projects / squirrelmail.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security: fixes for the HTML filter to counter further XSS exploits:
[squirrelmail.git] / src / compose.php
1 <?php
2 /**
3 * compose.php
4 *
5 * This code sends a mail.
6 *
7 * There are 4 modes of operation:
8 * - Start new mail
9 * - Add an attachment
10 * - Send mail
11 * - Save As Draft
12 *
13 * @copyright &copy; 1999-2007 The SquirrelMail Project Team
14 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
15 * @version $Id$
16 * @package squirrelmail
17 */
18
19 /**
20 * Include the SquirrelMail initialization file.
21 */
22 require('../include/init.php');
23
24 /* SquirrelMail required files. */
25 require_once(SM_PATH . 'functions/imap_general.php');
26 require_once(SM_PATH . 'functions/imap_messages.php');
27 require_once(SM_PATH . 'functions/date.php');
28 require_once(SM_PATH . 'functions/mime.php');
29 require_once(SM_PATH . 'functions/compose.php');
30 require_once(SM_PATH . 'class/deliver/Deliver.class.php');
31 require_once(SM_PATH . 'functions/addressbook.php');
32 require_once(SM_PATH . 'functions/forms.php');
33 require_once(SM_PATH . 'functions/identity.php');
34
35 /* --------------------- Get globals ------------------------------------- */
36
37 /** SESSION VARS */
38 sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
39
40 sqgetGlobalVar('composesession', $composesession, SQ_SESSION);
41 sqgetGlobalVar('compose_messages', $compose_messages, SQ_SESSION);
42 sqgetGlobalVar('delayed_errors', $delayed_errors, SQ_SESSION);
43
44 // Turn on delayed error handling in case we wind up redirecting below
45 $oErrorHandler->setDelayedErrors(true);
46
47 /** SESSION/POST/GET VARS */
48 sqgetGlobalVar('send', $send, SQ_POST);
49 // Send can only be achieved by setting $_POST var. If Send = true then
50 // retrieve other form fields from $_POST
51 if (isset($send) && $send) {
52 $SQ_GLOBAL = SQ_POST;
53 } else {
54 $SQ_GLOBAL = SQ_FORM;
55 }
56 sqgetGlobalVar('session',$session, $SQ_GLOBAL);
57 sqgetGlobalVar('mailbox',$mailbox, $SQ_GLOBAL);
58 if(!sqgetGlobalVar('identity',$identity, $SQ_GLOBAL)) {
59 $identity=0;
60 }
61 sqgetGlobalVar('send_to',$send_to, $SQ_GLOBAL);
62 sqgetGlobalVar('send_to_cc',$send_to_cc, $SQ_GLOBAL);
63 sqgetGlobalVar('send_to_bcc',$send_to_bcc, $SQ_GLOBAL);
64 sqgetGlobalVar('subject',$subject, $SQ_GLOBAL);
65 sqgetGlobalVar('body',$body, $SQ_GLOBAL);
66 sqgetGlobalVar('mailprio',$mailprio, $SQ_GLOBAL);
67 sqgetGlobalVar('request_mdn',$request_mdn, $SQ_GLOBAL);
68 sqgetGlobalVar('request_dr',$request_dr, $SQ_GLOBAL);
69 sqgetGlobalVar('html_addr_search',$html_addr_search, $SQ_GLOBAL);
70 sqgetGlobalVar('mail_sent',$mail_sent, $SQ_GLOBAL);
71 sqgetGlobalVar('passed_id',$passed_id, $SQ_GLOBAL);
72 sqgetGlobalVar('passed_ent_id',$passed_ent_id, $SQ_GLOBAL);
73
74 sqgetGlobalVar('attach',$attach, SQ_POST);
75 sqgetGlobalVar('draft',$draft, SQ_POST);
76 sqgetGlobalVar('draft_id',$draft_id, $SQ_GLOBAL);
77 sqgetGlobalVar('ent_num',$ent_num, $SQ_GLOBAL);
78 sqgetGlobalVar('saved_draft',$saved_draft, SQ_FORM);
79
80 if ( sqgetGlobalVar('delete_draft',$delete_draft) ) {
81 $delete_draft = (int)$delete_draft;
82 }
83
84 if ( sqgetGlobalVar('startMessage',$startMessage) ) {
85 $startMessage = (int)$startMessage;
86 } else {
87 $startMessage = 1;
88 }
89
90
91 /** POST VARS */
92 sqgetGlobalVar('sigappend', $sigappend, SQ_POST);
93 sqgetGlobalVar('from_htmladdr_search', $from_htmladdr_search, SQ_POST);
94 sqgetGlobalVar('addr_search_done', $html_addr_search_done, SQ_POST);
95 sqgetGlobalVar('addr_search_cancel', $html_addr_search_cancel, SQ_POST);
96 sqgetGlobalVar('send_to_search', $send_to_search, SQ_POST);
97 sqgetGlobalVar('do_delete', $do_delete, SQ_POST);
98 sqgetGlobalVar('delete', $delete, SQ_POST);
99 sqgetGlobalVar('restoremessages', $restoremessages, SQ_POST);
100 if ( sqgetGlobalVar('return', $temp, SQ_POST) ) {
101 $html_addr_search_done = 'Use Addresses';
102 }
103
104 /** GET VARS */
105 sqgetGlobalVar('attachedmessages', $attachedmessages, SQ_GET);
106 if ( sqgetGlobalVar('account', $temp, SQ_GET) ) {
107 $iAccount = (int) $temp;
108 } else {
109 $iAccount = 0;
110 }
111
112
113 /** get smaction */
114 if ( !sqgetGlobalVar('smaction',$action) )
115 {
116 if ( sqgetGlobalVar('smaction_reply',$tmp) ) $action = 'reply';
117 if ( sqgetGlobalVar('smaction_reply_all',$tmp) ) $action = 'reply_all';
118 if ( sqgetGlobalVar('smaction_forward',$tmp) ) $action = 'forward';
119 if ( sqgetGlobalVar('smaction_attache',$tmp) ) $action = 'forward_as_attachment';
120 if ( sqgetGlobalVar('smaction_draft',$tmp) ) $action = 'draft';
121 if ( sqgetGlobalVar('smaction_edit_new',$tmp) ) $action = 'edit_as_new';
122 }
123
124 /**
125 * Here we decode the data passed in from mailto.php.
126 */
127 if ( sqgetGlobalVar('mailtodata', $mailtodata, SQ_GET) ) {
128 $trtable = array('to' => 'send_to',
129 'cc' => 'send_to_cc',
130 'bcc' => 'send_to_bcc',
131 'body' => 'body',
132 'subject' => 'subject');
133 $mtdata = unserialize($mailtodata);
134
135 foreach ($trtable as $f => $t) {
136 if ( !empty($mtdata[$f]) ) {
137 $$t = $mtdata[$f];
138 }
139 }
140 unset($mailtodata,$mtdata, $trtable);
141 }
142
143 /* Location (For HTTP 1.1 Header("Location: ...") redirects) */
144 $location = get_location();
145 /* Identities (fetch only once) */
146 $idents = get_identities();
147
148 /* --------------------- Specific Functions ------------------------------ */
149
150 function replyAllString($header) {
151 global $include_self_reply_all, $idents;
152 $excl_ar = array();
153 /**
154 * 1) Remove the addresses we'll be sending the message 'to'
155 */
156 if (isset($header->reply_to)) {
157 $excl_ar = $header->getAddr_a('reply_to');
158 }
159 /**
160 * 2) Remove our identities from the CC list (they still can be in the
161 * TO list) only if $include_self_reply_all is turned off
162 */
163 if (!$include_self_reply_all) {
164 foreach($idents as $id) {
165 $excl_ar[strtolower(trim($id['email_address']))] = '';
166 }
167 }
168
169 /**
170 * 3) get the addresses.
171 */
172 $url_replytoall_ar = $header->getAddr_a(array('to','cc'), $excl_ar);
173
174 /**
175 * 4) generate the string.
176 */
177 $url_replytoallcc = '';
178 foreach( $url_replytoall_ar as $email => $personal) {
179 if ($personal) {
180 // if personal name contains address separator then surround
181 // the personal name with double quotes.
182 if (strpos($personal,',') !== false) {
183 $personal = '"'.$personal.'"';
184 }
185 $url_replytoallcc .= ", $personal <$email>";
186 } else {
187 $url_replytoallcc .= ', '. $email;
188 }
189 }
190 $url_replytoallcc = substr($url_replytoallcc,2);
191
192 return $url_replytoallcc;
193 }
194
195 /**
196 * creates top line in reply citations
197 *
198 * Line style depends on user preferences.
199 * $orig_date argument is available only from 1.4.3 and 1.5.1 version.
200 * @param object $orig_from From: header object.
