Changeset 573 in subversion

Timestamp:

May 18, 2007 7:29:25 AM (6 years ago)

Author:

thomasb

Message:

Use HTTP-POST requests for actions that change application state

Location:

trunk/roundcubemail

Files:

• CHANGELOG (modified) (1 diff)
• index.php (modified) (3 diffs)
• program/js/app.js (modified) (15 diffs)
• program/steps/addressbook/delete.inc (modified) (1 diff)
• program/steps/mail/compose.inc (modified) (1 diff)
• program/steps/mail/folders.inc (modified) (2 diffs)
• program/steps/mail/func.inc (modified) (1 diff)
• program/steps/mail/list.inc (modified) (1 diff)
• program/steps/mail/mark.inc (modified) (1 diff)
• program/steps/mail/move_del.inc (modified) (3 diffs)
• program/steps/settings/manage_folders.inc (modified) (5 diffs)

trunk/roundcubemail/CHANGELOG

@@ -1 +1 @@
 CHANGELOG RoundCube Webmail
 ---------------------------
+
+2007/05/18 (thomasb)
+----------
+- Use HTTP-POST requests for actions that change state
+
 
 2007/05/17 (thomasb)

trunk/roundcubemail/index.php

@@ -3 +3 @@
  +-----------------------------------------------------------------------+
  | RoundCube Webmail IMAP Client                                         |
- | Version 0.1-20070517                                                  |
+ | Version 0.1-20070518                                                  |
  |                                                                       |
  | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland                 |
@@ -286 +286 @@
     include('program/steps/mail/getunread.inc');
     
-  if ($_action=='list' && isset($_GET['_remote']))
+  if ($_action=='list' && isset($_REQUEST['_remote']))
     include('program/steps/mail/list.inc');
 
@@ -324 +324 @@
     include('program/steps/addressbook/show.inc');  
 
-  if ($_action=='list' && $_GET['_remote'])
+  if ($_action=='list' && $_REQUEST['_remote'])
     include('program/steps/addressbook/list.inc');
 

trunk/roundcubemail/program/js/app.js

@@ -1305 +1305 @@
     // send request to server
     var url = '_mbox='+urlencode(mbox);
-    this.http_request('expunge', url+add_url, lock);
+    this.http_post('expunge', url+add_url, lock);
     };
 
@@ -1327 +1327 @@
     // send request to server
     var url = '_mbox='+urlencode(mbox);
-    this.http_request('purge', url+add_url, lock);
+    this.http_post('purge', url+add_url, lock);
     return true;
     };
@@ -1433 +1433 @@
 
     // send request to server
-    this.http_request(action, '_uid='+a_uids.join(',')+'&_mbox='+urlencode(this.env.mailbox)+add_url, lock);
+    this.http_post(action, '_uid='+a_uids.join(',')+'&_mbox='+urlencode(this.env.mailbox)+add_url, lock);
     };
 
@@ -1512 +1512 @@
       }
       
-    this.http_request('mark', '_uid='+a_uids.join(',')+'&_flag='+flag);
+    this.http_post('mark', '_uid='+a_uids.join(',')+'&_flag='+flag);
   };
   
@@ -1589 +1589 @@
     }
 
-    this.http_request('mark', '_uid='+a_uids.join(',')+'&_flag=undelete');
+    this.http_post('mark', '_uid='+a_uids.join(',')+'&_flag=undelete');
     return true;
   };
@@ -1616 +1616 @@
     }
 
-    this.http_request('mark', '_uid='+a_uids.join(',')+'&_flag=delete');
+    this.http_post('mark', '_uid='+a_uids.join(',')+'&_flag=delete');
     return true;  
   };
@@ -1927 +1927 @@
     {
     if (name)
-      this.http_request('remove-attachment', '_file='+urlencode(name));
+      this.http_post('remove-attachment', '_file='+urlencode(name));
 
     return true;
@@ -2357 +2357 @@
 
     // send request to server
-    this.http_request('delete', '_cid='+urlencode(a_cids.join(','))+'&_from='+(this.env.action ? this.env.action : ''));
+    this.http_post('delete', '_cid='+urlencode(a_cids.join(','))+'&_from='+(this.env.action ? this.env.action : ''));
     return true;
     };
@@ -2441 +2441 @@
 
     if (name)
-      this.http_request('create-folder', '_name='+urlencode(name), true);
+      this.http_post('create-folder', '_name='+urlencode(name), true);
     else if (form.elements['_folder_name'])
       form.elements['_folder_name'].focus();
@@ -2464 +2464 @@
 
     if (oldname && newname)
-      this.http_request('rename-folder', '_folder_oldname='+urlencode(oldname)+'&_folder_newname='+urlencode(newname));
+      this.http_post('rename-folder', '_folder_oldname='+urlencode(oldname)+'&_folder_newname='+urlencode(newname));
     };
 
