From 8d07583f3920f27186ccc16ea1ecb49104f1e32d Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 18 May 2007 07:29:25 -0400
Subject: [PATCH] Use HTTP-POST requests for actions that change application state

---
 program/steps/mail/move_del.inc |   16 ++++++++--------
 1 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/program/steps/mail/move_del.inc b/program/steps/mail/move_del.inc
index fb8a0af..acdbf60 100644
--- a/program/steps/mail/move_del.inc
+++ b/program/steps/mail/move_del.inc
@@ -20,11 +20,11 @@
 */
 
 // move messages
-if ($_action=='moveto' && !empty($_GET['_uid']) && !empty($_GET['_target_mbox']))
+if ($_action=='moveto' && !empty($_POST['_uid']) && !empty($_POST['_target_mbox']))
 {
-  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET))));
-  $target = get_input_value('_target_mbox', RCUBE_INPUT_GET);
-  $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_GET));
+  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_POST))));
+  $target = get_input_value('_target_mbox', RCUBE_INPUT_POST);
+  $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_POST));
   
   if (!$moved)
   {
@@ -37,10 +37,10 @@
 }
 
 // delete messages 
-else if ($_action=='delete' && !empty($_GET['_uid']))
+else if ($_action=='delete' && !empty($_POST['_uid']))
 {
-  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET))));
-  $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_GET));
+  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_POST))));
+  $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_POST));
   
   if (!$del)
   {
@@ -78,7 +78,7 @@
 $OUTPUT->command('set_quota', $IMAP->get_quota());
 
 // add new rows from next page (if any)
-if ($_GET['_from']!='show' && $pages>1 && $IMAP->list_page < $pages)
+if ($_POST['_from']!='show' && $pages>1 && $IMAP->list_page < $pages)
 {
   $sort_col   = isset($_SESSION['sort_col'])   ? $_SESSION['sort_col']   : $CONFIG['message_sort_col'];
   $sort_order = isset($_SESSION['sort_order']) ? $_SESSION['sort_order'] : $CONFIG['message_sort_order'];

--
Gitblit v1.9.1