201 * @param integer $orig_date email's timestamp
202 * @return string reply citation
203 */
204 function getReplyCitation($orig_from, $orig_date) {
205 global $reply_citation_style, $reply_citation_start, $reply_citation_end;
206
207 if (!is_object($orig_from)) {
208 $sOrig_from = '';
209 } else {
210 $sOrig_from = decodeHeader($orig_from->getAddress(false),false,false,true);
211 }
212
213 /* First, return an empty string when no citation style selected. */
214 if (($reply_citation_style == '') || ($reply_citation_style == 'none')) {
215 return '';
216 }
217
218 /* Make sure our final value isn't an empty string. */
219 if ($sOrig_from == '') {
220 return '';
221 }
222
223 /* Otherwise, try to select the desired citation style. */
224 switch ($reply_citation_style) {
225 case 'author_said':
226 /**
227 * To translators: %s is for author's name
228 */
229 $full_reply_citation = sprintf(_("%s wrote:"),$sOrig_from);
230 break;
231 case 'quote_who':
232 $start = '<quote who="';
233 $end = '">';
234 $full_reply_citation = $start . $sOrig_from . $end;
235 break;
236 case 'date_time_author':
237 /**
238 * To translators:
239 * first %s is for date string, second %s is for author's name. Date uses
240 * formating from "D, F j, Y g:i a" and "D, F j, Y H:i" translations.
241 * Example string:
242 * "On Sat, December 24, 2004 23:59, Santa wrote:"
243 * If you have to put author's name in front of date string, check comments about
244 * argument swapping at http://www.php.net/sprintf
245 */
246 $full_reply_citation = sprintf(_("On %s, %s wrote:"), getLongDateString($orig_date), $sOrig_from);
247 break;
248 case 'user-defined':
249 $start = $reply_citation_start .
250 ($reply_citation_start == '' ? '' : ' ');
251 $end = $reply_citation_end;
252 $full_reply_citation = $start . $sOrig_from . $end;
253 break;
254 default:
255 return '';
256 }
257
258 /* Add line feed and return the citation string. */
259 return ($full_reply_citation . "\n");
260 }
261
262 /**
263 * Creates header fields in forwarded email body
264 *
265 * $default_charset global must be set correctly before you call this function.
266 * @param object $orig_header
267 * @return $string
268 */
269 function getforwardHeader($orig_header) {
270 global $editor_size, $default_charset;
271
272 // using own strlen function in order to detect correct string length
273 $display = array( _("Subject") => sq_strlen(_("Subject"),$default_charset),
274 _("From") => sq_strlen(_("From"),$default_charset),
275 _("Date") => sq_strlen(_("Date"),$default_charset),
276 _("To") => sq_strlen(_("To"),$default_charset),
277 _("Cc") => sq_strlen(_("Cc"),$default_charset) );
278 $maxsize = max($display);
279 $indent = str_pad('',$maxsize+2);
280 foreach($display as $key => $val) {
281 $display[$key] = $key .': '. str_pad('', $maxsize - $val);
282 }
283 $from = decodeHeader($orig_header->getAddr_s('from',"\n$indent"),false,false,true);
284 $from = str_replace('&nbsp;',' ',$from);
285 $to = decodeHeader($orig_header->getAddr_s('to',"\n$indent"),false,false,true);
286 $to = str_replace('&nbsp;',' ',$to);
287 $subject = decodeHeader($orig_header->subject,false,false,true);
288 $subject = str_replace('&nbsp;',' ',$subject);
289
290 // using own str_pad function in order to create correct string pad
291 $bodyTop = sq_str_pad(' '._("Original Message").' ',$editor_size -2,'-',STR_PAD_BOTH,$default_charset) .
292 "\n". $display[_("Subject")] . $subject . "\n" .
293 $display[_("From")] . $from . "\n" .
294 $display[_("Date")] . getLongDateString( $orig_header->date, $orig_header->date_unparsed ). "\n" .
295 $display[_("To")] . $to . "\n";
296 if ($orig_header->cc != array() && $orig_header->cc !='') {
297 $cc = decodeHeader($orig_header->getAddr_s('cc',"\n$indent"),false,false,true);
298 $cc = str_replace('&nbsp;',' ',$cc);
299 $bodyTop .= $display[_("Cc")] .$cc . "\n";
300 }
301 $bodyTop .= str_pad('', $editor_size -2 , '-') .
302 "\n\n";
303 return $bodyTop;
304 }
305 /* ----------------------------------------------------------------------- */
306
307 /*
308 * If the session is expired during a post this restores the compose session
309 * vars.
310 */
311 if (sqsession_is_registered('session_expired_post')) {
312 sqgetGlobalVar('session_expired_post', $session_expired_post, SQ_SESSION);
313 /*
314 * extra check for username so we don't display previous post data from
315 * another user during this session.
316 */
317 if ($session_expired_post['username'] != $username) {
318 unset($session_expired_post);
319 sqsession_unregister('session_expired_post');
320 session_write_close();
321 } else {
322 // these are the vars that we can set from the expired composed session
323 $compo_var_list = array ( 'send_to', 'send_to_cc','body','startMessage',
324 'passed_body','use_signature','signature','attachments','subject','newmail',
325 'send_to_bcc', 'passed_id', 'mailbox', 'from_htmladdr_search', 'identity',
326 'draft_id', 'delete_draft', 'mailprio', 'edit_as_new', 'compose_messsages',
327 'composesession', 'request_mdn', 'request_dr');
328
329 foreach ($compo_var_list as $var) {
330 if ( isset($session_expired_post[$var]) && !isset($$var) ) {
331 $$var = $session_expired_post[$var];
332 }
333 }
334
335 $compose_messages = unserialize(urldecode($restoremessages));
336 sqsession_register($compose_messages,'compose_messages');
337 sqsession_register($composesession,'composesession');
338 if (isset($send)) {
339 unset($send);
340 }
341 $session_expired = true;
342 }
343 unset($session_expired_post);
344 sqsession_unregister('session_expired_post');
345 session_write_close();
346 if (!isset($mailbox)) {
347 $mailbox = '';
348 }
349 if ($compose_new_win == '1') {
350 compose_Header($color, $mailbox);
351 } else {
352 $sHeaderJs = (isset($sHeaderJs)) ? $sHeaderJs : '';
353 if (strpos($action, 'reply') !== false && $reply_focus) {
354 $sBodyTagJs = 'onload="checkForm(\''.$replyfocus.'\');"';
355 } else {
356 $sBodyTagJs = 'onload="checkForm();"';
357 }
358 displayPageHeader($color, $mailbox,$sHeaderJs,$sBodyTagJs);
359 }
360 showInputForm($session, false);
361 exit();
362 }
363 if (!isset($composesession)) {
364 $composesession = 0;
365 sqsession_register(0,'composesession');
366 } else {
367 $composesession = (int)$composesession;
368 }
369
370 if (!isset($session) || (isset($newmessage) && $newmessage)) {
371 sqsession_unregister('composesession');
372 $session = "$composesession" +1;
373 $composesession = $session;
374 sqsession_register($composesession,'composesession');
375 }
376 if (!isset($compose_messages)) {
377 $compose_messages = array();
378 }
379
380 if (!isset($compose_messages[$session]) || ($compose_messages[$session] == NULL)) {
381 $composeMessage = new Message();
382 $rfc822_header = new Rfc822Header();
383 $composeMessage->rfc822_header = $rfc822_header;
384 $composeMessage->reply_rfc822_header = '';
385 $compose_messages[$session] = $composeMessage;
386
387 sqsession_register($compose_messages,'compose_messages');
388 } else {
389 $composeMessage=$compose_messages[$session];
390 }
391
392 if (empty($mailbox)) {
393 $mailbox = 'INBOX';
394 }
395
396 if ($draft) {
397 /*
398 * Set $default_charset to correspond with the user's selection
399 * of language interface.
400 */
401 set_my_charset();
402 $composeMessage=$compose_messages[$session];
403 if (! deliverMessage($composeMessage, true)) {
404 showInputForm($session);
405 exit();
406 } else {
407 unset($compose_messages[$session]);
408 $draft_message = _("Draft Email Saved");
409 /* If this is a resumed draft, then delete the original */
410 if(isset($delete_draft)) {
411 $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, false);
412 sqimap_mailbox_select($imap_stream, $draft_folder);
413 // force bypass_trash=true because message should be saved when deliverMessage() returns true.
414 // in current implementation of sqimap_msgs_list_flag() single message id can
415 // be submitted as string. docs state that it should be array.
