X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fcompose.php;h=eb6dbcf86da664b403f48c6d5a0bbf45cf932f68;hb=f17728d175ccf6056977ef6443e65701c04417e2;hp=f31aff053cfc5356dc655ed4050fef9816942f7e;hpb=fb6ce88e3eac7cdb0d21796cd771ebfa1c747e92;p=squirrelmail.git

diff --git a/src/compose.php b/src/compose.php
index f31aff05..eb6dbcf8 100644
--- a/src/compose.php
+++ b/src/compose.php
@@ -11,49 +11,45 @@
     **  - Start new mail
     **  - Add an attachment
     **  - Send mail
+    **
+    ** $Id$
     **/
 
-   session_start();
-
-   if (!isset($config_php))
-      include("../config/config.php");
-   if (!isset($strings_php))
-      include("../functions/strings.php");
-   if (!isset($page_header_php))
-      include("../functions/page_header.php");
-   if (!isset($imap_php))
-      include("../functions/imap.php");
-   if (!isset($date_php))
-      include("../functions/date.php");
-   if (!isset($mime_php))
-      include("../functions/mime.php");
-   if (!isset($smtp_php))
-      include("../functions/smtp.php");
-   if (!isset($display_messages_php))
-      include("../functions/display_messages.php");
-   if (!isset($auth_php))
-      include ("../functions/auth.php");
-   if (!isset($plugin_php))
-      include ("../functions/plugin.php");
-
+   include('../src/validate.php');
+   include("../functions/strings.php");
+   include("../config/config.php");
+   include("../functions/page_header.php");
+   include("../functions/imap.php");
+   include("../functions/date.php");
+   include("../functions/mime.php");
+   include("../functions/smtp.php");
+   include("../functions/display_messages.php");
+   include ("../functions/plugin.php");
    include("../src/load_prefs.php");
 
+   if (!isset($attachments))
+   {
+       $attachments = array();
+       session_register('attachments');
+   }
+
+
    // This function is used when not sending or adding attachments
    function newMail () {
       global $forward_id, $imapConnection, $msg, $ent_num, $body_ary, $body,
          $reply_id, $send_to, $send_to_cc, $mailbox, $send_to_bcc, $editor_size;
 
-      $send_to = sqStripSlashes(decodeHeader($send_to));
-      $send_to_cc = sqStripSlashes(decodeHeader($send_to_cc));
-      $send_to_bcc = sqStripSlashes(decodeHeader($send_to_bcc));
+      $send_to = decodeHeader($send_to);
+      $send_to_cc = decodeHeader($send_to_cc);
+      $send_to_bcc = decodeHeader($send_to_bcc);
 
       if ($forward_id)
          $id = $forward_id;
-      else if ($reply_id)
+      elseif ($reply_id)
          $id = $reply_id;
 
 
-      if ($id) {
+      if (isset($id)) {
          sqimap_mailbox_select($imapConnection, $mailbox);
          $message = sqimap_get_message($imapConnection, $id, $mailbox);
          $orig_header = $message->header;
@@ -68,22 +64,22 @@
          } else {
             $body = "";
          }
-         
+	 
          if ($message->header->type1 == "html")
             $body = strip_tags($body);
-         
+
          sqUnWordWrap($body);   
          $body_ary = explode("\n", $body);
          $i = count($body_ary) - 1;
-         while (isset($body_ary[$i]) && ereg("^[>\s]*$", $body_ary[$i])) {
+         while ($i >= 0 && ereg("^[>\\s]*$", $body_ary[$i])) {
             unset($body_ary[$i]);
             $i --;
          }
          $body = "";
-         for ($i=0; $i < count($body_ary); $i++) {
+         for ($i=0; isset($body_ary[$i]); $i++) {
             if (! $forward_id)
             {
-                if (ereg('^[\s>]+', $body_ary[$i]))
+                if (ereg('^[\\s>]+', $body_ary[$i]))
                 {
                     $body_ary[$i] = '>' . $body_ary[$i];
                 }
@@ -94,7 +90,7 @@
             }
             sqWordWrap($body_ary[$i], $editor_size - 1);
             $body .= $body_ary[$i] . "\n";
-            $body_ary[$i] = '';
+	    unset($body_ary[$i]);
          }
          if ($forward_id)
          {
@@ -111,9 +107,6 @@
              $body = $bodyTop . $body;
          }
          
-         $body = ereg_replace('\\\\', '\\\\', $body);
-
-         sqimap_mailbox_close($imapConnection);
          return;
       }
 
@@ -150,17 +143,59 @@
       }
    } // function newMail()
 
