X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fcompose.php;h=a5f1211c87b4ed30abd3cd5165e82a4d619b0779;hb=9ad07d9a69c04bc547a2ace06b6893ec9ead8cbe;hp=1a44f25bb9c2ff52a9e43a191ee428bc83724a13;hpb=856e58ef5660063838b0ad5e457dcfeea195f8a2;p=squirrelmail.git diff --git a/src/compose.php b/src/compose.php index 1a44f25b..a5f1211c 100644 --- a/src/compose.php +++ b/src/compose.php @@ -16,11 +16,21 @@ * @package squirrelmail */ +/** This is the compose page */ +define('PAGE_NAME', 'compose'); + /** * Include the SquirrelMail initialization file. */ require('../include/init.php'); +/* If email_address not set and admin wants us to ask user for it, + * redirect to options page. */ +if ( $ask_user_info && getPref($data_dir, $username,'email_address') == "" ) { + header("Location: " . get_location() . "/options.php?optpage=personal"); + exit; +} + /* SquirrelMail required files. */ require_once(SM_PATH . 'functions/imap_general.php'); require_once(SM_PATH . 'functions/imap_messages.php'); @@ -37,9 +47,14 @@ require_once(SM_PATH . 'functions/identity.php'); /** SESSION VARS */ sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION); +sqgetGlobalVar('delayed_errors', $delayed_errors, SQ_SESSION); sqgetGlobalVar('composesession', $composesession, SQ_SESSION); sqgetGlobalVar('compose_messages', $compose_messages, SQ_SESSION); -sqgetGlobalVar('delayed_errors', $delayed_errors, SQ_SESSION); + +// compose_messages only useful in SESSION when a forward-as-attachment +// has been preconstructed for us and passed in via that mechanism; once +// we have it, we can clear it from the SESSION +sqsession_unregister('compose_messages'); // Turn on delayed error handling in case we wind up redirecting below $oErrorHandler->setDelayedErrors(true); @@ -96,13 +111,12 @@ sqgetGlobalVar('addr_search_cancel', $html_addr_search_cancel, SQ_POST); sqgetGlobalVar('send_to_search', $send_to_search, SQ_POST); sqgetGlobalVar('do_delete', $do_delete, SQ_POST); sqgetGlobalVar('delete', $delete, SQ_POST); -sqgetGlobalVar('restoremessages', $restoremessages, SQ_POST); +sqgetGlobalVar('attachments', $attachments, SQ_POST); if ( sqgetGlobalVar('return', $temp, SQ_POST) ) { $html_addr_search_done = 'Use Addresses'; } /** GET VARS */ -sqgetGlobalVar('attachedmessages', $attachedmessages, SQ_GET); if ( sqgetGlobalVar('account', $temp, SQ_GET) ) { $iAccount = (int) $temp; } else { @@ -308,23 +322,22 @@ function getforwardHeader($orig_header) { * If the session is expired during a post this restores the compose session * vars. */ +$session_expired = false; if (sqsession_is_registered('session_expired_post')) { sqgetGlobalVar('session_expired_post', $session_expired_post, SQ_SESSION); /* * extra check for username so we don't display previous post data from * another user during this session. */ - if ($session_expired_post['username'] != $username) { - unset($session_expired_post); - sqsession_unregister('session_expired_post'); - session_write_close(); - } else { + if (!empty($session_expired_post['username']) + && $session_expired_post['username'] == $username) { // these are the vars that we can set from the expired composed session - $compo_var_list = array ( 'send_to', 'send_to_cc','body','startMessage', - 'passed_body','use_signature','signature','attachments','subject','newmail', - 'send_to_bcc', 'passed_id', 'mailbox', 'from_htmladdr_search', 'identity', - 'draft_id', 'delete_draft', 'mailprio', 'edit_as_new', 'compose_messsages', - 'composesession', 'request_mdn', 'request_dr'); + $compo_var_list = array ('send_to', 'send_to_cc', 'body', + 'startMessage', 'passed_body', 'use_signature', 'signature', + 'subject', 'newmail', 'send_to_bcc', 'passed_id', 'mailbox', + 'from_htmladdr_search', 'identity', 'draft_id', 'delete_draft', + 'mailprio', 'edit_as_new', 'attachments', 