416 sqimap_msgs_list_delete($imap_stream, $draft_folder, $delete_draft, true);
417 if ($auto_expunge) {
418 sqimap_mailbox_expunge($imap_stream, $draft_folder, true);
419 }
420 sqimap_logout($imap_stream);
421 }
422
423 $oErrorHandler->saveDelayedErrors();
424 session_write_close();
425
426 if ($compose_new_win == '1') {
427 if ( !isset($pageheader_sent) || !$pageheader_sent ) {
428 Header("Location: $location/compose.php?saved_draft=yes&session=$composesession");
429 } else {
430 echo ' <br><br><div style="text-align: center;"><a href="' . $location
431 . '/compose.php?saved_sent=yes&amp;session=' . $composesession . '">'
432 . _("Return") . '</a></div>';
433 }
434 exit();
435 } else {
436 if ( !isset($pageheader_sent) || !$pageheader_sent ) {
437 Header("Location: $location/right_main.php?mailbox=" . urlencode($draft_folder) .
438 "&startMessage=1&note=".urlencode($draft_message));
439 } else {
440 echo ' <br><br><div style="text-align: center;"><a href="' . $location
441 . '/right_main.php?mailbox=' . urlencode($draft_folder)
442 . '&amp;startMessage=1&amp;note=' . urlencode($draft_message) .'">'
443 . _("Return") . '</a></div>';
444 }
445 exit();
446 }
447 }
448 }
449
450 if ($send) {
451 if (isset($_FILES['attachfile']) &&
452 $_FILES['attachfile']['tmp_name'] &&
453 $_FILES['attachfile']['tmp_name'] != 'none') {
454 $AttachFailure = saveAttachedFiles($session);
455 }
456 if (checkInput(false) && !isset($AttachFailure)) {
457 if ($mailbox == "All Folders") {
458 /* We entered compose via the search results page */
459 $mailbox = 'INBOX'; /* Send 'em to INBOX, that's safe enough */
460 }
461 $urlMailbox = urlencode (trim($mailbox));
462 if (! isset($passed_id)) {
463 $passed_id = 0;
464 }
465 /**
466 * Set $default_charset to correspond with the user's selection
467 * of language interface.
468 */
469 set_my_charset();
470 /**
471 * This is to change all newlines to \n
472 * We'll change them to \r\n later (in the sendMessage function)
473 */
474 $body = str_replace("\r\n", "\n", $body);
475 $body = str_replace("\r", "\n", $body);
476
477 /**
478 * Rewrap $body so that no line is bigger than $editor_size
479 */
480 $body = explode("\n", $body);
481 $newBody = '';
482 foreach ($body as $line) {
483 if( $line <> '-- ' ) {
484 $line = rtrim($line);
485 }
486 if (sq_strlen($line, $default_charset) <= $editor_size + 1) {
487 $newBody .= $line . "\n";
488 } else {
489 sqWordWrap($line, $editor_size, $default_charset);
490 $newBody .= $line . "\n";
491
492 }
493
494 }
495 $body = $newBody;
496
497 $composeMessage=$compose_messages[$session];
498
499 $Result = deliverMessage($composeMessage);
500
501 if ($Result)
502 $mail_sent = 'yes';
503 else
504 $mail_sent = 'no';
505
506 // NOTE: this hook changed in 1.5.2 from sending $Result and
507 // $composeMessage as args #2 and #3 to being in an array
508 // under arg #2
509 do_hook('compose_send_after', $temp=array(&$Result, &$composeMessage, &$mail_sent));
510 if (! $Result) {
511 showInputForm($session);
512 exit();
513 }
514 unset($compose_messages[$session]);
515
516 /* if it is resumed draft, delete draft message */
517 if ( isset($delete_draft)) {
518 $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, false);
519 sqimap_mailbox_select($imap_stream, $draft_folder);
520 // bypass_trash=true because message should be saved when deliverMessage() returns true.
521 // in current implementation of sqimap_msgs_list_flag() single message id can
522 // be submitted as string. docs state that it should be array.
523 sqimap_msgs_list_delete($imap_stream, $draft_folder, $delete_draft, true);
524 if ($auto_expunge) {
525 sqimap_mailbox_expunge($imap_stream, $draft_folder, true);
526 }
527 sqimap_logout($imap_stream);
528 }
529 /*
530 * Store the error array in the session because they will be lost on a redirect
531 */
532 $oErrorHandler->saveDelayedErrors();
533 session_write_close();
534
535 if ($compose_new_win == '1') {
536 if ( !isset($pageheader_sent) || !$pageheader_sent ) {
537 Header("Location: $location/compose.php?mail_sent=$mail_sent");
538 } else {
539 echo ' <br><br><div style="text-align: center;"><a href="' . $location
540 . '/compose.php?mail_sent=$mail_sent">'
541 . _("Return") . '</a></div>';
542 }
543 exit();
544 } else {
545 if ( !isset($pageheader_sent) || !$pageheader_sent ) {
546 Header("Location: $location/right_main.php?mailbox=$urlMailbox".
547 "&startMessage=$startMessage&mail_sent=$mail_sent");
548 } else {
549 echo ' <br><br><div style="text-align: center;"><a href="' . $location
550 . "/right_main.php?mailbox=$urlMailbox"
551 . "&amp;startMessage=$startMessage&amp;mail_sent=$mail_sent\">"
552 . _("Return") . '</a></div>';
553 }
554 exit();
555 }
556 } else {
557 if ($compose_new_win == '1') {
558 compose_Header($color, $mailbox);
559 }
560 else {
561 displayPageHeader($color, $mailbox);
562 }
563 if (isset($AttachFailure)) {
564 plain_error_message(_("Could not move/copy file. File not attached"),
565 $color);
566 }
567 checkInput(true);
568 showInputForm($session);
569 /* sqimap_logout($imapConnection); */
570 }
571 } elseif (isset($html_addr_search_done)) {
572 if ($compose_new_win == '1') {
573 compose_Header($color, $mailbox);
574 }
575 else {
576 displayPageHeader($color, $mailbox);
577 }
578
579 if (isset($send_to_search) && is_array($send_to_search)) {
580 foreach ($send_to_search as $k => $v) {
581 if (substr($k, 0, 1) == 'T') {
582 if ($send_to) {
583 $send_to .= ', ';
584 }
585 $send_to .= $v;
586 }
587 elseif (substr($k, 0, 1) == 'C') {
588 if ($send_to_cc) {
589 $send_to_cc .= ', ';
590 }
591 $send_to_cc .= $v;
592 }
593 elseif (substr($k, 0, 1) == 'B') {
594 if ($send_to_bcc) {
595 $send_to_bcc .= ', ';
596 }
597 $send_to_bcc .= $v;
598 }
599 }
600 }
601 showInputForm($session);
602 } elseif (isset($html_addr_search) && !isset($html_addr_search_cancel)) {
603 if (isset($_FILES['attachfile']) &&
604 $_FILES['attachfile']['tmp_name'] &&
605 $_FILES['attachfile']['tmp_name'] != 'none') {
606 if(saveAttachedFiles($session)) {
607 plain_error_message(_("Could not move/copy file. File not attached"));
608 }
609 }
610 /*
611 * I am using an include so as to elminiate an extra unnecessary
612 * click. If you can think of a better way, please implement it.
613 */
614 include_once('./addrbook_search_html.php');
615 } elseif (isset($attach)) {
616 if ($compose_new_win == '1') {
617 compose_Header($color, $mailbox);
618 } else {
619 displayPageHeader($color, $mailbox);
620 }
621 if (saveAttachedFiles($session)) {
622 plain_error_message(_("Could not move/copy file. File not attached"));
623 }
624 showInputForm($session);
625 }
626 elseif (isset($sigappend)) {
627 $signature = $idents[$identity]['signature'];
628
629 $body .= "\n\n".($prefix_sig==true? "-- \n":'').$signature;
630 if ($compose_new_win == '1') {
631 compose_Header($color, $mailbox);
632 } else {
633 displayPageHeader($color, $mailbox);
634 }
635 showInputForm($session);
636 } elseif (isset($do_delete)) {
637 if ($compose_new_win == '1') {
638 compose_Header($color, $mailbox);
639 } else {
640 displayPageHeader($color, $mailbox);
641 }
642
643 if (isset($delete) && is_array($delete)) {
644 $composeMessage = $compose_messages[$session];
645 foreach($delete as $index) {
646 if (!empty($composeMessage->entities) && isset($composeMessage->entities[$index])) {
647 $composeMessage->entities[$index]->purgeAttachments();
648 unset ($composeMessage->entities[$index]);
649 }
650 }
651 $new_entities = array();
652 foreach ($composeMessage->entities as $entity) {
653 $new_entities[] = $entity;
654 }
655 $composeMessage->entities = $new_entities;
656 $compose_messages[$session] = $composeMessage;
657 sqsession_register($compose_messages, 'compose_messages');
658 }
659 showInputForm($session);
660 } else {
661 /*
662 * This handles the default case as well as the error case
663 * (they had the same code) --> if (isset($smtpErrors))
664 */
665
666 if ($compose_new_win == '1') {
667 compose_Header($color, $mailbox);
668 } else {
669 displayPageHeader($color, $mailbox);
670 }
671
672 $newmail = true;
673
674 if (!isset($passed_ent_id)) {
675 $passed_ent_id = '';
676 }
677 if (!isset($passed_id)) {
678 $passed_id = '';
679 }
680 if (!isset($mailbox)) {
681 $mailbox = '';
682 }
683 if (!isset($action)) {
684 $action = '';
685 }
686
687 $values = newMail($mailbox,$passed_id,$passed_ent_id, $action, $session);
688
689 /* in case the origin is not read_body.php */
690 if (isset($send_to)) {
691 $values['send_to'] = $send_to;
692 }
693 if (isset($send_to_cc)) {
694 $values['send_to_cc'] = $send_to_cc;
695 }
696 if (isset($send_to_bcc)) {
697 $values['send_to_bcc'] = $send_to_bcc;
698 }
699 if (isset($subject)) {
700 $values['subject'] = $subject;
701 }
702 showInputForm($session, $values);
703 }
704
705 exit();
706
707 /**************** Only function definitions go below *************/
708
709 function getforwardSubject($subject)
710 {
711 if ((substr(strtolower($subject), 0, 4) != 'fwd:') &&
712 (substr(strtolower($subject), 0, 5) != '[fwd:') &&
713 (substr(strtolower($subject), 0, 6) != '[ fwd:')) {
714 $subject = '[Fwd: ' . $subject . ']';
715 }
716 return $subject;
717 }
718
719 /* This function is used when not sending or adding attachments */
720 function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $session='') {
721 global $editor_size, $default_use_priority, $body, $idents,
722 $use_signature, $data_dir, $username,
723 $key, $imapServerAddress, $imapPort, $compose_messages,
724 $composeMessage, $body_quote, $request_mdn, $request_dr,
725 $default_use_mdn, $mdn_user_support;
726 global $languages, $squirrelmail_language, $default_charset;
727
728 /*
729 * Set $default_charset to correspond with the user's selection
730 * of language interface. $default_charset global is not correct,
731 * if message is composed in new window.