+   function getAttachments($message) {
+      global $mailbox, $attachments, $attachment_dir, $imapConnection,
+             $ent_num, $forward_id;
+
+      if (!$message) {
+           sqimap_mailbox_select($imapConnection, $mailbox);
+           $message = sqimap_get_message($imapConnection, $forward_id, 
+	       $mailbox);
+      }
+      
+      if (count($message->entities) == 0) {
+          if ($message->header->entity_id != $ent_num) {
+              $filename = decodeHeader($message->header->filename);
+      
+              if ($filename == "")
+                  $filename = "untitled-".$message->header->entity_id;
+      
+              $localfilename = GenerateRandomString(32, '', 7);
+	      while (file_exists($attachment_dir . $localfilename))
+	          $localfilename = GenerateRandomString(32, '', 7);
+
+              $newAttachment['localfilename'] = $localfilename;
+	      $newAttachment['remotefilename'] = $filename;
+	      $newAttachment['type'] = strtolower($message->header->type0 .
+	         '/' . $message->header->type1);
+
+              // Write Attachment to file
+              $fp = fopen ($attachment_dir.$localfilename, 'w');
+              fputs ($fp, decodeBody(mime_fetch_body($imapConnection, 
+	          $forward_id, $message->header->entity_id), 
+		  $message->header->encoding));
+              fclose ($fp);
+      
+              $attachments[] = $newAttachment;
+          }
+      } else {
+          for ($i = 0; $i < count($message->entities); $i++) {
+              getAttachments($message->entities[$i]);
+          }       
+      }
+      return;
+   }       
+
    function showInputForm () {
       global $send_to, $send_to_cc, $reply_subj, $forward_subj, $body,
-         $passed_body, $color, $use_signature, $signature, $editor_size,
-         $attachments, $subject, $newmail, $use_javascript_addr_book,
-         $send_to_bcc, $reply_id, $mailbox, $from_htmladdr_search,
-         $location_of_buttons;
+         $passed_body, $color, $use_signature, $signature, $prefix_sig, 
+         $editor_size, $attachments, $subject, $newmail, 
+         $use_javascript_addr_book, $send_to_bcc, $reply_id, $mailbox, 
+         $from_htmladdr_search, $location_of_buttons, $attachment_dir;
 
-      $subject = sqStripSlashes(decodeHeader($subject));
+      $subject = decodeHeader($subject);
       $reply_subj = decodeHeader($reply_subj);
       $forward_subj = decodeHeader($forward_subj);
-      $body = sqStripSlashes($body);
       
       if ($use_javascript_addr_book) {
          echo "\n<SCRIPT LANGUAGE=JavaScript><!--\n";
@@ -173,8 +208,9 @@
          echo "// --></SCRIPT>\n\n";
       }
 
