sysutils/webmin/patches/patch-ay

   1 $NetBSD$
   2
   3 --- mailboxes/mail_search.cgi.orig      2012-06-29 22:31:50.000000000 +0000
   4 +++ mailboxes/mail_search.cgi
   5 @@ -46,7 +46,8 @@ if ($in{'simple'}) {
   6                 @searchlist = ( [ $field, $what ] );
   7                 @rv = &mailbox_search_mail(\@searchlist, 0, $folder);
   8                 print "<p><b>",&text('search_results5', scalar(@rv),
   9 -                           "<tt>$field</tt>", "<tt>$what</tt>")," ..</b><p>\n";
  10 +                           "<tt>" . &html_escape($field) . "</tt>", "<tt>" .
  11 +                           &html_escape($what) . "</tt>")," ..</b><p>\n";
  12                 }
  13         else {
  14                 # Just search by Subject and From in one folder
  15 @@ -73,7 +74,8 @@ if ($in{'simple'}) {
  16                         &error($text{'search_eboolean'});
  17                         }
  18                 print "<p><b>",&text('search_results2', scalar(@rv),
  19 -                                    "<tt>$in{'search'}</tt>")," ..</b><p>\n";
  20 +                                    "<tt>" . &html_escape($in{'search'}) .
  21 +                                    "</tt>")," ..</b><p>\n";
  22                 }
  23         foreach $mail (@rv) {
  24                 $mail->{'folder'} = $folder;
  25 @@ -106,9 +108,9 @@ else {
  26  # Show list of messages, with form
  27  if (@rv) {
  28         print &ui_form_start("delete_mail.cgi", "post");
  29 -       print &ui_hidden("user", $in{'user'});
  30 -       print &ui_hidden("dom", $in{'dom'});
  31 -       print &ui_hidden("folder", $in{'folder'});
  32 +       print &ui_hidden("user", &html_escape($in{'user'}));
  33 +       print &ui_hidden("dom", &html_escape($in{'folder'}));
  34 +       print &ui_hidden("folder", &html_escape($in{'folder'}));
  35         if ($config{'top_buttons'} && !$multi_folder) {
  36                 &show_buttons(1, \@folders, $folder, \@rv, $in{'user'}, 1);
  37                 }
  38 @@ -121,10 +123,10 @@ if (@rv) {
  39  else {
  40         print "<b>$text{'search_none'}</b> <p>\n";
  41         }
  42 -
  43 -&ui_print_footer($in{'simple'} ? ( ) : ( "search_form.cgi?folder=$in{'folder'}",
  44 -                               $text{'sform_return'} ),
  45 -       "list_mail.cgi?user=$in{'user'}&folder=$in{'folder'}&dom=$in{'dom'}",
  46 -         $text{'mail_return'},
  47 +
  48 +&ui_print_footer($in{'simple'} ? ( ) : ( "search_form.cgi?folder=" .
  49 +       &urlize($in{'folder'}), $text{'sform_return'} ),
  50 +       "list_mail.cgi?user=" . &urlize($in{'user'}) . "&folder=" .
  51 +       &urlize($in{'folder'}) . "&dom=" . &urlize($in{'dom'}), $text{'mail_return'},
  52         &user_list_link(), $text{'index_return'});
  53