Clean up spamcop plugin wrt globals.

Fix a bug in saving the spamcop ID.
Eliminate evil "extract($_SESSION);" statement.
And make the produced html more valid.

plugins/spamcop/options.php

@@ -17,8 +17,9 @@ displayPageHeader($color, 'None');
 /* globals */
 sqgetGlobalVar('action', $action);
 sqgetGlobalVar('meth', $meth);
-sqgetGlobalVar('ID' , $meth);
-extract($_SESSION);
+sqgetGlobalVar('ID' , $ID);
+
+sqgetGlobalVar('username', $username, SQ_SESSION);
 /* end of globals */
 
 $action = (!isset($action) ? '' : $action);
@@ -55,16 +56,17 @@ global $spamcop_enabled, $spamcop_delete;
 spamcop_load();
 
 ?>
-      <br>
-      <table width=95% align=center border=0 cellpadding=2 cellspacing=0><tr><td bgcolor="<?php echo $color[0] ?>">
-         <center><b><?php echo _("Options") ?> - Message Filtering</b></center>
+      <br />
+      <table width="95%" align="center" border="0" cellpadding="2" cellspacing="0">
+      <tr><td bgcolor="<?php echo $color[0]; ?>">
+         <center><b><?php echo _("Options"); ?> - Message Filtering</b></center>
       </td></tr></table>
-      <br>
+      <br />
       
-      <table align=center>
+      <table align="center">
         <tr>
-	  <td align=right>SpamCop link is:</td>
-	  <td><?PHP if ($spamcop_enabled) { 
+	  <td align="right">SpamCop link is:</td>
+	  <td><?php if ($spamcop_enabled) { 
 	  ?>Enabled (<a href="options.php?action=disable">Disable it</a>)
 	  <?PHP } else {
 	  ?>Disabled (<a href="options.php?action=enable">Enable it</a>)
@@ -72,43 +74,43 @@ spamcop_load();
 	  ?></td>
 	</tr>
         <tr>
-	  <td align=right valign=top>Delete spam when reported:<br>
+	  <td align="right" valign="top">Delete spam when reported:<br />
 	    <font size="-2">(Only works with email-based reporting)</font>
 	  </td>
-	  <td valign=top><?PHP if ($spamcop_delete) { 
+	  <td valign="top"><?php if ($spamcop_delete) { 
 	  ?>Enabled (<a href="options.php?action=save">Disable it</a>)
-	  <?PHP } else {
+	  <?php } else {
 	  ?>Disabled (<a href="options.php?action=delete">Enable it</a>)
-	  <?PHP }
+	  <?php }
 	  ?></td>
 	</tr>
 	<tr>
-	  <td align=right>Spam Reporting Method:</td>
-	  <form method=post action=options.php><td>
-	    <select name=meth>
-	      <option value="quick_email"<?PHP
-	        if ($spamcop_method == 'quick_email') echo ' SELECTED'
+	  <td align="right">Spam Reporting Method:</td>
+	  <form method="post" action="options.php"><td>
+	    <select name="meth">
+	      <option value="quick_email"<?php
+	        if ($spamcop_method == 'quick_email') echo ' selected'
 	        ?>>Quick email-based reporting</option>
-	      <option value="thorough_email"<?PHP
-	        if ($spamcop_method == 'thorough_email') echo ' SELECTED'
+	      <option value="thorough_email"<?php
+	        if ($spamcop_method == 'thorough_email') echo ' selected'
 	        ?>>Thorough email-based reporting</option>
-	      <option value="web_form"<?PHP
-	        if ($spamcop_method == 'web_form') echo ' SELECTED'
+	      <option value="web_form"<?php
+	        if ($spamcop_method == 'web_form') echo ' selected'
 	        ?>>Web-based form</option>
 	    </select>
-	    <input type=hidden name=action value=meth>
-	    <input type=submit value="Save Method">
+	    <input type="hidden" name="action" value="meth">
+	    <input type="submit" value="Save Method">
 	  </td></form>
 	</tr>
 	<tr>
-	  <td valign=top align=right>Your SpamCop authorization code:<br>
+	  <td valign="top" align="right">Your SpamCop authorization code:<br />
 	    <font size="-2">(see below)</font>
 	  </td>
-	  <form method=post action=options.php><td valign=top>
-	    <input type=text size=30 name="ID" value="<?PHP
-	      echo htmlspecialchars($spamcop_id) ?>">
-	    <input type=hidden name=action value=save_id>
-	    <input type=submit value="Save ID">
+	  <form method="post" action="options.php"><td valign="top">
+	    <input type="text" size="30" name="ID" value="<?php
+	      echo htmlspecialchars($spamcop_id) ?>" />
+	    <input type="hidden" name="action" value="save_id" />
+	    <input type="submit" value="Save ID" />
 	  </td></form>
 	</tr>
       </table>
@@ -140,7 +142,7 @@ this message as spam.  Clicking on it brings you to a confirmation page.
 Confirming that you want the spam report sent will do different things with
 different reporting methods.</p>
 
