<?php
- /** This code sends a mail.
+ /**
+ ** compose.php
+ **
+ ** Copyright (c) 1999-2000 The SquirrelMail development team
+ ** Licensed under the GNU GPL. For full terms see the file COPYING.
+ **
+ ** This code sends a mail.
**
** There are 3 modes of operation:
** - Start new mail
include("../functions/smtp.php");
if (!isset($display_messages_php))
include("../functions/display_messages.php");
+ if (!isset($auth_php))
+ include ("../functions/auth.php");
+ if (!isset($plugin_php))
+ include ("../functions/plugin.php");
include("../src/load_prefs.php");
// This function is used when not sending or adding attachments
function newMail () {
global $forward_id, $imapConnection, $msg, $ent_num, $body_ary, $body,
- $reply_id, $send_to, $send_to_cc, $mailbox, $send_to_bcc;
+ $reply_id, $send_to, $send_to_cc, $mailbox, $send_to_bcc, $editor_size;
- $send_to = decodeHeader($send_to);
- $send_to_cc = decodeHeader($send_to_cc);
+ $send_to = sqStripSlashes(decodeHeader($send_to));
+ $send_to_cc = sqStripSlashes(decodeHeader($send_to_cc));
+ $send_to_bcc = sqStripSlashes(decodeHeader($send_to_bcc));
if ($forward_id)
$id = $forward_id;
else if ($reply_id)
$id = $reply_id;
+
if ($id) {
sqimap_mailbox_select($imapConnection, $mailbox);
$message = sqimap_get_message($imapConnection, $id, $mailbox);
- $message = getEntity($message, $ent_num);
+ $orig_header = $message->header;
+ if ($ent_num)
+ $message = getEntity($message, $ent_num);
if ($message->header->type0 == "text" || $message->header->type1 == "message") {
- $body = decodeBody(mime_fetch_body($imapConnection, $id, $message->header->entity_id), $message->header->encoding);
+ if ($ent_num)
+ $body = decodeBody(mime_fetch_body($imapConnection, $id, $ent_num), $message->header->encoding);
+ else
+ $body = decodeBody(mime_fetch_body($imapConnection, $id, 1), $message->header->encoding);
} else {
$body = "";
}
- if ($forward_id)
- $tmp = _("-------- Original Message ---------\n");
if ($message->header->type1 == "html")
$body = strip_tags($body);
$body_ary = explode("\n", $body);
$body = "";
for ($i=0; $i < count($body_ary); $i++) {
- $tmp = $body_ary[$i];
-
+ sqWordWrap($body_ary[$i], $editor_size - 1);
+ $body .= $body_ary[$i];
+ }
+ $body_ary = array();
+ $body_ary = explode("\n", $body);
+ $body = "";
+ for ($i=0; $i < count($body_ary); $i++) {
+ if ($i==0 && $forward_id) {
+ $tmp = "-------- " . _("Original Message") . " --------\n";
+ $tmp .= _("Subject") . ": " . $orig_header->subject . "\n";
+ $tmp .= _("From") . ": " . $orig_header->from . "\n";
+ $tmp .= _("To") . ": " . $orig_header->to[0] . "\n";
+ if (count($orig_header->to) > 1) {
+ for ($x=1; $x < count($orig_header->to); $x++) {
+ $tmp .= " " . $orig_header->to[$x] . "\n";
+ }
+ }
+ $tmp .= "\n" . $body_ary[$i];
+ } else {
+ $tmp = $body_ary[$i];
+ }
if ($forward_id)
$body = "$body$tmp\n";
else
$body = "$body> $tmp\n";
}
-
+
+ sqimap_mailbox_close($imapConnection);
+ return $body;
}
if (!$send_to) {
$send_to = sqimap_find_email($send_to);
}
- $send_to = ereg_replace("\"", "", $send_to);
- $send_to = stripslashes($send_to);
-
/** This formats a CC string if they hit "reply all" **/
if ($send_to_cc != "") {
+ $send_to_cc = ereg_replace( '"[^"]*"', "", $send_to_cc);
$send_to_cc = ereg_replace(";", ",", $send_to_cc);
$sendcc = explode(",", $send_to_cc);
$send_to_cc = "";
global $send_to, $send_to_cc, $reply_subj, $forward_subj, $body,
$passed_body, $color, $use_signature, $signature, $editor_size,