'composesession', + 'request_mdn', 'request_dr'); foreach ($compo_var_list as $var) { if ( isset($session_expired_post[$var]) && !isset($$var) ) { @@ -332,9 +345,11 @@ if (sqsession_is_registered('session_expired_post')) { } } - $compose_messages = unserialize($restoremessages); - sqsession_register($compose_messages,'compose_messages'); + if (!empty($attachments)) + $attachments = unserialize(urldecode($attachments)); + sqsession_register($composesession,'composesession'); + if (isset($send)) { unset($send); } @@ -360,6 +375,7 @@ if (sqsession_is_registered('session_expired_post')) { showInputForm($session, false); exit(); } + if (!isset($composesession)) { $composesession = 0; sqsession_register(0,'composesession'); @@ -383,12 +399,19 @@ if (!isset($compose_messages[$session]) || ($compose_messages[$session] == NULL) $composeMessage->rfc822_header = $rfc822_header; $composeMessage->reply_rfc822_header = ''; $compose_messages[$session] = $composeMessage; - - sqsession_register($compose_messages,'compose_messages'); } else { $composeMessage=$compose_messages[$session]; } +// re-add attachments that were already in this message +// FIXME: note that technically this is very bad form - +// should never directly manipulate an object like this +if (!empty($attachments)) { + $attachments = unserialize(urldecode($attachments)); + if (!empty($attachments) && is_array($attachments)) + $composeMessage->entities = $attachments; +} + if (empty($mailbox)) { $mailbox = 'INBOX'; } @@ -399,12 +422,11 @@ if ($draft) { * of language interface. */ set_my_charset(); - $composeMessage=$compose_messages[$session]; + $composeMessage = $compose_messages[$session]; if (! deliverMessage($composeMessage, true)) { showInputForm($session); exit(); } else { - unset($compose_messages[$session]); $draft_message = _("Draft Email Saved"); /* If this is a resumed draft, then delete the original */ if(isset($delete_draft)) { @@ -427,6 +449,7 @@ if ($draft) { if ( !isset($pageheader_sent) || !$pageheader_sent ) { Header("Location: $location/compose.php?saved_draft=yes&session=$composesession"); } else { +//FIXME: DON'T ECHO HTML FROM CORE! echo '

' . _("Return") . '
'; @@ -437,6 +460,7 @@ if ($draft) { Header("Location: $location/right_main.php?mailbox=" . urlencode($draft_folder) . "&startMessage=1¬e=".urlencode($draft_message)); } else { +//FIXME: DON'T ECHO HTML FROM CORE! echo '

' @@ -458,7 +482,7 @@ if ($send) { /* We entered compose via the search results page */ $mailbox = 'INBOX'; /* Send 'em to INBOX, that's safe enough */ } - $urlMailbox = urlencode (trim($mailbox)); + $urlMailbox = urlencode($mailbox); if (! isset($passed_id)) { $passed_id = 0; } @@ -511,7 +535,6 @@ if ($send) { showInputForm($session); exit(); } - unset($compose_messages[$session]); /* if it is resumed draft, delete draft message */ if ( isset($delete_draft)) { @@ -536,6 +559,7 @@ if ($send) { if ( !isset($pageheader_sent) || !$pageheader_sent ) { Header("Location: $location/compose.php?mail_sent=$mail_sent"); } else { +//FIXME: DON'T ECHO HTML FROM CORE! echo '

' . _("Return") . '
'; @@ -546,6 +570,7 @@ if ($send) { Header("Location: $location/right_main.php?mailbox=$urlMailbox". "&startMessage=$startMessage&mail_sent=$mail_sent"); } else { +//FIXME: DON'T ECHO HTML FROM CORE! echo '

