projects / squirrelmail.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Make compose.php XSS-safe by encoding all untrusted data. I'm using the new
[squirrelmail.git] / src / compose.php
1 <?php
2
3 /**
4 * compose.php
5 *
6 * Copyright (c) 1999-2004 The SquirrelMail Project Team
7 * Licensed under the GNU GPL. For full terms see the file COPYING.
8 *
9 * This code sends a mail.
10 *
11 * There are 4 modes of operation:
12 * - Start new mail
13 * - Add an attachment
14 * - Send mail
15 * - Save As Draft
16 *
17 * $Id$
18 * @package squirrelmail
19 */
20
21 /** Path for SquirrelMail required files. */
22 define('SM_PATH','../');
23
24 /* SquirrelMail required files. */
25 require_once(SM_PATH . 'include/validate.php');
26 require_once(SM_PATH . 'functions/global.php');
27 require_once(SM_PATH . 'functions/imap.php');
28 require_once(SM_PATH . 'functions/date.php');
29 require_once(SM_PATH . 'functions/mime.php');
30 require_once(SM_PATH . 'functions/plugin.php');
31 require_once(SM_PATH . 'functions/display_messages.php');
32 require_once(SM_PATH . 'class/deliver/Deliver.class.php');
33 require_once(SM_PATH . 'functions/addressbook.php');
34 require_once(SM_PATH . 'functions/identity.php');
35 require_once(SM_PATH . 'functions/forms.php');
36
37 /* --------------------- Get globals ------------------------------------- */
38 /** COOKIE VARS */
39 sqgetGlobalVar('key', $key, SQ_COOKIE);
40
41 /** SESSION VARS */
42 sqgetGlobalVar('username', $username, SQ_SESSION);
43 sqgetGlobalVar('onetimepad',$onetimepad, SQ_SESSION);
44 sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
45 sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
46
47 sqgetGlobalVar('composesession', $composesession, SQ_SESSION);
48 sqgetGlobalVar('compose_messages', $compose_messages, SQ_SESSION);
49
50 /** SESSION/POST/GET VARS */
51 sqgetGlobalVar('session',$session);
52 sqgetGlobalVar('mailbox',$mailbox);
53 if(!sqgetGlobalVar('identity',$identity)) {
54 $identity=0;
55 }
56 sqgetGlobalVar('send_to',$send_to);
57 sqgetGlobalVar('send_to_cc',$send_to_cc);
58 sqgetGlobalVar('send_to_bcc',$send_to_bcc);
59 sqgetGlobalVar('subject',$subject);
60 sqgetGlobalVar('body',$body);
61 sqgetGlobalVar('mailprio',$mailprio);
62 sqgetGlobalVar('request_mdn',$request_mdn);
63 sqgetGlobalVar('request_dr',$request_dr);
64 sqgetGlobalVar('html_addr_search',$html_addr_search);
65 sqgetGlobalVar('mail_sent',$mail_sent);
66 sqgetGlobalVar('passed_id',$passed_id);
67 sqgetGlobalVar('passed_ent_id',$passed_ent_id);
68 sqgetGlobalVar('send',$send);
69
70 sqgetGlobalVar('attach',$attach);
71
72 sqgetGlobalVar('draft',$draft);
73 sqgetGlobalVar('draft_id',$draft_id);
74 sqgetGlobalVar('ent_num',$ent_num);
75 sqgetGlobalVar('saved_draft',$saved_draft);
76 sqgetGlobalVar('delete_draft',$delete_draft);
77 sqgetGlobalVar('startMessage',$startMessage);
78
79 /** POST VARS */
80 sqgetGlobalVar('sigappend', $sigappend, SQ_POST);
81 sqgetGlobalVar('from_htmladdr_search', $from_htmladdr_search, SQ_POST);
82 sqgetGlobalVar('addr_search_done', $html_addr_search_done, SQ_POST);
83 sqgetGlobalVar('send_to_search', $send_to_search, SQ_POST);
84 sqgetGlobalVar('do_delete', $do_delete, SQ_POST);
85 sqgetGlobalVar('delete', $delete, SQ_POST);
86 sqgetGlobalVar('restoremessages', $restoremessages, SQ_POST);
87 if ( sqgetGlobalVar('return', $temp, SQ_POST) ) {
88 $html_addr_search_done = 'Use Addresses';
89 }
90
91 /** GET VARS */
92 sqgetGlobalVar('attachedmessages', $attachedmessages, SQ_GET);
93
94 /** get smaction */
95 if ( !sqgetGlobalVar('smaction',$action) )
96 {
97 if ( sqgetGlobalVar('smaction_reply',$tmp) ) $action = 'reply';
98 if ( sqgetGlobalVar('smaction_reply_all',$tmp) ) $action = 'reply_all';
99 if ( sqgetGlobalVar('smaction_forward',$tmp) ) $action = 'forward';
100 if ( sqgetGlobalVar('smaction_attache',$tmp) ) $action = 'forward_as_attachment';
101 }
102
103 /* Location (For HTTP 1.1 Header("Location: ...") redirects) */
104 $location = get_location();
105 /* Identities (fetch only once) */
106 $idents = get_identities();
107
108 /* --------------------- Specific Functions ------------------------------ */
109
110 function replyAllString($header) {
111 global $include_self_reply_all, $idents;
112 $excl_ar = array();
113 /**
114 * 1) Remove the addresses we'll be sending the message 'to'
115 */
116 $url_replytoall_avoid_addrs = '';
117 if (isset($header->replyto)) {
118 $excl_ar = $header->getAddr_a('replyto');
119 }
120 /**
121 * 2) Remove our identities from the CC list (they still can be in the
122 * TO list) only if $include_self_reply_all is turned off
123 */
124 if (!$include_self_reply_all) {
125 foreach($idents as $id) {
126 $excl_ar[strtolower(trim($id['email_address']))] = '';
127 }
128 }
129
130 /**
131 * 3) get the addresses.
132 */
133 $url_replytoall_ar = $header->getAddr_a(array('to','cc'), $excl_ar);
134
135 /**
136 * 4) generate the string.
137 */
138 $url_replytoallcc = '';
139 foreach( $url_replytoall_ar as $email => $personal) {
140 if ($personal) {
141 // if personal name contains address separator then surround
142 // the personal name with double quotes.
143 if (strpos($personal,',') !== false) {
144 $personal = '"'.$personal.'"';
145 }
146 $url_replytoallcc .= ", $personal <$email>";
147 } else {
148 $url_replytoallcc .= ', '. $email;
149 }
150 }
151 $url_replytoallcc = substr($url_replytoallcc,2);
152
153 return $url_replytoallcc;
154 }
155
156 function getReplyCitation($orig_from, $orig_date) {
157 global $reply_citation_style, $reply_citation_start, $reply_citation_end;
158 $orig_from = decodeHeader($orig_from->getAddress(false),false,false,true);
159 // $from = decodeHeader($orig_header->getAddr_s('from',"\n$indent"),false,false);
160 /* First, return an empty string when no citation style selected. */
161 if (($reply_citation_style == '') || ($reply_citation_style == 'none')) {
162 return '';
163 }
164
165 /* Make sure our final value isn't an empty string. */
166 if ($orig_from == '') {
167 return '';
168 }
169
170 /* Otherwise, try to select the desired citation style. */
171 switch ($reply_citation_style) {
172 case 'author_said':
173 $start = '';
174 $end = ' ' . _("said") . ':';
175 break;
176 case 'quote_who':
177 $start = '<' . _("quote") . ' ' . _("who") . '="';
178 $end = '">';
179 break;
180 case 'date_time_author':
181 $start = 'On ' . getLongDateString($orig_date) . ', ';
182 $end = ' ' . _("said") . ':';
183 break;
184 case 'user-defined':
185 $start = $reply_citation_start .