732 */
733 set_my_charset();
734
735 $send_to = $send_to_cc = $send_to_bcc = $subject = $identity = '';
736 $mailprio = 3;
737
738 if ($passed_id) {
739 $imapConnection = sqimap_login($username, false, $imapServerAddress,
740 $imapPort, 0);
741
742 sqimap_mailbox_select($imapConnection, $mailbox);
743 $message = sqimap_get_message($imapConnection, $passed_id, $mailbox);
744
745 $body = '';
746 if ($passed_ent_id) {
747 /* redefine the messsage in case of message/rfc822 */
748 $message = $message->getEntity($passed_ent_id);
749 /* message is an entity which contains the envelope and type0=message
750 * and type1=rfc822. The actual entities are childs from
751 * $message->entities[0]. That's where the encoding and is located
752 */
753
754 $entities = $message->entities[0]->findDisplayEntity
755 (array(), $alt_order = array('text/plain'));
756 if (!count($entities)) {
757 $entities = $message->entities[0]->findDisplayEntity
758 (array(), $alt_order = array('text/plain','html/plain'));
759 }
760 $orig_header = $message->rfc822_header; /* here is the envelope located */
761 /* redefine the message for picking up the attachments */
762 $message = $message->entities[0];
763
764 } else {
765 $entities = $message->findDisplayEntity (array(), $alt_order = array('text/plain'));
766 if (!count($entities)) {
767 $entities = $message->findDisplayEntity (array(), $alt_order = array('text/plain','html/plain'));
768 }
769 $orig_header = $message->rfc822_header;
770 }
771
772 $type0 = $message->type0;
773 $type1 = $message->type1;
774 foreach ($entities as $ent) {
775 $msg = $message->getEntity($ent);
776 $type0 = $msg->type0;
777 $type1 = $msg->type1;
778 $unencoded_bodypart = mime_fetch_body($imapConnection, $passed_id, $ent);
779 $body_part_entity = $message->getEntity($ent);
780 $bodypart = decodeBody($unencoded_bodypart,
781 $body_part_entity->header->encoding);
782 if ($type1 == 'html') {
783 $bodypart = str_replace("\n", ' ', $bodypart);
784 $bodypart = preg_replace(array('/<\/?p>/i','/<div><\/div>/i','/<br\s*(\/)*>/i','/<\/?div>/i'), "\n", $bodypart);
785 $bodypart = str_replace(array('&nbsp;','&gt;','&lt;'),array(' ','>','<'),$bodypart);
786 $bodypart = strip_tags($bodypart);
787 }
788 if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
789 function_exists($languages[$squirrelmail_language]['XTRA_CODE'] . '_decode')) {
790 if (mb_detect_encoding($bodypart) != 'ASCII') {
791 $bodypart = call_user_func($languages[$squirrelmail_language]['XTRA_CODE'] . '_decode', $bodypart);
792 }
793 }
794
795 // charset encoding in compose form stuff
796 if (isset($body_part_entity->header->parameters['charset'])) {
797 $actual = $body_part_entity->header->parameters['charset'];
798 } else {
799 $actual = 'us-ascii';
800 }
801
802 if ( $actual && is_conversion_safe($actual) && $actual != $default_charset){
803 $bodypart = charset_convert($actual,$bodypart,$default_charset,false);
804 }
805 // end of charset encoding in compose
806
807 $body .= $bodypart;
808 }
809 if ($default_use_priority) {
810 $mailprio = substr($orig_header->priority,0,1);
811 if (!$mailprio) {
812 $mailprio = 3;
813 }
814 } else {
815 $mailprio = '';
816 }
817
818 $identity = '';
819 $from_o = $orig_header->from;
820 if (is_array($from_o)) {
821 if (isset($from_o[0])) {
822 $from_o = $from_o[0];
823 }
824 }
825 if (is_object($from_o)) {
826 $orig_from = $from_o->getAddress();
827 } else {
828 $orig_from = '';
829 }
830
831 $identities = array();
832 if (count($idents) > 1) {
833 foreach($idents as $nr=>$data) {
834 $enc_from_name = '"'.$data['full_name'].'" <'. $data['email_address'].'>';
835 if($enc_from_name == $orig_from) {
836 $identity = $nr;
837 break;
838 }
839 $identities[] = $enc_from_name;
840 }
841
842 $identity_match = $orig_header->findAddress($identities);
843 if ($identity_match) {
844 $identity = $identity_match;
845 }
846 }
847
848 switch ($action) {
849 case ('draft'):
850 $use_signature = FALSE;
851 $composeMessage->rfc822_header = $orig_header;
852 $send_to = decodeHeader($orig_header->getAddr_s('to'),false,false,true);
853 $send_to_cc = decodeHeader($orig_header->getAddr_s('cc'),false,false,true);
854 $send_to_bcc = decodeHeader($orig_header->getAddr_s('bcc'),false,false,true);
855 $send_from = $orig_header->getAddr_s('from');
856 $send_from_parts = new AddressStructure();
857 $send_from_parts = $orig_header->parseAddress($send_from);
858 $send_from_add = $send_from_parts->mailbox . '@' . $send_from_parts->host;
859 $identities = get_identities();
860 if (count($identities) > 0) {
861 foreach($identities as $iddata) {
862 if ($send_from_add == $iddata['email_address']) {
863 $identity = $iddata['index'];
864 break;
865 }
866 }
867 }
868 $subject = decodeHeader($orig_header->subject,false,false,true);
869
870 // Remember the receipt settings
871 $request_mdn = $mdn_user_support && !empty($orig_header->dnt) ? '1' : '0';
872 $request_dr = $mdn_user_support && !empty($orig_header->drnt) ? '1' : '0';
873
874 /* remember the references and in-reply-to headers in case of an reply */
875 $composeMessage->rfc822_header->more_headers['References'] = $orig_header->references;
876 $composeMessage->rfc822_header->more_headers['In-Reply-To'] = $orig_header->in_reply_to;
877 // rewrap the body to clean up quotations and line lengths
878 sqBodyWrap($body, $editor_size);
879 $composeMessage = getAttachments($message, $composeMessage, $passed_id, $entities, $imapConnection);
880 break;
881 case ('edit_as_new'):
882 $send_to = decodeHeader($orig_header->getAddr_s('to'),false,false,true);
883 $send_to_cc = decodeHeader($orig_header->getAddr_s('cc'),false,false,true);
884 $send_to_bcc = decodeHeader($orig_header->getAddr_s('bcc'),false,false,true);
885 $subject = decodeHeader($orig_header->subject,false,false,true);
886 $mailprio = $orig_header->priority;
887 $orig_from = '';
888 $composeMessage = getAttachments($message, $composeMessage, $passed_id, $entities, $imapConnection);
889 // rewrap the body to clean up quotations and line lengths
890 sqBodyWrap($body, $editor_size);
891 break;
892 case ('forward'):
893 $send_to = '';
894 $subject = getforwardSubject(decodeHeader($orig_header->subject,false,false,true));
895 $body = getforwardHeader($orig_header) . $body;
896 // the logic for calling sqUnWordWrap here would be to allow the browser to wrap the lines
897 // forwarded message text should be as undisturbed as possible, so commenting out this call
898 // sqUnWordWrap($body);
899 $composeMessage = getAttachments($message, $composeMessage, $passed_id, $entities, $imapConnection);
900
901 //add a blank line after the forward headers
902 $body = "\n" . $body;
903 break;
904 case ('forward_as_attachment'):
905 $subject = getforwardSubject(decodeHeader($orig_header->subject,false,false,true));
906 $composeMessage = getMessage_RFC822_Attachment($message, $composeMessage, $passed_id, $passed_ent_id, $imapConnection);
907 $body = '';
908 break;
909 case ('reply_all'):
910 if(isset($orig_header->mail_followup_to) && $orig_header->mail_followup_to) {
