From 8d07583f3920f27186ccc16ea1ecb49104f1e32d Mon Sep 17 00:00:00 2001 From: thomascube Date: Fri, 18 May 2007 11:29:25 +0000 Subject: Use HTTP-POST requests for actions that change application state --- CHANGELOG | 5 +++++ index.php | 6 +++--- program/js/app.js | 30 +++++++++++++++--------------- program/steps/addressbook/delete.inc | 2 +- program/steps/mail/compose.inc | 2 +- program/steps/mail/folders.inc | 12 ++++++------ program/steps/mail/func.inc | 4 ++-- program/steps/mail/list.inc | 2 +- program/steps/mail/mark.inc | 2 +- program/steps/mail/move_del.inc | 16 ++++++++-------- program/steps/settings/manage_folders.inc | 16 ++++++++-------- 11 files changed, 51 insertions(+), 46 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 1d5110fea..2ab885f4b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,11 @@ CHANGELOG RoundCube Webmail --------------------------- +2007/05/18 (thomasb) +---------- +- Use HTTP-POST requests for actions that change state + + 2007/05/17 (thomasb) ---------- - Updated Catalan, Russian, Portuguese, Slovak and Chinese translations diff --git a/index.php b/index.php index d5aa95e0e..60474998f 100644 --- a/index.php +++ b/index.php @@ -2,7 +2,7 @@ /* +-----------------------------------------------------------------------+ | RoundCube Webmail IMAP Client | - | Version 0.1-20070517 | + | Version 0.1-20070518 | | | | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland | | Licensed under the GNU GPL | @@ -285,7 +285,7 @@ if ($_task=='mail') if ($_action=='getunread') include('program/steps/mail/getunread.inc'); - if ($_action=='list' && isset($_GET['_remote'])) + if ($_action=='list' && isset($_REQUEST['_remote'])) include('program/steps/mail/list.inc'); if ($_action=='search') @@ -323,7 +323,7 @@ if ($_task=='addressbook') if ($_action=='show') include('program/steps/addressbook/show.inc'); - if ($_action=='list' && $_GET['_remote']) + if ($_action=='list' && $_REQUEST['_remote']) include('program/steps/addressbook/list.inc'); if ($_action=='search') diff --git a/program/js/app.js b/program/js/app.js index 31b8c3f48..4e1c283ca 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -1304,7 +1304,7 @@ function rcube_webmail() // send request to server var url = '_mbox='+urlencode(mbox); - this.http_request('expunge', url+add_url, lock); + this.http_post('expunge', url+add_url, lock); }; @@ -1326,7 +1326,7 @@ function rcube_webmail() // send request to server var url = '_mbox='+urlencode(mbox); - this.http_request('purge', url+add_url, lock); + this.http_post('purge', url+add_url, lock); return true; }; @@ -1432,7 +1432,7 @@ function rcube_webmail() add_url += '&_search='+this.env.search_request; // send request to server - this.http_request(action, '_uid='+a_uids.join(',')+'&_mbox='+urlencode(this.env.mailbox)+add_url, lock); + this.http_post(action, '_uid='+a_uids.join(',')+'&_mbox='+urlencode(this.env.mailbox)+add_url, lock); }; @@ -1511,7 +1511,7 @@ function rcube_webmail() } } - this.http_request('mark', '_uid='+a_uids.join(',')+'&_flag='+flag); + this.http_post('mark', '_uid='+a_uids.join(',')+'&_flag='+flag); }; // mark all message rows as deleted/undeleted @@ -1588,7 +1588,7 @@ function rcube_webmail() } } - this.http_request('mark', '_uid='+a_uids.join(',')+'&_flag=undelete'); + this.http_post('mark', '_uid='+a_uids.join(',')+'&_flag=undelete'); return true; }; @@ -1615,7 +1615,7 @@ function rcube_webmail() } } - this.http_request('mark', '_uid='+a_uids.join(',')+'&_flag=delete'); + this.http_post('mark', '_uid='+a_uids.join(',')+'&_flag=delete'); return true; }; @@ -1926,7 +1926,7 @@ function rcube_webmail() this.remove_attachment = function(name) { if (name) - this.http_request('remove-attachment', '_file='+urlencode(name)); + this.http_post('remove-attachment', '_file='+urlencode(name)); return true; }; @@ -2356,7 +2356,7 @@ function rcube_webmail() } // send request to server - this.http_request('delete', '_cid='+urlencode(a_cids.join(','))+'&_from='+(this.env.action ? this.env.action : '')); + this.http_post('delete', '_cid='+urlencode(a_cids.join(','))+'&_from='+(this.env.action ? this.env.action : '')); return true; }; @@ -2440,7 +2440,7 @@ function rcube_webmail() name = form.elements['_folder_name'].value; if (name) - this.http_request('create-folder', '_name='+urlencode(name), true); + this.http_post('create-folder', '_name='+urlencode(name), true); else if (form.elements['_folder_name']) form.elements['_folder_name'].focus(); }; @@ -2463,7 +2463,7 @@ function rcube_webmail() } if (oldname && newname) - this.http_request('rename-folder', '_folder_oldname='+urlencode(oldname)+'&_folder_newname='+urlencode(newname)); + this.http_post('rename-folder', '_folder_oldname='+urlencode(oldname)+'&_folder_newname='+urlencode(newname)); }; @@ -2520,7 +2520,7 @@ function rcube_webmail() { var newname = this.name_input ? this.name_input.value : null; if (this.edit_folder && newname) - this.http_request('rename-folder', '_folder_oldname='+urlencode(this.env.subscriptionrows[this.edit_folder][0])+'&_folder_newname='+urlencode(newname)); + this.http_post('rename-folder', '_folder_oldname='+urlencode(this.env.subscriptionrows[this.edit_folder][0])+'&_folder_newname='+urlencode(newname)); } // escape else if (key==27) @@ -2535,7 +2535,7 @@ function rcube_webmail() this.reset_folder_rename(); if (folder) - this.http_request('delete-folder', '_mboxes='+urlencode(folder)); + this.http_post('delete-folder', '_mboxes='+urlencode(folder)); }; @@ -2662,7 +2662,7 @@ function rcube_webmail() if ((form = this.gui_objects.editform) && form.elements['_unsubscribed']) this.change_subscription('_unsubscribed', '_subscribed', 'subscribe'); else if (folder) - this.http_request('subscribe', '_mboxes='+urlencode(folder)); + this.http_post('subscribe', '_mboxes='+urlencode(folder)); }; @@ -2672,7 +2672,7 @@ function rcube_webmail() if ((form = this.gui_objects.editform) && form.elements['_subscribed']) this.change_subscription('_subscribed', '_unsubscribed', 'unsubscribe'); else if (folder) - this.http_request('unsubscribe', '_mboxes='+urlencode(folder)); + this.http_post('unsubscribe', '_mboxes='+urlencode(folder)); }; @@ -2706,7 +2706,7 @@ function rcube_webmail() list_to[index] = new Option(a_folders[n]); } - this.http_request(action, '_mboxes='+urlencode(a_folders.join(','))); + this.http_post(action, '_mboxes='+urlencode(a_folders.join(','))); } } diff --git a/program/steps/addressbook/delete.inc b/program/steps/addressbook/delete.inc index e5c762844..f91b9ac42 100644 --- a/program/steps/addressbook/delete.inc +++ b/program/steps/addressbook/delete.inc @@ -19,7 +19,7 @@ */ -if (($cid = get_input_value('_cid', RCUBE_INPUT_GPC)) && preg_match('/^[0-9]+(,[0-9]+)*$/', $cid)) +if (($cid = get_input_value('_cid', RCUBE_INPUT_POST)) && preg_match('/^[0-9]+(,[0-9]+)*$/', $cid)) { $deleted = $CONTACTS->delete($cid); if (!