-      echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST ENCTYPE=\"multipart/form-data\">\n";
-      //echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST>\n";
+      echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST ENCTYPE=\"multipart/form-data\"";
+      do_hook("compose_form");
+	  echo ">\n";
       if ($reply_id) {
          echo "<input type=hidden name=reply_id value=$reply_id>\n";
       }                 
@@ -213,19 +249,16 @@
       echo "      </TD><TD BGCOLOR=\"$color[4]\" ALIGN=LEFT>\n";
       if ($reply_subj) {
          $reply_subj = str_replace("\"", "'", $reply_subj);
-         $reply_subj = sqStripSlashes($reply_subj);
          $reply_subj = trim($reply_subj);
          if (substr(strtolower($reply_subj), 0, 3) != "re:")
             $reply_subj = "Re: $reply_subj";
          printf("         <INPUT TYPE=text NAME=subject SIZE=60 VALUE=\"%s\">",
                 htmlspecialchars($reply_subj));
       } else if ($forward_subj) {
-         $forward_subj = str_replace("\"", "'", $forward_subj);
-         $forward_subj = sqStripSlashes($forward_subj);
          $forward_subj = trim($forward_subj);
-         if ((substr(strtolower($forward_subj), 0, 4) != "fwd:") &&
-             (substr(strtolower($forward_subj), 0, 5) != "[fwd:") &&
-             (substr(strtolower($forward_subj), 0, 6) != "[ fwd:"))
+         if ((substr(strtolower($forward_subj), 0, 4) != 'fwd:') &&
+             (substr(strtolower($forward_subj), 0, 5) != '[fwd:') &&
+             (substr(strtolower($forward_subj), 0, 6) != '[ fwd:'))
             $forward_subj = "[Fwd: $forward_subj]";
          printf("         <INPUT TYPE=text NAME=subject SIZE=60 VALUE=\"%s\">",
                 htmlspecialchars($forward_subj));
@@ -242,7 +275,10 @@
       echo "         &nbsp;&nbsp;<TEXTAREA NAME=body ROWS=20 COLS=\"$editor_size\" WRAP=HARD>";
       echo htmlspecialchars($body);
       if ($use_signature == true && $newmail == true && !isset($from_htmladdr_search)) {
-         echo "\n\n-- \n" . htmlspecialchars($signature);
+        if ( $prefix_sig == true )
+          echo "\n\n-- \n" . htmlspecialchars($signature);
+        else
+          echo "\n\n" . htmlspecialchars($signature);
       }
       echo "</TEXTAREA><BR>\n";
       echo "      </TD>\n";
@@ -259,20 +295,21 @@
       echo "     <TD BGCOLOR=\"$color[0]\" VALIGN=TOP ALIGN=RIGHT>\n";
       echo "      <SMALL><BR></SMALL>"._("Attach:");
       echo "      </td><td ALIGN=left BGCOLOR=\"$color[0]\">\n";
-      //      echo "      <INPUT TYPE=\"hidden\" name=\"MAX_FILE_SIZE\"\n";
-      //      echo "      value=\"10000\">\n";
       echo "      <INPUT NAME=\"attachfile\" SIZE=48 TYPE=\"file\">\n";
       echo "      &nbsp;&nbsp;<input type=\"submit\" name=\"attach\"";
       echo " value=\"" . _("Add") ."\">\n";
       echo "     </td>\n";
       echo "   </tr>\n";
-      if (isset($attachments) && count($attachments)>0) {
+      if (count($attachments))
+      {
          echo "<tr><td bgcolor=\"$color[0]\" align=right>\n";
          echo "&nbsp;";
          echo "</td><td align=left bgcolor=\"$color[0]\">";
-         while (list($localname, $remotename) = each($attachments)) {
-            echo "<input type=\"checkbox\" name=\"delete[]\" value=\"$localname\">\n";
-            echo "$remotename <input type=\"hidden\" name=\"attachments[$localname]\" value=\"$remotename\"><br>\n";
+	 foreach ($attachments as $key => $info) {
+            echo "<input type=\"checkbox\" name=\"delete[]\" value=\"$key\">\n";
+	    echo $info['remotefilename'] . " - " . $info['type'] . " (";
+	    echo show_readable_size(filesize($attachment_dir . 
+	        $info['localfilename'])) . ")<br>\n";
          }
          
          echo "<input type=\"submit\" name=\"do_delete\" value=\""._("Delete selected attachments")."\">\n";
@@ -286,6 +323,8 @@
    }
    
    function showComposeButtonRow() {
+      global $use_javascript_addr_book;
+      
       echo "   <TR><td>\n   </td><td>\n";
       if ($use_javascript_addr_book) {
          echo "      <SCRIPT LANGUAGE=JavaScript><!--\n document.write(\"";
@@ -304,12 +343,6 @@
       echo "   </TR>\n\n";
    }
 
-   function showSentForm () {
-      echo "<BR><BR><BR><CENTER><B>Message Sent!</B><BR><BR>";
-      echo "You will be automatically forwarded.<BR>If not, <A HREF=\"right_main.php\">click here</A>";
-      echo "</CENTER>";
-   }
-
    function checkInput ($show) {
       /** I implemented the $show variable because the error messages
           were getting sent before the page header.  So, I check once
@@ -326,99 +359,180 @@
    } // function checkInput()
 
