X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fcompose.php;h=a5f1211c87b4ed30abd3cd5165e82a4d619b0779;hb=8d2d85f59ea194a546f9d843dbaaaea1b76f5ac7;hp=ae4eb311d8f67196ff19a9f326bfc5b75323643f;hpb=567dc5244e08bf50998e3ac590c64674b72de53d;p=squirrelmail.git diff --git a/src/compose.php b/src/compose.php index ae4eb311..a5f1211c 100644 --- a/src/compose.php +++ b/src/compose.php @@ -16,11 +16,21 @@ * @package squirrelmail */ +/** This is the compose page */ +define('PAGE_NAME', 'compose'); + /** * Include the SquirrelMail initialization file. */ require('../include/init.php'); +/* If email_address not set and admin wants us to ask user for it, + * redirect to options page. */ +if ( $ask_user_info && getPref($data_dir, $username,'email_address') == "" ) { + header("Location: " . get_location() . "/options.php?optpage=personal"); + exit; +} + /* SquirrelMail required files. */ require_once(SM_PATH . 'functions/imap_general.php'); require_once(SM_PATH . 'functions/imap_messages.php'); @@ -37,9 +47,14 @@ require_once(SM_PATH . 'functions/identity.php'); /** SESSION VARS */ sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION); +sqgetGlobalVar('delayed_errors', $delayed_errors, SQ_SESSION); sqgetGlobalVar('composesession', $composesession, SQ_SESSION); sqgetGlobalVar('compose_messages', $compose_messages, SQ_SESSION); -sqgetGlobalVar('delayed_errors', $delayed_errors, SQ_SESSION); + +// compose_messages only useful in SESSION when a forward-as-attachment +// has been preconstructed for us and passed in via that mechanism; once +// we have it, we can clear it from the SESSION +sqsession_unregister('compose_messages'); // Turn on delayed error handling in case we wind up redirecting below $oErrorHandler->setDelayedErrors(true); @@ -96,13 +111,12 @@ sqgetGlobalVar('addr_search_cancel', $html_addr_search_cancel, SQ_POST); sqgetGlobalVar('send_to_search', $send_to_search, SQ_POST); sqgetGlobalVar('do_delete', $do_delete, SQ_POST); sqgetGlobalVar('delete', $delete, SQ_POST); -sqgetGlobalVar('restoremessages', $restoremessages, SQ_POST); +sqgetGlobalVar('attachments', $attachments, SQ_POST); if ( sqgetGlobalVar('return', $temp, SQ_POST) ) { $html_addr_search_done = 'Use Addresses'; } /** GET VARS */ -sqgetGlobalVar('attachedmessages', $attachedmessages, SQ_GET); if ( sqgetGlobalVar('account', $temp, SQ_GET) ) { $iAccount = (int) $temp; } else { @@ -308,23 +322,22 @@ function getforwardHeader($orig_header) { * If the session is expired during a post this restores the compose session * vars. */ +$session_expired = false; if (sqsession_is_registered('session_expired_post')) { sqgetGlobalVar('session_expired_post', $session_expired_post, SQ_SESSION); /* * extra check for username so we don't display previous post data from * another user during this session. */ - if ($session_expired_post['username'] != $username) { - unset($session_expired_post); - sqsession_unregister('session_expired_post'); - session_write_close(); - } else { + if (!empty($session_expired_post['username']) + && $session_expired_post['username'] == $username) { // these are the vars that we can set from the expired composed session - $compo_var_list = array ( 'send_to', 'send_to_cc','body','startMessage', - 'passed_body','use_signature','signature','attachments','subject','newmail', - 'send_to_bcc', 'passed_id', 'mailbox', 'from_htmladdr_search', 'identity', - 'draft_id', 'delete_draft', 'mailprio', 'edit_as_new', 'compose_messsages', - 'composesession', 'request_mdn', 'request_dr'); + $compo_var_list = array ('send_to', 'send_to_cc', 'body', + 'startMessage', 'passed_body', 'use_signature', 'signature', + 'subject', 'newmail', 'send_to_bcc', 'passed_id', 'mailbox', + 'from_htmladdr_search', 'identity', 'draft_id', 'delete_draft', + 'mailprio', 'edit_as_new', 'attachments', 'composesession', + 'request_mdn', 'request_dr'); foreach ($compo_var_list as $var) { if ( isset($session_expired_post[$var]) && !isset($$var) ) { @@ -332,9 +345,11 @@ if (sqsession_is_registered('session_expired_post')) { } } - $compose_messages = unserialize(urldecode($restoremessages)); - sqsession_register($compose_messages,'compose_messages'); + if (!empty($attachments)) + $attachments = unserialize(urldecode($attachments)); + sqsession_register($composesession,'composesession'); + if (isset($send)) { unset($send); } @@ -360,6 +375,7 @@ if (sqsession_is_registered('session_expired_post')) { showInputForm($session, false); exit(); } + if (!isset($composesession)) { $composesession = 0; sqsession_register(0,'composesession'); @@ -383,12 +399,19 @@ if (!isset($compose_messages[$session]) || ($compose_messages[$session] == NULL) $composeMessage->rfc822_header = $rfc822_header; $composeMessage->reply_rfc822_header = ''; $compose_messages[$session] = $composeMessage; - - sqsession_register($compose_messages,'compose_messages'); } else { $composeMessage=$compose_messages[$session]; } +// re-add attachments that were already in this message +// FIXME: note that technically this is very bad form - +// should never directly manipulate an object like this +if (!empty($attachments)) { + $attachments = unserialize(urldecode($attachments)); + if (!empty($attachments) && is_array($attachments)) + $composeMessage->entities = $attachments; +} + if (empty($mailbox)) { $mailbox = 'INBOX'; } @@ -399,12 +422,11 @@ if ($draft) { * of language interface. */ set_my_charset(); - $composeMessage=$compose_messages[$session]; + $composeMessage = $compose_messages[$session]; if (! deliverMessage($composeMessage, true)) { showInputForm($session); exit(); } else { - unset($compose_messages[$session]); $draft_message = _("Draft Email Saved"); /* If this is a resumed draft, then delete the original */ if(isset($delete_draft)) { @@ -427,6 +449,7 @@ if ($draft) { if ( !isset($pageheader_sent) || !$pageheader_sent ) { Header("Location: $location/compose.php?saved_draft=yes&session=$composesession"); } else { +//FIXME: DON'T ECHO HTML FROM CORE! echo '

' . _("Return") . '
'; @@ -437,6 +460,7 @@ if ($draft) { Header("Location: $location/right_main.php?mailbox=" . urlencode($draft_folder) . "&startMessage=1¬e=".urlencode($draft_message)); } else { +//FIXME: DON'T ECHO HTML FROM CORE! echo '

' @@ -458,7 +482,7 @@ if ($send) { /* We entered compose via the search results page */ $mailbox = 'INBOX'; /* Send 'em to INBOX, that's safe enough */ } - $urlMailbox = urlencode (trim($mailbox)); + $urlMailbox = urlencode($mailbox); if (! isset($passed_id)) { $passed_id = 0; } @@ -511,7 +535,6 @@ if ($send) { showInputForm($session); exit(); } - unset($compose_messages[$session]); /* if it is resumed draft, delete draft message */ if ( isset($delete_draft)) { @@ -536,6 +559,7 @@ if ($send) { if ( !isset($pageheader_sent) || !$pageheader_sent ) { Header("Location: $location/compose.php?mail_sent=$mail_sent"); } else { +//FIXME: DON'T ECHO HTML FROM CORE! echo '

' . _("Return") . '
'; @@ -546,6 +570,7 @@ if ($send) { Header("Location: $location/right_main.php?mailbox=$urlMailbox". "&startMessage=$startMessage&mail_sent=$mail_sent"); } else { +//FIXME: DON'T ECHO HTML FROM CORE! echo '

" @@ -654,7 +679,6 @@ elseif (isset($sigappend)) { } $composeMessage->entities = $new_entities; $compose_messages[$session] = $composeMessage; - sqsession_register($compose_messages, 'compose_messages'); } showInputForm($session); } else { @@ -722,8 +746,8 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se $use_signature, $data_dir, $username, $key, $imapServerAddress, $imapPort, $compose_messages, $composeMessage, $body_quote, $request_mdn, $request_dr, - $default_use_mdn, $mdn_user_support; - global $languages, $squirrelmail_language, $default_charset; + $mdn_user_support, $languages, $squirrelmail_language, + $default_charset; /* * Set $default_charset to correspond with the user's selection @@ -755,7 +779,7 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se (array(), $alt_order = array('text/plain')); if (!count($entities)) { $entities = $message->entities[0]->findDisplayEntity - (array(), $alt_order = array('text/plain','html/plain')); + (array(), $alt_order = array('text/plain','text/html')); } $orig_header = $message->rfc822_header; /* here is the envelope located */ /* redefine the message for picking up the attachments */ @@ -764,7 +788,7 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se } else { $entities = $message->findDisplayEntity (array(), $alt_order = array('text/plain')); if (!count($entities)) { - $entities = $message->findDisplayEntity (array(), $alt_order = array('text/plain','html/plain')); + $entities = $message->findDisplayEntity (array(), $alt_order = array('text/plain','text/html')); } $orig_header = $message->rfc822_header; } @@ -815,7 +839,6 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se $mailprio = ''; } - $identity = ''; $from_o = $orig_header->from; if (is_array($from_o)) { if (isset($from_o[0])) { @@ -832,7 +855,7 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se if (count($idents) > 1) { foreach($idents as $nr=>$data) { $enc_from_name = '"'.$data['full_name'].'" <'. $data['email_address'].'>'; - if($enc_from_name == $orig_from) { + if(strtolower($enc_from_name) == strtolower($orig_from)) { $identity = $nr; break; } @@ -856,15 +879,7 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se $send_from_parts = new AddressStructure(); $send_from_parts = $orig_header->parseAddress($send_from); $send_from_add = $send_from_parts->mailbox . '@' . $send_from_parts->host; - $identities = get_identities(); - if (count($identities) > 0) { - foreach($identities as $iddata) { - if ($send_from_add == $iddata['email_address']) { - $identity = $iddata['index']; - break; - } - } - } + $identity = find_identity(array($send_from_add)); $subject = decodeHeader($orig_header->subject,false,false,true); // Remember the receipt settings @@ -986,7 +1001,7 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se * @return object */ function getAttachments($message, &$composeMessage, $passed_id, $entities, $imapConnection) { - global $squirrelmail_language, $languages; + global $squirrelmail_language, $languages, $username, $attachment_dir; if (!count($message->entities) || ($message->type0 == 'message' && $message->type1 == 'rfc822')) { @@ -1015,6 +1030,8 @@ function getAttachments($message, &$composeMessage, $passed_id, $entities, $imap function_exists($languages[$squirrelmail_language]['XTRA_CODE'] . '_encode')) { $filename = call_user_func($languages[$squirrelmail_language]['XTRA_CODE'] . '_encode', $filename); } + + $hashed_attachment_dir = getHashedDir($username, $attachment_dir); $localfilename = sq_get_attach_tempfile(); $message->att_local_name = $localfilename; @@ -1022,7 +1039,7 @@ function getAttachments($message, &$composeMessage, $passed_id, $entities, $imap $localfilename); /* Write Attachment to file */ - $fp = fopen ($localfilename, 'wb'); + $fp = fopen ($hashed_attachment_dir . '/' . $localfilename, 'wb'); mime_print_body_lines ($imapConnection, $passed_id, $message->entity_id, $message->header->encoding, $fp); fclose ($fp); } @@ -1053,8 +1070,10 @@ function getMessage_RFC822_Attachment($message, $composeMessage, $passed_id, array_pop($body_a); $body = implode('', $body_a) . "\r\n"; + global $username, $attachment_dir; + $hashed_attachment_dir = getHashedDir($username, $attachment_dir); $localfilename = sq_get_attach_tempfile(); - $fp = fopen($localfilename, 'wb'); + $fp = fopen($hashed_attachment_dir . '/' . $localfilename, 'wb'); fwrite ($fp, $body); fclose($fp); $composeMessage->initAttachment('message/rfc822',$subject.'.msg', @@ -1064,10 +1083,11 @@ function getMessage_RFC822_Attachment($message, $composeMessage, $passed_id, } function showInputForm ($session, $values=false) { - global $send_to, $send_to_cc, $body, $startMessage, $action, - $color, $use_signature, $signature, $prefix_sig, + global $send_to, $send_to_cc, $send_to_bcc, + $body, $startMessage, $action, $attachments, + $use_signature, $signature, $prefix_sig, $session_expired, $editor_size, $editor_height, $subject, $newmail, - $use_javascript_addr_book, $send_to_bcc, $passed_id, $mailbox, + $use_javascript_addr_book, $passed_id, $mailbox, $from_htmladdr_search, $location_of_buttons, $attachment_dir, $username, $data_dir, $identity, $idents, $delete_draft, $mailprio, $compose_new_win, $saved_draft, $mail_sent, $sig_first, @@ -1099,6 +1119,7 @@ function showInputForm ($session, $values=false) { } if ($use_javascript_addr_book) { +//FIXME: NO HTML IN CORE! echo "\n". '\n\n"; } +//FIXME: NO HTML IN CORE! echo "\n" . '