-<p><b>Email-based Reporting</b><br>
+<p><b>Email-based Reporting</b><br />
 Pressing the button forwards the message to the SpamCop service and will
 optionally delete the message.  From there, you just need to go to your 
 INBOX and quite soon a message should appear from SpamCop.  (It gets sent to
@@ -152,7 +154,7 @@ window will open.</p>
 reporting.  Also, it appears that this is for members (non-free) only.
 Hopefully this will change soon.</p>
 
-<p><b>Web-based Reporting</b><br>
+<p><b>Web-based Reporting</b><br />
 When you press the button on the confirmation page, this will pop open a new
 browser window and the SpamCop service should appear inside.  The message
 will not be deleted (working on that part), but you won't need to wait for a

plugins/spamcop/setup.php

@@ -62,15 +62,15 @@ function spamcop_show_link() {
       return;
 
    /* GLOBALS */
-   $passed_id = $_GET['passed_id'];
-   $mailbox = $_GET['mailbox'];
-   $startMessage = $_GET['startMessage'];
+   sqgetGlobalVar('passed_id',    $passed_id,    SQ_GET);
+   sqgetGlobalVar('mailbox',      $mailbox,      SQ_GET);
+   sqgetGlobalVar('startMessage', $startMessage, SQ_GET);
    /* END GLOBALS */
 
    echo "<br>\n";
    
    if ($spamcop_method == 'web_form') {
-?><script language=javascript>
+?><script language="javascript" type="text/javascript">
 document.write('<a href="../plugins/spamcop/spamcop.php?passed_id=<?PHP
 echo urlencode($passed_id); ?>&amp;js_web=1&amp;mailbox=<?PHP
 echo urlencode($mailbox); ?>" target="_blank">');

plugins/spamcop/spamcop.php

@@ -55,33 +55,29 @@ function getMessage_RFC822_Attachment($message, $composeMessage, $passed_id,
 }
 
 
-    /* GLOBALS */
-    $username = $_SESSION['username'];
-    $key  = $_COOKIE['key'];
-    $onetimepad = $_SESSION['onetimepad'];
-    $mailbox = $_GET['mailbox'];
-    $passed_id = $_GET['passed_id'];
-    if (isset($_GET['startMessage'])) {
-	$startMessage = $_GET['startMessage'];
-    } else {
-	$startMessage = 1;
-    }
-    if (isset($_GET['passed_ent_id'])) {
-	$passed_ent_id = $_GET['passed_ent_id'];
-    } else {
-	$passed_ent_id = '';
-    }
-    if ( isset($_SESSION['compose_messages']) ) {
-        $compose_messages = &$_SESSION['compose_messages'];
-    }
+/* GLOBALS */
 
-    if ( isset($_SESSION['composesession']) ) {
-        $composesession = $_SESSION['composesession'];
-    } else {
-        $composesession = 0;
-        sqsession_register($composesession, 'composesession');
-    }
-    /* END GLOBALS */
+sqgetGlobalVar('username', $username, SQ_SESSION);
+sqgetGlobalVar('key',      $key,      SQ_COOKIE);
+sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
+
+sqgetGlobalVar('mailbox', $mailbox, SQ_GET);
+sqgetGlobalVar('passed_id', $passed_id, SQ_GET);
+
+if (! sqgetGlobalVar('startMessage', $startMessage, SQ_GET) ) {
+    $startMessage = 1;
+}
+if (! sqgetGlobalVar('passed_ent_id', $passed_ent_id, SQ_GET) ) {
+    $passed_ent_id = '';
+}
+
+sqgetGlobalVar('compose_messages', $compose_messages, SQ_SESSION);
+
+if(! sqgetGlobalVar('composesession', $composesession, SQ_SESSION) ) {
+    $composesession = 0;
+    sqsession_register($composesession, 'composesession');
+}
+/* END GLOBALS */
 
     
     displayPageHeader($color, $mailbox);
@@ -133,26 +129,26 @@ can click on to properly report this spam message to the proper authorities.
 This is a free service.  By pressing the "Send Spam Report" button, you
 agree to follow SpamCop's rules/terms of service/etc.</p>
 
