X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fcompose.php;h=a5f1211c87b4ed30abd3cd5165e82a4d619b0779;hb=9ad07d9a69c04bc547a2ace06b6893ec9ead8cbe;hp=4bc00a2fa49e009e8ac8abf00085ebe84ed7d0e9;hpb=c8dc86c977350cb16f70399c55615e6b13c7c182;p=squirrelmail.git diff --git a/src/compose.php b/src/compose.php index 4bc00a2f..a5f1211c 100644 --- a/src/compose.php +++ b/src/compose.php @@ -16,6 +16,9 @@ * @package squirrelmail */ +/** This is the compose page */ +define('PAGE_NAME', 'compose'); + /** * Include the SquirrelMail initialization file. */ @@ -44,9 +47,14 @@ require_once(SM_PATH . 'functions/identity.php'); /** SESSION VARS */ sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION); +sqgetGlobalVar('delayed_errors', $delayed_errors, SQ_SESSION); sqgetGlobalVar('composesession', $composesession, SQ_SESSION); sqgetGlobalVar('compose_messages', $compose_messages, SQ_SESSION); -sqgetGlobalVar('delayed_errors', $delayed_errors, SQ_SESSION); + +// compose_messages only useful in SESSION when a forward-as-attachment +// has been preconstructed for us and passed in via that mechanism; once +// we have it, we can clear it from the SESSION +sqsession_unregister('compose_messages'); // Turn on delayed error handling in case we wind up redirecting below $oErrorHandler->setDelayedErrors(true); @@ -103,7 +111,7 @@ sqgetGlobalVar('addr_search_cancel', $html_addr_search_cancel, SQ_POST); sqgetGlobalVar('send_to_search', $send_to_search, SQ_POST); sqgetGlobalVar('do_delete', $do_delete, SQ_POST); sqgetGlobalVar('delete', $delete, SQ_POST); -sqgetGlobalVar('restoremessages', $restoremessages, SQ_POST); +sqgetGlobalVar('attachments', $attachments, SQ_POST); if ( sqgetGlobalVar('return', $temp, SQ_POST) ) { $html_addr_search_done = 'Use Addresses'; } @@ -314,23 +322,22 @@ function getforwardHeader($orig_header) { * If the session is expired during a post this restores the compose session * vars. */ +$session_expired = false; if (sqsession_is_registered('session_expired_post')) { sqgetGlobalVar('session_expired_post', $session_expired_post, SQ_SESSION); /* * extra check for username so we don't display previous post data from * another user during this session. */ - if ($session_expired_post['username'] != $username) { - unset($session_expired_post); - sqsession_unregister('session_expired_post'); - session_write_close(); - } else { + if (!empty($session_expired_post['username']) + && $session_expired_post['username'] == $username) { // these are the vars that we can set from the expired composed session - $compo_var_list = array ( 'send_to', 'send_to_cc','body','startMessage', - 'passed_body','use_signature','signature','attachments','subject','newmail', - 'send_to_bcc', 'passed_id', 'mailbox', 'from_htmladdr_search', 'identity', - 'draft_id', 'delete_draft', 'mailprio', 'edit_as_new', 'compose_messsages', - 'composesession', 'request_mdn', 'request_dr'); + $compo_var_list = array ('send_to', 'send_to_cc', 'body', + 'startMessage', 'passed_body', 'use_signature', 'signature', + 'subject', 'newmail', 'send_to_bcc', 'passed_id', 'mailbox', + 'from_htmladdr_search', 'identity', 'draft_id', 'delete_draft', + 'mailprio', 'edit_as_new', 'attachments', 'composesession', + 'request_mdn', 'request_dr'); foreach ($compo_var_list as $var) { if ( isset($session_expired_post[$var]) && !isset($$var) ) { @@ -338,9 +345,11 @@ if (sqsession_is_registered('session_expired_post')) { } } - $compose_messages = unserialize($restoremessages); - sqsession_register($compose_messages,'compose_messages'); + if (!empty($attachments)) + $attachments = unserialize(urldecode($attachments)); + sqsession_register($composesession,'composesession'); + if (isset($send)) { unset($send); } @@ -366,6 +375,7 @@ if (sqsession_is_registered('session_expired_post')) { showInputForm($session, false); exit(); } + if (!isset($composesession)) { $composesession = 0; sqsession_register(0,'composesession'); @@ -389,12 +399,19 @@ if (!isset($compose_messages[$session]) || ($compose_messages[$session] == NULL) $composeMessage->rfc822_header = $rfc822_header; $composeMessage->reply_rfc822_header = ''; $compose_messages[$session] = $composeMessage; - - sqsession_register($compose_messages,'compose_messages'); } else { $composeMessage=$compose_messages[$session]; } +// re-add attachments that were already in this message +// FIXME: note that technically this is very bad form - +// should never directly manipulate an object like this +if (!empty($attachments)) { + $attachments = unserialize(urldecode($attachments)); + if (!empty($attachments) && is_array($attachments)) + $composeMessage->entities = $attachments; +} + if (empty($mailbox)) { $mailbox = 'INBOX'; } @@ -405,13 +422,11 @@ if ($draft) { * of language interface. */ set_my_charset(); - $composeMessage=$compose_messages[$session]; + $composeMessage = $compose_messages[$session]; if (! deliverMessage($composeMessage, true)) { showInputForm($session); exit(); } else { - unset($compose_messages[$session]); - sqsession_register($compose_messages,'compose_messages'); $draft_message = _("Draft Email Saved"); /* If this is a resumed draft, then delete the original */ if(isset($delete_draft)) { @@ -520,8 +535,6 @@ if ($send) { showInputForm($session); exit(); } - unset($compose_messages[$session]); - sqsession_register($compose_messages,'compose_messages'); /* if it is resumed draft, delete draft message */ if ( isset($delete_draft)) { @@ -666,7 +679,6 @@ elseif (isset($sigappend)) { } $composeMessage->entities = $new_entities; $compose_messages[$session] = $composeMessage; - sqsession_register($compose_messages, 'compose_messages'); } showInputForm($session); } else { @@ -843,7 +855,7 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se if (count($idents) > 1) { foreach($idents as $nr=>$data) { $enc_from_name = '"'.$data['full_name'].'" <'. $data['email_address'].'>'; - if($enc_from_name == $orig_from) { + if(strtolower($enc_from_name) == strtolower($orig_from)) { $identity = $nr; break; } @@ -989,7 +1001,7 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se * @return object */ function getAttachments($message, &$composeMessage, $passed_id, $entities, $imapConnection) { - global $squirrelmail_language, $languages; + global $squirrelmail_language, $languages, $username, $attachment_dir; if (!count($message->entities) || ($message->type0 == 'message' && $message->type1 == 'rfc822')) { @@ -1018,6 +1030,8 @@ function getAttachments($message, &$composeMessage, $passed_id, $entities, $imap function_exists($languages[$squirrelmail_language]['XTRA_CODE'] . '_encode')) { $filename = call_user_func($languages[$squirrelmail_language]['XTRA_CODE'] . '_encode', $filename); } + + $hashed_attachment_dir = getHashedDir($username, $attachment_dir); $localfilename = sq_get_attach_tempfile(); $message->att_local_name = $localfilename; @@ -1025,7 +1039,7 @@ function getAttachments($message, &$composeMessage, $passed_id, $entities, $imap $localfilename); /* Write Attachment to file */ - $fp = fopen ($localfilename, 'wb'); + $fp = fopen ($hashed_attachment_dir . '/' . $localfilename, 'wb'); mime_print_body_lines ($imapConnection, $passed_id, $message->entity_id, $message->header->encoding, $fp); fclose ($fp); } @@ -1056,8 +1070,10 @@ function getMessage_RFC822_Attachment($message, $composeMessage, $passed_id, array_pop($body_a); $body = implode('', $body_a) . "\r\n"; + global $username, $attachment_dir; + $hashed_attachment_dir = getHashedDir($username, $attachment_dir); $localfilename = sq_get_attach_tempfile(); - $fp = fopen($localfilename, 'wb'); + $fp = fopen($hashed_attachment_dir . '/' . $localfilename, 'wb'); fwrite ($fp, $body); fclose($fp); $composeMessage->initAttachment('message/rfc822',$subject.'