$attachments, $subject, $newmail, $use_javascript_addr_book,
- $send_to_bcc, $reply_id, $mailbox;
+ $send_to_bcc, $reply_id, $mailbox, $from_htmladdr_search;
- $subject = decodeHeader($subject);
+ $subject = sqStripSlashes(decodeHeader($subject));
$reply_subj = decodeHeader($reply_subj);
$forward_subj = decodeHeader($forward_subj);
+ $body = sqStripSlashes($body);
if ($use_javascript_addr_book) {
echo "\n<SCRIPT LANGUAGE=JavaScript><!--\n";
}
echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST ENCTYPE=\"multipart/form-data\">\n";
+ //echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST>\n";
if ($reply_id) {
echo "<input type=hidden name=reply_id value=$reply_id>\n";
- }
- echo "<input type=hidden name=mailbox value=$mailbox>\n";
- echo "<TABLE WIDTH=50 ALIGN=center CELLSPACING=0 BORDER=0>\n";
+ }
+ printf("<INPUT TYPE=hidden NAME=mailbox VALUE=\"%s\">\n", htmlspecialchars($mailbox));
+ echo "<TABLE WIDTH=\"100%\" ALIGN=center CELLSPACING=0 BORDER=0>\n";
echo " <TR>\n";
- echo " <TD WIDTH=50 BGCOLOR=\"$color[4]\" ALIGN=RIGHT>\n";
+ echo " <TD BGCOLOR=\"$color[4]\" ALIGN=RIGHT>\n";
echo _("To:");
- echo " </TD><TD colspan=2 WIDTH=\"100%\" BGCOLOR=\"$color[4]\" ALIGN=LEFT>\n";
- if ($send_to)
- echo " <INPUT TYPE=TEXT NAME=\"send_to\" VALUE=\"$send_to\" SIZE=60><BR>\n";
- else
- echo " <INPUT TYPE=TEXT NAME=\"send_to\" SIZE=60><BR>\n";
+ echo " </TD><TD BGCOLOR=\"$color[4]\">\n";
+ printf(" <INPUT TYPE=text NAME=\"send_to\" VALUE=\"%s\" SIZE=60><BR>\n",
+ htmlspecialchars($send_to));
echo " </TD>\n";
echo " </TR>\n";
echo " <TR>\n";
- echo " <TD WIDTH=50 BGCOLOR=\"$color[4]\" ALIGN=RIGHT>\n";
+ echo " <TD BGCOLOR=\"$color[4]\" ALIGN=RIGHT>\n";
echo _("CC:");
- echo " </TD><TD colspan=2 BGCOLOR=\"$color[4]\" ALIGN=LEFT>\n";
- if ($send_to_cc)
- echo " <INPUT TYPE=TEXT NAME=\"send_to_cc\" SIZE=60 VALUE=\"$send_to_cc\"><BR>\n";
- else
- echo " <INPUT TYPE=TEXT NAME=\"send_to_cc\" SIZE=60><BR>\n";
+ echo " </TD><TD BGCOLOR=\"$color[4]\" ALIGN=LEFT>\n";
+ printf(" <INPUT TYPE=text NAME=\"send_to_cc\" SIZE=60 VALUE=\"%s\"><BR>\n",
+ htmlspecialchars($send_to_cc));
echo " </TD>\n";
echo " </TR>\n";
echo " <TR>\n";
- echo " <TD WIDTH=50 BGCOLOR=\"$color[4]\" ALIGN=RIGHT>\n";
+ echo " <TD BGCOLOR=\"$color[4]\" ALIGN=RIGHT>\n";
echo _("BCC:");
echo " </TD><TD BGCOLOR=\"$color[4]\" ALIGN=LEFT>\n";
- if ($send_to_bcc)
- echo " <INPUT TYPE=TEXT NAME=\"send_to_bcc\" VALUE=\"$send_to_bcc\" SIZE=60><BR>\n";
- else
- echo " <INPUT TYPE=TEXT NAME=\"send_to_bcc\" SIZE=60><BR>";
-
+ printf(" <INPUT TYPE=text NAME=\"send_to_bcc\" VALUE=\"%s\" SIZE=60><BR>\n",
+ htmlspecialchars($send_to_bcc));
echo "</TD></TR>\n";
echo " <TR>\n";
- echo " <TD WIDTH=50 BGCOLOR=\"$color[4]\" ALIGN=RIGHT>\n";
+ echo " <TD BGCOLOR=\"$color[4]\" ALIGN=RIGHT>\n";
echo _("Subject:");
echo " </TD><TD BGCOLOR=\"$color[4]\" ALIGN=LEFT>\n";
if ($reply_subj) {
$reply_subj = str_replace("\"", "'", $reply_subj);
- $reply_subj = stripslashes($reply_subj);
+ $reply_subj = sqStripSlashes($reply_subj);
$reply_subj = trim($reply_subj);
if (substr(strtolower($reply_subj), 0, 3) != "re:")
$reply_subj = "Re: $reply_subj";
- echo " <INPUT TYPE=TEXT NAME=subject SIZE=60 VALUE=\"$reply_subj\">";
+ printf(" <INPUT TYPE=text NAME=subject SIZE=60 VALUE=\"%s\">",
+ htmlspecialchars($reply_subj));
} else if ($forward_subj) {
$forward_subj = str_replace("\"", "'", $forward_subj);
- $forward_subj = stripslashes($forward_subj);
+ $forward_subj = sqStripSlashes($forward_subj);
$forward_subj = trim($forward_subj);