@@ -2521 +2521 @@
       var newname = this.name_input ? this.name_input.value : null;
       if (this.edit_folder && newname)
-        this.http_request('rename-folder', '_folder_oldname='+urlencode(this.env.subscriptionrows[this.edit_folder][0])+'&_folder_newname='+urlencode(newname));        
+        this.http_post('rename-folder', '_folder_oldname='+urlencode(this.env.subscriptionrows[this.edit_folder][0])+'&_folder_newname='+urlencode(newname));
       }
     // escape
@@ -2536 +2536 @@
     
     if (folder)
-      this.http_request('delete-folder', '_mboxes='+urlencode(folder));
+      this.http_post('delete-folder', '_mboxes='+urlencode(folder));
     };
 
@@ -2663 +2663 @@
       this.change_subscription('_unsubscribed', '_subscribed', 'subscribe');
     else if (folder)
-      this.http_request('subscribe', '_mboxes='+urlencode(folder));
+      this.http_post('subscribe', '_mboxes='+urlencode(folder));
     };
 
@@ -2673 +2673 @@
       this.change_subscription('_subscribed', '_unsubscribed', 'unsubscribe');
     else if (folder)
-      this.http_request('unsubscribe', '_mboxes='+urlencode(folder));
+      this.http_post('unsubscribe', '_mboxes='+urlencode(folder));
     };
     
@@ -2707 +2707 @@
           }
           
-        this.http_request(action, '_mboxes='+urlencode(a_folders.join(',')));
+        this.http_post(action, '_mboxes='+urlencode(a_folders.join(',')));
         }
       }

trunk/roundcubemail/program/steps/addressbook/delete.inc

@@ -20 +20 @@
 */
 
-if (($cid = get_input_value('_cid', RCUBE_INPUT_GPC)) && preg_match('/^[0-9]+(,[0-9]+)*$/', $cid))
+if (($cid = get_input_value('_cid', RCUBE_INPUT_POST)) && preg_match('/^[0-9]+(,[0-9]+)*$/', $cid))
   {
   $deleted = $CONTACTS->delete($cid);

trunk/roundcubemail/program/steps/mail/compose.inc

@@ -30 +30 @@
 
 // remove an attachment
-if ($_action=='remove-attachment' && preg_match('/^rcmfile([0-9]+)$/', $_GET['_file'], $regs))
+if ($_action=='remove-attachment' && preg_match('/^rcmfile([0-9]+)$/', $_POST['_file'], $regs))
   {
   $id = $regs[1];

trunk/roundcubemail/program/steps/mail/folders.inc

@@ -22 +22 @@
 
 // send EXPUNGE command
-if ($_action=='expunge')
+if ($_action=='expunge' && ($mbox = get_input_value('_mbox', RCUBE_INPUT_POST)))
 {
-  $success = $IMAP->expunge(get_input_value('_mbox', RCUBE_INPUT_GET));
+  $success = $IMAP->expunge($mbox);
 
   // reload message list if current mailbox  
-  if ($success && !empty($_GET['_reload']))
+  if ($success && !empty($_REQUEST['_reload']))
   {
     $OUTPUT->command('message_list.clear');
@@ -38 +38 @@
 
 // clear mailbox
-else if ($_action=='purge')
+else if ($_action=='purge' && ($mbox = get_input_value('_mbox', RCUBE_INPUT_POST)))
 {
-  $success = $IMAP->clear_mailbox(get_input_value('_mbox', RCUBE_INPUT_GET));
+  $success = $IMAP->clear_mailbox($mbox);
   
-  if ($success && !empty($_GET['_reload']))
+  if ($success && !empty($_REQUEST['_reload']))
   {
     $OUTPUT->set_env('messagecount', 0);

trunk/roundcubemail/program/steps/mail/func.inc

@@ -53 +53 @@
 
 // set message set for search result
-if (!empty($_GET['_search']) && isset($_SESSION['search'][$_GET['_search']]))
-  $IMAP->set_search_set($_SESSION['search'][$_GET['_search']]);
+if (!empty($_REQUEST['_search']) && isset($_SESSION['search'][$_REQUEST['_search']]))
+  $IMAP->set_search_set($_SESSION['search'][$_REQUEST['_search']]);
 
 

trunk/roundcubemail/program/steps/mail/list.inc

@@ -43 +43 @@
   $a_headers = $IMAP->list_headers($mbox_name, NULL, $sort_col, $sort_order);
 
