removed $_ variables.

added some checks for POST forms.
xhtml and string fixes proposed by Fredrik.
phpdoc blocks.
localized folder names

plugins/filters/filters.php

@@ -1,7 +1,6 @@
 <?php
-
 /**
- * Message and Spam Filter Plugin
+ * Message and Spam Filter Plugin - Filtering Functions
  *
  * Copyright (c) 1999-2004 The SquirrelMail Project Team
  * Licensed under the GNU GPL. For full terms see the file COPYING.
@@ -28,7 +27,8 @@
  */
 
 /**
- *
+ * FIXME: Undocumented function
+ * @access private
  */
 function filters_SaveCache () {
     global $data_dir, $SpamFilters_DNScache;
@@ -57,6 +57,10 @@ function filters_SaveCache () {
     fclose($fp);
 }
 
+/**
+ * FIXME: Undocumented function
+ * @access private
+ */
 function filters_LoadCache () {
     global $data_dir, $SpamFilters_DNScache;
 
@@ -76,6 +80,10 @@ function filters_LoadCache () {
     }
 }
 
+/**
+ * FIXME: Undocumented function
+ * @access private
+ */
 function filters_bulkquery($filters, $IPs) {
     global $SpamFilters_YourHop, $attachment_dir, $username,
            $SpamFilters_DNScache, $SpamFilters_BulkQuery,
@@ -113,6 +121,10 @@ function filters_bulkquery($filters, $IPs) {
     }
 }
 
+/**
+ * FIXME: Undocumented function
+ * @access private
+ */
 function start_filters() {
     global $mailbox, $imapServerAddress, $imapPort, $imap,
            $imap_general, $filters, $imap_stream, $imapConnection,
@@ -153,6 +165,10 @@ function start_filters() {
 #    }
 }
 
+/**
+ * FIXME: Undocumented function
+ * @access private
+ */
 function user_filters($imap_stream) {
     global $data_dir, $username;
     $filters = load_filters();
@@ -189,6 +205,10 @@ function user_filters($imap_stream) {
     }
 }
 
+/**
+ * FIXME: Undocumented function
+ * @access private
+ */
 function filter_search_and_delete($imap_stream, $where, $what, $where_to, $user_scan, 
                                   $should_expunge) {
     global $languages, $squirrelmail_language, $allow_charset_search, $imap_server_type;
@@ -249,7 +269,10 @@ function filter_search_and_delete($imap_stream, $where, $what, $where_to, $user_
     return $should_expunge;
 }
 
-// These are the spam filters
+/**
+ * FIXME: Undocumented function
+ * @access private
+ */
 function spam_filters($imap_stream) {
     global $data_dir, $username;
     global $SpamFilters_YourHop;
@@ -372,8 +395,12 @@ function spam_filters($imap_stream) {
     }
 }
 
-// Does the loop through each enabled filter for the specified IP address.
-// IP format:  $a.$b.$c.$d
+/**
+ * FIXME: Undocumented function
+ * Does the loop through each enabled filter for the specified IP address.
+ * IP format:  $a.$b.$c.$d
+ * @access private
+ */
 function filters_spam_check_site($a, $b, $c, $d, &$filters) {
     global $SpamFilters_DNScache, $SpamFilters_CacheTTL;
     foreach ($filters as $key => $value) {
@@ -404,6 +431,10 @@ function filters_spam_check_site($a, $b, $c, $d, &$filters) {
     return 0;
 }
 
+/**
+ * FIXME: Undocumented function
+ * @access private
+ */
 function load_filters() {
     global $data_dir, $username;
 
@@ -417,6 +448,10 @@ function load_filters() {
     return $filters;
 }
 
+/**
+ * FIXME: Undocumented function
+ * @access private
+ */
 function load_spam_filters() {
     global $data_dir, $username, $SpamFilters_ShowCommercial;
 
@@ -694,6 +729,10 @@ function load_spam_filters() {
     return $filters;
 }
 
+/**
+ * FIXME: Undocumented function
+ * @access private
+ */
 function remove_filter ($id) {
     global $data_dir, $username;
 
@@ -706,6 +745,10 @@ function remove_filter ($id) {
     removePref($data_dir, $username, 'filter' . $id);
 }
 
