X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fcompose.php;h=2f37a6adc11fbbfcb2e2ebb1b367feeee2857dc2;hb=b9a873d7ed3979bb6de827ea831301a336e5327e;hp=032c95f7534d2f0c37c2fccfaabe69702730cdcc;hpb=1638beb6a5ee43f1143968b7256f19e6c806af9a;p=squirrelmail.git
diff --git a/src/compose.php b/src/compose.php
index 032c95f7..2f37a6ad 100644
--- a/src/compose.php
+++ b/src/compose.php
@@ -10,17 +10,27 @@
* - Send mail
* - Save As Draft
*
- * @copyright © 1999-2006 The SquirrelMail Project Team
+ * @copyright 1999-2014 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
*/
+/** This is the compose page */
+define('PAGE_NAME', 'compose');
+
/**
* Include the SquirrelMail initialization file.
*/
require('../include/init.php');
+/* If email_address not set and admin wants us to ask user for it,
+ * redirect to options page. */
+if ( $ask_user_info && getPref($data_dir, $username,'email_address') == "" ) {
+ header("Location: " . get_location() . "/options.php?optpage=personal");
+ exit;
+}
+
/* SquirrelMail required files. */
require_once(SM_PATH . 'functions/imap_general.php');
require_once(SM_PATH . 'functions/imap_messages.php');
@@ -31,45 +41,60 @@ require_once(SM_PATH . 'class/deliver/Deliver.class.php');
require_once(SM_PATH . 'functions/addressbook.php');
require_once(SM_PATH . 'functions/forms.php');
require_once(SM_PATH . 'functions/identity.php');
+global $imap_stream_options; // in case not defined in config
/* --------------------- Get globals ------------------------------------- */
/** SESSION VARS */
sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
+sqgetGlobalVar('delayed_errors', $delayed_errors, SQ_SESSION);
sqgetGlobalVar('composesession', $composesession, SQ_SESSION);
sqgetGlobalVar('compose_messages', $compose_messages, SQ_SESSION);
-sqgetGlobalVar('delayed_errors', $delayed_errors, SQ_SESSION);
+
+// compose_messages only useful in SESSION when a forward-as-attachment
+// has been preconstructed for us and passed in via that mechanism; once
+// we have it, we can clear it from the SESSION
+sqsession_unregister('compose_messages');
// Turn on delayed error handling in case we wind up redirecting below
$oErrorHandler->setDelayedErrors(true);
/** SESSION/POST/GET VARS */
-sqgetGlobalVar('session',$session);
-sqgetGlobalVar('mailbox',$mailbox);
-if(!sqgetGlobalVar('identity',$identity)) {
+sqgetGlobalVar('send_button_count', $send_button_count, SQ_POST, 1, SQ_TYPE_INT);
+for ($i = 1; $i <= $send_button_count; $i++)
+ if (sqgetGlobalVar('send' . $i, $send, SQ_POST)) break;
+// Send can only be achieved by setting $_POST var. If Send = true then
+// retrieve other form fields from $_POST
+if (isset($send) && $send) {
+ $SQ_GLOBAL = SQ_POST;
+} else {
+ $SQ_GLOBAL = SQ_FORM;
+}
+sqgetGlobalVar('session',$session, $SQ_GLOBAL);
+sqgetGlobalVar('mailbox',$mailbox, $SQ_GLOBAL);
+if(!sqgetGlobalVar('identity',$identity, $SQ_GLOBAL)) {
$identity=0;
}
-sqgetGlobalVar('send_to',$send_to);
-sqgetGlobalVar('send_to_cc',$send_to_cc);
-sqgetGlobalVar('send_to_bcc',$send_to_bcc);
-sqgetGlobalVar('subject',$subject);
-sqgetGlobalVar('body',$body);
-sqgetGlobalVar('mailprio',$mailprio);
-sqgetGlobalVar('request_mdn',$request_mdn);
-sqgetGlobalVar('request_dr',$request_dr);
-sqgetGlobalVar('html_addr_search',$html_addr_search);
