From 8d07583f3920f27186ccc16ea1ecb49104f1e32d Mon Sep 17 00:00:00 2001 From: thomascube Date: Fri, 18 May 2007 11:29:25 +0000 Subject: Use HTTP-POST requests for actions that change application state --- program/steps/mail/compose.inc | 2 +- program/steps/mail/folders.inc | 12 ++++++------ program/steps/mail/func.inc | 4 ++-- program/steps/mail/list.inc | 2 +- program/steps/mail/mark.inc | 2 +- program/steps/mail/move_del.inc | 16 ++++++++-------- 6 files changed, 19 insertions(+), 19 deletions(-) (limited to 'program/steps/mail') diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 4e73b4ba1..a956ecffc 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -29,7 +29,7 @@ define('RCUBE_COMPOSE_DRAFT', 0x0108); // remove an attachment -if ($_action=='remove-attachment' && preg_match('/^rcmfile([0-9]+)$/', $_GET['_file'], $regs)) +if ($_action=='remove-attachment' && preg_match('/^rcmfile([0-9]+)$/', $_POST['_file'], $regs)) { $id = $regs[1]; if (is_array($_SESSION['compose']['attachments'][$id])) diff --git a/program/steps/mail/folders.inc b/program/steps/mail/folders.inc index a97057e2c..1df51cd02 100644 --- a/program/steps/mail/folders.inc +++ b/program/steps/mail/folders.inc @@ -21,12 +21,12 @@ $mbox_name = $IMAP->get_mailbox_name(); // send EXPUNGE command -if ($_action=='expunge') +if ($_action=='expunge' && ($mbox = get_input_value('_mbox', RCUBE_INPUT_POST))) { - $success = $IMAP->expunge(get_input_value('_mbox', RCUBE_INPUT_GET)); + $success = $IMAP->expunge($mbox); // reload message list if current mailbox - if ($success && !empty($_GET['_reload'])) + if ($success && !empty($_REQUEST['_reload'])) { $OUTPUT->command('message_list.clear'); $_action = 'list'; @@ -37,11 +37,11 @@ if ($_action=='expunge') } // clear mailbox -else if ($_action=='purge') +else if ($_action=='purge' && ($mbox = get_input_value('_mbox', RCUBE_INPUT_POST))) { - $success = $IMAP->clear_mailbox(get_input_value('_mbox', RCUBE_INPUT_GET)); + $success = $IMAP->clear_mailbox($mbox); - if ($success && !empty($_GET['_reload'])) + if ($success && !empty($_REQUEST['_reload'])) { $OUTPUT->set_env('messagecount', 0); $OUTPUT->set_env('pagecount', 0); diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 991c3c168..3fa089037 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -52,8 +52,8 @@ if (!isset($_SESSION['sort_order'])) $_SESSION['sort_order'] = $CONFIG['message_sort_order']; // set message set for search result -if (!empty($_GET['_search']) && isset($_SESSION['search'][$_GET['_search']])) - $IMAP->set_search_set($_SESSION['search'][$_GET['_search']]); +if (!empty($_REQUEST['_search']) && isset($_SESSION['search'][$_REQUEST['_search']])) + $IMAP->set_search_set($_SESSION['search'][$_REQUEST['_search']]); // define url for getting message parts diff --git a/program/steps/mail/list.inc b/program/steps/mail/list.inc index 162624c36..a246254d1 100644 --- a/program/steps/mail/list.inc +++ b/program/steps/mail/list.inc @@ -42,7 +42,7 @@ else if ($count = $IMAP->messagecount()) $a_headers = $IMAP->list_headers($mbox_name, NULL, $sort_col, $sort_order); -$unseen = $IMAP->messagecount($mbox_name, 'UNSEEN', !empty($_GET['_refresh']) ? TRUE : FALSE); +$unseen = $IMAP->messagecount($mbox_name, 'UNSEEN', !empty($_REQUEST['_refresh']) ? TRUE : FALSE); // update message count display $pages = ceil($count/$IMAP->page_size); diff --git a/program/steps/mail/mark.inc b/program/steps/mail/mark.inc index 0dd781e08..74510abe9 100644 --- a/program/steps/mail/mark.inc +++ b/program/steps/mail/mark.inc @@ -24,7 +24,7 @@ $a_flags_map = array( 'read' => 'SEEN', 'unread' => 'UNSEEN'); -if (($uids = get_input_value('_uid', RCUBE_INPUT_GET)) && ($flag = get_input_value('_flag', RCUBE_INPUT_GET))) +if (($uids = get_input_value('_uid', RCUBE_INPUT_POST)) && ($flag = get_input_value('_flag', RCUBE_INPUT_POST))) { $flag = $a_flags_map[$flag] ? $a_flags_map[$flag] : strtoupper($flag); $marked = $IMAP->set_flag($uids, $flag); diff --git a/program/steps/mail/move_del.inc b/program/steps/mail/move_del.inc index fb8a0af4c..acdbf6000 100644 --- a/program/steps/mail/move_del.inc +++ b/program/steps/mail/move_del.inc @@ -20,11 +20,11 @@ */ // move messages -if ($_action=='moveto' && !empty($_GET['_uid']) && !empty($_GET['_target_mbox'])) +if ($_action=='moveto' && !empty($_POST['_uid']) && !empty($_POST['_target_mbox'])) { - $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET)))); - $target = get_input_value('_target_mbox', RCUBE_INPUT_GET); - $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_GET)); + $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_POST)))); + $target = get_input_value('_target_mbox', RCUBE_INPUT_POST); + $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_POST)); if (!$moved) { @@ -37,10 +37,10 @@ if ($_action=='moveto' && !empty($_GET['_uid']) && !empty($_GET['_target_mbox']) } // delete messages -else if ($_action=='delete' && !empty($_GET['_uid'])) +else if ($_action=='delete' && !empty($_POST['_uid'])) { - $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET)))); - $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_GET)); + $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_POST)))); + $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_POST)); if (!$del) { @@ -78,7 +78,7 @@ if ($_action=='moveto' && $target) $OUTPUT->command('set_quota', $IMAP->get_quota()); // add new rows from next page (if any) -if ($_GET['_from']!='show' && $pages>1 && $IMAP->list_page < $pages) +if ($_POST['_from']!='show' && $pages>1 && $IMAP->list_page < $pages) { $sort_col = isset($_SESSION['sort_col']) ? $_SESSION['sort_col'] : $CONFIG['message_sort_col']; $sort_order = isset($_SESSION['sort_order']) ? $_SESSION['sort_order'] : $CONFIG['message_sort_order']; -- cgit v1.2.3