if ((substr(strtolower($forward_subj), 0, 4) != "fwd:") &&
(substr(strtolower($forward_subj), 0, 5) != "[fwd:") &&
(substr(strtolower($forward_subj), 0, 6) != "[ fwd:"))
$forward_subj = "[Fwd: $forward_subj]";
- echo " <INPUT TYPE=TEXT NAME=subject SIZE=60 VALUE=\"$forward_subj\">";
+ printf(" <INPUT TYPE=text NAME=subject SIZE=60 VALUE=\"%s\">",
+ htmlspecialchars($forward_subj));
} else {
- echo " <INPUT TYPE=TEXT NAME=subject VALUE=\"$subject\" SIZE=60>";
+ printf(" <INPUT TYPE=text NAME=subject SIZE=60 VALUE=\"%s\">",
+ htmlspecialchars($subject));
}
echo "</td></tr>\n\n";
echo " <input type=submit name=\"html_addr_search\" value=\""._("Addresses")."\">";
}
echo "\n <INPUT TYPE=SUBMIT NAME=send VALUE=\"". _("Send") . "\">\n";
+
+ do_hook("compose_button_row");
+
echo " </TD>\n";
echo " </TR>\n\n";
echo " <TR>\n";
- echo " <TD BGCOLOR=\"$color[4]\" COLSPAN=3>\n";
- if ($use_signature == true && $newmail == true)
- echo " <TEXTAREA NAME=body ROWS=20 COLS=\"$editor_size\" WRAP=HARD>". $body . "\n\n-- \n".$signature."</TEXTAREA><BR>";
- else
- echo " <TEXTAREA NAME=body ROWS=20 COLS=\"$editor_size\" WRAP=HARD>".$body."</TEXTAREA><BR>\n";
+ echo " <TD BGCOLOR=\"$color[4]\" COLSPAN=2>\n";
+ echo " <TEXTAREA NAME=body ROWS=20 COLS=\"$editor_size\" WRAP=HARD>";
+ if ($use_signature == true && $newmail == true && !isset($from_htmladdr_search)) {
+ echo (htmlspecialchars($body)) . "\n\n-- \n" . htmlspecialchars($signature);
+ } else {
+ echo (htmlspecialchars($body));
+ }
+ echo "</TEXTAREA><BR>\n";
echo " </TD>\n";
echo " </TR>\n";
- echo " <TR><TD COLSPAN=3 ALIGN=CENTER><INPUT TYPE=SUBMIT NAME=send VALUE=\"";
+ echo " <TR><TD COLSPAN=2 ALIGN=CENTER><INPUT TYPE=SUBMIT NAME=send VALUE=\"";
echo _("Send");
echo "\"></TD></TR>\n";
// This code is for attachments
echo " <tr>\n";
- echo " <TD WIDTH=50 BGCOLOR=\"$color[0]\" VALIGN=TOP ALIGN=RIGHT>\n";
+ echo " <TD BGCOLOR=\"$color[0]\" VALIGN=TOP ALIGN=RIGHT>\n";
echo " <SMALL><BR></SMALL>"._("Attach:");
- echo " </td><td colspan=2 ALIGN=left BGCOLOR=\"$color[0]\">\n";
+ echo " </td><td ALIGN=left BGCOLOR=\"$color[0]\">\n";
// echo " <INPUT TYPE=\"hidden\" name=\"MAX_FILE_SIZE\"\n";
// echo " value=\"10000\">\n";
- echo " <INPUT NAME=\"attachfile\" TYPE=\"file\">\n";
- echo " <input type=\"submit\" name=\"attach\"\n";
- echo " value=\"" . _("Add") ."\">\n";
+ echo " <INPUT NAME=\"attachfile\" SIZE=48 TYPE=\"file\">\n";
+ echo " <input type=\"submit\" name=\"attach\"";
+ echo " value=\"" . _("Add") ."\">\n";
echo " </td>\n";
echo " </tr>\n";
if (isset($attachments) && count($attachments)>0) {
- echo "</tr><tr><td width=50 bgcolor=\"$color[0]\" align=right>\n";
+ echo "<tr><td bgcolor=\"$color[0]\" align=right>\n";
echo " ";
- echo "</td><td align=left colspan=2 bgcolor=\"$color[0]\">";
+ echo "</td><td align=left bgcolor=\"$color[0]\">";
while (list($localname, $remotename) = each($attachments)) {
echo "<input type=\"checkbox\" name=\"delete[]\" value=\"$localname\">\n";
echo "$remotename <input type=\"hidden\" name=\"attachments[$localname]\" value=\"$remotename\"><br>\n";
echo "</TABLE>\n";
echo "</FORM>";
+ do_hook("compose_bottom");
}
function showSentForm () {
error message, show=true **/
global $body, $send_to, $subject, $color;
- if ($body == "" && $subject == "") {
- if ($show)
- plain_error_message(_("You have not entered a message body or a subject."), $color);
- return false;
- } else if ($send_to == "") {
+ if ($send_to == "") {
if ($show)