186 ($reply_citation_start == '' ? '' : ' ');
187 $end = $reply_citation_end;
188 break;
189 default:
190 return '';
191 }
192
193 /* Build and return the citation string. */
194 return ($start . $orig_from . $end . "\n");
195 }
196
197 function getforwardHeader($orig_header) {
198 global $editor_size;
199
200 $display = array( _("Subject") => strlen(_("Subject")),
201 _("From") => strlen(_("From")),
202 _("Date") => strlen(_("Date")),
203 _("To") => strlen(_("To")),
204 _("Cc") => strlen(_("Cc")) );
205 $maxsize = max($display);
206 $indent = str_pad('',$maxsize+2);
207 foreach($display as $key => $val) {
208 $display[$key] = $key .': '. str_pad('', $maxsize - $val);
209 }
210 $from = decodeHeader($orig_header->getAddr_s('from',"\n$indent"),false,false,true);
211 $from = str_replace('&nbsp;',' ',$from);
212 $to = decodeHeader($orig_header->getAddr_s('to',"\n$indent"),false,false,true);
213 $to = str_replace('&nbsp;',' ',$to);
214 $subject = decodeHeader($orig_header->subject,false,false,true);
215 $subject = str_replace('&nbsp;',' ',$subject);
216 $bodyTop = str_pad(' '._("Original Message").' ',$editor_size -2,'-',STR_PAD_BOTH) .
217 "\n". $display[_("Subject")] . $subject . "\n" .
218 $display[_("From")] . $from . "\n" .
219 $display[_("Date")] . getLongDateString( $orig_header->date ). "\n" .
220 $display[_("To")] . $to . "\n";
221 if ($orig_header->cc != array() && $orig_header->cc !='') {
222 $cc = decodeHeader($orig_header->getAddr_s('cc',"\n$indent"),false,false,true);
223 $cc = str_replace('&nbsp;',' ',$cc);
224 $bodyTop .= $display[_("Cc")] .$cc . "\n";
225 }
226 $bodyTop .= str_pad('', $editor_size -2 , '-') .
227 "\n\n";
228 return $bodyTop;
229 }
230 /* ----------------------------------------------------------------------- */
231
232 /*
233 * If the session is expired during a post this restores the compose session
234 * vars.
235 */
236 if (sqsession_is_registered('session_expired_post')) {
237 sqgetGlobalVar('session_expired_post', $session_expired_post, SQ_SESSION);
238 /*
239 * extra check for username so we don't display previous post data from
240 * another user during this session.
241 */
242 if ($session_expired_post['username'] != $username) {
243 unset($session_expired_post);
244 sqsession_unregister('session_expired_post');
245 session_write_close();
246 } else {
247 foreach ($session_expired_post as $postvar => $val) {
248 if (isset($val)) {
249 $$postvar = $val;
250 } else {
251 $$postvar = '';
252 }
253 }
254 $compose_messages = unserialize(urldecode($restoremessages));
255 sqsession_register($compose_messages,'compose_messages');
256 sqsession_register($composesession,'composesession');
257 if (isset($send)) {
258 unset($send);
259 }
260 $session_expired = true;
261 }
262 unset($session_expired_post);
263 sqsession_unregister('session_expired_post');
264 session_write_close();
265 if (!isset($mailbox)) {
266 $mailbox = '';
267 }
268 if ($compose_new_win == '1') {
269 compose_Header($color, $mailbox);
270 } else {
271 displayPageHeader($color, $mailbox);
272 }
273 showInputForm($session, false);
274 exit();
275 }
276 if (!isset($composesession)) {
277 $composesession = 0;
278 sqsession_register(0,'composesession');
279 }
280
281 if (!isset($session) || (isset($newmessage) && $newmessage)) {
282 sqsession_unregister('composesession');
283 $session = "$composesession" +1;
284 $composesession = $session;
285 sqsession_register($composesession,'composesession');
286 }
287 if (!isset($compose_messages)) {
288 $compose_messages = array();
289 }
290 if (!isset($compose_messages[$session]) || ($compose_messages[$session] == NULL)) {
291 /* if (!array_key_exists($session, $compose_messages)) { /* We can only do this in PHP >= 4.1 */
292 $composeMessage = new Message();
293 $rfc822_header = new Rfc822Header();
294 $composeMessage->rfc822_header = $rfc822_header;
295 $composeMessage->reply_rfc822_header = '';
296 $compose_messages[$session] = $composeMessage;
297 sqsession_register($compose_messages,'compose_messages');
298 } else {
299 $composeMessage=$compose_messages[$session];
300 }
301
302 if (!isset($mailbox) || $mailbox == '' || ($mailbox == 'None')) {
303 $mailbox = 'INBOX';
304 }
305
306 if ($draft) {
307 /*
308 * Set $default_charset to correspond with the user's selection
309 * of language interface.
310 */
311 set_my_charset();
312 $composeMessage=$compose_messages[$session];
313 if (! deliverMessage($composeMessage, true)) {
314 showInputForm($session);
315 exit();
316 } else {
317 unset($compose_messages[$session]);
318 $draft_message = _("Draft Email Saved");
319 /* If this is a resumed draft, then delete the original */
320 if(isset($delete_draft)) {
321 Header("Location: $location/delete_message.php?mailbox=" . urlencode($draft_folder) .
322 "&message=$delete_draft&sort=$sort&startMessage=1&saved_draft=yes");
323 exit();
324 }
325 else {
326 if ($compose_new_win == '1') {
327 Header("Location: $location/compose.php?saved_draft=yes&session=$composesession");
328 exit();
329 }
330 else {
331 Header("Location: $location/right_main.php?mailbox=$draft_folder&sort=$sort".
332 "&startMessage=1&note=".urlencode($draft_message));
333 exit();
334 }
335 }
336 }
337 }
338
339 if ($send) {
340 if (isset($_FILES['attachfile']) &&
341 $_FILES['attachfile']['tmp_name'] &&
342 $_FILES['attachfile']['tmp_name'] != 'none') {
343 $AttachFailure = saveAttachedFiles($session);
344 }
345 if (checkInput(false) && !isset($AttachFailure)) {
346 if ($mailbox == "All Folders") {
347 /* We entered compose via the search results page */
348 $mailbox="INBOX"; /* Send 'em to INBOX, that's safe enough */
349 }
350 $urlMailbox = urlencode (trim($mailbox));
351 if (! isset($passed_id)) {
352 $passed_id = 0;
353 }
354 /*
355 * Set $default_charset to correspond with the user's selection
356 * of language interface.
357 */
358 set_my_charset();
359 /*
360 * This is to change all newlines to \n
361 * We'll change them to \r\n later (in the sendMessage function)
362 */
363 $body = str_replace("\r\n", "\n", $body);
364 $body = str_replace("\r", "\n", $body);
365
366 /*
367 * Rewrap $body so that no line is bigger than $editor_size
368 * This should only really kick in the sqWordWrap function
369 * if the browser doesn't support "VIRTUAL" as the wrap type.
370 */
371 $body = explode("\n", $body);
372 $newBody = '';
373 foreach ($body as $line) {
374 if( $line <> '-- ' ) {
375 $line = rtrim($line);
376 }
377 if (strlen($line) <= $editor_size + 1) {
378 $newBody .= $line . "\n";
379 } else {
380 sqWordWrap($line, $editor_size);
381 $newBody .= $line . "\n";
382
383 }
384
385 }
386 $body = $newBody;
387
388 $composeMessage=$compose_messages[$session];
389
390 $Result = deliverMessage($composeMessage);
391 if (! $Result) {
392 showInputForm($session);
393 exit();
394 }
395 unset($compose_messages[$session]);
396 if ( isset($delete_draft)) {
397 Header("Location: $location/delete_message.php?mailbox=" . urlencode( $draft_folder ).
398 "&message=$delete_draft&sort=$sort&startMessage=1&mail_sent=yes");
399 exit();