-sqgetGlobalVar('mail_sent',$mail_sent);
-sqgetGlobalVar('passed_id',$passed_id);
-sqgetGlobalVar('passed_ent_id',$passed_ent_id);
-sqgetGlobalVar('send',$send);
-
-sqgetGlobalVar('attach',$attach);
-
-sqgetGlobalVar('draft',$draft);
-sqgetGlobalVar('draft_id',$draft_id);
-sqgetGlobalVar('ent_num',$ent_num);
-sqgetGlobalVar('saved_draft',$saved_draft);
+sqgetGlobalVar('send_to',$send_to, $SQ_GLOBAL);
+sqgetGlobalVar('send_to_cc',$send_to_cc, $SQ_GLOBAL);
+sqgetGlobalVar('send_to_bcc',$send_to_bcc, $SQ_GLOBAL);
+sqgetGlobalVar('subject',$subject, $SQ_GLOBAL);
+sqgetGlobalVar('body',$body, $SQ_GLOBAL);
+sqgetGlobalVar('mailprio',$mailprio, $SQ_GLOBAL);
+sqgetGlobalVar('request_mdn',$request_mdn, $SQ_GLOBAL);
+sqgetGlobalVar('request_dr',$request_dr, $SQ_GLOBAL);
+sqgetGlobalVar('html_addr_search',$html_addr_search, $SQ_GLOBAL);
+sqgetGlobalVar('mail_sent',$mail_sent, $SQ_GLOBAL);
+sqgetGlobalVar('passed_id',$passed_id, $SQ_GLOBAL, NULL, SQ_TYPE_BIGINT);
+sqgetGlobalVar('passed_ent_id',$passed_ent_id, $SQ_GLOBAL);
+sqgetGlobalVar('fwduid',$fwduid, $SQ_GLOBAL, '');
+
+sqgetGlobalVar('attach',$attach, SQ_POST);
+sqgetGlobalVar('draft',$draft, SQ_POST);
+sqgetGlobalVar('draft_id',$draft_id, $SQ_GLOBAL);
+sqgetGlobalVar('ent_num',$ent_num, $SQ_GLOBAL);
+sqgetGlobalVar('saved_draft',$saved_draft, SQ_FORM);
if ( sqgetGlobalVar('delete_draft',$delete_draft) ) {
$delete_draft = (int)$delete_draft;
@@ -90,13 +115,12 @@ sqgetGlobalVar('addr_search_cancel', $html_addr_search_cancel, SQ_POST);
sqgetGlobalVar('send_to_search', $send_to_search, SQ_POST);
sqgetGlobalVar('do_delete', $do_delete, SQ_POST);
sqgetGlobalVar('delete', $delete, SQ_POST);
-sqgetGlobalVar('restoremessages', $restoremessages, SQ_POST);
+sqgetGlobalVar('attachments', $attachments, SQ_POST);
if ( sqgetGlobalVar('return', $temp, SQ_POST) ) {
$html_addr_search_done = 'Use Addresses';
}
/** GET VARS */
-sqgetGlobalVar('attachedmessages', $attachedmessages, SQ_GET);
if ( sqgetGlobalVar('account', $temp, SQ_GET) ) {
$iAccount = (int) $temp;
} else {
@@ -115,6 +139,8 @@ if ( !sqgetGlobalVar('smaction',$action) )
if ( sqgetGlobalVar('smaction_edit_new',$tmp) ) $action = 'edit_as_new';
}
+sqgetGlobalVar('smtoken', $submitted_token, $SQ_GLOBAL, '');
+
/**
* Here we decode the data passed in from mailto.php.
*/
@@ -134,7 +160,7 @@ if ( sqgetGlobalVar('mailtodata', $mailtodata, SQ_GET) ) {
unset($mailtodata,$mtdata, $trtable);
}
-/* Location (For HTTP 1.1 Header("Location: ...") redirects) */
+/* Location (For HTTP 1.1 header("Location: ...") redirects) */
$location = get_location();
/* Identities (fetch only once) */
$idents = get_identities();
@@ -147,8 +173,8 @@ function replyAllString($header) {
/**
* 1) Remove the addresses we'll be sending the message 'to'
*/
- if (isset($header->replyto)) {
- $excl_ar = $header->getAddr_a('replyto');
+ if (isset($header->reply_to)) {
+ $excl_ar = $header->getAddr_a('reply_to');
}
/**
* 2) Remove our identities from the CC list (they still can be in the
@@ -171,12 +197,10 @@ function replyAllString($header) {
$url_replytoallcc = '';
foreach( $url_replytoall_ar as $email => $personal) {
if ($personal) {
- // if personal name contains address separator then surround
- // the personal name with double quotes.