$deleted) diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 4e73b4ba1..a956ecffc 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -29,7 +29,7 @@ define('RCUBE_COMPOSE_DRAFT', 0x0108); // remove an attachment -if ($_action=='remove-attachment' && preg_match('/^rcmfile([0-9]+)$/', $_GET['_file'], $regs)) +if ($_action=='remove-attachment' && preg_match('/^rcmfile([0-9]+)$/', $_POST['_file'], $regs)) { $id = $regs[1]; if (is_array($_SESSION['compose']['attachments'][$id])) diff --git a/program/steps/mail/folders.inc b/program/steps/mail/folders.inc index a97057e2c..1df51cd02 100644 --- a/program/steps/mail/folders.inc +++ b/program/steps/mail/folders.inc @@ -21,12 +21,12 @@ $mbox_name = $IMAP->get_mailbox_name(); // send EXPUNGE command -if ($_action=='expunge') +if ($_action=='expunge' && ($mbox = get_input_value('_mbox', RCUBE_INPUT_POST))) { - $success = $IMAP->expunge(get_input_value('_mbox', RCUBE_INPUT_GET)); + $success = $IMAP->expunge($mbox); // reload message list if current mailbox - if ($success && !empty($_GET['_reload'])) + if ($success && !empty($_REQUEST['_reload'])) { $OUTPUT->command('message_list.clear'); $_action = 'list'; @@ -37,11 +37,11 @@ if ($_action=='expunge') } // clear mailbox -else if ($_action=='purge') +else if ($_action=='purge' && ($mbox = get_input_value('_mbox', RCUBE_INPUT_POST))) { - $success = $IMAP->clear_mailbox(get_input_value('_mbox', RCUBE_INPUT_GET)); + $success = $IMAP->clear_mailbox($mbox); - if ($success && !empty($_GET['_reload'])) + if ($success && !empty($_REQUEST['_reload'])) { $OUTPUT->set_env('messagecount', 0); $OUTPUT->set_env('pagecount', 0); diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 991c3c168..3fa089037 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -52,8 +52,8 @@ if (!isset($_SESSION['sort_order'])) $_SESSION['sort_order'] = $CONFIG['message_sort_order']; // set message set for search result -if (!empty($_GET['_search']) && isset($_SESSION['search'][$_GET['_search']])) - $IMAP->set_search_set($_SESSION['search'][$_GET['_search']]); +if (!empty($_REQUEST['_search']) && isset($_SESSION['search'][$_REQUEST['_search']])) + $IMAP->set_search_set($_SESSION['search'][$_REQUEST['_search']]); // define url for getting message parts diff --git a/program/steps/mail/list.inc b/program/steps/mail/list.inc index 162624c36..a246254d1 100644 --- a/program/steps/mail/list.inc +++ b/program/steps/mail/list.inc @@ -42,7 +42,7 @@ else if ($count = $IMAP->messagecount()) $a_headers = $IMAP->list_headers($mbox_name, NULL, $sort_col, $sort_order); -$unseen = $IMAP->messagecount($mbox_name, 'UNSEEN', !empty($_GET['_refresh']) ? TRUE : FALSE); +$unseen = $IMAP->messagecount($mbox_name, 'UNSEEN', !empty($_REQUEST['_refresh']) ? TRUE : FALSE); // update message count display $pages = ceil($count/$IMAP->page_size); diff --git a/program/steps/mail/mark.inc b/program/steps/mail/mark.inc index 0dd781e08..74510abe9 100644 --- a/program/steps/mail/mark.inc +++ b/program/steps/mail/mark.inc @@ -24,7 +24,7 @@ $a_flags_map = array( 'read' => 'SEEN', 'unread' => 'UNSEEN'); -if (($uids = get_input_value('_uid', RCUBE_INPUT_GET)) && ($flag = get_input_value('_flag', RCUBE_INPUT_GET))) +if (($uids = get_input_value('_uid', RCUBE_INPUT_POST)) && ($flag = get_input_value('_flag', RCUBE_INPUT_POST))) { $flag = $a_flags_map[$flag] ? $a_flags_map[$flag] : strtoupper($flag); $marked = $IMAP->set_flag($uids, $flag); diff --git a/program/steps/mail/move_del.inc b/program/steps/mail/move_del.inc index fb8a0af4c..acdbf6000 100644 --- a/program/steps/mail/move_del.inc +++ b/program/steps/mail/move_del.inc @@ -20,11 +20,11 @@ */ // move messages -if ($_action=='moveto' && !empty($_GET['_uid']) && !empty($_GET['_target_mbox'])) +if ($_action=='moveto' && !empty($_POST['_uid']) && !empty($_POST['_target_mbox'])) { - $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET)))); - $target = get_input_value('_target_mbox', RCUBE_INPUT_GET); - $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_GET)); + $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_POST)))); + $target = get_input_value('_target_mbox', RCUBE_INPUT_POST); + $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_POST)); if (!