400 }
401 if ($compose_new_win == '1') {
402
403 Header("Location: $location/compose.php?mail_sent=yes");
404 }
405 else {
406 Header("Location: $location/right_main.php?mailbox=$urlMailbox&sort=$sort".
407 "&startMessage=$startMessage&mail_sent=yes");
408 }
409 } else {
410 if ($compose_new_win == '1') {
411 compose_Header($color, $mailbox);
412 }
413 else {
414 displayPageHeader($color, $mailbox);
415 }
416 if (isset($AttachFailure)) {
417 plain_error_message(_("Could not move/copy file. File not attached"),
418 $color);
419 }
420 checkInput(true);
421 showInputForm($session);
422 /* sqimap_logout($imapConnection); */
423 }
424 } elseif (isset($html_addr_search_done)) {
425 if ($compose_new_win == '1') {
426 compose_Header($color, $mailbox);
427 }
428 else {
429 displayPageHeader($color, $mailbox);
430 }
431
432 if (isset($send_to_search) && is_array($send_to_search)) {
433 foreach ($send_to_search as $k => $v) {
434 if (substr($k, 0, 1) == 'T') {
435 if ($send_to) {
436 $send_to .= ', ';
437 }
438 $send_to .= $v;
439 }
440 elseif (substr($k, 0, 1) == 'C') {
441 if ($send_to_cc) {
442 $send_to_cc .= ', ';
443 }
444 $send_to_cc .= $v;
445 }
446 elseif (substr($k, 0, 1) == 'B') {
447 if ($send_to_bcc) {
448 $send_to_bcc .= ', ';
449 }
450 $send_to_bcc .= $v;
451 }
452 }
453 }
454 showInputForm($session);
455 } elseif (isset($html_addr_search)) {
456 if (isset($_FILES['attachfile']) &&
457 $_FILES['attachfile']['tmp_name'] &&
458 $_FILES['attachfile']['tmp_name'] != 'none') {
459 if(saveAttachedFiles($session)) {
460 plain_error_message(_("Could not move/copy file. File not attached"), $color);
461 }
462 }
463 /*
464 * I am using an include so as to elminiate an extra unnecessary
465 * click. If you can think of a better way, please implement it.
466 */
467 include_once('./addrbook_search_html.php');
468 } elseif (isset($attach)) {
469 if (saveAttachedFiles($session)) {
470 plain_error_message(_("Could not move/copy file. File not attached"), $color);
471 }
472 if ($compose_new_win == '1') {
473 compose_Header($color, $mailbox);
474 }
475 else {
476 displayPageHeader($color, $mailbox);
477 }
478 showInputForm($session);
479 }
480 elseif (isset($sigappend)) {
481 $signature = $idents[$identity]['signature'];
482
483 $body .= "\n\n".($prefix_sig==true? "-- \n":'').$signature;
484 if ($compose_new_win == '1') {
485 compose_Header($color, $mailbox);
486 } else {
487 displayPageHeader($color, $mailbox);
488 }
489 showInputForm($session);
490 } elseif (isset($do_delete)) {
491 if ($compose_new_win == '1') {
492 compose_Header($color, $mailbox);
493 }
494 else {
495 displayPageHeader($color, $mailbox);
496 }
497
498 if (isset($delete) && is_array($delete)) {
499 $composeMessage = $compose_messages[$session];
500 foreach($delete as $index) {
501 $attached_file = $composeMessage->entities[$index]->att_local_name;
502 unlink ($attached_file);
503 unset ($composeMessage->entities[$index]);
504 }
505 $new_entities = array();
506 foreach ($composeMessage->entities as $entity) {
507 $new_entities[] = $entity;
508 }
509 $composeMessage->entities = $new_entities;
510 $compose_messages[$session] = $composeMessage;
511 sqsession_register($compose_messages, 'compose_messages');
512 }
513 showInputForm($session);
514 } else {
515 /*
516 * This handles the default case as well as the error case
517 * (they had the same code) --> if (isset($smtpErrors))
518 */
519
520 if ($compose_new_win == '1') {
521 compose_Header($color, $mailbox);
522 } else {
523 displayPageHeader($color, $mailbox);
524 }
525
526 $newmail = true;
527
528 if (!isset($passed_ent_id)) {
529 $passed_ent_id = '';
530 }
531 if (!isset($passed_id)) {
532 $passed_id = '';
533 }
534 if (!isset($mailbox)) {
535 $mailbox = '';
536 }
537 if (!isset($action)) {
538 $action = '';
539 }
540
541 $values = newMail($mailbox,$passed_id,$passed_ent_id, $action, $session);
542
543 /* in case the origin is not read_body.php */
544 if (isset($send_to)) {
545 $values['send_to'] = $send_to;
546 }
547 if (isset($send_to_cc)) {
548 $values['send_to_cc'] = $send_to_cc;
549 }
550 if (isset($send_to_bcc)) {
551 $values['send_to_bcc'] = $send_to_bcc;
552 }
553 if (isset($subject)) {
554 $values['subject'] = $subject;
555 }
556 showInputForm($session, $values);
557 }
558
559 exit();
560
561 /**************** Only function definitions go below *************/
562
563 function getforwardSubject($subject)
564 {
565 if ((substr(strtolower($subject), 0, 4) != 'fwd:') &&
566 (substr(strtolower($subject), 0, 5) != '[fwd:') &&
567 (substr(strtolower($subject), 0, 6) != '[ fwd:')) {
568 $subject = '[Fwd: ' . $subject . ']';
569 }
570 return $subject;
571 }
572
573 /* This function is used when not sending or adding attachments */
574 function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $session='') {
575 global $editor_size, $default_use_priority, $body, $idents,
576 $use_signature, $composesession, $data_dir, $username,
577 $username, $key, $imapServerAddress, $imapPort, $compose_messages,
578 $composeMessage;
579 global $languages, $squirrelmail_language, $default_charset;
580
581 $send_to = $send_to_cc = $send_to_bcc = $subject = $identity = '';
582 $mailprio = 3;
583
584 if ($passed_id) {
585 $imapConnection = sqimap_login($username, $key, $imapServerAddress,
586 $imapPort, 0);
587
588 sqimap_mailbox_select($imapConnection, $mailbox);
589 $message = sqimap_get_message($imapConnection, $passed_id, $mailbox);
590
591 $body = '';
592 if ($passed_ent_id) {
593 /* redefine the messsage in case of message/rfc822 */
594 $message = $message->getEntity($passed_ent_id);
595 /* message is an entity which contains the envelope and type0=message
596 * and type1=rfc822. The actual entities are childs from
597 * $message->entities[0]. That's where the encoding and is located
598 */
599
600 $entities = $message->entities[0]->findDisplayEntity
601 (array(), $alt_order = array('text/plain'));
602 if (!count($entities)) {
603 $entities = $message->entities[0]->findDisplayEntity
604 (array(), $alt_order = array('text/plain','html/plain'));
605 }
606 $orig_header = $message->rfc822_header; /* here is the envelope located */
607 /* redefine the message for picking up the attachments */
608 $message = $message->entities[0];
609
610 } else {
611 $entities = $message->findDisplayEntity (array(), $alt_order = array('text/plain'));
612 if (!count($entities)) {
