-if ($_action=='moveto' && !empty($_POST['_uid']) && !empty($_POST['_target_mbox']))
-{
- $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_POST))));
- $target = get_input_value('_target_mbox', RCUBE_INPUT_POST);
- $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_POST));
-
- if (!$moved)
- {
- // send error message
- $OUTPUT->command('list_mailbox');
- $OUTPUT->show_message('errormoving', 'error');
- $OUTPUT->send();
+if ($RCMAIL->action=='moveto' && !empty($_POST['_uid']) && strlen($_POST['_target_mbox'])) {
+ $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_POST))));
+ $target = get_input_value('_target_mbox', RCUBE_INPUT_POST, true);
+ $mbox = get_input_value('_mbox', RCUBE_INPUT_POST, true);
+
+ $moved = $IMAP->move_message($uids, $target, $mbox);
+
+ if (!$moved) {
+ // send error message
+ if ($_POST['_from'] != 'show')
+ $OUTPUT->command('list_mailbox');
+ rcmail_display_server_error('errormoving');
+ $OUTPUT->send();
+ exit;
+ }
+ else {
+ $OUTPUT->show_message('messagemoved', 'confirmation');
+ }
+
+ $addrows = true;
+}
+// delete messages
+else if ($RCMAIL->action=='delete' && !empty($_POST['_uid'])) {
+ $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_POST))));
+ $mbox = get_input_value('_mbox', RCUBE_INPUT_POST, true);
+
+ $del = $IMAP->delete_message($uids, $mbox);
+
+ if (!$del) {
+ // send error message
+ if ($_POST['_from'] != 'show')
+ $OUTPUT->command('list_mailbox');
+ rcmail_display_server_error('errordeleting');
+ $OUTPUT->send();
+ exit;
+ }
+ else {
+ $OUTPUT->show_message('messagedeleted', 'confirmation');
+ }
+
+ $addrows = true;
+}
+// unknown action or missing query param
+else {