$moved) { @@ -37,10 +37,10 @@ if ($_action=='moveto' && !empty($_GET['_uid']) && !empty($_GET['_target_mbox']) } // delete messages -else if ($_action=='delete' && !empty($_GET['_uid'])) +else if ($_action=='delete' && !empty($_POST['_uid'])) { - $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET)))); - $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_GET)); + $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_POST)))); + $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_POST)); if (!$del) { @@ -78,7 +78,7 @@ if ($_action=='moveto' && $target) $OUTPUT->command('set_quota', $IMAP->get_quota()); // add new rows from next page (if any) -if ($_GET['_from']!='show' && $pages>1 && $IMAP->list_page < $pages) +if ($_POST['_from']!='show' && $pages>1 && $IMAP->list_page < $pages) { $sort_col = isset($_SESSION['sort_col']) ? $_SESSION['sort_col'] : $CONFIG['message_sort_col']; $sort_order = isset($_SESSION['sort_order']) ? $_SESSION['sort_order'] : $CONFIG['message_sort_order']; diff --git a/program/steps/settings/manage_folders.inc b/program/steps/settings/manage_folders.inc index 7499fe3d4..150b7cd72 100644 --- a/program/steps/settings/manage_folders.inc +++ b/program/steps/settings/manage_folders.inc @@ -26,7 +26,7 @@ rcmail_imap_init(TRUE); // subscribe to one or more mailboxes if ($_action=='subscribe') { - if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET)) + if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_POST)) $IMAP->subscribe(array($mboxes)); if ($OUTPUT->ajax_call) @@ -36,7 +36,7 @@ if ($_action=='subscribe') // unsubscribe one or more mailboxes else if ($_action=='unsubscribe') { - if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET)) + if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_POST)) $IMAP->unsubscribe(array($mboxes)); if ($OUTPUT->ajax_call) @@ -46,8 +46,8 @@ else if ($_action=='unsubscribe') // create a new mailbox else if ($_action=='create-folder') { - if (!empty($_GET['_name'])) - $create = $IMAP->create_mailbox(trim(get_input_value('_name', RCUBE_INPUT_GET, FALSE, 'UTF-7')), TRUE); + if (!empty($_POST['_name'])) + $create = $IMAP->create_mailbox(trim(get_input_value('_name', RCUBE_INPUT_POST, FALSE, 'UTF-7')), TRUE); if ($create && $OUTPUT->ajax_call) { @@ -66,8 +66,8 @@ else if ($_action=='create-folder') // rename a mailbox else if ($_action=='rename-folder') { - if (!empty($_GET['_folder_oldname']) && !empty($_GET['_folder_newname'])) - $rename = $IMAP->rename_mailbox(($oldname = get_input_value('_folder_oldname', RCUBE_INPUT_GET)), trim(get_input_value('_folder_newname', RCUBE_INPUT_GET, FALSE, 'UTF-7'))); + if (!empty($_POST['_folder_oldname']) && !empty($_POST['_folder_newname'])) + $rename = $IMAP->rename_mailbox(($oldname = get_input_value('_folder_oldname', RCUBE_INPUT_POST)), trim(get_input_value('_folder_newname', RCUBE_INPUT_POST, FALSE, 'UTF-7'))); if ($rename && $OUTPUT->ajax_call) { @@ -88,12 +88,12 @@ else if ($_action=='rename-folder') // delete an existing IMAP mailbox else if ($_action=='delete-folder') { - if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET)) + if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_POST)) $deleted = $IMAP->delete_mailbox(array($mboxes)); if ($OUTPUT->ajax_call && $deleted) { - $OUTPUT->command('remove_folder_row', get_input_value('_mboxes', RCUBE_INPUT_GET)); + $OUTPUT->command('remove_folder_row', get_input_value('_mboxes', RCUBE_INPUT_POST)); $OUTPUT->show_message('folderdeleted', 'confirmation'); $OUTPUT->send(); } -- cgit v1.2.3