613 $entities = $message->findDisplayEntity (array(), $alt_order = array('text/plain','html/plain'));
614 }
615 $orig_header = $message->rfc822_header;
616 }
617
618 $encoding = $message->header->encoding;
619 $type0 = $message->type0;
620 $type1 = $message->type1;
621 foreach ($entities as $ent) {
622 $unencoded_bodypart = mime_fetch_body($imapConnection, $passed_id, $ent);
623 $body_part_entity = $message->getEntity($ent);
624 $bodypart = decodeBody($unencoded_bodypart,
625 $body_part_entity->header->encoding);
626 if ($type1 == 'html') {
627 $bodypart = str_replace("\n", ' ', $bodypart);
628 $bodypart = preg_replace(array('/<p>/i','/<br\s*(\/)*>/i'), "\n", $bodypart);
629 $bodypart = str_replace(array('&nbsp;','&gt;','&lt;'),array(' ','>','<'),$bodypart);
630 $bodypart = strip_tags($bodypart);
631
632 }
633 if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
634 function_exists($languages[$squirrelmail_language]['XTRA_CODE'])) {
635 if (mb_detect_encoding($bodypart) != 'ASCII') {
636 $bodypart = $languages[$squirrelmail_language]['XTRA_CODE']('decode', $bodypart);
637 }
638 }
639
640 if (isset($body_part_entity->header->parameters['charset'])) {
641 $actual = $body_part_entity->header->parameters['charset'];
642 } else {
643 $actual = 'us-ascii';
644 }
645
646 if ( $actual && is_conversion_safe($actual) && $actual != $default_charset){
647 $bodypart = charset_decode($actual,$bodypart);
648 }
649
650 $body .= $bodypart;
651 }
652 if ($default_use_priority) {
653 $mailprio = substr($orig_header->priority,0,1);
654 if (!$mailprio) {
655 $mailprio = 3;
656 }
657 } else {
658 $mailprio = '';
659 }
660 //ClearAttachments($session);
661
662 $identity = '';
663 $from_o = $orig_header->from;
664 if (is_object($from_o)) {
665 $orig_from = $from_o->getAddress();
666 } else {
667 $orig_from = '';
668 }
669
670 $identities = array();
671 if (count($idents) > 1) {
672 foreach($idents as $nr=>$data) {
673 $enc_from_name = '"'.$data['full_name'].'" <'. $data['email_address'].'>';
674 if($enc_from_name == $orig_from) {
675 $identity = $nr;
676 break;
677 }
678 $identities[] = $enc_from_name;
679 }
680
681 $identity_match = $orig_header->findAddress($identities);
682 if ($identity_match) {
683 $identity = $identity_match;
684 }
685 // we need identiy here fore draft case #845290
686 // echo $identity."leer";
687 }
688
689 switch ($action) {
690 case ('draft'):
691 $use_signature = FALSE;
692 $composeMessage->rfc822_header = $orig_header;
693 $send_to = decodeHeader($orig_header->getAddr_s('to'),false,false,true);
694 $send_to_cc = decodeHeader($orig_header->getAddr_s('cc'),false,false,true);
695 $send_to_bcc = decodeHeader($orig_header->getAddr_s('bcc'),false,false,true);
696 $send_from = $orig_header->getAddr_s('from');
697 $send_from_parts = new AddressStructure();
698 $send_from_parts = $orig_header->parseAddress($send_from);
699 $send_from_add = $send_from_parts->mailbox . '@' . $send_from_parts->host;
700 $identities = get_identities();
701 if (count($identities) > 0) {
702 foreach($identities as $iddata) {
703 if ($send_from_add == $iddata['email_address']) {
704 $identity = $iddata['index'];
705 break;
706 }
707 }
708 }
709 $subject = decodeHeader($orig_header->subject,false,false,true);
710 // /* remember the references and in-reply-to headers in case of an reply */
711 $composeMessage->rfc822_header->more_headers['References'] = $orig_header->references;
712 $composeMessage->rfc822_header->more_headers['In-Reply-To'] = $orig_header->in_reply_to;
713 $body_ary = explode("\n", $body);
714 $cnt = count($body_ary) ;
715 $body = '';
716 for ($i=0; $i < $cnt; $i++) {
717 if (!ereg("^[>\\s]*$", $body_ary[$i]) || !$body_ary[$i]) {
718 sqWordWrap($body_ary[$i], $editor_size );
719 $body .= $body_ary[$i] . "\n";
720 }
721 unset($body_ary[$i]);
722 }
723 sqUnWordWrap($body);
724 $composeMessage = getAttachments($message, $composeMessage, $passed_id, $entities, $imapConnection);
725 break;
726 case ('edit_as_new'):
727 $send_to = decodeHeader($orig_header->getAddr_s('to'),false,false,true);
728 $send_to_cc = decodeHeader($orig_header->getAddr_s('cc'),false,false,true);
729 $send_to_bcc = decodeHeader($orig_header->getAddr_s('bcc'),false,false,true);
730 $subject = decodeHeader($orig_header->subject,false,false,true);
731 $mailprio = $orig_header->priority;
732 $orig_from = '';
733 $composeMessage = getAttachments($message, $composeMessage, $passed_id, $entities, $imapConnection);
734 sqUnWordWrap($body);
735 break;
736 case ('forward'):
737 $send_to = '';
738 $subject = getforwardSubject(decodeHeader($orig_header->subject,false,false,true));
739 $body = getforwardHeader($orig_header) . $body;
740 sqUnWordWrap($body);
741 $composeMessage = getAttachments($message, $composeMessage, $passed_id, $entities, $imapConnection);
742 $body = "\n" . $body;
743 break;
744 case ('forward_as_attachment'):
745 $subject = getforwardSubject(decodeHeader($orig_header->subject,false,false,true));
746 $composeMessage = getMessage_RFC822_Attachment($message, $composeMessage, $passed_id, $passed_ent_id, $imapConnection);
747 $body = '';
748 break;
749 case ('reply_all'):
750 if(isset($orig_header->mail_followup_to) && $orig_header->mail_followup_to) {
751 $send_to = $orig_header->getAddr_s('mail_followup_to');
752 } else {
753 $send_to_cc = replyAllString($orig_header);
754 $send_to_cc = decodeHeader($send_to_cc,false,false,true);
755 }
756 case ('reply'):
757 // skip this if send_to was already set right above here
758 if(!$send_to) {
759 $send_to = $orig_header->reply_to;
760 if (is_array($send_to) && count($send_to)) {
761 $send_to = $orig_header->getAddr_s('reply_to');
762 } else if (is_object($send_to)) { /* unneccesarry, just for failsafe purpose */
763 $send_to = $orig_header->getAddr_s('reply_to');
764 } else {
765 $send_to = $orig_header->getAddr_s('from');
766 }
767 }
768 $send_to = decodeHeader($send_to,false,false,true);
769 $subject = decodeHeader($orig_header->subject,false,false,true);
770 $subject = str_replace('"', "'", $subject);
771 $subject = trim($subject);
772 if (substr(strtolower($subject), 0, 3) != 're:') {
773 $subject = 'Re: ' . $subject;
774 }
775 /* this corrects some wrapping/quoting problems on replies */
776 $rewrap_body = explode("\n", $body);
777 $from = (is_array($orig_header->from)) ? $orig_header->from[0] : $orig_header->from;
778 sqUnWordWrap($body); // unwrap and then reset it?!