+/**
+ * FIXME: Undocumented function
+ * @access private
+ */
 function filter_swap($id1, $id2) {
     global $data_dir, $username;
 
@@ -718,8 +761,10 @@ function filter_swap($id1, $id2) {
     }
 }
 
-/* This update the filter rules when
-   renaming or deleting folders */
+/**
+ * This update the filter rules when renaming or deleting folders
+ * @param array $args
+ */
 function update_for_folder ($args) {
     $old_folder = $args[0];
         $new_folder = $args[2];
@@ -746,9 +791,11 @@ function update_for_folder ($args) {
         }
     }
 }
-/*
+
+/**
  * Function extracted from sqimap_get_small_header_list.
  * The unused FETCH arguments and HEADERS are disabled.
+ * @access private
  */
 function filter_get_headers ($imap_stream, $query) {
     /* Get the small headers for each message in $msg_list */
@@ -866,4 +913,16 @@ function filter_get_headers ($imap_stream, $query) {
     return $msgs;
 }
 
+/**
+ * Display formated error message
+ * @param string $string text message
+ * @return string html formated text message
+ * @access private
+ */
+function do_error($string) {
+    global $color;
+    echo "<p align=\"center\"><font color=\"$color[2]\">";
+    echo $string;
+    echo "</font></p>\n";
+}
 ?>

plugins/filters/options.php

@@ -1,7 +1,6 @@
 <?php
-
 /**
- * Message and Spam Filter Plugin
+ * Message and Spam Filter Plugin - Filtering Options
  *
  * Copyright (c) 1999-2004 The SquirrelMail Project Team
  * Licensed under the GNU GPL. For full terms see the file COPYING.
@@ -54,42 +53,56 @@ sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
 sqgetGlobalVar('theid', $theid);
 sqgetGlobalVar('action', $action, SQ_GET);
 
-// FIXME: use sqgetGlobalVar below.
-
-   if (isset($_POST['filter_submit'])) {
-      if(isset($_GET['theid'])) {
-          $theid = $_GET['theid'];
-      } elseif (isset($_POST['theid'])) {
-          $theid = $_POST['theid'];
-      } else {
-          $theid = 0;
-      }
-      $filter_what   = $_POST['filter_what'];
-      $filter_where  = $_POST['filter_where'];
-      $filter_folder = $_POST['filter_folder'];
-
-      $filter_what = str_replace(',', ' ', $filter_what);
-      $filter_what = str_replace("\\\\", "\\", $filter_what);
-      $filter_what = str_replace("\\\"", '"', $filter_what);
-      $filter_what = str_replace('"', '&quot;', $filter_what);
-
-      if (($filter_where == 'Header') && (strchr($filter_what,':') == '')) {
-         print ('WARNING! Header filters should be of the format "Header: value"<BR>');
-	 $action = 'edit';
-      }
-      setPref($data_dir, $username, 'filter'.$theid, $filter_where.','.$filter_what.','.$filter_folder);
-      $filters[$theid]['where'] = $filter_where;
-      $filters[$theid]['what'] = $filter_what;
-      $filters[$theid]['folder'] = $filter_folder;
+if (sqgetGlobalVar('filter_submit',$filter_submit,SQ_POST)) {
+
+    if(! isset($theid) ) $theid = 0;
+
+    $complete_post=true;
+
+    // FIXME: write human readable error messages
+    sqgetGlobalVar('filter_what', $filter_what, SQ_POST);
+    if (!sqgetGlobalVar('filter_what', $filter_what, SQ_POST)) {
+	do_error("Post error");
+	$complete_post=false;
+    }
+
+    sqgetGlobalVar('filter_where', $filter_where, SQ_POST);
+    if (!sqgetGlobalVar('filter_where', $filter_where, SQ_POST)) {
+	do_error("Post error");
+	$complete_post=false;
+    }
+
+    sqgetGlobalVar('filter_folder', $filter_folder, SQ_POST);
+    if (!sqgetGlobalVar('filter_folder', $filter_folder, SQ_POST)) {
+	do_error("Post error");
+	$complete_post=false;
+    }
+
+    if ($complete_post) {
+	$filter_what = str_replace(',', ' ', $filter_what);
+        $filter_what = str_replace("\\\\", "\\", $filter_what);
+        $filter_what = str_replace("\\\"", '"', $filter_what);
+        $filter_what = str_replace('"', '&quot;', $filter_what);
+
+        if (($filter_where == 'Header') && (strchr($filter_what,':') == '')) {
+	    do_error(_("WARNING! Header filters should be of the format \"Header: value\""));
+    	    $action = 'edit';
+    	}
+	setPref($data_dir, $username, 'filter'.$theid, $filter_where.','.$filter_what.','.$filter_folder);
+	$filters[$theid]['where'] = $filter_where;
+	$filters[$theid]['what'] = $filter_what;
+	$filters[$theid]['folder'] = $filter_folder;
+    }
    } elseif (isset($action) && $action == 'delete') {
       remove_filter($theid);
    } elseif (isset($action) && $action == 'move_up') {
       filter_swap($theid, $theid - 1);
    } elseif (isset($action) && $action == 'move_down') {
       filter_swap($theid, $theid + 1);
-   } elseif (isset($_POST['user_submit'])) {
-       setPref($data_dir, $username, 'filters_user_scan', $_POST['filters_user_scan_set']);
-       echo '<br><center><b>'._("Saved Scan type")."</b></center>\n";
+   } elseif (sqgetGlobalVar('user_submit',$user_submit,SQ_POST)) {
+	sqgetGlobalVar('filters_user_scan_set',$filters_user_scan_set,SQ_POST);
+	setPref($data_dir, $username, 'filters_user_scan', $filters_user_scan_set);
+	echo '<br /><center><b>'._("Saved Scan type")."</b></center>\n";
    }
 