911 $send_to = $orig_header->getAddr_s('mail_followup_to');
912 } else {
913 $send_to_cc = replyAllString($orig_header);
914 $send_to_cc = decodeHeader($send_to_cc,false,false,true);
915 }
916 case ('reply'):
917 // skip this if send_to was already set right above here
918 if(!$send_to) {
919 $send_to = $orig_header->reply_to;
920 if (is_array($send_to) && count($send_to)) {
921 $send_to = $orig_header->getAddr_s('reply_to');
922 } else if (is_object($send_to)) { /* unneccesarry, just for failsafe purpose */
923 $send_to = $orig_header->getAddr_s('reply_to');
924 } else {
925 $send_to = $orig_header->getAddr_s('from');
926 }
927 }
928 $send_to = decodeHeader($send_to,false,false,true);
929 $subject = decodeHeader($orig_header->subject,false,false,true);
930 $subject = str_replace('"', "'", $subject);
931 $subject = trim($subject);
932 if (substr(strtolower($subject), 0, 3) != 're:') {
933 $subject = 'Re: ' . $subject;
934 }
935 /* this corrects some wrapping/quoting problems on replies */
936 $rewrap_body = explode("\n", $body);
937 $from = (is_array($orig_header->from) && !empty($orig_header->from)) ? $orig_header->from[0] : $orig_header->from;
938 $body = '';
939 $strip_sigs = getPref($data_dir, $username, 'strip_sigs');
940 foreach ($rewrap_body as $line) {
941 if ($strip_sigs && substr($line,0,3) == '-- ') {
942 break;
943 }
944 if (preg_match("/^(>+)/", $line, $matches)) {
945 $gt = $matches[1];
946 $body .= $body_quote . str_replace("\n", "\n$body_quote$gt ", rtrim($line)) ."\n";
947 } else {
948 $body .= $body_quote . (!empty($body_quote) ? ' ' : '') . str_replace("\n", "\n$body_quote" . (!empty($body_quote) ? ' ' : ''), rtrim($line)) . "\n";
949 }
950 }
951
952 //rewrap the body to clean up quotations and line lengths
953 $body = sqBodyWrap ($body, $editor_size);
954
955 $body = getReplyCitation($from , $orig_header->date) . $body;
956 $composeMessage->reply_rfc822_header = $orig_header;
957
958 break;
959 default:
960 break;
961 }
962 $compose_messages[$session] = $composeMessage;
963 sqsession_register($compose_messages, 'compose_messages');
964 session_write_close();
965 sqimap_logout($imapConnection);
966 }
967 $ret = array( 'send_to' => $send_to,
968 'send_to_cc' => $send_to_cc,
969 'send_to_bcc' => $send_to_bcc,
970 'subject' => $subject,
971 'mailprio' => $mailprio,
972 'body' => $body,
973 'identity' => $identity );
974
975 return ($ret);
976 } /* function newMail() */
977
978 /**
979 * downloads attachments from original message, stores them in attachment directory and adds
980 * them to composed message.
981 * @param object $message
982 * @param object $composeMessage
983 * @param integer $passed_id
984 * @param mixed $entities
985 * @param mixed $imapConnection
986 * @return object
987 */
988 function getAttachments($message, &$composeMessage, $passed_id, $entities, $imapConnection) {
989 global $squirrelmail_language, $languages;
990
991 if (!count($message->entities) ||
992 ($message->type0 == 'message' && $message->type1 == 'rfc822')) {
993 if ( !in_array($message->entity_id, $entities) && $message->entity_id) {
994 switch ($message->type0) {
995 case 'message':
996 if ($message->type1 == 'rfc822') {
997 $filename = $message->rfc822_header->subject;
998 if ($filename == "") {
999 $filename = "untitled-".$message->entity_id;
1000 }
1001 $filename .= '.msg';
1002 } else {
1003 $filename = $message->getFilename();
1004 }
1005 break;
1006 default:
1007 if (!$message->mime_header) { /* temporary hack */
1008 $message->mime_header = $message->header;
1009 }
1010 $filename = $message->getFilename();
1011 break;
1012 }
1013 $filename = str_replace('&#32;', ' ', decodeHeader($filename));
1014 if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
1015 function_exists($languages[$squirrelmail_language]['XTRA_CODE'] . '_encode')) {
1016 $filename = call_user_func($languages[$squirrelmail_language]['XTRA_CODE'] . '_encode', $filename);
1017 }
1018 $localfilename = sq_get_attach_tempfile();
1019 $message->att_local_name = $localfilename;
1020
1021 $composeMessage->initAttachment($message->type0.'/'.$message->type1,$filename,
1022 $localfilename);
1023
1024 /* Write Attachment to file */
1025 $fp = fopen ($localfilename, 'wb');
1026 mime_print_body_lines ($imapConnection, $passed_id, $message->entity_id, $message->header->encoding, $fp);
1027 fclose ($fp);
1028 }
1029 } else {
1030 for ($i=0, $entCount=count($message->entities); $i<$entCount;$i++) {
1031 $composeMessage=getAttachments($message->entities[$i], $composeMessage, $passed_id, $entities, $imapConnection);
1032 }
1033 }
1034 return $composeMessage;
1035 }
1036
1037 function getMessage_RFC822_Attachment($message, $composeMessage, $passed_id,
1038 $passed_ent_id='', $imapConnection) {
1039 if (!$passed_ent_id) {
1040 $body_a = sqimap_run_command($imapConnection,
1041 'FETCH '.$passed_id.' RFC822',
1042 TRUE, $response, $readmessage,
1043 TRUE);
1044 } else {
1045 $body_a = sqimap_run_command($imapConnection,
1046 'FETCH '.$passed_id.' BODY['.$passed_ent_id.']',
1047 TRUE, $response, $readmessage, TRUE);
1048 $message = $message->parent;
1049 }
1050 if ($response == 'OK') {
1051 $subject = encodeHeader($message->rfc822_header->subject);
1052 array_shift($body_a);
1053 array_pop($body_a);
1054 $body = implode('', $body_a) . "\r\n";
1055
1056 $localfilename = sq_get_attach_tempfile();
1057 $fp = fopen($localfilename, 'wb');
1058 fwrite ($fp, $body);
1059 fclose($fp);
1060 $composeMessage->initAttachment('message/rfc822',$subject.'.msg',
1061 $localfilename);
1062 }
1063 return $composeMessage;
1064 }
1065
1066 function showInputForm ($session, $values=false) {
1067 global $send_to, $send_to_cc, $body, $startMessage, $action,
1068 $color, $use_signature, $signature, $prefix_sig,
1069 $editor_size, $editor_height, $subject, $newmail,
1070 $use_javascript_addr_book, $send_to_bcc, $passed_id, $mailbox,
1071 $from_htmladdr_search, $location_of_buttons, $attachment_dir,
1072 $username, $data_dir, $identity, $idents, $delete_draft,
1073 $mailprio, $compose_new_win, $saved_draft, $mail_sent, $sig_first,
1074 $compose_messages, $composesession, $default_charset,
1075 $compose_onsubmit, $oTemplate, $oErrorHandler;
1076
1077 if (checkForJavascript()) {
1078 $onfocus = ' onfocus="alreadyFocused=true;"';
1079 $onfocus_array = array('onfocus' => 'alreadyFocused=true;');
1080 }
1081 else {
1082 $onfocus = '';
1083 $onfocus_array = array();
1084 }
1085
1086 $composeMessage = $compose_messages[$session];
1087 if ($values) {
1088 $send_to = $values['send_to'];
1089 $send_to_cc = $values['send_to_cc'];
1090 $send_to_bcc = $values['send_to_bcc'];
1091 $subject = $values['subject'];
1092 $mailprio = $values['mailprio'];
1093 $body = $values['body'];
1094 $identity = (int) $values['identity'];
1095 } else {
1096 $send_to = decodeHeader($send_to, true, false);
1097 $send_to_cc = decodeHeader($send_to_cc, true, false);
1098 $send_to_bcc = decodeHeader($send_to_bcc, true, false);
1099 }
1100
1101 if ($use_javascript_addr_book) {
1102 echo "\n". '<script type="text/javascript">'."\n<!--\n" .