779 $body = '';
780 $strip_sigs = getPref($data_dir, $username, 'strip_sigs');
781 foreach ($rewrap_body as $line) {
782 if ($strip_sigs && substr($line,0,3) == '-- ') {
783 break;
784 }
785 sqWordWrap($line, ($editor_size));
786 if (preg_match("/^(>+)/", $line, $matches)) {
787 $gt = $matches[1];
788 $body .= '>' . str_replace("\n", "\n>$gt ", rtrim($line)) ."\n";
789 } else {
790 $body .= '> ' . str_replace("\n", "\n> ", rtrim($line)) . "\n";
791 }
792 }
793 $body = getReplyCitation($from , $orig_header->date) . $body;
794 $composeMessage->reply_rfc822_header = $orig_header;
795
796 break;
797 default:
798 break;
799 }
800 $compose_messages[$session] = $composeMessage;
801 sqsession_register($compose_messages, 'compose_messages');
802 session_write_close();
803 sqimap_logout($imapConnection);
804 }
805 $ret = array( 'send_to' => $send_to,
806 'send_to_cc' => $send_to_cc,
807 'send_to_bcc' => $send_to_bcc,
808 'subject' => $subject,
809 'mailprio' => $mailprio,
810 'body' => $body,
811 'identity' => $identity );
812
813 return ($ret);
814 } /* function newMail() */
815
816 function getAttachments($message, &$composeMessage, $passed_id, $entities, $imapConnection) {
817 global $attachment_dir, $username, $data_dir, $squirrelmail_language;
818 $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
819 if (!count($message->entities) ||
820 ($message->type0 == 'message' && $message->type1 == 'rfc822')) {
821 if ( !in_array($message->entity_id, $entities) && $message->entity_id) {
822 switch ($message->type0) {
823 case 'message':
824 if ($message->type1 == 'rfc822') {
825 $filename = $message->rfc822_header->subject;
826 if ($filename == "") {
827 $filename = "untitled-".$message->entity_id;
828 }
829 $filename .= '.msg';
830 } else {
831 $filename = $message->getFilename();
832 }
833 break;
834 default:
835 if (!$message->mime_header) { /* temporary hack */
836 $message->mime_header = $message->header;
837 }
838 $filename = $message->getFilename();
839 break;
840 }
841 $filename = str_replace('&#32;', ' ', decodeHeader($filename));
842 if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
843 function_exists($languages[$squirrelmail_language]['XTRA_CODE'])) {
844 $filename = $languages[$squirrelmail_language]['XTRA_CODE']('encode', $filename);
845 }
846 $localfilename = GenerateRandomString(32, '', 7);
847 $full_localfilename = "$hashed_attachment_dir/$localfilename";
848 while (file_exists($full_localfilename)) {
849 $localfilename = GenerateRandomString(32, '', 7);
850 $full_localfilename = "$hashed_attachment_dir/$localfilename";
851 }
852 $message->att_local_name = $full_localfilename;
853
854 $composeMessage->initAttachment($message->type0.'/'.$message->type1,$filename,
855 $full_localfilename);
856
857 /* Write Attachment to file */
858 $fp = fopen ("$hashed_attachment_dir/$localfilename", 'wb');
859 fputs($fp, decodeBody(mime_fetch_body($imapConnection,
860 $passed_id, $message->entity_id),
861 $message->header->encoding));
862 fclose ($fp);
863 }
864 } else {
865 for ($i=0, $entCount=count($message->entities); $i<$entCount;$i++) {
866 $composeMessage=getAttachments($message->entities[$i], $composeMessage, $passed_id, $entities, $imapConnection);
867 }
868 }
869 return $composeMessage;
870 }
871
872 function getMessage_RFC822_Attachment($message, $composeMessage, $passed_id,
873 $passed_ent_id='', $imapConnection) {
874 global $attachments, $attachment_dir, $username, $data_dir;
875 $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
876 if (!$passed_ent_id) {
877 $body_a = sqimap_run_command($imapConnection,
878 'FETCH '.$passed_id.' RFC822',
879 TRUE, $response, $readmessage,
880 TRUE);
881 } else {
882 $body_a = sqimap_run_command($imapConnection,
883 'FETCH '.$passed_id.' BODY['.$passed_ent_id.']',
884 TRUE, $response, $readmessage, TRUE);
885 $message = $message->parent;
886 }
887 if ($response == 'OK') {
888 $subject = encodeHeader($message->rfc822_header->subject);
889 array_shift($body_a);
890 array_pop($body_a);
891 $body = implode('', $body_a) . "\r\n";
892
893 $localfilename = GenerateRandomString(32, 'FILE', 7);
894 $full_localfilename = "$hashed_attachment_dir/$localfilename";
895
896 $fp = fopen($full_localfilename, 'w');
897 fwrite ($fp, $body);
898 fclose($fp);
899 $composeMessage->initAttachment('message/rfc822',$subject.'.msg',
900 $full_localfilename);
901 }
902 return $composeMessage;
903 }
904
905 function showInputForm ($session, $values=false) {
906 global $send_to, $send_to_cc, $body, $startMessage,
907 $passed_body, $color, $use_signature, $signature, $prefix_sig,
908 $editor_size, $editor_height, $attachments, $subject, $newmail,
909 $use_javascript_addr_book, $send_to_bcc, $passed_id, $mailbox,
910 $from_htmladdr_search, $location_of_buttons, $attachment_dir,
911 $username, $data_dir, $identity, $idents, $draft_id, $delete_draft,
912 $mailprio, $default_use_mdn, $mdn_user_support, $compose_new_win,
913 $saved_draft, $mail_sent, $sig_first, $edit_as_new, $action,
914 $username, $compose_messages, $composesession, $default_charset;
915
916 $composeMessage = $compose_messages[$session];
917 if ($values) {
918 $send_to = $values['send_to'];
919 $send_to_cc = $values['send_to_cc'];
920 $send_to_bcc = $values['send_to_bcc'];
921 $subject = $values['subject'];
922 $mailprio = $values['mailprio'];
923 $body = $values['body'];
924 $identity = (int) $values['identity'];
925 } else {
926 $send_to = decodeHeader($send_to, true, false);
927 $send_to_cc = decodeHeader($send_to_cc, true, false);
928 $send_to_bcc = decodeHeader($send_to_bcc, true, false);
929 }
930
931 if ($use_javascript_addr_book) {
932 echo "\n". '<SCRIPT LANGUAGE=JavaScript>'."\n<!--\n" .
933 'function open_abook() { ' . "\n" .
934 ' var nwin = window.open("addrbook_popup.php","abookpopup",' .
935 '"width=670,height=300,resizable=yes,scrollbars=yes");' . "\n" .
936 ' if((!nwin.opener) && (document.windows != null))' . "\n" .
937 ' nwin.opener = document.windows;' . "\n" .
938 "}\n" .
939 "// -->\n</SCRIPT>\n\n";
940 }
941
942 echo "\n" . '<form name="compose" action="compose.php" method="post" ' .
943 'enctype="multipart/form-data"';
944 do_hook('compose_form');
945
946 echo ">\n";
947
948 echo addHidden('startMessage', $startMessage);
949
950 if ($action == 'draft') {
951 echo addHidden('delete_draft', $passed_id);
952 }
953 if (isset($delete_draft)) {
954 echo addHidden('delete_draft', $delete_draft);
955 }
956 if (isset($session)) {
957 echo addHidden('session', $session);
958 }
959
960 if (isset($passed_id)) {
961 echo addHidden('passed_id', $passed_id);
962 }
963
964 if ($saved_draft == 'yes') {
965 echo '<BR><CENTER><B>'. _("Draft Saved").'</CENTER></B>';
966 }
967 if ($mail_sent == 'yes') {
968 echo '<BR><CENTER><B>'. _("Your Message has been sent.").'</CENTER></B>';
969 }
970 echo '<table align="center" cellspacing="0" border="0">' . "\n";
971 if ($compose_new_win == '1') {
972 echo '<TABLE ALIGN=CENTER BGCOLOR="'.$color[0].'" WIDTH="100%" BORDER=0>'."\n" .
973 ' <TR><TD></TD>'. html_tag( 'td', '', 'right' ) . '<INPUT TYPE="BUTTON" NAME="Close" onClick="return self.close()" VALUE='._("Close").'></TD></TR>'."\n";
974 }
975 if ($location_of_buttons == 'top') {
976 showComposeButtonRow();
977 }
978
979 /* display select list for identities */
980 if (count($idents) > 1) {
981 $ident_list = array();
982 foreach($idents as $id => $data) {
983 $ident_list[$id] =
984 $data['full_name'].' <'.$data['email_address'].'>';
985 }
986 echo ' <tr>' . "\n" .
987 html_tag( 'td', '', 'right', $color[4], 'width="10%"' ) .
988 _("From:") . '</td>' . "\n" .
989 html_tag( 'td', '', 'left', $color[4], 'width="90%"' ) .
990 ' '.
991 addSelect('identitiy', $ident_list, $identity, TRUE);
992
993 echo ' </td>' . "\n" .
994 ' </tr>' . "\n";
995 }
996 echo ' <tr>' . "\n" .
997 html_tag( 'td', '', 'right', $color[4], 'width="10%"' ) .
998 _("To:") . '</TD>' . "\n" .
999 html_tag( 'td', '', 'left', $color[4], 'width="90%"' ) .
1000 addInput('send_to', $send_to, 60). '<br />' . "\n" .
1001 ' </td>' . "\n" .
1002 ' </tr>' . "\n" .
1003 ' <tr>' . "\n" .
1004 html_tag( 'td', '', 'right', $color[4] ) .
1005 _("CC:") . '</td>' . "\n" .
1006 html_tag( 'td', '', 'left', $color[4] ) .
1007 addInput('send_to_cc', $send_to_cc, 60). '<br />' . "\n" .
1008 ' </td>' . "\n" .
1009 ' </tr>' . "\n" .
1010 ' <tr>' . "\n" .
1011 html_tag( 'td', '', 'right', $color[4] ) .
1012 _("BCC:") . '</td>' . "\n" .
1013 html_tag( 'td', '', 'left', $color[4] ) .
1014 addInput('send_to_bcc', $send_to_bcc, 60).'<br />' . "\n" .
1015 ' </td>' . "\n" .
1016 ' </tr>' . "\n" .
1017 ' <tr>' . "\n" .
1018 html_tag( 'td', '', 'right', $color[4] ) .
