From 8d07583f3920f27186ccc16ea1ecb49104f1e32d Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 18 May 2007 07:29:25 -0400
Subject: [PATCH] Use HTTP-POST requests for actions that change application state

---
 program/steps/mail/folders.inc |   12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/program/steps/mail/folders.inc b/program/steps/mail/folders.inc
index a97057e..1df51cd 100644
--- a/program/steps/mail/folders.inc
+++ b/program/steps/mail/folders.inc
@@ -21,12 +21,12 @@
 $mbox_name = $IMAP->get_mailbox_name();
 
 // send EXPUNGE command
-if ($_action=='expunge')
+if ($_action=='expunge' && ($mbox = get_input_value('_mbox', RCUBE_INPUT_POST)))
 {
-  $success = $IMAP->expunge(get_input_value('_mbox', RCUBE_INPUT_GET));
+  $success = $IMAP->expunge($mbox);
 
   // reload message list if current mailbox  
-  if ($success && !empty($_GET['_reload']))
+  if ($success && !empty($_REQUEST['_reload']))
   {
     $OUTPUT->command('message_list.clear');
     $_action = 'list';
@@ -37,11 +37,11 @@
 }
 
 // clear mailbox
-else if ($_action=='purge')
+else if ($_action=='purge' && ($mbox = get_input_value('_mbox', RCUBE_INPUT_POST)))
 {
-  $success = $IMAP->clear_mailbox(get_input_value('_mbox', RCUBE_INPUT_GET));
+  $success = $IMAP->clear_mailbox($mbox);
   
-  if ($success && !empty($_GET['_reload']))
+  if ($success && !empty($_REQUEST['_reload']))
   {
     $OUTPUT->set_env('messagecount', 0);
     $OUTPUT->set_env('pagecount', 0);

--
Gitblit v1.9.1