Index: src/compose.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/src/compose.php,v
retrieving revision 1.451
diff -u -r1.451 compose.php
--- src/compose.php	9 Oct 2006 14:00:33 -0000	1.451
+++ src/compose.php	2 Dec 2006 15:03:11 -0000
@@ -69,7 +69,11 @@
 sqgetGlobalVar('draft_id',$draft_id);
 sqgetGlobalVar('ent_num',$ent_num);
 sqgetGlobalVar('saved_draft',$saved_draft);
-sqgetGlobalVar('delete_draft',$delete_draft);
+
+if ( sqgetGlobalVar('delete_draft',$delete_draft) ) {
+    $delete_draft = (int)$delete_draft;
+}
+
 if ( sqgetGlobalVar('startMessage',$startMessage) ) {
     $startMessage = (int)$startMessage;
 } else {
@@ -333,6 +356,8 @@
 if (!isset($composesession)) {
     $composesession = 0;
     sqsession_register(0,'composesession');
+} else {
+    $composesession = (int)$composesession;
 }
 
 if (!isset($session) || (isset($newmessage) && $newmessage)) {
Index: src/right_main.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/src/right_main.php,v
retrieving revision 1.152
diff -u -r1.152 right_main.php
--- src/right_main.php	30 Sep 2006 07:34:47 -0000	1.152
+++ src/right_main.php	2 Dec 2006 15:03:11 -0000
@@ -248,7 +248,7 @@
         }
         // do not use &, it will break the query string and $session will not be detected!!!
         $comp_uri = SM_PATH . 'src/compose.php?mailbox='. urlencode($mailbox).
-                    '&session='.$aMailbox['FORWARD_SESSION'];
+                    '&session='.urlencode($aMailbox['FORWARD_SESSION']);
         displayPageHeader($color, $mailbox, "comp_in_new('$comp_uri', $compose_width, $compose_height);", '');
     } else {
         $mailbox_cache[$account.'_'.$aMailbox['NAME']] = $aMailbox;