1019 _("Subject:") . '</td>' . "\n" .
1020 html_tag( 'td', '', 'left', $color[4] ) . "\n";
1021 echo ' '.addInput('subject', $subject, 60).
1022 ' </td>' . "\n" .
1023 ' </tr>' . "\n\n";
1024
1025 if ($location_of_buttons == 'between') {
1026 showComposeButtonRow();
1027 }
1028
1029 /* why this distinction? */
1030 if ($compose_new_win == '1') {
1031 echo ' <TR>' . "\n" .
1032 ' <TD BGCOLOR="' . $color[0] . '" COLSPAN=2 ALIGN=CENTER>' . "\n" .
1033 ' <TEXTAREA NAME="body" ID="body" ROWS="' . (int)$editor_height .
1034 '" COLS="' . (int)$editor_size . '" WRAP="VIRTUAL">';
1035 }
1036 else {
1037 echo ' <TR>' . "\n" .
1038 ' <TD BGCOLOR="' . $color[4] . '" COLSPAN=2>' . "\n" .
1039 ' &nbsp;&nbsp;<TEXTAREA NAME="body" ID="body" ROWS="' . (int)$editor_height .
1040 '" COLS="' . (int)$editor_size . '" WRAP="VIRTUAL">';
1041 }
1042
1043 if ($use_signature == true && $newmail == true && !isset($from_htmladdr_search)) {
1044 $signature = $idents[$identity]['signature'];
1045
1046 if ($sig_first == '1') {
1047 if ($default_charset == 'iso-2022-jp') {
1048 echo "\n\n".($prefix_sig==true? "-- \n":'').mb_convert_encoding($signature, 'EUC-JP');
1049 } else {
1050 echo "\n\n".($prefix_sig==true? "-- \n":'').decodeHeader($signature,false,false);
1051 }
1052 echo "\n\n".htmlspecialchars(decodeHeader($body,false,false));
1053 }
1054 else {
1055 echo "\n\n".htmlspecialchars(decodeHeader($body,false,false));
1056 if ($default_charset == 'iso-2022-jp') {
1057 echo "\n\n".($prefix_sig==true? "-- \n":'').mb_convert_encoding($signature, 'EUC-JP');
1058 }else{
1059 echo "\n\n".($prefix_sig==true? "-- \n":'').decodeHeader($signature,false,false);
1060 }
1061 }
1062 }
1063 else {
1064 echo htmlspecialchars(decodeHeader($body,false,false));
1065 }
1066 echo '</textarea><br />' . "\n" .
1067 ' </td>' . "\n" .
1068 ' </tr>' . "\n";
1069
1070
1071 if ($location_of_buttons == 'bottom') {
1072 showComposeButtonRow();
1073 } else {
1074 echo ' <tr>' . "\n" .
1075 html_tag( 'td', '', 'right', '', 'colspan="2"' ) . "\n" .
1076 ' <input type="submit" name="send" value="' . _("Send") . '" />' . "\n" .
1077 ' &nbsp;&nbsp;&nbsp;&nbsp;<br /><br />' . "\n" .
1078 ' </td>' . "\n" .
1079 ' </tr>' . "\n";
1080 }
1081
1082 /* This code is for attachments */
1083 if ((bool) ini_get('file_uploads')) {
1084
1085 /* Calculate the max size for an uploaded file.
1086 * This is advisory for the user because we can't actually prevent
1087 * people to upload too large files. */
1088 $sizes = array();
1089 /* php.ini vars which influence the max for uploads */
1090 $configvars = array('post_max_size', 'memory_limit', 'upload_max_filesize');
1091 foreach($configvars as $var) {
1092 /* skip 0 or empty values */
1093 if( $size = getByteSize(ini_get($var)) ) {
1094 $sizes[] = $size;
1095 }
1096 }
1097
1098 if(count($sizes) > 0) {
1099 $maxsize = '(max.&nbsp;' . show_readable_size( min( $sizes ) ) . ')';
1100 } else {
1101 $maxsize = '';
1102 }
1103 echo addHidden('MAX_FILE_SIZE', min( $sizes ));
1104 echo ' <tr>' . "\n" .
1105 ' <td colspan="2">' . "\n" .
1106 ' <table width="100%" cellpadding="1" cellspacing="0" align="center"'.
1107 ' border="0" bgcolor="'.$color[9].'">' . "\n" .
1108 ' <tr>' . "\n" .
1109 ' <td>' . "\n" .
1110 ' <table width="100%" cellpadding="3" cellspacing="0" align="center"'.
1111 ' border="0">' . "\n" .
1112 ' <tr>' . "\n" .
1113 html_tag( 'td', '', 'right', '', 'valign="middle"' ) .
1114 _("Attach:") . '</td>' . "\n" .
1115 html_tag( 'td', '', 'left', '', 'valign="middle"' ) .
1116 ' <input name="attachfile" size="48" type="file" />' . "\n" .
1117 ' &nbsp;&nbsp;<input type="submit" name="attach"' .
1118 ' value="' . _("Add") .'">' . "\n" .
1119 $maxsize .
1120 ' </td>' . "\n" .
1121 ' </tr>' . "\n";
1122
1123
1124 $s_a = array();
1125 if ($composeMessage->entities) {
1126 foreach ($composeMessage->entities as $key => $attachment) {
1127 $attached_file = $attachment->att_local_name;
1128 if ($attachment->att_local_name || $attachment->body_part) {
1129 $attached_filename = decodeHeader($attachment->mime_header->getParameter('name'));
1130 $type = $attachment->mime_header->type0.'/'.
1131 $attachment->mime_header->type1;
1132
1133 $s_a[] = '<table bgcolor="'.$color[0].
1134 '" border="0"><tr><td>'.
1135 addCheckBox('delete[]', $key).
1136 "</td><td>\n" . $attached_filename .
1137 '</td><td>-</td><td> ' . $type . '</td><td>('.
1138 show_readable_size( filesize( $attached_file ) ) . ')</td></tr></table>'."\n";
1139 }
1140 }
1141 }
1142 if (count($s_a)) {
1143 foreach ($s_a as $s) {
1144 echo '<tr>' . html_tag( 'td', '', 'left', $color[0], 'colspan="2"' ) . $s .'</td></tr>';
1145 }
1146 echo '<tr><td colspan="2"><input type="submit" name="do_delete" value="' .
1147 _("Delete selected attachments") . "\">\n" .
1148 '</td></tr>';
1149 }
1150 echo ' </table>' . "\n" .
1151 ' </td>' . "\n" .
1152 ' </tr>' . "\n" .
1153 ' </TABLE>' . "\n" .
1154 ' </TD>' . "\n" .
1155 ' </TR>' . "\n";
1156 } // End of file_uploads if-block
1157 /* End of attachment code */
1158 if ($compose_new_win == '1') {
1159 echo '</TABLE>'."\n";
1160 }
1161
1162 echo '</TABLE>' . "\n" .
1163 addHidden('username', $username).
1164 addHidden('smaction', $action).
1165 addHidden('mailbox', $mailbox);
1166 /*
1167 store the complete ComposeMessages array in a hidden input value
1168 so we can restore them in case of a session timeout.
1169 */
1170 sqgetGlobalVar('QUERY_STRING', $queryString, SQ_SERVER);
1171 echo addHidden('restoremessages', serialize($compose_messages)).
1172 addHidden('composesession', $composesession).
1173 addHidden('querystring', $queryString).
1174 "</form>\n";
1175 if (!(bool) ini_get('file_uploads')) {
1176 /* File uploads are off, so we didn't show that part of the form.
1177 To avoid bogus bug reports, tell the user why. */
1178 echo 'Because PHP file uploads are turned off, you can not attach files ';
1179 echo "to this message. Please see your system administrator for details.\r\n";
1180 }
1181
1182 do_hook('compose_bottom');
1183 echo '</BODY></HTML>' . "\n";
1184 }
1185
1186
1187 function showComposeButtonRow() {
1188 global $use_javascript_addr_book, $save_as_draft,
1189 $default_use_priority, $mailprio, $default_use_mdn,
1190 $request_mdn, $request_dr,
1191 $data_dir, $username;
1192
1193 echo ' <TR>' . "\n" .
