Index: src/compose.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/src/compose.php,v
retrieving revision 1.319.2.70
diff -u -r1.319.2.70 compose.php
--- src/compose.php	3 Aug 2006 14:48:09 -0000	1.319.2.70
+++ src/compose.php	28 Nov 2006 14:50:34 -0000
@@ -74,7 +74,11 @@
 sqgetGlobalVar('draft_id',$draft_id);
 sqgetGlobalVar('ent_num',$ent_num);
 sqgetGlobalVar('saved_draft',$saved_draft);
-sqgetGlobalVar('delete_draft',$delete_draft);
+
+if ( sqgetGlobalVar('delete_draft',$delete_draft) ) {
+    $delete_draft = (int)$delete_draft;
+}
+
 if ( sqgetGlobalVar('startMessage',$startMessage) ) {
     $startMessage = (int)$startMessage;
 } else {
@@ -296,6 +319,8 @@
 if (!isset($composesession)) {
     $composesession = 0;
     sqsession_register(0,'composesession');
+} else {
+    $composesession = (int)$composesession;
 }
 
 if (!isset($session) || (isset($newmessage) && $newmessage)) {
Index: src/right_main.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/src/right_main.php,v
retrieving revision 1.104.2.16
diff -u -r1.104.2.16 right_main.php
--- src/right_main.php	30 Sep 2006 07:38:03 -0000	1.104.2.16
+++ src/right_main.php	28 Nov 2006 14:50:34 -0000
@@ -148,7 +148,7 @@
 
 if ($composenew) {
     $comp_uri = SM_PATH . 'src/compose.php?mailbox='. urlencode($mailbox).
-        "&session=$session";
+        "&session=" .urlencode($session);
     displayPageHeader($color, $mailbox, "comp_in_new('$comp_uri');", false);
 } else {
     displayPageHeader($color, $mailbox);