    $filters = load_filters();
@@ -103,7 +116,7 @@ sqgetGlobalVar('action', $action, SQ_GET);
             ) ,
          'center', '', 'width="95%" border="0" cellpadding="2" cellspacing="0"' ) .
 
-        '<br><form method=post action="options.php">'.
+        '<br /><form method="post" action="options.php">'.
         '<center>'.
         html_tag( 'table', '', '', '', 'border="0" cellpadding="2" cellspacing="0"' ) .
             html_tag( 'tr' ) .
@@ -122,14 +135,14 @@ sqgetGlobalVar('action', $action, SQ_GET);
     echo '>' . _("Only unread messages") . '</option>' .
             '</select>'.
         '</td>'.
-        html_tag( 'td', '<input type=submit name="user_submit" value="' . _("Save") . '">', 'left' ) .
+        html_tag( 'td', '<input type="submit" name="user_submit" value="' . _("Save") . '" />', 'left' ) .
         '</table>'.
         '</center>'.
         '</form>'.
 
         html_tag( 'div', '[<a href="options.php?action=add">' . _("New") .
             '</a>] - [<a href="'.SM_PATH.'src/options.php">' . _("Done") . '</a>]' ,
-        'center' ) . '<br>';
+        'center' ) . '<br />';
 
     if (isset($action) && ($action == 'add' || $action == 'edit')) {
 
@@ -140,32 +153,32 @@ sqgetGlobalVar('action', $action, SQ_GET);
             $theid = count($filters);
         }
         echo html_tag( 'div', '', 'center' ) .
-             '<form action="options.php" method=post>'.
+             '<form action="options.php" method="post">'.
              html_tag( 'table', '', '', '', 'border="0" cellpadding="2" cellspacing="0"' ) .
              html_tag( 'tr' ) .
                 html_tag( 'td', _("Match:"), 'left' ) .
                 html_tag( 'td', '', 'left' ) .
-                    '<select name=filter_where>';
+                    '<select name="filter_where">';
 
         $L = isset($filters[$theid]['where']);
 
         $sel = (($L && $filters[$theid]['where'] == 'From')?'selected':'');
-        echo "<option value=\"From\" $sel>" . _ ("From") . '</option>';
+        echo "<option value=\"From\" $sel>" . _("From") . '</option>';
 
         $sel = (($L && $filters[$theid]['where'] == 'To')?'selected':'');
-        echo "<option value=\"To\" $sel>" . _ ("To") . '</option>';
+        echo "<option value=\"To\" $sel>" . _("To") . '</option>';
 
