* - Send mail
* - Save As Draft
*
- * @copyright 1999-2017 The SquirrelMail Project Team
+ * @copyright 1999-2021 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
// compose_messages only useful in SESSION when a forward-as-attachment
// has been preconstructed for us and passed in via that mechanism; once
// we have it, we can clear it from the SESSION
-sqsession_unregister('compose_messages');
+// -- No, this is useful in other scenarios, too -- removing:
+// sqsession_unregister('compose_messages');
// Turn on delayed error handling in case we wind up redirecting below
$oErrorHandler->setDelayedErrors(true);
/**
* 1) Remove the addresses we'll be sending the message 'to'
*/
- if (isset($header->reply_to)) {
+ if (isset($header->reply_to) && is_array($header->reply_to) && count($header->reply_to)) {
$excl_ar = $header->getAddr_a('reply_to');
+ } else if (is_object($header->reply_to)) { /* unneccesarry, just for failsafe purpose */
+ $excl_ar = $header->getAddr_a('reply_to');
+ } else {
+ $excl_ar = $header->getAddr_a('from');
}
/**
* 2) Remove our identities from the CC list (they still can be in the
$full_reply_citation = sprintf(_("%s wrote:"),$sOrig_from);
break;
case 'quote_who':
+ // TODO: the words "quote" and "who" are translated in 1.4.x so why not here? This isn't a real HTML tag...
$start = '<quote who="';
$end = '">';
$full_reply_citation = $start . $sOrig_from . $end;
// should never directly manipulate an object like this
if (!empty($attachments)) {
$attachments = unserialize(urldecode($attachments));
- if (!empty($attachments) && is_array($attachments))
- $composeMessage->entities = $attachments;
+ if (!empty($attachments) && is_array($attachments)) {
+ // sanitize the "att_local_name" since it is user-supplied and used to access the file system
+ // it must be alpha-numeric and 32 characters long (see the use of GenerateRandomString() below)
+ foreach ($attachments as $i => $attachment) {
+ if (empty($attachment->att_local_name) || strlen($attachment->att_local_name) !== 32) {
+ unset($attachments[$i]);
+ continue;
+ }
+ // probably marginal difference between (ctype_alnum + function_exists) and preg_match
+ if (function_exists('ctype_alnum')) {
+ if (!ctype_alnum($attachment->att_local_name))
+ unset($attachments[$i]);
+ }
+ else if (preg_match('/[^0-9a-zA-Z]/', $attachment->att_local_name))
+ unset($attachments[$i]);
+ }
+ if (!empty($attachments))
+ $composeMessage->entities = $attachments;
+ }
}
if (empty($mailbox)) {
} else {
if ( !isset($pageheader_sent) || !$pageheader_sent ) {
global $return_to_message_after_reply;
- if (($action === 'reply' || $action === 'reply_all') && $return_to_message_after_reply)
+ if (($action === 'reply' || $action === 'reply_all' || $action === 'forward' || $action === 'forward_as_attachment')
+ && $return_to_message_after_reply && $passed_id)
header("Location: $location/read_body.php?passed_id=$passed_id&mailbox=$urlMailbox".
"&startMessage=$startMessage&mail_sent=$mail_sent");
else
$key, $imapServerAddress, $imapPort, $imap_stream_options,
$composeMessage, $body_quote, $request_mdn, $request_dr,
$mdn_user_support, $languages, $squirrelmail_language,
- $default_charset, $do_not_reply_to_self;
+ $default_charset, $do_not_reply_to_self, $compose_messages;
/*
* Set $default_charset to correspond with the user's selection
}
$attach = array();
- global $username, $attachment_dir;
+ global $username, $attachment_dir, $upload_filesize_divisor;
+ if (empty($upload_filesize_divisor))
+ $upload_filesize_divisor = 1000; // *not* 1024 -- does this break for some users?
$hashed_attachment_dir = getHashedDir($username, $attachment_dir);
if (!empty($attach_array)) {
foreach ($attach_array as $key => $attachment) {
$max = min($sizes);
$oTemplate->assign('max_file_size', empty($max) ? -1 : $max);
$oTemplate->assign('attachments', $attach);
+ $oTemplate->assign('upload_filesize_divisor', $upload_filesize_divisor);
// access keys...
//
*/
function deliverMessage(&$composeMessage, $draft=false) {
global $send_to, $send_to_cc, $send_to_bcc, $mailprio, $subject, $body,
- $username, $identity, $idents, $data_dir,
+ $username, $identity, $idents, $data_dir, $compose_messages, $session,
$request_mdn, $request_dr, $default_charset, $useSendmail,
$domain, $action, $default_move_to_sent, $move_to_sent,
$imapServerAddress, $imapPort, $imap_stream_options, $sent_folder, $key;
sqimap_logout($imap_stream);
unset ($imap_deliver);
$composeMessage->purgeAttachments();
+//TODO: completely unclear if should be using $compose_session instead of $session below
+ unset($compose_messages[$session]);
+ sqsession_register($compose_messages,'compose_messages');
return $success;
} else {
$msg = '<br />'.sprintf(_("Error: Draft folder %s does not exist."), sm_encode_html_special_chars($draft_folder));
// final cleanup
//
$composeMessage->purgeAttachments();
+//TODO: completely unclear if should be using $compose_session instead of $session below
+ unset($compose_messages[$session]);
+ sqsession_register($compose_messages,'compose_messages');
sqimap_logout($imap_stream);
}