From 8d07583f3920f27186ccc16ea1ecb49104f1e32d Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 18 May 2007 11:29:25 +0000
Subject: Use HTTP-POST requests for actions that change application state

---
 program/steps/mail/move_del.inc | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'program/steps/mail/move_del.inc')

diff --git a/program/steps/mail/move_del.inc b/program/steps/mail/move_del.inc
index fb8a0af4c..acdbf6000 100644
--- a/program/steps/mail/move_del.inc
+++ b/program/steps/mail/move_del.inc
@@ -20,11 +20,11 @@
 */
 
 // move messages
-if ($_action=='moveto' && !empty($_GET['_uid']) && !empty($_GET['_target_mbox']))
+if ($_action=='moveto' && !empty($_POST['_uid']) && !empty($_POST['_target_mbox']))
 {
-  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET))));
-  $target = get_input_value('_target_mbox', RCUBE_INPUT_GET);
-  $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_GET));
+  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_POST))));
+  $target = get_input_value('_target_mbox', RCUBE_INPUT_POST);
+  $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_POST));
   
   if (!$moved)
   {
@@ -37,10 +37,10 @@ if ($_action=='moveto' && !empty($_GET['_uid']) && !empty($_GET['_target_mbox'])
 }
 
 // delete messages 
-else if ($_action=='delete' && !empty($_GET['_uid']))
+else if ($_action=='delete' && !empty($_POST['_uid']))
 {
-  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET))));
-  $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_GET));
+  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_POST))));
+  $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_POST));
   
   if (!$del)
   {
@@ -78,7 +78,7 @@ if ($_action=='moveto' && $target)
 $OUTPUT->command('set_quota', $IMAP->get_quota());
 
 // add new rows from next page (if any)
-if ($_GET['_from']!='show' && $pages>1 && $IMAP->list_page < $pages)
+if ($_POST['_from']!='show' && $pages>1 && $IMAP->list_page < $pages)
 {
   $sort_col   = isset($_SESSION['sort_col'])   ? $_SESSION['sort_col']   : $CONFIG['message_sort_col'];
   $sort_order = isset($_SESSION['sort_order']) ? $_SESSION['sort_order'] : $CONFIG['message_sort_order'];
-- 
cgit v1.2.3