         $sel = (($L && $filters[$theid]['where'] == 'Cc')?'selected':'');
-        echo "<option value=\"Cc\" $sel>" . _ ("Cc") . '</option>';
+        echo "<option value=\"Cc\" $sel>" . _("Cc") . '</option>';
 
         $sel = (($L && $filters[$theid]['where'] == 'To or Cc')?'selected':'');
-        echo "<option value=\"To or Cc\" $sel>" . _ ("To or Cc") . '</option>';
+        echo "<option value=\"To or Cc\" $sel>" . _("To or Cc") . '</option>';
 
         $sel = (($L && $filters[$theid]['where'] == 'Subject')?'selected':'');
-        echo "<option value=\"Subject\" $sel>" . _ ("Subject") . '</option>';
+        echo "<option value=\"Subject\" $sel>" . _("Subject") . '</option>';
 
         $sel = (($L && $filters[$theid]['where'] == 'Header')?'selected':'');
-        echo "<option value=\"Header\" $sel>" . _ ("Header") . '</option>';
+        echo "<option value=\"Header\" $sel>" . _("Header") . '</option>';
 
         echo         '</select>'.
                 '</td>'.
@@ -173,18 +186,18 @@ sqgetGlobalVar('action', $action, SQ_GET);
             html_tag( 'tr' ) .
                 html_tag( 'td', _("Contains:"), 'right' ) .
                 html_tag( 'td', '', 'left' ) .
-                    '<input type=text size=32 name=filter_what value="';
+                    '<input type="text" size="32" name="filter_what" value="';
         if (isset($filters[$theid]['what'])) {
-            echo $filters[$theid]["what"];
+            echo $filters[$theid]['what'];
         }
-        echo '">'.
+        echo '" />'.
                 '</td>'.
             '</tr>'.
             html_tag( 'tr' ) .
                 html_tag( 'td', _("Move to:"), 'left' ) .
                 html_tag( 'td', '', 'left' ) .
                     '<tt>'.
-                    '<select name=filter_folder>';
+                    '<select name="filter_folder">';
         $selected = 0;
         if ( isset($filters[$theid]['folder']) )
           $selected = array(strtolower($filters[$theid]['folder']));
@@ -194,8 +207,8 @@ sqgetGlobalVar('action', $action, SQ_GET);
                 '</td>'.
             '</tr>'.
             '</table>'.
-            '<input type=submit name=filter_submit value=' . _("Submit") . '>'.
-            "<input type=hidden name=theid value=$theid>".
+            '<input type="submit" name="filter_submit" value="' . _("Submit") . "\" />\n".
+            '<input type="hidden" name="theid" value="' . $theid . "\" />\n".
             '</form>'.
             '</div>';
 
@@ -210,29 +223,32 @@ sqgetGlobalVar('action', $action, SQ_GET);
         echo html_tag( 'tr', '', '', $clr ) .
                    html_tag( 'td',
                        '<small>' .
-                       "[<a href=\"options.php?theid=$i&action=edit\">" . _("Edit") . '</a>]'.
+                       "[<a href=\"options.php?theid=$i&amp;action=edit\">" . _("Edit") . '</a>]'.
                        '</small>' ,
                    'left' ) .
                    html_tag( 'td',
                        '<small>' .
-                       "[<a href=\"options.php?theid=$i&action=delete\">" . _("Delete") . '</a>]'.
+                       "[<a href=\"options.php?theid=$i&amp;action=delete\">" . _("Delete") . '</a>]'.
                        '</small>' ,
                    'left' ) .
                    html_tag( 'td', '', 'center' ) . '<small>[';
 
         if (isset($filters[$i + 1])) {
-            echo "<a href=\"options.php?theid=$i&action=move_down\">" . _("Down") . '</a>';
+            echo "<a href=\"options.php?theid=$i&amp;action=move_down\">" . _("Down") . '</a>';
             if ($i > 0) {
                 echo '&nbsp;|&nbsp;';
             }
         }
         if ($i > 0) {
-            echo "<a href=\"options.php?theid=$i&action=move_up\">" . _("Up") . '</a>';
+            echo "<a href=\"options.php?theid=$i&amp;action=move_up\">" . _("Up") . '</a>';
         }
         echo ']</small></td>'.
             html_tag( 'td', '-', 'left' ) .
             html_tag( 'td', '', 'left' );
-        printf( _("If <b>%s</b> contains <b>%s</b> then move to <b>%s</b>"), $filters[$i]['where'], $filters[$i]['what'], $fdr );
+        printf( _("If %s contains %s then move to %s"),
+	    '<b>'.$filters[$i]['where'].'</b>',
+	    '<b>'.$filters[$i]['what'].'</b>',
+	    '<b>'.imap_utf7_decode_local($fdr).'</b>');
         echo '</td></tr>';
 