1194 ' <TD></TD>' . "\n" .
1195 ' <TD>' . "\n";
1196 if ($default_use_priority) {
1197 if(!isset($mailprio)) {
1198 $mailprio = '3';
1199 }
1200 echo ' ' . _("Priority") .
1201 addSelect('mailprio', array(
1202 '1' => _("High"),
1203 '3' => _("Normal"),
1204 '5' => _("Low") ), $mailprio, TRUE);
1205 }
1206 $mdn_user_support=getPref($data_dir, $username, 'mdn_user_support',$default_use_mdn);
1207 if ($default_use_mdn) {
1208 if ($mdn_user_support) {
1209 echo ' ' . _("Receipt") .': '.
1210 addCheckBox('request_mdn', $request_mdn == '1', '1'). _("On Read").
1211 addCheckBox('request_dr', $request_dr == '1', '1'). _("On Delivery");
1212 }
1213 }
1214
1215 echo ' </TD>' . "\n" .
1216 ' </TR>' . "\n" .
1217 ' <TR>' . "\n" .
1218 ' <TD></TD>' . "\n" .
1219 ' <TD>' . "\n" .
1220 ' <INPUT TYPE=SUBMIT NAME="sigappend" VALUE="' . _("Signature") . '">' . "\n";
1221 if ($use_javascript_addr_book) {
1222 echo " <SCRIPT LANGUAGE=JavaScript><!--\n document.write(\"".
1223 " <input type=button value=\\\""._("Addresses").
1224 "\\\" onclick='javascript:open_abook();'>\");".
1225 " // --></SCRIPT><NOSCRIPT>\n".
1226 " <input type=submit name=\"html_addr_search\" value=\"".
1227 _("Addresses")."\">".
1228 " </NOSCRIPT>\n";
1229 } else {
1230 echo ' <input type=submit name="html_addr_search" value="'.
1231 _("Addresses").'">' . "\n";
1232 }
1233
1234 if ($save_as_draft) {
1235 echo ' <input type="submit" name ="draft" value="' . _("Save Draft") . "\">\n";
1236 }
1237
1238 echo ' <INPUT TYPE=submit NAME=send VALUE="'. _("Send") . '">' . "\n";
1239 do_hook('compose_button_row');
1240
1241 echo ' </TD>' . "\n" .
1242 ' </TR>' . "\n\n";
1243 }
1244
1245 function checkInput ($show) {
1246 /*
1247 * I implemented the $show variable because the error messages
1248 * were getting sent before the page header. So, I check once
1249 * using $show=false, and then when i'm ready to display the error
1250 * message, show=true
1251 */
1252 global $body, $send_to, $send_to_bcc, $subject, $color;
1253
1254 if ($send_to == '' && $send_to_bcc == '') {
1255 if ($show) {
1256 plain_error_message(_("You have not filled in the \"To:\" field."), $color);
1257 }
1258 return false;
1259 }
1260 return true;
1261 } /* function checkInput() */
1262
1263
1264 /* True if FAILURE */
1265 function saveAttachedFiles($session) {
1266 global $_FILES, $attachment_dir, $attachments, $username,
1267 $data_dir, $compose_messages;
1268
1269 /* get out of here if no file was attached at all */
1270 if (! is_uploaded_file($_FILES['attachfile']['tmp_name']) ) {
1271 return true;
1272 }
1273
1274 $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
1275 $localfilename = GenerateRandomString(32, '', 7);
1276 $full_localfilename = "$hashed_attachment_dir/$localfilename";
1277 while (file_exists($full_localfilename)) {
1278 $localfilename = GenerateRandomString(32, '', 7);
1279 $full_localfilename = "$hashed_attachment_dir/$localfilename";
1280 }
1281
1282 // FIXME: we SHOULD prefer move_uploaded_file over rename because
1283 // m_u_f works better with restricted PHP installes (safe_mode, open_basedir)
1284 if (!@rename($_FILES['attachfile']['tmp_name'], $full_localfilename)) {
1285 if (!@move_uploaded_file($_FILES['attachfile']['tmp_name'],$full_localfilename)) {
1286 return true;
1287 }
1288 }
1289 $message = $compose_messages[$session];
1290 $type = strtolower($_FILES['attachfile']['type']);
1291 $name = $_FILES['attachfile']['name'];
1292 $message->initAttachment($type, $name, $full_localfilename);
1293 $compose_messages[$session] = $message;
1294 sqsession_register($compose_messages , 'compose_messages');
1295 }
1296
1297 function ClearAttachments($composeMessage) {
1298 if ($composeMessage->att_local_name) {
1299 $attached_file = $composeMessage->att_local_name;
1300 if (file_exists($attached_file)) {
1301 unlink($attached_file);
1302 }
1303 }
1304 for ($i=0, $entCount=count($composeMessage->entities);$i< $entCount; ++$i) {
1305 ClearAttachments($composeMessage->entities[$i]);
1306 }
1307 }
1308
1309 /* parse values like 8M and 2k into bytes */
1310 function getByteSize($ini_size) {
1311
1312 if(!$ini_size) {
1313 return FALSE;
1314 }
1315
1316 $ini_size = trim($ini_size);
1317
1318 // if there's some kind of letter at the end of the string we need to multiply.
1319 if(!is_numeric(substr($ini_size, -1))) {
1320
1321 switch(strtoupper(substr($ini_size, -1))) {
1322 case 'G':
1323 $bytesize = 1073741824;
1324 break;
1325 case 'M':
1326 $bytesize = 1048576;
1327 break;
1328 case 'K':
1329 $bytesize = 1024;
1330 break;
1331 }
1332
1333 return ($bytesize * (int)substr($ini_size, 0, -1));
1334 }
1335
1336 return $ini_size;
1337 }
1338
1339
1340 /* temporary function to make use of the deliver class.
1341 In the future the responsable backend should be automaticly loaded
1342 and conf.pl should show a list of available backends.