plain_error_message(_("You have not filled in the \"To:\" field."), $color);
return false;
checkInput(true);
showInputForm();
+ sqimap_logout($imapConnection);
}
} else if ($html_addr_search_done) {
- $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
+ is_logged_in();
displayPageHeader($color, $mailbox);
- $body = stripslashes($body);
- $send_to = stripslashes($send_to);
- $send_to_cc = stripslashes($send_to_cc);
- $send_to_bcc = stripslashes($send_to_bcc);
- $subject = stripslashes($subject);
+ $send_to = sqStripSlashes($send_to);
+ $send_to_cc = sqStripSlashes($send_to_cc);
+ $send_to_bcc = sqStripSlashes($send_to_bcc);
for ($i=0; $i < count($send_to_search); $i++) {
if ($send_to)
showInputForm();
} else if ($html_addr_search) {
- //* I am using an include so as to elminiate an extra unnecessary click. If you
- //* can think of a better way, please implement it.
+ // I am using an include so as to elminiate an extra unnecessary click. If you
+ // can think of a better way, please implement it.
include ("addrbook_search_html.php");
} else if (isset($attach)) {
- $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
+ is_logged_in();
displayPageHeader($color, $mailbox);
- $localfilename = md5("$attachfile, $attachfile_name, $REMOTE_IP, $REMOTE_PORT, $UNIQUE_ID, and everything else that may add entropy");
- $localfilename = $localfilename;
+ $localfilename = md5($HTTP_POST_FILES['attachfile']['tmp_name'].", ".$HTTP_POST_FILES['attachfile']['name'].", $REMOTE_IP, $REMOTE_PORT, $UNIQUE_ID, and everything else that may add entropy");
+// $localfilename = $localfilename; // ??
// Put the file in a better place
- error_reporting(0); // Rename will produce error output if it fails
- if (!rename($attachfile, $attachment_dir.$localfilename)) {
- if (!copy($attachfile, $attachment_dir.$localfilename)) {
- plain_error_message(_("Could not move/copy file. File not attached"));
+ // This shouldn't be here... Ondrej Sury <ondrej@sury.cz>
+ //$tmp=explode('/',$attachfile);
+ //$attachfile=$tmp[count($tmp)-1];
+ //$attachfile=ereg_replace('\.{2,}','',$attachfile);
+
+ //error_reporting(0); // Rename will produce error output if it fails
+ //if (!rename($attachfile, $attachment_dir.$localfilename)) {
+ // if (!copy($attachfile, $attachment_dir.$localfilename)) {
+ if (!@rename($HTTP_POST_FILES['attachfile']['tmp_name'], $attachment_dir.$localfilename)) {
+ if (!@copy($HTTP_POST_FILES['attachfile']['tmp_name'], $attachment_dir.$localfilename)) {
+ plain_error_message(_("Could not move/copy file. File not attached"), $color);
$failed = true;
}
}
if (!$failed) {
// Write information about the file
$fp = fopen ($attachment_dir.$localfilename.".info", "w");
- fputs ($fp, "$attachfile_type\n$attachfile_name\n");
+ fputs ($fp, $HTTP_POST_FILES['attachfile']['type']."\n".$HTTP_POST_FILES['attachfile']['name']."\n");
fclose ($fp);
- $attachments[$localfilename] = $attachfile_name;
+ $attachments[$localfilename] = $HTTP_POST_FILES['attachfile']['name'];
}
showInputForm();
} else if (isset($do_delete)) {
- $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
+ is_logged_in();
displayPageHeader($color, $mailbox);
- while (list($key, $localname) = each($delete)) {
- array_splice ($attachments, $key, 1);
+ while (list($lkey, $localname) = each($delete)) {
+ array_splice ($attachments, $lkey, 1);
unlink ($attachment_dir.$localname);
unlink ($attachment_dir.$localname.".info");
}
$newmail = true;
newMail();
showInputForm();
+ sqimap_logout($imapConnection);
}
?>