1103 'function open_abook() { ' . "\n" .
1104 ' var nwin = window.open("addrbook_popup.php","abookpopup",' .
1105 '"width=670,height=300,resizable=yes,scrollbars=yes");' . "\n" .
1106 ' if((!nwin.opener) && (document.windows != null))' . "\n" .
1107 ' nwin.opener = document.windows;' . "\n" .
1108 "}\n" .
1109 "// -->\n</script>\n\n";
1110 }
1111
1112 echo "\n" . '<form name="compose" action="compose.php" method="post" ' .
1113 'enctype="multipart/form-data"';
1114
1115 $compose_onsubmit = array();
1116 global $null;
1117 do_hook('compose_form', $null);
1118
1119 // Plugins that use compose_form hook can add an array entry
1120 // to the globally scoped $compose_onsubmit; we add them up
1121 // here and format the form tag's full onsubmit handler.
1122 // Each plugin should use "return false" if they need to
1123 // stop form submission but otherwise should NOT use "return
1124 // true" to give other plugins the chance to do what they need
1125 // to do; SquirrelMail itself will add the final "return true".
1126 // Onsubmit text is enclosed inside of double quotes, so plugins
1127 // need to quote accordingly.
1128 if (checkForJavascript()) {
1129 $onsubmit_text = ' onsubmit="';
1130 if (empty($compose_onsubmit))
1131 $compose_onsubmit = array();
1132 else if (!is_array($compose_onsubmit))
1133 $compose_onsubmit = array($compose_onsubmit);
1134
1135 foreach ($compose_onsubmit as $text) {
1136 $text = trim($text);
1137 if (substr($text, -1) != ';' && substr($text, -1) != '}')
1138 $text .= '; ';
1139 $onsubmit_text .= $text;
1140 }
1141
1142 echo $onsubmit_text . ' return true;"';
1143 }
1144
1145
1146 echo ">\n";
1147
1148 echo addHidden('startMessage', $startMessage);
1149
1150 if ($action == 'draft') {
1151 echo addHidden('delete_draft', $passed_id);
1152 }
1153 if (isset($delete_draft)) {
1154 echo addHidden('delete_draft', $delete_draft);
1155 }
1156 if (isset($session)) {
1157 echo addHidden('session', $session);
1158 }
1159
1160 if (isset($passed_id)) {
1161 echo addHidden('passed_id', $passed_id);
1162 }
1163
1164 if ($saved_draft == 'yes') {
1165 $oTemplate->assign('note', _("Your draft has been saved."));
1166 $oTemplate->display('note.tpl');
1167 }
1168 if ($mail_sent == 'yes') {
1169 $oTemplate->assign('note', _("Your mail has been sent."));
1170 $oTemplate->display('note.tpl');
1171 }
1172 if ($compose_new_win == '1') {
1173 $oTemplate->display('compose_newwin_close.tpl');
1174 }
1175
1176 if ($location_of_buttons == 'top') {
1177 showComposeButtonRow();
1178 }
1179
1180 $identities = array();
1181 if (count($idents) > 1) {
1182 reset($idents);
1183 foreach($idents as $id => $data) {
1184 $identities[$id] = $data['full_name'].' &lt;'.$data['email_address'].'&gt;';
1185 }
1186 }
1187
1188 $oTemplate->assign('identities', $identities);
1189 $oTemplate->assign('identity_def', $identity);
1190 $oTemplate->assign('input_onfocus', 'onfocus="'.join(' ', $onfocus_array).'"');
1191
1192 $oTemplate->assign('to', htmlspecialchars($send_to));
1193 $oTemplate->assign('cc', htmlspecialchars($send_to_cc));
1194 $oTemplate->assign('bcc', htmlspecialchars($send_to_bcc));
1195 $oTemplate->assign('subject', htmlspecialchars($subject));
1196
1197 $oTemplate->display('compose_header.tpl');
1198
1199 if ($location_of_buttons == 'between') {
1200 showComposeButtonRow();
1201 }
1202
1203 $body_str = '';
1204 if ($use_signature == true && $newmail == true && !isset($from_htmladdr_search)) {
1205 $signature = $idents[$identity]['signature'];
1206
1207 if ($sig_first == '1') {
1208 /*
1209 * FIXME: test is specific to ja_JP translation implementation.
1210 * This test might apply incorrect conversion to other translations, but
1211 * use of 7bit iso-2022-jp charset in other translations might have other
1212 * issues too.
1213 */
1214 if ($default_charset == 'iso-2022-jp') {
1215 $body_str = "\n\n".($prefix_sig==true? "-- \n":'').mb_convert_encoding($signature, 'EUC-JP');
1216 } else {
1217 $body_str = "\n\n".($prefix_sig==true? "-- \n":'').decodeHeader($signature,false,false);
1218 }
1219 $body_str .= "\n\n".htmlspecialchars(decodeHeader($body,false,false));
1220 } else {
1221 $body_str = "\n\n".htmlspecialchars(decodeHeader($body,false,false));
1222 // FIXME: test is specific to ja_JP translation implementation. See above comments.
1223 if ($default_charset == 'iso-2022-jp') {
1224 $body_str .= "\n\n".($prefix_sig==true? "-- \n":'').mb_convert_encoding($signature, 'EUC-JP');
1225 } else {
1226 $body_str .= "\n\n".($prefix_sig==true? "-- \n":'').decodeHeader($signature,false,false);
1227 }
1228 }
1229 } else {
1230 $body_str = htmlspecialchars(decodeHeader($body,false,false));
1231 }
1232
1233 $oTemplate->assign('editor_width', (int)$editor_size);
1234 $oTemplate->assign('editor_height', (int)$editor_height);
1235 $oTemplate->assign('input_onfocus', 'onfocus="'.join(' ', $onfocus_array).'"');
1236 $oTemplate->assign('body', $body_str);
1237 $oTemplate->assign('show_bottom_send', $location_of_buttons!='bottom');
1238
1239 $oTemplate->display ('compose_body.tpl');
1240
1241 if ($location_of_buttons == 'bottom') {
1242 showComposeButtonRow();
1243 }
1244
1245 /* This code is for attachments */
1246 if ((bool) ini_get('file_uploads')) {
1247
1248 /* Calculate the max size for an uploaded file.
1249 * This is advisory for the user because we can't actually prevent
1250 * people to upload too large files. */
1251 $sizes = array();
1252 /* php.ini vars which influence the max for uploads */
1253 $configvars = array('post_max_size', 'memory_limit', 'upload_max_filesize');
1254 foreach($configvars as $var) {
1255 /* skip 0 or empty values, and -1 which means 'unlimited' */
1256 if( $size = getByteSize(ini_get($var)) ) {
1257 if ( $size != '-1' ) {
1258 $sizes[] = $size;
1259 }
1260 }
1261 }
1262
1263 $attach = array();
1264 if ($composeMessage->entities) {
1265 foreach ($composeMessage->entities as $key => $attachment) {
1266 $attached_file = $attachment->att_local_name;
1267 if ($attachment->att_local_name || $attachment->body_part) {
1268 $attached_filename = decodeHeader($attachment->mime_header->getParameter('name'));
1269 $type = $attachment->mime_header->type0.'/'.
1270 $attachment->mime_header->type1;
1271
1272 $a = array();
1273 $a['Key'] = $key;
1274 $a['FileName'] = $attached_filename;
1275 $a['ContentType'] = $type;
1276 $a['Size'] = filesize($attached_file);
1277 $attach[$key] = $a;
1278 }
1279 }
1280 }
1281
1282 $max = min($sizes);
1283 $oTemplate->assign('max_file_size', empty($max) ? -1 : $max);
1284 $oTemplate->assign('attachments', $attach);
1285
1286 $oTemplate->display('compose_attachments.tpl');
1287 } // End of file_uploads if-block
1288 /* End of attachment code */
1289
1290 //FIXME: no direct echoing to browser, no HTML output in core!
1291 echo addHidden('username', $username).
1292 addHidden('smaction', $action).
1293 addHidden('mailbox', $mailbox);
1294 /*
1295 store the complete ComposeMessages array in a hidden input value
1296 so we can restore them in case of a session timeout.
1297 */
1298 sqgetGlobalVar('QUERY_STRING', $queryString, SQ_SERVER);
1299 //FIXME: no direct echoing to browser, no HTML output in core!
1300 echo addHidden('restoremessages', urlencode(serialize($compose_messages))).
1301 addHidden('composesession', $composesession).
1302 addHidden('querystring', $queryString).
1303 "</form>\n";
1304 if (!(bool) ini_get('file_uploads')) {
1305 /* File uploads are off, so we didn't show that part of the form.