 
-   if (($mailbox == "") || ($mailbox == "None"))
+   // True if FAILURE
+   function saveAttachedFiles() {
+      global $HTTP_POST_FILES, $attachment_dir, $attachments;
+      
+      $localfilename = GenerateRandomString(32, '', 7);
+      while (file_exists($attachment_dir . $localfilename))
+          $localfilename = GenerateRandomString(32, '', 7);
+
+      if (!@rename($HTTP_POST_FILES['attachfile']['tmp_name'], $attachment_dir.$localfilename)) {
+         if (!@copy($HTTP_POST_FILES['attachfile']['tmp_name'], $attachment_dir.$localfilename)) {
+            return true;
+         }
+      }
+   
+      $newAttachment['localfilename'] = $localfilename;
+      $newAttachment['remotefilename'] = $HTTP_POST_FILES['attachfile']['name'];
+      $newAttachment['type'] = 
+         strtolower($HTTP_POST_FILES['attachfile']['type']);
+      
+      $attachments[] = $newAttachment;
+    }
+  
+   function SqConvertRussianCharsets(){
+    //
+    // This function is here because Russian Apache is a bastard when it comes to
+    // attachments. The solution is to turn off attachment recoding for multipart
+    // forms and do it manually.
+    // See graf@relhum.org for support.
+    //
+    global $CHARSET, $SOURCE_CHARSET, $send_to, $send_to_cc, $send_to_bcc, $subject, $body;
+    $charset_ary = array("koi8-r" => "k",
+   			 "windows-1251" => "w",
+			 "ibm866" => "a",
+			 "ISO-8859-5" => "i");
+    $body = convert_cyr_string($body, $charset_ary[$CHARSET], $charset_ary[$SOURCE_CHARSET]);
+    $send_to = convert_cyr_string($send_to, $charset_ary[$CHARSET], $charset_ary[$SOURCE_CHARSET]);
+    $send_to_cc = convert_cyr_string($send_to_cc, $charset_ary[$CHARSET], $charset_ary[$SOURCE_CHARSET]);
+    $send_to_bcc = convert_cyr_string($send_to_bcc, $charset_ary[$CHARSET], $charset_ary[$SOURCE_CHARSET]);
+    $subject = convert_cyr_string($subject, $charset_ary[$CHARSET], $charset_ary[$SOURCE_CHARSET]);
+   } // end SqConvertRussianCharsets()
+   
+   // Russian Apache sets $CHARSET. See if this is Russian Apache.
+   // If so, check if the source charset (koi8-r) is different from the 
+   // one submitted by the browser. If so, recode the parts of the form
+   // to the needed format so SM can proceed and not mangle the cyrillic
+   // input.
+   // See graf@relhum.org for support.
+   //
+   if (isset($CHARSET) && $CHARSET != $SOURCE_CHARSET) SqConvertRussianCharsets();
+   
+   if (!isset($mailbox) || $mailbox == "" || ($mailbox == "None"))
       $mailbox = "INBOX";
 
-   if(isset($send)) {
-      if (checkInput(false)) {
-         $urlMailbox = urlencode ($mailbox);
-         sendMessage($send_to, $send_to_cc, $send_to_bcc, $subject, $body, $reply_id);
+   if (isset($send)) {
+      if (isset($HTTP_POST_FILES['attachfile']) &&
+          $HTTP_POST_FILES['attachfile']['tmp_name'] &&
+          $HTTP_POST_FILES['attachfile']['tmp_name'] != 'none')
+          $AttachFailure = saveAttachedFiles();
+      if (checkInput(false) && !isset($AttachFailure)) {
+         $urlMailbox = urlencode (trim($mailbox));
+         if (! isset($reply_id))
+             $reply_id = 0;
+         // Set $default_charset to correspond with the user's selection
+	 // of language interface.
+	 set_my_charset();
+	 sendMessage($send_to, $send_to_cc, $send_to_bcc, $subject, $body, $reply_id);
          header ("Location: right_main.php?mailbox=$urlMailbox&sort=$sort&startMessage=1");
       } else {
          //$imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
          displayPageHeader($color, $mailbox);
+         
+         if ($AttachFailure)
+             plain_error_message(_("Could not move/copy file. File not attached"), $color);
+
          checkInput(true);
          
          showInputForm();
          //sqimap_logout($imapConnection);
       }
-   } else if ($html_addr_search_done) {
-      is_logged_in();
+   } else if (isset($html_addr_search_done)) {
       displayPageHeader($color, $mailbox);
 
-      $send_to = sqStripSlashes($send_to);
-      $send_to_cc = sqStripSlashes($send_to_cc);
-      $send_to_bcc = sqStripSlashes($send_to_bcc);
+      if (isset($send_to_search) && is_array($send_to_search))
+      {
+         for ($i=0; $i < count($send_to_search); $i++) {
+            if ($send_to)
+               $send_to .= ", ";
+            $send_to .= $send_to_search[$i];   
+         }
+      }
       
-      for ($i=0; $i < count($send_to_search); $i++) {
-         if ($send_to)
-            $send_to .= ", ";
-         $send_to .= $send_to_search[$i];   
+      if (isset($send_to_cc_search) && is_array($send_to_cc_search))
+      {
+         for ($i=0; $i < count($send_to_cc_search); $i++) {
+            if ($send_to_cc)
+               $send_to_cc .= ", ";
+            $send_to_cc .= $send_to_cc_search[$i];   
+         }
       }
       