-$unseen = $IMAP->messagecount($mbox_name, 'UNSEEN', !empty($_GET['_refresh']) ? TRUE : FALSE);
+$unseen = $IMAP->messagecount($mbox_name, 'UNSEEN', !empty($_REQUEST['_refresh']) ? TRUE : FALSE);
 
 // update message count display

trunk/roundcubemail/program/steps/mail/mark.inc

@@ -25 +25 @@
   'unread' => 'UNSEEN');
 
-if (($uids = get_input_value('_uid', RCUBE_INPUT_GET)) && ($flag = get_input_value('_flag', RCUBE_INPUT_GET)))
+if (($uids = get_input_value('_uid', RCUBE_INPUT_POST)) && ($flag = get_input_value('_flag', RCUBE_INPUT_POST)))
 {
   $flag = $a_flags_map[$flag] ? $a_flags_map[$flag] : strtoupper($flag);

trunk/roundcubemail/program/steps/mail/move_del.inc

@@ -21 +21 @@
 
 // move messages
-if ($_action=='moveto' && !empty($_GET['_uid']) && !empty($_GET['_target_mbox']))
+if ($_action=='moveto' && !empty($_POST['_uid']) && !empty($_POST['_target_mbox']))
 {
-  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET))));
-  $target = get_input_value('_target_mbox', RCUBE_INPUT_GET);
-  $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_GET));
+  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_POST))));
+  $target = get_input_value('_target_mbox', RCUBE_INPUT_POST);
+  $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_POST));
   
   if (!$moved)
@@ -38 +38 @@
 
 // delete messages 
-else if ($_action=='delete' && !empty($_GET['_uid']))
+else if ($_action=='delete' && !empty($_POST['_uid']))
 {
-  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET))));
-  $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_GET));
+  $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_POST))));
+  $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_POST));
   
   if (!$del)
@@ -79 +79 @@
 
 // add new rows from next page (if any)
-if ($_GET['_from']!='show' && $pages>1 && $IMAP->list_page < $pages)
+if ($_POST['_from']!='show' && $pages>1 && $IMAP->list_page < $pages)
 {
   $sort_col   = isset($_SESSION['sort_col'])   ? $_SESSION['sort_col']   : $CONFIG['message_sort_col'];

trunk/roundcubemail/program/steps/settings/manage_folders.inc

@@ -27 +27 @@
 if ($_action=='subscribe')
   {
-  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET))
+  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_POST))
     $IMAP->subscribe(array($mboxes));
 
@@ -37 +37 @@
 else if ($_action=='unsubscribe')
   {
-  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET))
+  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_POST))
     $IMAP->unsubscribe(array($mboxes));
 
@@ -47 +47 @@
 else if ($_action=='create-folder')
   {
-  if (!empty($_GET['_name']))
-    $create = $IMAP->create_mailbox(trim(get_input_value('_name', RCUBE_INPUT_GET, FALSE, 'UTF-7')), TRUE);
+  if (!empty($_POST['_name']))
+    $create = $IMAP->create_mailbox(trim(get_input_value('_name', RCUBE_INPUT_POST, FALSE, 'UTF-7')), TRUE);
 
   if ($create && $OUTPUT->ajax_call)
@@ -67 +67 @@
 else if ($_action=='rename-folder')
   {
-  if (!empty($_GET['_folder_oldname']) && !empty($_GET['_folder_newname']))
-    $rename = $IMAP->rename_mailbox(($oldname = get_input_value('_folder_oldname', RCUBE_INPUT_GET)), trim(get_input_value('_folder_newname', RCUBE_INPUT_GET, FALSE, 'UTF-7')));
+  if (!empty($_POST['_folder_oldname']) && !empty($_POST['_folder_newname']))
+    $rename = $IMAP->rename_mailbox(($oldname = get_input_value('_folder_oldname', RCUBE_INPUT_POST)), trim(get_input_value('_folder_newname', RCUBE_INPUT_POST, FALSE, 'UTF-7')));
     
   if ($rename && $OUTPUT->ajax_call)
@@ -89 +89 @@
 else if ($_action=='delete-folder')
   {
-  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET))
+  if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_POST))
     $deleted = $IMAP->delete_mailbox(array($mboxes));
 
   if ($OUTPUT->ajax_call && $deleted)
     {
-    $OUTPUT->command('remove_folder_row', get_input_value('_mboxes', RCUBE_INPUT_GET));
+    $OUTPUT->command('remove_folder_row', get_input_value('_mboxes', RCUBE_INPUT_POST));
     $OUTPUT->show_message('folderdeleted', 'confirmation');
     $OUTPUT->send();