1306 To avoid bogus bug reports, tell the user why. */
1307 //FIXME: no direct echoing to browser, no HTML output in core!
1308 echo '<p style="text-align:center">'
1309 . _("Because PHP file uploads are turned off, you can not attach files to this message. Please see your system administrator for details.")
1310 . "</p>\r\n";
1311 }
1312
1313 if ($compose_new_win=='1') {
1314 $oTemplate->display('compose_newwin_close.tpl');
1315 }
1316
1317 do_hook('compose_bottom', $null);
1318
1319 $oErrorHandler->setDelayedErrors(false);
1320 $oTemplate->display('footer.tpl');
1321 }
1322
1323
1324 function showComposeButtonRow() {
1325 global $use_javascript_addr_book, $save_as_draft,
1326 $default_use_priority, $mailprio, $default_use_mdn,
1327 $request_mdn, $request_dr,
1328 $data_dir, $username;
1329
1330 global $oTemplate, $buffer_hook;
1331
1332 if ($default_use_priority) {
1333 $priorities = array('1'=>_("High"), '3'=>_("Normal"), '5'=>_("Low"));
1334 $priority = isset($mailprio) ? $mailprio : 3;
1335 } else {
1336 $priorities = array();
1337 $priority = NULL;
1338 }
1339
1340 $mdn_user_support=getPref($data_dir, $username, 'mdn_user_support',$default_use_mdn);
1341
1342 if ($use_javascript_addr_book && checkForJavascript()) {
1343 $addr_book = addButton(_("Addresses"), null, array('onclick' => 'javascript:open_abook();'));
1344 } else {
1345 $addr_book = addSubmit(_("Addresses"), 'html_addr_search');
1346 }
1347
1348 $oTemplate->assign('allow_priority', $default_use_priority==1);
1349 $oTemplate->assign('priority_list', $priorities);
1350 $oTemplate->assign('current_priority', $priority);
1351
1352 $oTemplate->assign('notifications_enabled', $mdn_user_support==1);
1353 $oTemplate->assign('read_receipt', $request_mdn=='1');
1354 $oTemplate->assign('delivery_receipt', $request_dr=='1');
1355
1356 $oTemplate->assign('drafts_enabled', $save_as_draft);
1357 $oTemplate->assign('address_book_button', $addr_book);
1358
1359 $oTemplate->display('compose_buttons.tpl');
1360 }
1361
1362 function checkInput ($show) {
1363 /*
1364 * I implemented the $show variable because the error messages
1365 * were getting sent before the page header. So, I check once
1366 * using $show=false, and then when i'm ready to display the error
1367 * message, show=true
1368 */
1369 global $send_to, $send_to_bcc;
1370
1371 if ($send_to == '' && $send_to_bcc == '') {
1372 if ($show) {
1373 plain_error_message(_("You have not filled in the \"To:\" field."));
1374 }
1375 return false;
1376 }
1377 return true;
1378 } /* function checkInput() */
1379
1380
1381 /* True if FAILURE */
1382 function saveAttachedFiles($session) {
1383 global $compose_messages;
1384
1385 /* get out of here if no file was attached at all */
1386 if (! is_uploaded_file($_FILES['attachfile']['tmp_name']) ) {
1387 return true;
1388 }
1389
1390 $localfilename = sq_get_attach_tempfile();
1391
1392 // m_u_f works better with restricted PHP installs (safe_mode, open_basedir),
1393 // if that doesn't work, try a simple rename.
1394 if (!@move_uploaded_file($_FILES['attachfile']['tmp_name'],$localfilename)) {
1395 if (!@rename($_FILES['attachfile']['tmp_name'], $localfilename)) {
1396 return true;
1397 }
1398 }
1399 $message = $compose_messages[$session];
1400 $type = strtolower($_FILES['attachfile']['type']);
1401 $name = $_FILES['attachfile']['name'];
1402 $message->initAttachment($type, $name, $localfilename);
1403 $compose_messages[$session] = $message;
1404 sqsession_register($compose_messages , 'compose_messages');
1405 }
1406
1407 /* parse values like 8M and 2k into bytes */
1408 function getByteSize($ini_size) {
1409
1410 if(!$ini_size) {
1411 return FALSE;
1412 }
1413
1414 $ini_size = trim($ini_size);
1415
1416 // if there's some kind of letter at the end of the string we need to multiply.
1417 if(!is_numeric(substr($ini_size, -1))) {
1418
1419 switch(strtoupper(substr($ini_size, -1))) {
1420 case 'G':
1421 $bytesize = 1073741824;
1422 break;
1423 case 'M':
1424 $bytesize = 1048576;
1425 break;
1426 case 'K':
1427 $bytesize = 1024;
1428 break;
1429 }
1430
1431 return ($bytesize * (int)substr($ini_size, 0, -1));
1432 }
1433
1434 return $ini_size;
1435 }
1436
1437
1438 /**
1439 * temporary function to make use of the deliver class.
1440 * In the future the responsible backend should be automaticly loaded
1441 * and conf.pl should show a list of available backends.
1442 * The message also should be constructed by the message class.
1443 */
1444 function deliverMessage($composeMessage, $draft=false) {
1445 global $send_to, $send_to_cc, $send_to_bcc, $mailprio, $subject, $body,
1446 $username, $popuser, $usernamedata, $identity, $idents, $data_dir,
1447 $request_mdn, $request_dr, $default_charset, $color, $useSendmail,
1448 $domain, $action, $default_move_to_sent, $move_to_sent;
1449 global $imapServerAddress, $imapPort, $sent_folder, $key;
1450
1451 $rfc822_header = $composeMessage->rfc822_header;
1452
1453 $abook = addressbook_init(false, true);
1454 $rfc822_header->to = $rfc822_header->parseAddress($send_to,true, array(), '', $domain, array(&$abook,'lookup'));
1455 $rfc822_header->cc = $rfc822_header->parseAddress($send_to_cc,true,array(), '',$domain, array(&$abook,'lookup'));
1456 $rfc822_header->bcc = $rfc822_header->parseAddress($send_to_bcc,true, array(), '',$domain, array(&$abook,'lookup'));
1457 $rfc822_header->priority = $mailprio;
1458 $rfc822_header->subject = $subject;
1459
1460 $special_encoding='';
1461 if (strtolower($default_charset) == 'iso-2022-jp') {
1462 if (mb_detect_encoding($body) == 'ASCII') {
1463 $special_encoding = '8bit';
1464 } else {
1465 $body = mb_convert_encoding($body, 'JIS');
1466 $special_encoding = '7bit';
1467 }
1468 }
1469 $composeMessage->setBody($body);
1470
1471 if (ereg("^([^@%/]+)[@%/](.+)$", $username, $usernamedata)) {
1472 $popuser = $usernamedata[1];
1473 $domain = $usernamedata[2];
1474 unset($usernamedata);
1475 } else {
1476 $popuser = $username;
1477 }
1478 $reply_to = '';
1479 $from_mail = $idents[$identity]['email_address'];
1480 $full_name = $idents[$identity]['full_name'];
1481 $reply_to = $idents[$identity]['reply_to'];
1482 if (!$from_mail) {
1483 $from_mail = "$popuser@$domain";
1484 }
1485 $rfc822_header->from = $rfc822_header->parseAddress($from_mail,true);
1486 if ($full_name) {
1487 $from = $rfc822_header->from[0];
1488 if (!$from->host) $from->host = $domain;
1489 $full_name_encoded = encodeHeader($full_name);
1490 if ($full_name_encoded != $full_name) {
1491 $from_addr = $full_name_encoded .' <'.$from->mailbox.'@'.$from->host.'>';
1492 } else {
1493 $from_addr = '"'.$full_name .'" <'.$from->mailbox.'@'.$from->host.'>';
1494 }
1495 $rfc822_header->from = $rfc822_header->parseAddress($from_addr,true);
1496 }
1497 if ($reply_to) {
1498 $rfc822_header->reply_to = $rfc822_header->parseAddress($reply_to,true);
1499 }
1500 /* Receipt: On Read */
1501 if (isset($request_mdn) && $request_mdn) {
1502 $rfc822_header->dnt = $rfc822_header->parseAddress($from_mail,true);
1503 } elseif (isset($rfc822_header->dnt)) {
1504 unset($rfc822_header->dnt);
1505 }
1506
1507 /* Receipt: On Delivery */
1508 if (isset($request_dr) && $request_dr) {
1509 $rfc822_header->more_headers['Return-Receipt-To'] = $from_mail;
1510 } elseif (isset($rfc822_header->more_headers['Return-Receipt-To'])) {
1511 unset($rfc822_header->more_headers['Return-Receipt-To']);
1512 }
1513
