Do not use mixed get/post forms as this is broken in some browsers

(they only submit the post forms and skip the get forms).

functions/mailbox_display.php

@@ -669,13 +669,18 @@ function mail_message_listing_beginning ($imapConnection,
     if (!isset($msg)) {
         $msg = '';
     }
-    $moveURL = "move_messages.php?msg=$msg&mailbox=$urlMailbox"
-             . "&startMessage=$start_msg";
+    $moveFields = '<input type="hidden" name="msg" value="'.htmlspecialchars($msg).'">' .
+		  '<input type="hidden" name="mailbox" value="'.htmlspecialchars($mailbox).'">' .
+		  '<input type="hidden" name="startMessage" value="'.htmlspecialchars($start_msg).'">';
+
+//    $moveURL = "move_messages.php?msg=$msg&amp;mailbox=$urlMailbox"
+//             . "&amp;startMessage=$start_msg";
     /*
      * This is the beginning of the message list table.
      * It wraps around all messages
      */
-    echo "<FORM name=\"messageList\" method=post action=\"$moveURL\">\n"
+    echo '<form name="messageList" method="post" action="move_messages.php">' ."\n"
+	. $moveFields
         . html_tag( 'table' ,
             html_tag( 'tr',
                 html_tag( 'td' ,

src/move_messages.php

@@ -125,21 +125,14 @@ $key  = $_COOKIE['key'];
 $onetimepad = $_SESSION['onetimepad'];
 $base_uri = $_SESSION['base_uri'];
 $delimiter = $_SESSION['delimiter'];
-if (isset($_GET['mailbox'])) {
-    $mailbox = $_GET['mailbox'];
-}
-if (isset($_GET['startMessage'])) {
-    $startMessage = $_GET['startMessage'];
-}
+
+sqGetGlobalVar('mailbox', $mailbox);
+sqGetGlobalVar('startMessage', $startMessage);
+sqGetGlobalVar('msg', $msg);
+
 if (isset($_POST['moveButton'])) {
     $moveButton = $_POST['moveButton'];
 }
-if (isset($_POST['msg'])) {
-    $msg = $_POST['msg'];
-}
-elseif (isset($_GET['msg'])) {
-    $msg = $_GET['msg'];
-}
 
 if (isset($_SESSION['msgs'])) {
     $msgs = $_SESSION['msgs'];