-<table align=center width="75%" border=0 cellpadding=0 cellspacing=0>
+<table align="center" width="75%" border="0" cellpadding="0" cellspacing="0">
 <tr>
-<td align=left valign=top>
+<td align="left" valign="top">
 <?PHP if (isset($js_web) && $js_web) {
-   ?><form method=post action="javascript:return false">
-  <input type=button value="Close Window" 
+   ?><form method="post" action="javascript:return false">
+  <input type="button" value="Close Window" 
   onClick="window.close(); return true;">
    <?PHP
 } else {
-   ?><form method=post action="../../src/right_main.php">
-  <input type=hidden name="mailbox" value="<?PHP echo
+   ?><form method="post" action="../../src/right_main.php">
+  <input type="hidden" name="mailbox" value="<?PHP echo
      htmlspecialchars($mailbox) ?>">
-  <input type=hidden name="startMessage" value="<?PHP echo
+  <input type="hidden" name="startMessage" value="<?PHP echo
      htmlspecialchars($startMessage) ?>">
-  <input type=submit value="Cancel / Done">
+  <input type="submit" value="Cancel / Done">
    <?PHP
 }
   ?></form>
 </td>
-<td align=right valign=top>
+<td align="right" valign="top">
 <?PHP if ($spamcop_method == 'thorough_email' ||
           $spamcop_method == 'quick_email') {
    if ($spamcop_method == 'thorough_email')
@@ -160,18 +156,16 @@ agree to follow SpamCop's rules/terms of service/etc.</p>
    else
       $report_email = 'quick.' . $spamcop_id . '@spam.spamcop.net';
    $form_action = SM_PATH . 'src/compose.php';
-?>  <form method=post action="<?PHP echo $form_action?>">
-  <input type=hidden name="mailbox" value="<?PHP echo
+?>  <form method="post" action="<?PHP echo $form_action?>">
+  <input type="hidden" name="mailbox" value="<?PHP echo
      htmlspecialchars($mailbox) ?>">
-  <input type=hidden name="spamcop_is_composing" value="<?PHP echo
+  <input type="hidden" name="spamcop_is_composing" value="<?PHP echo
      htmlspecialchars($passed_id) ?>">
-  <input type=hidden name="send_to" value="<?PHP echo $report_email?>">
-  <input type=hidden name="send_to_cc" value="">
-  <input type=hidden name="send_to_bcc" value="">
-  <input type=hidden name="subject" value="reply anyway">
-  <input type=hidden name="identity" value="default">
-  <input type=hidden name="session" value="<?PHP echo $session?>">
-  <input type=submit name="send" value="Send Spam Report">
+  <input type="hidden" name="send_to" value="<?PHP echo $report_email?>">
+  <input type="hidden" name="subject" value="reply anyway">
+  <input type="hidden" name="identity" value="default">
+  <input type="hidden" name="session" value="<?PHP echo $session?>">
+  <input type="submit" name="send" value="Send Spam Report">
 <?PHP } else {
    $sid = sqimap_session_id($uid_support);
    fputs($imap_stream, $sid.' FETCH ' . $passed_id . ' RFC822' . "\r\n");
@@ -185,19 +179,19 @@ agree to follow SpamCop's rules/terms of service/etc.</p>
       $Message = substr($Message, 0, 50000 - strlen($Warning)) . $Warning;
    }
    if (isset($js_web) && $js_web) {
-?>  <form method=post action="http://spamcop.net/sc" name="submitspam"
+?>  <form method="post" action="http://spamcop.net/sc" name="submitspam"
     enctype="multipart/form-data"><?PHP
    } else {
-?>  <form method=post action="http://spamcop.net/sc" name="submitspam"
+?>  <form method="post" action="http://spamcop.net/sc" name="submitspam"
     enctype="multipart/form-data" target="_blank"><?PHP
    } ?>
-  <input type=hidden name=action value=submit>
-  <input type=hidden name=oldverbose value=1>
-  <input type=hidden name=code value="<?PHP echo $spamcop_id ?>">
-  <input type=hidden name=spam value="<?PHP
+  <input type="hidden" name="action" value="submit">
+  <input type="hidden" name="oldverbose" value="1">
+  <input type="hidden" name="code" value="<?PHP echo $spamcop_id ?>">
+  <input type="hidden" name="spam" value="<?PHP
           echo htmlspecialchars($Message);
   ?>">
-  <input type=submit name="x1" value="Send Spam Report">
+  <input type="submit" name="x1" value="Send Spam Report">
 <?PHP }
 ?>  </form>
 </td>