.msg', @@ -1068,8 +1084,8 @@ function getMessage_RFC822_Attachment($message, $composeMessage, $passed_id, function showInputForm ($session, $values=false) { global $send_to, $send_to_cc, $send_to_bcc, - $body, $startMessage, $action, - $use_signature, $signature, $prefix_sig, + $body, $startMessage, $action, $attachments, + $use_signature, $signature, $prefix_sig, $session_expired, $editor_size, $editor_height, $subject, $newmail, $use_javascript_addr_book, $passed_id, $mailbox, $from_htmladdr_search, $location_of_buttons, $attachment_dir, @@ -1258,6 +1274,12 @@ function showInputForm ($session, $values=false) { showComposeButtonRow(); } + // composeMessage can be empty when coming from a restored session + if (is_object($composeMessage) && $composeMessage->entities) + $attach_array = $composeMessage->entities; + if ($session_expired && !empty($attachments) && is_array($attachments)) + $attach_array = $attachments; + /* This code is for attachments */ if ((bool) ini_get('file_uploads')) { @@ -1277,9 +1299,10 @@ function showInputForm ($session, $values=false) { } $attach = array(); - // composeMessage can be empty when coming from a restored session - if (is_object($composeMessage) && $composeMessage->entities) { - foreach ($composeMessage->entities as $key => $attachment) { + global $username, $attachment_dir; + $hashed_attachment_dir = getHashedDir($username, $attachment_dir); + if (!empty($attach_array)) { + foreach ($attach_array as $key => $attachment) { $attached_file = $attachment->att_local_name; if ($attachment->att_local_name || $attachment->body_part) { $attached_filename = decodeHeader($attachment->mime_header->getParameter('name')); @@ -1290,7 +1313,7 @@ function showInputForm ($session, $values=false) { $a['Key'] = $key; $a['FileName'] = $attached_filename; $a['ContentType'] = $type; - $a['Size'] = filesize($attached_file); + $a['Size'] = filesize($hashed_attachment_dir . '/' . $attached_file); $attach[$key] = $a; } } @@ -1308,15 +1331,12 @@ function showInputForm ($session, $values=false) { echo addHidden('username', $username). addHidden('smaction', $action). addHidden('mailbox', $mailbox); - /* - store the complete ComposeMessages array in a hidden input value - so we can restore them in case of a session timeout. - */ sqgetGlobalVar('QUERY_STRING', $queryString, SQ_SERVER); //FIXME: no direct echoing to browser, no HTML output in core! - echo addHidden('restoremessages', urlencode(serialize($compose_messages))). - addHidden('composesession', $composesession). + echo addHidden('composesession', $composesession). addHidden('querystring', $queryString). + (!empty($attach_array) ? + addHidden('attachments', urlencode(serialize($attach_array))) : ''). "\n"; if (!(bool) ini_get('file_uploads')) { /* File uploads are off, so we didn't show that part of the form. @@ -1400,19 +1420,21 @@ function checkInput ($show) { /* True if FAILURE */ function saveAttachedFiles($session) { - global $compose_messages; + global $compose_messages, $username, $attachment_dir; /* get out of here if no file was attached at all */ if (! is_uploaded_file($_FILES['attachfile']['tmp_name']) ) { return true; } + $hashed_attachment_dir = getHashedDir($username, $attachment_dir); $localfilename = sq_get_attach_tempfile(); + $fullpath = $hashed_attachment_dir . '/' . $localfilename; // m_u_f works better with restricted PHP installs (safe_mode, open_basedir), // if that doesn't work, try a simple rename. - if (!@move_uploaded_file($_FILES['attachfile']['tmp_name'],$localfilename)) { - if (!@rename($_FILES['attachfile']['tmp_name'], $localfilename)) { + if (!@move_uploaded_file($_FILES['attachfile']['tmp_name'],$fullpath)) { + if (!@rename($_FILES['attachfile']['tmp_name'], $fullpath)) { return true; } } @@ -1421,7 +1443,6 @@ function saveAttachedFiles($session) { $name = $_FILES['attachfile']['name']; $message->initAttachment($type, $name, $localfilename); $compose_messages[$session] = $message; - sqsession_register($compose_messages , 'compose_messages'); } /* parse values like 8M and 2k into bytes */