\n"; +//FIXME: DON'T ECHO HTML FROM CORE! echo addHidden('startMessage', $startMessage); if ($action == 'draft') { +//FIXME: DON'T ECHO HTML FROM CORE! echo addHidden('delete_draft', $passed_id); } if (isset($delete_draft)) { +//FIXME: DON'T ECHO HTML FROM CORE! echo addHidden('delete_draft', $delete_draft); } if (isset($session)) { +//FIXME: DON'T ECHO HTML FROM CORE! echo addHidden('session', $session); } if (isset($passed_id)) { +//FIXME: DON'T ECHO HTML FROM CORE! echo addHidden('passed_id', $passed_id); } @@ -1174,6 +1203,7 @@ function showInputForm ($session, $values=false) { } if ($location_of_buttons == 'top') { +//FIXME: DON'T ECHO HTML FROM CORE! showComposeButtonRow(); } @@ -1197,6 +1227,7 @@ function showInputForm ($session, $values=false) { $oTemplate->display('compose_header.tpl'); if ($location_of_buttons == 'between') { +//FIXME: DON'T ECHO HTML FROM CORE! showComposeButtonRow(); } @@ -1239,9 +1270,16 @@ function showInputForm ($session, $values=false) { $oTemplate->display ('compose_body.tpl'); if ($location_of_buttons == 'bottom') { +//FIXME: DON'T ECHO HTML FROM CORE! showComposeButtonRow(); } + // composeMessage can be empty when coming from a restored session + if (is_object($composeMessage) && $composeMessage->entities) + $attach_array = $composeMessage->entities; + if ($session_expired && !empty($attachments) && is_array($attachments)) + $attach_array = $attachments; + /* This code is for attachments */ if ((bool) ini_get('file_uploads')) { @@ -1261,8 +1299,10 @@ function showInputForm ($session, $values=false) { } $attach = array(); - if ($composeMessage->entities) { - foreach ($composeMessage->entities as $key => $attachment) { + global $username, $attachment_dir; + $hashed_attachment_dir = getHashedDir($username, $attachment_dir); + if (!empty($attach_array)) { + foreach ($attach_array as $key => $attachment) { $attached_file = $attachment->att_local_name; if ($attachment->att_local_name || $attachment->body_part) { $attached_filename = decodeHeader($attachment->mime_header->getParameter('name')); @@ -1273,7 +1313,7 @@ function showInputForm ($session, $values=false) { $a['Key'] = $key; $a['FileName'] = $attached_filename; $a['ContentType'] = $type; - $a['Size'] = filesize($attached_file); + $a['Size'] = filesize($hashed_attachment_dir . '/' . $attached_file); $attach[$key] = $a; } } @@ -1291,15 +1331,12 @@ function showInputForm ($session, $values=false) { echo addHidden('username', $username). addHidden('smaction', $action). addHidden('mailbox', $mailbox); - /* - store the complete ComposeMessages array in a hidden input value - so we can restore them in case of a session timeout. - */ sqgetGlobalVar('QUERY_STRING', $queryString, SQ_SERVER); //FIXME: no direct echoing to browser, no HTML output in core! - echo addHidden('restoremessages', urlencode(serialize($compose_messages))). - addHidden('composesession', $composesession). + echo addHidden('composesession', $composesession). addHidden('querystring', $queryString). + (!empty($attach_array) ? + addHidden('attachments', urlencode(serialize($attach_array))) : ''). "
\n"; if (!(bool) ini_get('file_uploads')) { /* File uploads are off, so we didn't show that part of the form. @@ -1366,9 +1403,12 @@ function checkInput ($show) { * using $show=false, and then when i'm ready to display the error * message, show=true */ - global $send_to, $send_to_bcc; + global $send_to, $send_to_cc, $send_to_bcc; - if ($send_to == '' && $send_to_bcc == '') { + $send_to = trim($send_to); + $send_to_cc = trim($send_to_cc); + $send_to_bcc = trim($send_to_bcc); + if (empty($send_to) && empty($send_to_cc) && empty($send_to_bcc)) { if ($show) { plain_error_message(_("You have not filled in the \"To:\" field.")); } @@ -1380,19 +1420,21 @@ function checkInput ($show) { /* True if FAILURE */ function saveAttachedFiles($session) { - global $compose_messages; + global $compose_messages, $username, $attachment_dir; /* get out of here if no file was attached at all */ if (! is_uploaded_file($_FILES['attachfile']['tmp_name']) ) { return true; } + $hashed_attachment_dir = getHashedDir($username, $attachment_dir); $localfilename = sq_get_attach_tempfile(); + $fullpath = $hashed_attachment_dir . '/' . $localfilename; // m_u_f works better with restricted PHP installs (safe_mode, open_basedir), // if that doesn't work, try a simple rename. - if (!