-if ($_GET['_cid'] || $_POST['_cid'])
- {
- $cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
- $DB->query("SELECT * FROM ".get_table_name('contacts')."
- WHERE contact_id=?
- AND user_id=?
- AND del<>1",
- $cid,
- $_SESSION['user_id']);
-
- $CONTACT_RECORD = $DB->fetch_assoc();
-
- if (is_array($CONTACT_RECORD))
- $OUTPUT->add_script(sprintf("%s.set_env('cid', '%s');", $JS_OBJECT_NAME, $CONTACT_RECORD['contact_id']));
- }
-
+// read contact record
+if (($cid = get_input_value('_cid', RCUBE_INPUT_GPC)) && ($record = $CONTACTS->get_record($cid, true)))
+ $OUTPUT->set_env('cid', $record['ID']);