* -------------
* Squirrelspell module.
*
- * Copyright (c) 1999-2002 The SquirrelMail development team
+ * Copyright (c) 1999-2004 The SquirrelMail development team
* Licensed under the GNU GPL. For full terms see the file COPYING.
*
* This module is the main workhorse of SquirrelSpell. It submits
/**
* Declaring globals for users with E_ALL set.
*/
-global $sqspell_text, $SQSPELL_APP, $sqspell_use_app, $attachment_dir,
- $username, $SQSPELL_EREG, $color;
+global $SQSPELL_APP, $attachment_dir, $SQSPELL_EREG, $color;
+
+$sqspell_text = $_POST['sqspell_text'];
+$sqspell_use_app = $_POST['sqspell_use_app'];
/**
* Now we explode the lines for three reasons:
*/
$sqspell_command=$SQSPELL_APP[$sqspell_use_app];
/**
- * For the simplicity's sake we'll put all text into a file in
- * attachment_dir directory, then cat it and pipe it to
- * sqspell_command. There are other ways to do it, including popen(),
- * but it's unidirectional and no fun at all.
- *
- * The name of the file is an md5 hash of the message itself plus
- * microtime. This prevents symlink attacks. The loop is here to
- * further enhance this feature, and make sure we don't overwrite
- * someone else's data, although the possibility of this happening is
- * QUITE remote.
- */
-do {
- $floc = "$attachment_dir/" . md5($sqspell_new_text . microtime());
-} while (file_exists($floc));
-/**
- * Write the contents to the file.
- */
-$fp=fopen($floc, 'w');
-fwrite($fp, $sqspell_new_text);
-fclose($fp);
-/**
- * Execute ispell/aspell and catch the output.
+ * If you have php >= 4.3.0, we can use proc_open and safe mode
+ * and not mess w/ temp files. Otherwise we will do it the old
+ * way, (minus the uneeded call to cat that messes up Wintel
+ * boxen.)
+ * Thanks Ray Ferguson for providing this patch.
*/
-exec("cat $floc | $sqspell_command 2>&1", $sqspell_output, $sqspell_exitcode);
-/**
- * Remove the temp file.
- */
-unlink($floc);
+if( check_php_version ( 4, 3 ) ) {
+ $descriptorspec = array(
+ 0 => array('pipe', 'r'), // stdin is a pipe that the child will read from
+ 1 => array('pipe', 'w'), // stdout is a pipe that the child will write to
+ 2 => array('pipe', 'w'), // stderr is a pipe that the child will write to
+ );
+ $spell_proc=proc_open($sqspell_command, $descriptorspec, $pipes);
+ fwrite($pipes[0], $sqspell_new_text);
+ fclose($pipes[0]);
+ $sqspell_output = array();
+ for($i=1; $i<=2; $i++){
+ while(!feof($pipes[$i]))
+ array_push($sqspell_output, rtrim(fgetss($pipes[$i],999),"\n"));
+ fclose($pipes[$i]);
+ }
+ $sqspell_exitcode=proc_close($spell_proc);
+} else {
+ do {
+ $floc = "$attachment_dir/" . md5($sqspell_new_text . microtime());
+ } while (file_exists($floc));
+ $fp=fopen($floc, 'w');
+ fwrite($fp, $sqspell_new_text);
+ fclose($fp);
+ exec("$sqspell_command < $floc 2>&1", $sqspell_output, $sqspell_exitcode);
+ unlink($floc);
+}
/**
* Check if the execution was successful. Bail out if it wasn't.
$msg= "<div align='center'>"
. sprintf(_("I tried to execute '%s', but it returned:"),
$sqspell_command) . "<pre>"
- . nl2br(join("\n", $sqspell_output)) . "</pre>"
+ . join("\n", htmlspecialchars($sqspell_output)) . "</pre>"
. "<form onsubmit=\"return false\">"
. "<input type=\"submit\" value=\" " . _("Close")
. " \" onclick=\"self.close()\"></form></div>";
*/
if (!$SQSPELL_EREG("\n$sqspell_word\n", $words)){
$sqspell_symb=intval($tmparray[3])-1;
- if (!$misses[$sqspell_word]) {
+ if (!isset($misses[$sqspell_word])) {
$misses[$sqspell_word] = $right;
$missed_words[$errors] = $sqspell_word;
$errors++;
}
- if ($locations[$sqspell_word]){
+ if (isset($locations[$sqspell_word])){
$locations[$sqspell_word] .= ', ';
+ } else {
+ $locations[$sqspell_word] = '';
}
$locations[$sqspell_word] .= "$current_line:$sqspell_symb";
}
*/
if (!$SQSPELL_EREG("\n$sqspell_word\n", $words)){
$sqspell_symb=intval($tmparray[2])-1;
- if (!$misses[$sqspell_word]) {
- $misses[$sqspell_word] = '_NONE';
- $missed_words[$errors] = $sqspell_word;
- $errors++;
+ if (!isset($misses[$sqspell_word])) {
+ $misses[$sqspell_word] = '_NONE';
+ $missed_words[$errors] = $sqspell_word;
+ $errors++;
}
- if ($locations[$sqspell_word]) $locations[$sqspell_word] .= ', ';
+ if (isset($locations[$sqspell_word])) {
+ $locations[$sqspell_word] .= ', ';
+ } else {
+ $locations[$sqspell_word] = '';
+ }
$locations[$sqspell_word] .= "$current_line:$sqspell_symb";
}
break;
* Local variables:
* mode: php
* End:
+ * vim: syntax=php et ts=4
*/
?>