X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fcompose.php;h=ae86552ee63ecc2c8a8a35c2f097efddc9adc0d6;hb=956f804a73e649f5b8ac430333aae56a75bec7d5;hp=068fac0bd77d5eb607c46ca392a7d5e4c0c87582;hpb=8ec806b85655f4b3933c65f1877df68cec3c0cdf;p=squirrelmail.git

diff --git a/functions/compose.php b/functions/compose.php
index 068fac0b..ae86552e 100644
--- a/functions/compose.php
+++ b/functions/compose.php
@@ -13,3 +13,49 @@
  */
 
 
+/**
+ * Get a new file to write an attachment to.
+ * This function makes sure it doesn't overwrite other attachments,
+ * preventing collisions and race conditions.
+ *
+ * @return filename of the tempfile only (not full path)
+ * @since 1.5.2
+ */
+function sq_get_attach_tempfile()
+{
+    global $username, $attachment_dir;
+
+    $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
+
+    // using PHP >= 4.3.2 we can be truly atomic here
+    $filemods = check_php_version ( 4,3,2 ) ? 'x' : 'w';
+
+    // give up after 1000 tries
+    $TMP_MAX = 1000;
+    for ($try=0; $try<$TMP_MAX; ++$try) {
+
+        $localfilename = GenerateRandomString(32, '', 7);
+        $full_localfilename = "$hashed_attachment_dir/$localfilename";
+
+        // filename collision. try again
+        if ( file_exists($full_localfilename) ) {
+            continue;
+        }
+
+        // try to open for (binary) writing
+        $fp = @fopen( $full_localfilename, $filemods);
+
+        if ( $fp !== FALSE ) {
+            // success! make sure it's not readable, close and return filename
+            chmod($full_localfilename, 0600);
+            fclose($fp);
+            return $localfilename;
+        }
+    }
+
+    // we tried 1000 times but didn't succeed.
+    error_box( _("Could not open temporary file to store attachment. Contact your system administrator to resolve this issue.") );
+    return FALSE;
+}
+
+