_POST)))
 {
   $flag = $a_flags_map[$flag] ? $a_flags_map[$flag] : strtoupper($flag);
   $marked = $IMAP->set_flag($uids, $flag);
diff --git a/program/steps/mail/move_del.inc b/program/steps/mail/move_del.inc
index fb8a0af4c..acdbf6000 100644
--- a/program/steps/mail/move_del.inc
+++ b/program/steps/mail/move_del.inc
@@ -20,11 +20,11 @@
 */
 
 // move messages
-if ($_action=='moveto' && !empty($_GET['_uid']) && !empty($_GET['_target_mbox']))
+if ($_action=='moveto' && !empty($_POST['_uid']) && !empty($_POST['_target_mbox']))
 {
-  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET))));
-  $target = get_input_value('_target_mbox', RCUBE_INPUT_GET);
-  $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_GET));
+  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_POST))));
+  $target = get_input_value('_target_mbox', RCUBE_INPUT_POST);
+  $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_POST));
   
   if (!$moved)
   {
@@ -37,10 +37,10 @@ if ($_action=='moveto' && !empty($_GET['_uid']) && !empty($_GET['_target_mbox'])
 }
 
 // delete messages 
-else if ($_action=='delete' && !empty($_GET['_uid']))
+else if ($_action=='delete' && !empty($_POST['_uid']))
 {
-  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET))));
-  $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_GET));
+  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_POST))));
+  $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_POST));
   
   if (!$del)
   {
@@ -78,7 +78,7 @@ if ($_action=='moveto' && $target)
 $OUTPUT->command('set_quota', $IMAP->get_quota());
 
 // add new rows from next page (if any)
-if ($_GET['_from']!='show' && $pages>1 && $IMAP->list_page < $pages)
+if ($_POST['_from']!='show' && $pages>1 && $IMAP->list_page < $pages)
 {
   $sort_col   = isset($_SESSION['sort_col'])   ? $_SESSION['sort_col']   : $CONFIG['message_sort_col'];
   $sort_order = isset($_SESSION['sort_order']) ? $_SESSION['sort_order'] : $CONFIG['message_sort_order'];
diff --git a/program/steps/settings/manage_folders.inc b/program/steps/settings/manage_folders.inc
index 7499fe3d4..150b7cd72 100644
--- a/program/steps/settings/manage_folders.inc
+++ b/program/steps/settings/manage_folders.inc
@@ -26,7 +26,7 @@ rcmail_imap_init(TRUE);
 // subscribe to one or more mailboxes
 if ($_action=='subscribe')
   {
-  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET))
+  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_POST))
     $IMAP->subscribe(array($mboxes));
 
   if ($OUTPUT->ajax_call)
@@ -36,7 +36,7 @@ if ($_action=='subscribe')
 // unsubscribe one or more mailboxes
 else if ($_action=='unsubscribe')
   {
-  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET))
+  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_POST))
     $IMAP->unsubscribe(array($mboxes));
 
   if ($OUTPUT->ajax_call)
@@ -46,8 +46,8 @@ else if ($_action=='unsubscribe')
 // create a new mailbox
 else if ($_action=='create-folder')
   {
-  if (!empty($_GET['_name']))
-    $create = $IMAP->create_mailbox(trim(get_input_value('_name', RCUBE_INPUT_GET, FALSE, 'UTF-7')), TRUE);
+  if (!empty($_POST['_name']))
+    $create = $IMAP->create_mailbox(trim(get_input_value('_name', RCUBE_INPUT_POST, FALSE, 'UTF-7')), TRUE);
 
   if ($create && $OUTPUT->ajax_call)
     {
@@ -66,8 +66,8 @@ else if ($_action=='create-folder')
 // rename a mailbox
 else if ($_action=='rename-folder')
   {
-  if (!empty($_GET['_folder_oldname']) && !empty($_GET['_folder_newname']))
-    $rename = $IMAP->rename_mailbox(($oldname = get_input_value('_folder_oldname', RCUBE_INPUT_GET)), trim(get_input_value('_folder_newname', RCUBE_INPUT_GET, FALSE, 'UTF-7')));
+  if (!empty($_POST['_folder_oldname']) && !empty($_POST['_folder_newname']))
+    $rename = $IMAP->rename_mailbox(($oldname = get_input_value('_folder_oldname', RCUBE_INPUT_POST)), trim(get_input_value('_folder_newname', RCUBE_INPUT_POST, FALSE, 'UTF-7')));
     
   if ($rename && $OUTPUT->ajax_call)
     {
@@ -88,12 +88,12 @@ else if ($_action=='rename-folder')
 // delete an existing IMAP mailbox
 else if ($_action=='delete-folder')
   {
-  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET))
+  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_POST))
     $deleted = $IMAP->delete_mailbox(array($mboxes));
 
   if ($OUTPUT->ajax_call && $deleted)
     {
-    $OUTPUT->command('remove_folder_row', get_input_value('_mboxes', RCUBE_INPUT_GET));
+    $OUTPUT->command('remove_folder_row', get_input_value('_mboxes', RCUBE_INPUT_POST));
     $OUTPUT->show_message('folderdeleted', 'confirmation');
     $OUTPUT->send();
     }
author	thomascube <thomas@roundcube.net>	2007-05-18 11:29:25 +0000
committer	thomascube <thomas@roundcube.net>	2007-05-18 11:29:25 +0000
commit	8d07583f3920f27186ccc16ea1ecb49104f1e32d (patch)
tree	d78dc7781c357e9323313585c1cb20104a3a61ee /program/steps
parent	3c3b3517c1d806c1602d09b216348954f17a8750 (diff)