Source for file webmail.php
Documentation is available at webmail.php
* webmail.php -- Displays the main frameset
* This file generates the main frameset. The files that are
* shown can be given as parameters. If the user is not logged in
* this file will verify username and password.
* @copyright 1999-2020 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: webmail.php 14840 2020-01-07 07:42:38Z pdontthink $
/** This is the webmail page */
define('PAGE_NAME', 'webmail');
* Path for SquirrelMail required files.
/* SquirrelMail required files. */
require_once(SM_PATH .
'include/validate.php');
require_once(SM_PATH .
'functions/imap.php');
$startMessage = (int)
$startMessage;
$mailtourl =
'mailtodata='.
urlencode($mailtodata);
// this value may be changed by a plugin, but initialize
// it first to avoid register_globals headaches
* We'll need this to later have a noframes version
* Check if the user has a language preference, but no cookie.
* Send him a cookie with his language preference, if there is
$my_language =
getPref($data_dir, $username, 'language');
if ($my_language !=
$squirrelmail_language) {
sqsetcookie('squirrelmail_language', $my_language, time()+
2592000, $base_uri);
// prevent clickjack attempts
// FIXME: should we use DENY instead? We can also make this a configurable value, including giving the admin the option of removing this entirely in case they WANT to be framed by an external domain
header('X-Frame-Options: SAMEORIGIN');
global $browser_rendering_mode, $head_tag_extra;
$output =
($browser_rendering_mode ===
'standards' ||
$browser_rendering_mode ===
'almost'
?
'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">'
:
/* "quirks" */ '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN">').
// For adding a favicon or anything else that should be inserted in *ALL* <head> for *ALL* documents,
// define $head_tag_extra in config/config_local.php
// The string "###SM BASEURI###" will be replaced with the base URI for this SquirrelMail installation.
// When not defined, a default is provided that displays the default favicon.ico.
// If you override this and still want to use the default favicon.ico, you'll have to include the following
// following in your $head_tag_extra string:
// $head_tag_extra = '<link rel="shortcut icon" href="###SM BASEURI###favicon.ico" />...<YOUR CONTENT HERE>...';
.
(empty($head_tag_extra) ?
'<link rel="shortcut icon" href="' .
sqm_baseuri() .
'favicon.ico" />'
// prevent clickjack attempts using JavaScript for browsers that
// don't support the X-Frame-Options header...
// we check to see if we are *not* the top page, and if not, check
// whether or not the top page is in the same domain as we are...
// if not, log out immediately -- this is an attempt to do the same
// thing that the X-Frame-Options does using JavaScript (never a good
// idea to rely on JavaScript-based solutions, though)
.
'<script type="text/javascript" language="JavaScript">'
.
'if (self != top) { try { if (document.domain != top.document.domain) {'
.
' throw "Clickjacking security violation! Please log out immediately!"; /* this code should never execute - exception should already have been thrown since it\'s a security violation in this case to even try to access top.document.domain (but it\'s left here just to be extra safe) */ } } catch (e) { self.location = "'
.
"\n// -->\n</script>\n"
.
"<meta name=\"robots\" content=\"noindex,nofollow\">\n"
.
"<title>$org_title</title>\n"
$left_size =
getPref($data_dir, $username, 'left_size');
$location_of_bar =
getPref($data_dir, $username, 'location_of_bar');
if (isset
($languages[$squirrelmail_language]['DIR']) &&
strtolower($languages[$squirrelmail_language]['DIR']) ==
'rtl') {
$temp_location_of_bar =
'right';
$temp_location_of_bar =
'left';
if ($location_of_bar ==
'') {
$location_of_bar =
$temp_location_of_bar;
$temp_location_of_bar =
'';
if (isset
($default_left_size)) {
$left_size =
$default_left_size;
if ($location_of_bar ==
'right') {
$output .=
"<frameset cols=\"*, $left_size\" id=\"fs1\">\n";
$output .=
"<frameset cols=\"$left_size, *\" id=\"fs1\">\n";
* There are three ways to call webmail.php
* - This just loads the default entry screen.
* 2. webmail.php?right_frame=right_main.php&sort=X&startMessage=X&mailbox=XXXX
* - This loads the frames starting at the given values.
* 3. webmail.php?right_frame=folders.php
* - Loads the frames with the Folder options in the right frame.
* This was done to create a pure HTML way of refreshing the folder list since
* we would like to use as little Javascript as possible.
* The test for // should catch any attempt to include off-site webpages into
* Note that plugins are allowed to completely and freely override the URI
* used for the "right" (content) frame, and they do so by modifying the
* global variable $right_frame_url.
if (empty($right_frame) ||
(strpos(urldecode($right_frame), '//') !==
false)) {
if ( strpos($right_frame,'?') ) {
$right_frame_file =
substr($right_frame,0,strpos($right_frame,'?'));
$right_frame_file =
$right_frame;
if (empty($right_frame_url)) {
switch($right_frame_file) {
$right_frame_url =
"right_main.php?mailbox=".
urlencode($mailbox)
.
(!empty($sort)?
"&sort=$sort":
'')
.
(!empty($startMessage)?
"&startMessage=$startMessage":
'');
$right_frame_url =
'options.php';
$right_frame_url =
'folders.php';
$right_frame_url =
'compose.php?' .
$mailtourl;
$right_frame_url =
'right_main.php';
if ($location_of_bar ==
'right') {
$output .=
"<frame src=\"$right_frame_url\" name=\"right\" frameborder=\"1\">\n" .
"<frame src=\"left_main.php\" name=\"left\" frameborder=\"1\">\n";
$output .=
"<frame src=\"left_main.php\" name=\"left\" frameborder=\"1\">\n".
"<frame src=\"$right_frame_url\" name=\"right\" frameborder=\"1\">\n";
Documentation generated on Mon, 13 Jan 2020 04:25:25 +0100 by phpDocumentor 1.4.3