1 files changed, 24 insertions, 19 deletions
diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php
index 3364206680..ce40a2507d 100644
--- a/phpBB/includes/ucp/ucp_pm_viewfolder.php
+++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php
@@ -25,13 +25,15 @@ if (!defined('IN_PHPBB'))
 */
 function view_folder($id, $mode, $folder_id, $folder)
 {
-	global $user, $template, $auth, $db, $cache;
+	global $user, $template, $auth, $db, $cache, $request;
 	global $phpbb_root_path, $config, $phpEx;
 
 	$submit_export = (isset($_POST['submit_export'])) ? true : false;
 
 	$folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']);
 
+	add_form_key('ucp_pm_view_folder');
+
 	if (!$submit_export)
 	{
 		$user->add_lang('viewforum');
@@ -39,10 +41,7 @@ function view_folder($id, $mode, $folder_id, $folder)
 		// Grab icons
 		$icons = $cache->obtain_icons();
 
-		$color_rows = array('marked', 'replied');
-
-		// only show the friend/foe color rows if the module is enabled
-		$zebra_enabled = false;
+		$color_rows = array('message_reported', 'marked', 'replied');
 
 		$_module = new p_master();
 		$_module->list_modules('ucp');
@@ -117,7 +116,7 @@ function view_folder($id, $mode, $folder_id, $folder)
 		);
 
 		// Okay, lets dump out the page ...
-		if (sizeof($folder_info['pm_list']))
+		if (count($folder_info['pm_list']))
 		{
 			$address_list = array();
 
@@ -141,9 +140,9 @@ function view_folder($id, $mode, $folder_id, $folder)
 				$row_indicator = '';
 				foreach ($color_rows as $var)
 				{
-					if (($var != 'friend' && $var != 'foe' && $row['pm_' . $var])
+					if (($var !== 'friend' && $var !== 'foe' && $row[($var === 'message_reported') ? $var : "pm_{$var}"])
 						||
-						(($var == 'friend' || $var == 'foe') && isset(${$var}[$row['author_id']]) && ${$var}[$row['author_id']]))
+						(($var === 'friend' || $var === 'foe') && isset(${$var}[$row['author_id']]) && ${$var}[$row['author_id']]))
 					{
 						$row_indicator = $var;
 						break;
@@ -196,9 +195,14 @@ function view_folder($id, $mode, $folder_id, $folder)
 	}
 	else
 	{
-		$export_type = request_var('export_option', '');
-		$enclosure = request_var('enclosure', '');
-		$delimiter = request_var('delimiter', '');
+		$export_type = $request->variable('export_option', '');
+		$enclosure = $request->variable('enclosure', '');
+		$delimiter = $request->variable('delimiter', '');
+
+		if (!check_form_key('ucp_pm_view_folder'))
+		{
+			trigger_error('FORM_INVALID');
+		}
 
 		if ($export_type == 'CSV' && ($delimiter === '' || $enclosure === ''))
 		{
@@ -239,7 +243,7 @@ function view_folder($id, $mode, $folder_id, $folder)
 				$_types = array('u', 'g');
 				foreach ($_types as $ug_type)
 				{
-					if (isset($address_temp[$message_id][$ug_type]) && sizeof($address_temp[$message_id][$ug_type]))
+					if (isset($address_temp[$message_id][$ug_type]) && count($address_temp[$message_id][$ug_type]))
 					{
 						if (!isset($address[$message_id][$ug_type]))
 						{
@@ -272,8 +276,8 @@ function view_folder($id, $mode, $folder_id, $folder)
 
 				// There is the chance that all recipients of the message got deleted. To avoid creating
 				// exports without recipients, we add a bogus "undisclosed recipient".
-				if (!(isset($address[$message_id]['g']) && sizeof($address[$message_id]['g'])) &&
-					!(isset($address[$message_id]['u']) && sizeof($address[$message_id]['u'])))
+				if (!(isset($address[$message_id]['g']) && count($address[$message_id]['g'])) &&
+					!(isset($address[$message_id]['u']) && count($address[$message_id]['u'])))
 				{
 					$address[$message_id]['u'] = array();
 					$address[$message_id]['u']['to'] = array();
@@ -397,15 +401,16 @@ function view_folder($id, $mode, $folder_id, $folder)
 */
 function get_pm_from($folder_id, $folder, $user_id)
 {
-	global $user, $db, $template, $config, $auth, $phpbb_container, $phpbb_root_path, $phpEx, $phpbb_dispatcher;
+	global $user, $db, $template, $config, $auth, $phpbb_container, $phpbb_root_path, $phpEx, $request, $phpbb_dispatcher;
 
-	$start = request_var('start', 0);
+	$start = $request->variable('start', 0);
 
 	// Additional vars later, pm ordering is mostly different from post ordering. :/
-	$sort_days	= request_var('st', 0);
-	$sort_key	= request_var('sk', 't');
-	$sort_dir	= request_var('sd', 'd');
+	$sort_days	= $request->variable('st', 0);
+	$sort_key	= $request->variable('sk', 't');
+	$sort_dir	= $request->variable('sd', 'd');
 
+	/* @var $pagination \phpbb\pagination */
 	$pagination = $phpbb_container->get('pagination');
 
 	// PM ordering options