1343 The message also should be constructed by the message class.
1344 */
1345
1346 function deliverMessage($composeMessage, $draft=false) {
1347 global $send_to, $send_to_cc, $send_to_bcc, $mailprio, $subject, $body,
1348 $username, $popuser, $usernamedata, $identity, $idents, $data_dir,
1349 $request_mdn, $request_dr, $default_charset, $color, $useSendmail,
1350 $domain, $action, $default_move_to_sent, $move_to_sent;
1351 global $imapServerAddress, $imapPort, $sent_folder, $key;
1352
1353 /* some browsers replace <space> by nonbreaking spaces &nbsp;
1354 by replacing them back to spaces addressparsing works */
1355 /* FIXME: How to handle in case of other charsets where "\240"
1356 is not a non breaking space ??? */
1357 /* THEFIX: browsers don't replace space with nbsp. SM replaces
1358 space with nbsp when decodes headers. If problem still happens,
1359 use cleanup_nbsp() */
1360
1361 // $send_to = str_replace("\240",' ',$send_to);
1362 // $send_to_cc = str_replace("\240",' ',$send_to_cc);
1363 // $send_to_bcc = str_replace("\240",' ',$send_to_bcc);
1364
1365 $rfc822_header = $composeMessage->rfc822_header;
1366
1367 $abook = addressbook_init(false, true);
1368 $rfc822_header->to = $rfc822_header->parseAddress($send_to,true, array(), '', $domain, array(&$abook,'lookup'));
1369 $rfc822_header->cc = $rfc822_header->parseAddress($send_to_cc,true,array(), '',$domain, array(&$abook,'lookup'));
1370 $rfc822_header->bcc = $rfc822_header->parseAddress($send_to_bcc,true, array(), '',$domain, array(&$abook,'lookup'));
1371 $rfc822_header->priority = $mailprio;
1372 $rfc822_header->subject = $subject;
1373 $special_encoding='';
1374 if (strtolower($default_charset) == 'iso-2022-jp') {
1375 if (mb_detect_encoding($body) == 'ASCII') {
1376 $special_encoding = '8bit';
1377 } else {
1378 $body = mb_convert_encoding($body, 'JIS');
1379 $special_encoding = '7bit';
1380 }
1381 }
1382 $composeMessage->setBody($body);
1383
1384 if (ereg("^([^@%/]+)[@%/](.+)$", $username, $usernamedata)) {
1385 $popuser = $usernamedata[1];
1386 $domain = $usernamedata[2];
1387 unset($usernamedata);
1388 } else {
1389 $popuser = $username;
1390 }
1391 $reply_to = '';
1392 $from_mail = $idents[$identity]['email_address'];
1393 $full_name = $idents[$identity]['full_name'];
1394 $reply_to = $idents[$identity]['reply_to'];
1395 if (!$from_mail) {
1396 $from_mail = "$popuser@$domain";
1397 }
1398 $rfc822_header->from = $rfc822_header->parseAddress($from_mail,true);
1399 if ($full_name) {
1400 $from = $rfc822_header->from[0];
1401 if (!$from->host) $from->host = $domain;
1402 $full_name_encoded = encodeHeader($full_name);
1403 if ($full_name_encoded != $full_name) {
1404 $from_addr = $full_name_encoded .' <'.$from->mailbox.'@'.$from->host.'>';
1405 } else {
1406 $from_addr = '"'.$full_name .'" <'.$from->mailbox.'@'.$from->host.'>';
1407 }
1408 $rfc822_header->from = $rfc822_header->parseAddress($from_addr,true);
1409 }
1410 if ($reply_to) {
1411 $rfc822_header->reply_to = $rfc822_header->parseAddress($reply_to,true);
1412 }
1413 /* Receipt: On Read */
1414 if (isset($request_mdn) && $request_mdn) {
1415 $rfc822_header->dnt = $rfc822_header->parseAddress($from_mail,true);
1416 }
1417 /* Receipt: On Delivery */
1418 if (isset($request_dr) && $request_dr) {
1419 $rfc822_header->more_headers['Return-Receipt-To'] = $from_mail;
1420 }
1421 /* multipart messages */
1422 if (count($composeMessage->entities)) {
1423 $message_body = new Message();
1424 $message_body->body_part = $composeMessage->body_part;
1425 $composeMessage->body_part = '';
1426 $mime_header = new MessageHeader;
1427 $mime_header->type0 = 'text';
1428 $mime_header->type1 = 'plain';
1429 if ($special_encoding) {
1430 $mime_header->encoding = $special_encoding;
1431 } else {
1432 $mime_header->encoding = '8bit';
1433 }
1434 if ($default_charset) {
1435 $mime_header->parameters['charset'] = $default_charset;
1436 }
1437 $message_body->mime_header = $mime_header;
1438 array_unshift($composeMessage->entities, $message_body);
1439 $content_type = new ContentType('multipart/mixed');
1440 } else {
1441 $content_type = new ContentType('text/plain');
1442 if ($special_encoding) {
1443 $rfc822_header->encoding = $special_encoding;
1444 } else {
1445 $rfc822_header->encoding = '8bit';
1446 }
1447 if ($default_charset) {
1448 $content_type->properties['charset']=$default_charset;
1449 }
1450 }
1451
1452 $rfc822_header->content_type = $content_type;
1453 $composeMessage->rfc822_header = $rfc822_header;
1454
1455 /* Here you can modify the message structure just before we hand
1456 it over to deliver */
1457 $hookReturn = do_hook('compose_send', $composeMessage);
1458 /* Get any changes made by plugins to $composeMessage. */
1459 if ( is_object($hookReturn[1]) ) {
1460 $composeMessage = $hookReturn[1];
1461 }
1462
1463 if (!$useSendmail && !$draft) {
1464 require_once(SM_PATH . 'class/deliver/Deliver_SMTP.class.php');
1465 $deliver = new Deliver_SMTP();
1466 global $smtpServerAddress, $smtpPort, $pop_before_smtp, $smtp_auth_mech;
1467
1468 $authPop = (isset($pop_before_smtp) && $pop_before_smtp) ? true : false;
1469 get_smtp_user($user, $pass);
1470 $stream = $deliver->initStream($composeMessage,$domain,0,
1471 $smtpServerAddress, $smtpPort, $user, $pass, $authPop);
1472 } elseif (!$draft) {
1473 require_once(SM_PATH . 'class/deliver/Deliver_SendMail.class.php');
1474 global $sendmail_path;
1475 $deliver = new Deliver_SendMail();
1476 $stream = $deliver->initStream($composeMessage,$sendmail_path);
1477 } elseif ($draft) {
1478 global $draft_folder;
1479 require_once(SM_PATH . 'class/deliver/Deliver_IMAP.class.php');
1480 $imap_stream = sqimap_login($username, $key, $imapServerAddress,
1481 $imapPort, 0);
1482 if (sqimap_mailbox_exists ($imap_stream, $draft_folder)) {
1483 require_once(SM_PATH . 'class/deliver/Deliver_IMAP.class.php');
1484 $imap_deliver = new Deliver_IMAP();
1485 $length = $imap_deliver->mail($composeMessage);
1486 sqimap_append ($imap_stream, $draft_folder, $length);
1487 $imap_deliver->mail($composeMessage, $imap_stream);
1488 sqimap_append_done ($imap_stream, $draft_folder);
1489 sqimap_logout($imap_stream);
1490 unset ($imap_deliver);
1491 return $length;
1492 } else {
1493 $msg = '<br>Error: '._("Draft folder")." $draft_folder" . ' does not exist.';
1494 plain_error_message($msg, $color);
1495 return false;
1496 }
1497 }
1498 $succes = false;
1499 if ($stream) {
1500 $length = $deliver->mail($composeMessage, $stream);
1501 $succes = $deliver->finalizeStream($stream);
1502 }
1503 if (!$succes) {
1504 $msg = $deliver->dlv_msg . '<br>' .
1505 _("Server replied: ") . $deliver->dlv_ret_nr . ' '.
1506 $deliver->dlv_server_msg;
1507 plain_error_message($msg, $color);
1508 } else {
1509 unset ($deliver);
1510 $move_to_sent = getPref($data_dir,$username,'move_to_sent');
1511 $imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
1512
1513 /* Move to sent code */
1514 if (isset($default_move_to_sent) && ($default_move_to_sent != 0)) {
1515 $svr_allow_sent = true;
1516 } else {
1517 $svr_allow_sent = false;
1518 }
1519
1520 if (isset($sent_folder) && (($sent_folder != '') || ($sent_folder != 'none'))
1521 && sqimap_mailbox_exists( $imap_stream, $sent_folder)) {
1522 $fld_sent = true;
1523 } else {
1524 $fld_sent = false;
1525 }
1526
1527 if ((isset($move_to_sent) && ($move_to_sent != 0)) || (!isset($move_to_sent))) {
1528 $lcl_allow_sent = true;
1529 } else {
1530 $lcl_allow_sent = false;
1531 }
1532
1533 if (($fld_sent && $svr_allow_sent && !$lcl_allow_sent) || ($fld_sent && $lcl_allow_sent)) {
1534 global $passed_id, $mailbox, $action;
1535 if ($action == 'reply' || $action == 'reply_all') {
1536 $save_reply_with_orig=getPref($data_dir,$username,'save_reply_with_orig');
1537 if ($save_reply_with_orig) {
1538 $sent_folder = $mailbox;
1539 }
1540 }
1541 sqimap_append ($imap_stream, $sent_folder, $length);
1542 require_once(SM_PATH . 'class/deliver/Deliver_IMAP.class.php');
1543 $imap_deliver = new Deliver_IMAP();
1544 $imap_deliver->mail($composeMessage, $imap_stream);
1545 sqimap_append_done ($imap_stream, $sent_folder);
1546 unset ($imap_deliver);
1547 }
1548 global $passed_id, $mailbox, $action;
1549 ClearAttachments($composeMessage);
1550 if ($action == 'reply' || $action == 'reply_all') {
1551 sqimap_mailbox_select ($imap_stream, $mailbox);
1552 sqimap_messages_flag ($imap_stream, $passed_id, $passed_id, 'Answered', false);
1553 }
1554 sqimap_logout($imap_stream);
1555 }
1556 return $succes;
1557 }
1558
1559 ?>
Unnamed repository; edit this file 'description' to name the repository.