1514 /* multipart messages */
1515 if (count($composeMessage->entities)) {
1516 $message_body = new Message();
1517 $message_body->body_part = $composeMessage->body_part;
1518 $composeMessage->body_part = '';
1519 $mime_header = new MessageHeader;
1520 $mime_header->type0 = 'text';
1521 $mime_header->type1 = 'plain';
1522 if ($special_encoding) {
1523 $mime_header->encoding = $special_encoding;
1524 } else {
1525 $mime_header->encoding = '8bit';
1526 }
1527 if ($default_charset) {
1528 $mime_header->parameters['charset'] = $default_charset;
1529 }
1530 $message_body->mime_header = $mime_header;
1531 array_unshift($composeMessage->entities, $message_body);
1532 $content_type = new ContentType('multipart/mixed');
1533 } else {
1534 $content_type = new ContentType('text/plain');
1535 if ($special_encoding) {
1536 $rfc822_header->encoding = $special_encoding;
1537 } else {
1538 $rfc822_header->encoding = '8bit';
1539 }
1540 if ($default_charset) {
1541 $content_type->properties['charset']=$default_charset;
1542 }
1543 }
1544
1545 $rfc822_header->content_type = $content_type;
1546 $composeMessage->rfc822_header = $rfc822_header;
1547
1548 /* Here you can modify the message structure just before we hand
1549 it over to deliver; plugin authors note that $composeMessage
1550 is sent and modified by reference since 1.5.2 */
1551 do_hook('compose_send', $composeMessage);
1552
1553 if (!$useSendmail && !$draft) {
1554 require_once(SM_PATH . 'class/deliver/Deliver_SMTP.class.php');
1555 $deliver = new Deliver_SMTP();
1556 global $smtpServerAddress, $smtpPort, $pop_before_smtp;
1557
1558 $authPop = (isset($pop_before_smtp) && $pop_before_smtp) ? true : false;
1559 get_smtp_user($user, $pass);
1560 $stream = $deliver->initStream($composeMessage,$domain,0,
1561 $smtpServerAddress, $smtpPort, $user, $pass, $authPop);
1562 } elseif (!$draft) {
1563 require_once(SM_PATH . 'class/deliver/Deliver_SendMail.class.php');
1564 global $sendmail_path, $sendmail_args;
1565 // Check for outdated configuration
1566 if (!isset($sendmail_args)) {
1567 if ($sendmail_path=='/var/qmail/bin/qmail-inject') {
1568 $sendmail_args = '';
1569 } else {
1570 $sendmail_args = '-i -t';
1571 }
1572 }
1573 $deliver = new Deliver_SendMail(array('sendmail_args'=>$sendmail_args));
1574 $stream = $deliver->initStream($composeMessage,$sendmail_path);
1575 } elseif ($draft) {
1576 global $draft_folder;
1577 require_once(SM_PATH . 'class/deliver/Deliver_IMAP.class.php');
1578 $imap_stream = sqimap_login($username, false, $imapServerAddress,
1579 $imapPort, 0);
1580 if (sqimap_mailbox_exists ($imap_stream, $draft_folder)) {
1581 require_once(SM_PATH . 'class/deliver/Deliver_IMAP.class.php');
1582 $imap_deliver = new Deliver_IMAP();
1583 $length = $imap_deliver->mail($composeMessage);
1584 sqimap_append ($imap_stream, $draft_folder, $length);
1585 $imap_deliver->mail($composeMessage, $imap_stream);
1586 sqimap_append_done ($imap_stream, $draft_folder);
1587 sqimap_logout($imap_stream);
1588 unset ($imap_deliver);
1589 $composeMessage->purgeAttachments();
1590 return $length;
1591 } else {
1592 $msg = '<br />'.sprintf(_("Error: Draft folder %s does not exist."), htmlspecialchars($draft_folder));
1593 plain_error_message($msg);
1594 return false;
1595 }
1596 }
1597 $success = false;
1598 if ($stream) {
1599 $length = $deliver->mail($composeMessage, $stream);
1600 $success = $deliver->finalizeStream($stream);
1601 }
1602 if (!$success) {
1603 // $deliver->dlv_server_msg is not always server's reply
1604 $msg = _("Message not sent.") . "<br />\n" .
1605 $deliver->dlv_msg;
1606 if (!empty($deliver->dlv_server_msg)) {
1607 // add 'server replied' part only when it is not empty.
1608 // Delivery error can be generated by delivery class itself
1609 $msg.='<br />' .
1610 _("Server replied:") . ' ' . $deliver->dlv_ret_nr . ' ' .
1611 nl2br(htmlspecialchars($deliver->dlv_server_msg));
1612 }
1613 plain_error_message($msg);
1614 } else {
1615 unset ($deliver);
1616 $move_to_sent = getPref($data_dir,$username,'move_to_sent');
1617 $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
1618
1619 /* Move to sent code */
1620 if (isset($default_move_to_sent) && ($default_move_to_sent != 0)) {
1621 $svr_allow_sent = true;
1622 } else {
1623 $svr_allow_sent = false;
1624 }
1625
1626 if (isset($sent_folder) && (($sent_folder != '') || ($sent_folder != 'none'))
1627 && sqimap_mailbox_exists( $imap_stream, $sent_folder)) {
1628 $fld_sent = true;
1629 } else {
1630 $fld_sent = false;
1631 }
1632
1633 if ((isset($move_to_sent) && ($move_to_sent != 0)) || (!isset($move_to_sent))) {
1634 $lcl_allow_sent = true;
1635 } else {
1636 $lcl_allow_sent = false;
1637 }
1638
1639 if (($fld_sent && $svr_allow_sent && !$lcl_allow_sent) || ($fld_sent && $lcl_allow_sent)) {
1640 global $passed_id, $mailbox, $action;
1641 if ($action == 'reply' || $action == 'reply_all') {
1642 $save_reply_with_orig=getPref($data_dir,$username,'save_reply_with_orig');
1643 if ($save_reply_with_orig) {
1644 $sent_folder = $mailbox;
1645 }
1646 }
1647 sqimap_append ($imap_stream, $sent_folder, $length);
1648 require_once(SM_PATH . 'class/deliver/Deliver_IMAP.class.php');
1649 $imap_deliver = new Deliver_IMAP();
1650 $imap_deliver->mail($composeMessage, $imap_stream);
1651 sqimap_append_done ($imap_stream, $sent_folder);
1652 unset ($imap_deliver);
1653 }
1654
1655 global $passed_id, $mailbox, $action, $what, $iAccount,$startMessage;
1656
1657 $composeMessage->purgeAttachments();
1658 if ($action=='reply' || $action=='reply_all' || $action=='forward' || $action=='forward_as_attachment') {
1659 require(SM_PATH . 'functions/mailbox_display.php');
1660 $aMailbox = sqm_api_mailbox_select($imap_stream, $iAccount, $mailbox,array('setindex' => $what, 'offset' => $startMessage),array());
1661 switch($action) {
1662 case 'reply':
1663 case 'reply_all':
1664 // check if we are allowed to set the \\Answered flag
1665 if (in_array('\\answered',$aMailbox['PERMANENTFLAGS'], true)) {
1666 $aUpdatedMsgs = sqimap_toggle_flag($imap_stream, array($passed_id), '\\Answered', true, false);
1667 if (isset($aUpdatedMsgs[$passed_id]['FLAGS'])) {
1668 /**
1669 * Only update the cached headers if the header is
1670 * cached.
1671 */
1672 if (isset($aMailbox['MSG_HEADERS'][$passed_id])) {
1673 $aMailbox['MSG_HEADERS'][$passed_id]['FLAGS'] = $aMsg['FLAGS'];
1674 }
1675 }
1676 }
1677 break;
1678 case 'forward':
1679 case 'forward_as_attachment':
1680 // check if we are allowed to set the $Forwarded flag (RFC 4550 paragraph 2.8)
1681 if (in_array('$forwarded',$aMailbox['PERMANENTFLAGS'], true) ||
1682 in_array('\\*',$aMailbox['PERMANENTFLAGS'])) {
1683
1684 $aUpdatedMsgs = sqimap_toggle_flag($imap_stream, array($passed_id), '$Forwarded', true, false);
1685 if (isset($aUpdatedMsgs[$passed_id]['FLAGS'])) {
1686 if (isset($aMailbox['MSG_HEADERS'][$passed_id])) {
1687 $aMailbox['MSG_HEADERS'][$passed_id]['FLAGS'] = $aMsg['FLAGS'];
1688 }
1689 }
1690 }
1691 break;
1692 }
1693
1694 /**
1695 * Write mailbox with updated seen flag information back to cache.
1696 */
1697 if(isset($aUpdatedMsgs[$passed_id])) {
1698 $mailbox_cache[$iAccount.'_'.$aMailbox['NAME']] = $aMailbox;
1699 sqsession_register($mailbox_cache,'mailbox_cache');
1700 }
1701
1702 sqimap_logout($imap_stream);
1703 }
1704 }
1705 return $success;
1706 }
1707 ?>
Unnamed repository; edit this file 'description' to name the repository.