" @@ -654,7 +679,6 @@ elseif (isset($sigappend)) { } $composeMessage->entities = $new_entities; $compose_messages[$session] = $composeMessage; - sqsession_register($compose_messages, 'compose_messages'); } showInputForm($session); } else { @@ -831,7 +855,7 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se if (count($idents) > 1) { foreach($idents as $nr=>$data) { $enc_from_name = '"'.$data['full_name'].'" <'. $data['email_address'].'>'; - if($enc_from_name == $orig_from) { + if(strtolower($enc_from_name) == strtolower($orig_from)) { $identity = $nr; break; } @@ -977,7 +1001,7 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se * @return object */ function getAttachments($message, &$composeMessage, $passed_id, $entities, $imapConnection) { - global $squirrelmail_language, $languages; + global $squirrelmail_language, $languages, $username, $attachment_dir; if (!count($message->entities) || ($message->type0 == 'message' && $message->type1 == 'rfc822')) { @@ -1006,6 +1030,8 @@ function getAttachments($message, &$composeMessage, $passed_id, $entities, $imap function_exists($languages[$squirrelmail_language]['XTRA_CODE'] . '_encode')) { $filename = call_user_func($languages[$squirrelmail_language]['XTRA_CODE'] . '_encode', $filename); } + + $hashed_attachment_dir = getHashedDir($username, $attachment_dir); $localfilename = sq_get_attach_tempfile(); $message->att_local_name = $localfilename; @@ -1013,7 +1039,7 @@ function getAttachments($message, &$composeMessage, $passed_id, $entities, $imap $localfilename); /* Write Attachment to file */ - $fp = fopen ($localfilename, 'wb'); + $fp = fopen ($hashed_attachment_dir . '/' . $localfilename, 'wb'); mime_print_body_lines ($imapConnection, $passed_id, $message->entity_id, $message->header->encoding, $fp); fclose ($fp); } @@ -1044,8 +1070,10 @@ function getMessage_RFC822_Attachment($message, $composeMessage, $passed_id, array_pop($body_a); $body = implode('', $body_a) . "\r\n"; + global $username, $attachment_dir; + $hashed_attachment_dir = getHashedDir($username, $attachment_dir); $localfilename = sq_get_attach_tempfile(); - $fp = fopen($localfilename, 'wb'); + $fp = fopen($hashed_attachment_dir . '/' . $localfilename, 'wb'); fwrite ($fp, $body); fclose($fp); $composeMessage->initAttachment('message/rfc822',$subject.'.msg', @@ -1056,8 +1084,8 @@ function getMessage_RFC822_Attachment($message, $composeMessage, $passed_id, function showInputForm ($session, $values=false) { global $send_to, $send_to_cc, $send_to_bcc, - $body, $startMessage, $action, - $use_signature, $signature, $prefix_sig, + $body, $startMessage, $action, $attachments, + $use_signature, $signature, $prefix_sig, $session_expired, $editor_size, $editor_height, $subject, $newmail, $use_javascript_addr_book, $passed_id, $mailbox, $from_htmladdr_search, $location_of_buttons, $attachment_dir, @@ -1091,6 +1119,7 @@ function showInputForm ($session, $values=false) { } if ($use_javascript_addr_book) { +//FIXME: NO HTML IN CORE! echo "\n". '\n\n"; } +//FIXME: NO HTML IN CORE! echo "\n" . '
\n"; +//FIXME: DON'T ECHO HTML FROM CORE! echo addHidden('startMessage', $startMessage); if ($action == 'draft') { +//FIXME: DON'T ECHO HTML FROM CORE! echo addHidden('delete_draft', $passed_id); } if (isset($delete_draft)) { +//FIXME: DON'T ECHO HTML FROM CORE! echo addHidden('delete_draft', $delete_draft); } if (isset($session)) { +//FIXME: DON'T ECHO HTML FROM CORE! echo addHidden('session', $session); } if (isset($passed_id)) { +//FIXME: DON'T ECHO HTML FROM CORE! echo addHidden('passed_id', $passed_id); } @@ -1166,6 +1203,7 @@ function showInputForm ($session, $values=false) { } if ($location_of_buttons == 'top') { +//FIXME: DON'T ECHO HTML FROM CORE! showComposeButtonRow(); } @@ -1189,6 +1227,7 @@ function showInputForm ($session, $values=false) { $oTemplate->display('compose_header.tpl'); if ($location_of_buttons == 'between') { +//FIXME: DON'T ECHO HTML FROM CORE! showComposeButtonRow(); } @@ -1231,9 +1270,16 @@ function showInputForm ($session, $values=false) { $oTemplate->display ('compose_body.tpl'); if ($location_of_buttons == 'bottom') { +//FIXME: DON'T ECHO HTML FROM CORE! showComposeButtonRow(); } + // composeMessage can be empty when coming from a restored session + if (is_object($composeMessage) && $composeMessage->entities) + $attach_array = $composeMessage->entities; + if ($session_expired && !empty($attachments) && is_array($attachments)) + $attach_array = $attachments; + /* This code is for attachments */ if ((bool) ini_get('file_uploads')) { @@ -1253,9 +1299,10 @@ function showInputForm ($session, $values=false) { } $attach = array(); - // composeMessage can be empty when coming from a restored session - if (is_object($composeMessage) && $composeMessage->entities) { - foreach ($composeMessage->entities as $key => $attachment) { + global $username, $attachment_dir; + $hashed_attachment_dir = getHashedDir($username, $attachment_dir); + if (!empty($attach_array)) { + foreach ($attach_array as $key => $attachment) { $attached_file = $attachment->att_local_name; if ($attachment->att_local_name || $attachment->body_part) { $attached_filename = decodeHeader($attachment->mime_header->getParameter('name')); @@ -1266,7 +1313,7 @@ function showInputForm ($session, $values=false) { $a['Key'] = $key; $a['FileName'] = $attached_filename; $a['ContentType'] = $type; - $a['Size'] = filesize($attached_file); + $a['Size'] = filesize($hashed_attachment_dir . '/' . $attached_file); $attach[$key] = $a; } } @@ -1284,15 +1331,12 @@ function showInputForm ($session, $values=false) { echo addHidden('username', $username). addHidden('smaction', $action). addHidden('mailbox', $mailbox); - /* - store the complete ComposeMessages array in a hidden input value - so we can restore them in case of a session timeout. - */ sqgetGlobalVar('QUERY_STRING', $queryString, SQ_SERVER); //FIXME: no direct echoing to browser, no HTML output in core! - echo addHidden('restoremessages', urlencode(serialize($compose_messages))). - addHidden('composesession', $composesession). + echo addHidden('composesession', $composesession). addHidden('querystring', $queryString). + (!empty($attach_array) ? + addHidden('attachments', urlencode(serialize($attach_array))) : ''). "
\n"; if (!(bool) ini_get('file_uploads')) { /* File uploads are off, so we didn't show that part of the form. @@ -1359,9 +1403,12 @@ function checkInput ($show) { * using $show=false, and then when i'm ready to display the error * message, show=true */ - global $send_to, $send_to_bcc; + global $send_to, $send_to_cc, $send_to_bcc; - if ($send_to == '' && $send_to_bcc == '') { + $send_to = trim($send_to); + $send_to_cc = trim($send_to_cc); + $send_to_bcc = trim($send_to_bcc); + if (empty($send_to) && empty($send_to_cc) && empty($send_to_bcc)) { if ($show) { plain_error_message(_("You have not filled in the \"To:\" field.")); } @@ -1373,19 +1420,21 @@ function checkInput ($show) { /* True if FAILURE */ function saveAttachedFiles($session) { - global $compose_messages; + global $compose_messages, $username, $attachment_dir; /* get out of here if no file was attached at all */ if (! is_uploaded_file($_FILES['attachfile']['tmp_name']) ) { return true; } + $hashed_attachment_dir = getHashedDir($username, $attachment_dir); $localfilename = sq_get_attach_tempfile(); + $fullpath = $hashed_attachment_dir . '/' . $localfilename; // m_u_f works better with restricted PHP installs (safe_mode, open_basedir), // if that doesn't work, try a simple rename. - if (!@move_uploaded_file($_FILES['attachfile']['tmp_name'],$localfilename)) { - if (!@rename($_FILES['attachfile']['tmp_name'], $localfilename)) { + if (!@move_uploaded_file($_FILES['attachfile']['tmp_name'],$fullpath)) { + if (!@rename($_FILES['attachfile']['tmp_name'], $fullpath)) { return true; } } @@ -1394,7 +1443,6 @@ function saveAttachedFiles($session) { $name = $_FILES['attachfile']['name']; $message->initAttachment($type, $name, $localfilename); $compose_messages[$session] = $message; - sqsession_register($compose_messages , 'compose_messages'); } /* parse values like 8M and 2k into bytes */