@move_uploaded_file($_FILES['attachfile']['tmp_name'],$localfilename)) { - if (!@rename($_FILES['attachfile']['tmp_name'], $localfilename)) { + if (!@move_uploaded_file($_FILES['attachfile']['tmp_name'],$fullpath)) { + if (!@rename($_FILES['attachfile']['tmp_name'], $fullpath)) { return true; } } @@ -1401,7 +1443,6 @@ function saveAttachedFiles($session) { $name = $_FILES['attachfile']['name']; $message->initAttachment($type, $name, $localfilename); $compose_messages[$session] = $message; - sqsession_register($compose_messages , 'compose_messages'); } /* parse values like 8M and 2k into bytes */ @@ -1443,10 +1484,10 @@ function getByteSize($ini_size) { */ function deliverMessage($composeMessage, $draft=false) { global $send_to, $send_to_cc, $send_to_bcc, $mailprio, $subject, $body, - $username, $popuser, $usernamedata, $identity, $idents, $data_dir, - $request_mdn, $request_dr, $default_charset, $color, $useSendmail, - $domain, $action, $default_move_to_sent, $move_to_sent; - global $imapServerAddress, $imapPort, $sent_folder, $key; + $username, $identity, $idents, $data_dir, + $request_mdn, $request_dr, $default_charset, $useSendmail, + $domain, $action, $default_move_to_sent, $move_to_sent, + $imapServerAddress, $imapPort, $sent_folder, $key; $rfc822_header = $composeMessage->rfc822_header; @@ -1468,45 +1509,24 @@ function deliverMessage($composeMessage, $draft=false) { } $composeMessage->setBody($body); - if (ereg("^([^@%/]+)[@%/](.+)$", $username, $usernamedata)) { - $popuser = $usernamedata[1]; - $domain = $usernamedata[2]; - unset($usernamedata); - } else { - $popuser = $username; - } $reply_to = ''; - $from_mail = $idents[$identity]['email_address']; - $full_name = $idents[$identity]['full_name']; $reply_to = $idents[$identity]['reply_to']; - if (!$from_mail) { - $from_mail = "$popuser@$domain"; - } - $rfc822_header->from = $rfc822_header->parseAddress($from_mail,true); - if ($full_name) { - $from = $rfc822_header->from[0]; - if (!$from->host) $from->host = $domain; - $full_name_encoded = encodeHeader($full_name); - if ($full_name_encoded != $full_name) { - $from_addr = $full_name_encoded .' <'.$from->mailbox.'@'.$from->host.'>'; - } else { - $from_addr = '"'.$full_name .'" <'.$from->mailbox.'@'.$from->host.'>'; - } - $rfc822_header->from = $rfc822_header->parseAddress($from_addr,true); - } + + $from_addr = build_from_header($identity); + $rfc822_header->from = $rfc822_header->parseAddress($from_addr,true); if ($reply_to) { $rfc822_header->reply_to = $rfc822_header->parseAddress($reply_to,true); } /* Receipt: On Read */ if (isset($request_mdn) && $request_mdn) { - $rfc822_header->dnt = $rfc822_header->parseAddress($from_mail,true); + $rfc822_header->dnt = $rfc822_header->parseAddress($from_addr,true); } elseif (isset($rfc822_header->dnt)) { unset($rfc822_header->dnt); } /* Receipt: On Delivery */ if (isset($request_dr) && $request_dr) { - $rfc822_header->more_headers['Return-Receipt-To'] = $from_mail; + $rfc822_header->more_headers['Return-Receipt-To'] = $from->mailbox.'@'.$from->domain; } elseif (isset($rfc822_header->more_headers['Return-Receipt-To'])) { unset($rfc822_header->more_headers['Return-Receipt-To']); } @@ -1636,8 +1656,8 @@ function deliverMessage($composeMessage, $draft=false) { $lcl_allow_sent = false; } + global $passed_id, $mailbox; if (($fld_sent && $svr_allow_sent && !$lcl_allow_sent) || ($fld_sent && $lcl_allow_sent)) { - global $passed_id, $mailbox, $action; if ($action == 'reply' || $action == 'reply_all') { $save_reply_with_orig=getPref($data_dir,$username,'save_reply_with_orig'); if ($save_reply_with_orig) { @@ -1652,7 +1672,7 @@ function deliverMessage($composeMessage, $draft=false) { unset ($imap_deliver); } - global $passed_id, $mailbox, $action, $what, $iAccount,$startMessage; + global $what, $iAccount, $startMessage; $composeMessage->purgeAttachments(); if ($action=='reply' || $action=='reply_all' || $action=='forward' || $action=='forward_as_attachment') { @@ -1704,4 +1724,3 @@ function deliverMessage($composeMessage, $draft=false) { } return $success; } -?>