-      for ($i=0; $i < count($send_to_cc_search); $i++) {
-         if ($send_to_cc)
-            $send_to_cc .= ", ";
-         $send_to_cc .= $send_to_cc_search[$i];   
+      if (isset($send_to_bcc_search) && is_array($send_to_bcc_search))
+      {
+         for ($i=0; $i < count($send_to_bcc_search); $i++) {
+            if ($send_to_bcc)
+               $send_to_bcc .= ", ";
+            $send_to_bcc .= $send_to_bcc_search[$i];   
+         }
       }
       
       showInputForm();
-   } else if ($html_addr_search) {
+   } else if (isset($html_addr_search)) {
+      if (isset($HTTP_POST_FILES['attachfile']) &&
+          $HTTP_POST_FILES['attachfile']['tmp_name'] &&
+          $HTTP_POST_FILES['attachfile']['tmp_name'] != 'none')
+      {
+          if (saveAttachedFiles())
+                plain_error_message(_("Could not move/copy file. File not attached"), $color);
+      }
       // I am using an include so as to elminiate an extra unnecessary click.  If you
       // can think of a better way, please implement it.
-      include ("addrbook_search_html.php");
+      include ("./addrbook_search_html.php");
    } else if (isset($attach)) {
-      is_logged_in();
-      displayPageHeader($color, $mailbox);
-
-      $localfilename = md5($HTTP_POST_FILES['attachfile']['tmp_name'].", ".$HTTP_POST_FILES['attachfile']['name'].", $REMOTE_IP, $REMOTE_PORT, $UNIQUE_ID, and everything else that may add entropy");
-//      $localfilename = $localfilename; // ??
-      
-      // Put the file in a better place
-      // This shouldn't be here... Ondrej Sury <ondrej@sury.cz>
-      //$tmp=explode('/',$attachfile);
-      //$attachfile=$tmp[count($tmp)-1];
-      //$attachfile=ereg_replace('\.{2,}','',$attachfile);
-
-      //error_reporting(0); // Rename will produce error output if it fails
-      //if (!rename($attachfile, $attachment_dir.$localfilename)) {
-      //   if (!copy($attachfile, $attachment_dir.$localfilename)) {
-      if (!@rename($HTTP_POST_FILES['attachfile']['tmp_name'], $attachment_dir.$localfilename)) {
-         if (!@copy($HTTP_POST_FILES['attachfile']['tmp_name'], $attachment_dir.$localfilename)) {
+      if (saveAttachedFiles())
             plain_error_message(_("Could not move/copy file. File not attached"), $color);
-            $failed = true;
-         }
-      }
-      // If it still exists, PHP will remove the original file
-
-      if (!$failed) {
-         // Write information about the file
-         $fp = fopen ($attachment_dir.$localfilename.".info", "w");
-         fputs ($fp, $HTTP_POST_FILES['attachfile']['type']."\n".$HTTP_POST_FILES['attachfile']['name']."\n");
-         fclose ($fp);
-
-         $attachments[$localfilename] = $HTTP_POST_FILES['attachfile']['name'];
-      }
-      
+      displayPageHeader($color, $mailbox);
       showInputForm();
    } else if (isset($do_delete)) {
-      is_logged_in();
       displayPageHeader($color, $mailbox);
 
-      while (list($lkey, $localname) = each($delete)) {
-         array_splice ($attachments, $lkey, 1);
-         unlink ($attachment_dir.$localname);
-         unlink ($attachment_dir.$localname.".info");
+      if (isset($delete) && is_array($delete))
+      {
+         foreach($delete as $index)
+         {
+            unlink ($attachment_dir.$attachments[$index]['localfilename']);
+            unset ($attachments[$index]);
+	 }
       }
 
       showInputForm();
    } else {
-      $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
+      // This handles the default case as well as the error case
+      // (they had the same code) --> if (isset($smtpErrors))
+      $imapConnection = sqimap_login($username, $key, $imapServerAddress, 
+          $imapPort, 0);
       displayPageHeader($color, $mailbox);
 
       $newmail = true;
+
+      ClearAttachments();
+
+      if (isset($forward_id) && $forward_id && isset($ent_num) && $ent_num)
+          getAttachments(0);
+              
       newMail();
       showInputForm();
       sqimap_logout($imapConnection);
    }
+   
+   
+   
+   
+   function ClearAttachments()
+   {
+       global $attachments, $attachment_dir;
+       
+       foreach ($attachments as $info)
+       {
+           if (file_exists($attachment_dir . $info['localfilename']))
+	   {
+               unlink($attachment_dir . $info['localfilename']);
+	   }
+       }
+       
+       $attachments = array();
+   }
+   
 ?>