- if (strpos($personal,',') !== false) {
- $personal = '"'.$personal.'"';
- }
- $url_replytoallcc .= ", $personal <$email>";
+ // always quote personal name (can't just quote it if
+ // it contains a comma separator, since it might still
+ // be encoded)
+ $url_replytoallcc .= ", \"$personal\" <$email>";
} else {
$url_replytoallcc .= ', '. $email;
}
@@ -217,9 +241,7 @@ function getReplyCitation($orig_from, $orig_date) {
/* Otherwise, try to select the desired citation style. */
switch ($reply_citation_style) {
case 'author_said':
- /**
- * To translators: %s is for author's name
- */
+ // i18n: %s is for author's name
$full_reply_citation = sprintf(_("%s wrote:"),$sOrig_from);
break;
case 'quote_who':
@@ -228,15 +250,14 @@ function getReplyCitation($orig_from, $orig_date) {
$full_reply_citation = $start . $sOrig_from . $end;
break;
case 'date_time_author':
- /**
- * To translators:
- * first %s is for date string, second %s is for author's name. Date uses
- * formating from "D, F j, Y g:i a" and "D, F j, Y H:i" translations.
- * Example string:
- * "On Sat, December 24, 2004 23:59, Santa wrote:"
- * If you have to put author's name in front of date string, check comments about
- * argument swapping at http://www.php.net/sprintf
- */
+ // i18n:
+ // The first %s is for date string, the second %s is for author's name.
+ // The date uses formating from "D, F j, Y g:i a" and "D, F j, Y H:i"
+ // translations.
+ // Example string:
+ // "On Sat, December 24, 2004 23:59, Santa wrote:"
+ // If you have to put author's name in front of date string, check comments about
+ // argument swapping at http://php.net/sprintf
$full_reply_citation = sprintf(_("On %s, %s wrote:"), getLongDateString($orig_date), $sOrig_from);
break;
case 'user-defined':
@@ -285,7 +306,7 @@ function getforwardHeader($orig_header) {
$bodyTop = sq_str_pad(' '._("Original Message").' ',$editor_size -2,'-',STR_PAD_BOTH,$default_charset) .
"\n". $display[_("Subject")] . $subject . "\n" .
$display[_("From")] . $from . "\n" .
- $display[_("Date")] . getLongDateString( $orig_header->date ). "\n" .
+ $display[_("Date")] . getLongDateString( $orig_header->date, $orig_header->date_unparsed ). "\n" .
$display[_("To")] . $to . "\n";
if ($orig_header->cc != array() && $orig_header->cc !='') {
$cc = decodeHeader($orig_header->getAddr_s('cc',"\n$indent"),false,false,true);
@@ -302,33 +323,34 @@ function getforwardHeader($orig_header) {
* If the session is expired during a post this restores the compose session
* vars.
*/
+$session_expired = false;
if (sqsession_is_registered('session_expired_post')) {
sqgetGlobalVar('session_expired_post', $session_expired_post, SQ_SESSION);
/*
* extra check for username so we don't display previous post data from
* another user during this session.