     }

plugins/filters/setup.php

@@ -29,22 +29,30 @@
 /** SquirrelMail required files. */
 require_once(SM_PATH . 'plugins/filters/filters.php');
 
-/*
+/**
+ * Imap connection control
+ *
  * Set this to true if you have problems -- check the README file
  * Note:  This doesn't work all of the time (No idea why)
  *        Seems to be related to UW
+ * @global bool $UseSeparateImapConnection
  */
 global $UseSeparateImapConnection;
 $UseSeparateImapConnection = false;
 
-/*
+/**
+ * User level spam filters control
+ *
  * Set this to false if you do not want the user to be able to enable
  * spam filters
+ * @global bool $AllowSpamFilters
  */
 global $AllowSpamFilters;
 $AllowSpamFilters = true;
 
-/*
+/**
+ * SpamFilters YourHop Setting
+ *
  * Set this to a string containing something unique to the line in the
  * header you want me to find IPs to scan the databases with.  For example,
  * All the email coming IN from the internet to my site has a line in
@@ -57,61 +65,77 @@ $AllowSpamFilters = true;
  * case-sensitive string will do.  You can set it to something found on
  * every line in the header (like ' ') if you want to scan all IPs in
  * the header (lots of false alarms here tho).
+ * @global string $SpamFilters_YourHop
  */
 global $SpamFilters_YourHop;
 $SpamFilters_YourHop = ' ';
 
-/*
+/**
+ * Commercial Spam Filters Control
+ *
  * Some of the SPAM filters are COMMERCIAL and require a fee. If your users
  * select them and you're not allowed to use them, it will make SPAM filtering
  * very slow. If you don't want them to even be offered to the users, you
  * should set SpamFilters_ShowCommercial to false.
+ * @global bool $SpamFilters_ShowCommercial
  */
 global $SpamFilters_ShowCommercial;
 $SpamFilters_ShowCommercial = false;
 
-/*
+/**
+ * SpamFiltring Cache
+ *
  * A cache of IPs we've already checked or are known bad boys or good boys
  * ie. $SpamFilters_DNScache["210.54.220.18"] = true;
  * would tell filters to not even bother doing the DNS queries for that
  * IP and any email coming from it are SPAM - false would mean that any
  * email coming from it would NOT be SPAM
+ * @global array $SpamFilters_DNScache
  */
 global $SpamFilters_DNScache;
 
-/*
+/**
+ * Path to bulkquery program
+ *
  * Absolute path to the bulkquery program. Leave blank if you don't have
  * bulkquery compiled, installed, and lwresd running. See the README file
  * in the bulkquery directory for more information on using bulkquery.
+ * @global string $SpamFilters_BulkQuery
  */
 global $SpamFilters_BulkQuery;
 $SpamFilters_BulkQuery = '';
 
-/*
+/**
+ * Shared filtering cache control
+ *
  * Do you want to use a shared file for the DNS cache or a session variable?
  * Using a shared file means that every user can benefit from any queries
  * made by other users. The shared file is named "dnscache" and is in the
  * data directory.
+ * @global bool $SpamFilters_SharedCache
  */
 global $SpamFilters_SharedCache;
 $SpamFilters_SharedCache = true;
 
-/*
+/**
+ * DNS query TTL
+ *
  * How long should DNS query results be cached for by default (in seconds)?
+ * @global integer $SpamFilters_CacheTTL
  */
 global $SpamFilters_CacheTTL;
 $SpamFilters_CacheTTL = 7200;
 
+/**
+ * Init plugin
+ * @access private
+ */
 function squirrelmail_plugin_init_filters() {
     global $squirrelmail_plugin_hooks;
 