*/
- if ($session_expired_post['username'] != $username) {
- unset($session_expired_post);
- sqsession_unregister('session_expired_post');
- session_write_close();
- } else {
+ if (!empty($session_expired_post['username'])
+ && $session_expired_post['username'] == $username) {
// these are the vars that we can set from the expired composed session
- $compo_var_list = array ( 'send_to', 'send_to_cc','body','startMessage',
- 'passed_body','use_signature','signature','attachments','subject','newmail',
- 'send_to_bcc', 'passed_id', 'mailbox', 'from_htmladdr_search', 'identity',
- 'draft_id', 'delete_draft', 'mailprio', 'edit_as_new', 'compose_messsages',
- 'composesession', 'request_mdn', 'request_dr');
+ $compo_var_list = array ('send_to', 'send_to_cc', 'body',
+ 'startMessage', 'passed_body', 'use_signature', 'signature',
+ 'subject', 'newmail', 'send_to_bcc', 'passed_id', 'mailbox',
+ 'from_htmladdr_search', 'identity', 'draft_id', 'delete_draft',
+ 'mailprio', 'edit_as_new', 'attachments', 'composesession',
+ 'request_mdn', 'request_dr', 'fwduid');
foreach ($compo_var_list as $var) {
if ( isset($session_expired_post[$var]) && !isset($$var) ) {
- $$var = $session_expired_post[$var];
+ $$var = $session_expired_post[$var];
}
}
- $compose_messages = unserialize(urldecode($restoremessages));
- sqsession_register($compose_messages,'compose_messages');
+ if (!empty($attachments))
+ $attachments = unserialize(urldecode($attachments));
+
sqsession_register($composesession,'composesession');
+
if (isset($send)) {
unset($send);
}
@@ -345,15 +367,16 @@ if (sqsession_is_registered('session_expired_post')) {
} else {
$sHeaderJs = (isset($sHeaderJs)) ? $sHeaderJs : '';
if (strpos($action, 'reply') !== false && $reply_focus) {
- $sBodyTagJs = 'onload="checkForm(\''.$replyfocus.'\');"';
+ $sOnload = 'checkForm(\''.$replyfocus.'\');';
} else {
- $sBodyTagJs = 'onload="checkForm();"';
+ $sOnload = 'checkForm();';
}
- displayPageHeader($color, $mailbox,$sHeaderJs,$sBodyTagJs);
+ displayPageHeader($color, $mailbox,$sHeaderJs,$sOnload);
}
showInputForm($session, false);
exit();
}
+
if (!isset($composesession)) {
$composesession = 0;
sqsession_register(0,'composesession');
@@ -367,43 +390,47 @@ if (!isset($session) || (isset($newmessage) && $newmessage)) {
$composesession = $session;
sqsession_register($composesession,'composesession');
}
-if (!isset($compose_messages)) {
- $compose_messages = array();
-}
-
-if (!isset($compose_messages[$session]) || ($compose_messages[$session] == NULL)) {
+if (!empty($compose_messages[$session])) {
+ $composeMessage = $compose_messages[$session];
+} else {
$composeMessage = new Message();
$rfc822_header = new Rfc822Header();
$composeMessage->rfc822_header = $rfc822_header;
$composeMessage->reply_rfc822_header = '';
- $compose_messages[$session] = $composeMessage;
+}
- sqsession_register($compose_messages,'compose_messages');
-} else {
- $composeMessage=$compose_messages[$session];
+// re-add attachments that were already in this message
+// FIXME: note that technically this is very bad form -
+// should never directly manipulate an object like this
+if (!empty($attachments)) {
+ $attachments = unserialize(urldecode($attachments));
+ if (!empty($attachments) && is_array($attachments))
+ $composeMessage->entities = $attachments;
}
-if (!isset($mailbox) || $mailbox == '' || ($mailbox == 'None')) {
+if (empty($mailbox)) {
$mailbox = 'INBOX';
}
if ($draft) {
+
+ // validate security token
+ //
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
/*
* Set $default_charset to correspond with the user's selection
* of language interface.
*/
set_my_charset();
- $composeMessage=$compose_messages[$session];
if (! deliverMessage($composeMessage, true)) {
showInputForm($session);
exit();
} else {
- $compose_messages[$session] = NULL;
- unset($compose_messages[$session]);
$draft_message = _("Draft Email Saved");
/* If this is a resumed draft, then delete the original */
if(isset($delete_draft)) {
- $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, false);
+ $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, false, $imap_stream_options);
sqimap_mailbox_select($imap_stream, $draft_folder);
// force bypass_trash=true because message should be saved when deliverMessage() returns true.
// in current implementation of sqimap_msgs_list_flag() single message id can
@@ -420,8 +447,9 @@ if ($draft) {
if ($compose_new_win == '1') {
if ( !isset($pageheader_sent) || !$pageheader_sent ) {
- Header("Location: $location/compose.php?saved_draft=yes&session=$composesession");
+ header("Location: $location/compose.php?saved_draft=yes&session=$composesession");
} else {
+//FIXME: DON'T ECHO HTML FROM CORE!
echo '