-    if (isset($_GET['mailbox'])) {
-        $mailbox = $_GET['mailbox'];
-    }
-    elseif (isset($_POST['mailbox'])) {
-        $mailbox = $_POST['mailbox'];
-    }
-    else {
+    if (sqgetGlobalVar('mailbox',$mailbox,SQ_FORM)) {
+	sqgetGlobalVar('mailbox',$mailbox,SQ_FORM);
+    } else {
         $mailbox = 'INBOX';
     }
 
@@ -125,13 +149,23 @@ function squirrelmail_plugin_init_filters() {
     $squirrelmail_plugin_hooks['webmail_bottom']['filters'] = 'start_filters';
 }
 
+/**
+ * Report spam folter as special mailbox
+ * @param string $mb variable used by hook
+ * @return string spam folder name
+ * @access private 
+ */
 function filters_special_mailbox( $mb ) {
-    GLOBAL $data_dir, $username;
+    global $data_dir, $username;
 
     return( $mb == getPref($data_dir, $username, 'filters_spam_folder', 'na' ) );
 
 }
 
+/**
+ * Register option blocks
+ * @access private
+ */
 function filters_optpage_register_block() {
     global $optpage_blocks;
     global $AllowSpamFilters;

plugins/filters/spamoptions.php

@@ -52,15 +52,29 @@ sqgetGlobalVar('action', $action, SQ_GET);
 
 displayPageHeader($color, 'None');
 
-if (isset($_POST['spam_submit'])) {
+if (sqgetGlobalVar('spam_submit',$spam_submit,SQ_POST)) {
     $spam_filters = load_spam_filters();
-    setPref($data_dir, $username, 'filters_spam_folder', $_POST['filters_spam_folder_set']);
-    setPref($data_dir, $username, 'filters_spam_scan', $_POST['filters_spam_scan_set']);
+
+    // setting spam folder    
+    sqgetGlobalVar('filters_spam_folder_set',$filters_spam_folder_set,SQ_POST);
+    if (isset($filters_spam_folder_set)) {
+        setPref($data_dir, $username, 'filters_spam_folder', $filters_spam_folder_set);
+    } else {
+	echo _("You must select spam folder.");
+    }
+
+    // setting scan type
+    sqgetGlobalVar('filters_spam_scan_set',$filters_spam_scan_set,SQ_POST);
+    if (isset($filters_spam_scan_set)) {
+	setPref($data_dir, $username, 'filters_spam_scan', $filters_spam_scan_set);
+    } else {
+	echo _("You must select scan type.");
+    }
+
     foreach ($spam_filters as $Key => $Value) {
         $input = $spam_filters[$Key]['prefname'] . '_set';
-        if ( isset( $_POST[$input] ) ) {
-            setPref( $data_dir, $username, $spam_filters[$Key]['prefname'],
-                     $_POST[$input]);
+        if ( sqgetGlobalVar($input,$input_key,SQ_POST) ) {
+            setPref( $data_dir, $username, $spam_filters[$Key]['prefname'],$input_key);
         } else {
             removePref($data_dir, $username, $spam_filters[$Key]['prefname']);
         }
@@ -78,12 +92,12 @@ echo html_tag( 'table',
         'center', $color[0], 'width="95%" border="0" cellpadding="2" cellspacing="0"' );
 
 if ($SpamFilters_YourHop == ' ') {
-    echo '<br>' .
+    echo '<br />' .
         html_tag( 'div', '<b>' .
-            _("WARNING! Tell your admin to set the SpamFilters_YourHop variable") .
+            sprintf(_("WARNING! Tell your admin to set the %s variable"),'SpamFilters_YourHop') .
             '</b>' ,
         'center' ) .
-        '<br>';
+        '<br />';
 }
 
 
@@ -101,7 +115,7 @@ if (isset($action) && $action == 'spam') {
         }
     }
 
-    echo '<form method=post action="spamoptions.php">'.
+    echo '<form method="post" action="spamoptions.php">'.
         '<center>'.
         html_tag( 'table', '', '', '', 'width="85%" border="0" cellpadding="2" cellspacing="0"' ) .
             html_tag( 'tr' ) .
@@ -128,12 +142,12 @@ if (isset($action) && $action == 'spam') {
             '<select name="filters_spam_scan_set">'.
             '<option value=""';
     if ($filters_spam_scan == '') {
-        echo ' SELECTED';
+        echo ' selected';
     }
     echo '>' . _("All messages") . '</option>'.
             '<option value="new"';
     if ($filters_spam_scan == 'new') {
-        echo ' SELECTED';
+        echo ' selected';
     }
     echo '>' . _("Only unread messages") . '</option>' .
             '</select>'.
@@ -142,7 +156,7 @@ if (isset($action) && $action == 'spam') {
     html_tag( 'tr',
           html_tag( 'td', '&nbsp;' ) .
           html_tag( 'td',
-              _("The more messages you scan, the longer it takes.  I would suggest that you scan only new messages.  If you make a change to your filters, I would set it to scan all messages, then go view my INBOX, then come back and set it to scan only new messages.  That way, your new spam filters will be applied and you'll scan even the spam you read with the new filters.") ,
+              _("The more messages you scan, the longer it takes. I would suggest that you scan only new messages.  If you make a change to your filters, I would set it to scan all messages, then go view my INBOX, then come back and set it to scan only new messages. That way, your new spam filters will be applied and you'll scan even the spam you read with the new filters.") ,
           'left' )
       );
 
@@ -152,13 +166,13 @@ if (isset($action) && $action == 'spam') {
         echo html_tag( 'tr' ) .
                    html_tag( 'th', $Key, 'right', '', 'nowrap' ) ."\n" .
                    html_tag( 'td' ) .
-            '<input type=checkbox name="' .
+            '<input type="checkbox" name="' .
             $spam_filters[$Key]['prefname'] .
             '_set"';
         if ($spam_filters[$Key]['enabled']) {
-            echo ' CHECKED';
+            echo ' checked';
         }
-        echo '> - ';
+        echo ' /> - ';
         if ($spam_filters[$Key]['link']) {
             echo '<a href="' .
                  $spam_filters[$Key]['link'] .
@@ -176,24 +190,21 @@ if (isset($action) && $action == 'spam') {
 
     }
     echo html_tag( 'tr',
-        html_tag( 'td', '<input type=submit name="spam_submit" value="' . _("Save") . '">', 'center', '', 'colspan="2"' )
+        html_tag( 'td', '<input type="submit" name="spam_submit" value="' . _("Save") . '" />', 'center', '', 'colspan="2"' )
     ) . "\n" .
         '</table>'.
         '</center>'.
         '</form>';
-    echo '</body></html>';
-}
-
-if (! isset($_GET['action']) || $_GET['action'] != 'spam') {
-
+} else {
+    // action is not set or action is not spam
     echo html_tag( 'p', '', 'center' ) .
          '[<a href="spamoptions.php?action=spam">' . _("Edit") . '</a>]' .
-         ' - [<a href="../../src/options.php">' . _("Done") . '</a>]</center><br><br>';
-    printf( _("Spam is sent to <b>%s</b>"), ($filters_spam_folder?$filters_spam_folder:_("[<i>not set yet</i>]") ) );
+         ' - [<a href="../../src/options.php">' . _("Done") . '</a>]</center><br /><br />';
+    printf( _("Spam is sent to %s"), ($filters_spam_folder?'<b>'.imap_utf7_decode_local($filters_spam_folder).'</b>':'[<i>'._("not set yet").'</i>]' ) );
     echo '<br>';
     printf( _("Spam scan is limited to <b>%s</b>"), (($filters_spam_scan == 'new')?_("New Messages Only"):_("All Messages") ) );
     echo '</p>'.
-        "<table border=0 cellpadding=3 cellspacing=0 align=center bgcolor=\"$color[0]\">";
+        '<table border="0" cellpadding="3" cellspacing="0" align="center" bgcolor="' . $color[0] . "\">\n";
 
     $spam_filters = load_spam_filters();
 
@@ -224,7 +235,6 @@ if (! isset($_GET['action']) || $_GET['action'] != 'spam') {
         echo "</td></tr>\n";
     }
     echo '</table>';
-    echo '</body></html>';
 }
-
-?>
+?>
+</body></html>