projects / squirrelmail.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
- Security: close cross site scripting vulnerability in draft, compose
[squirrelmail.git] / src / right_main.php
1 <?php
2
3 /**
4 * right_main.php
5 *
6 * This is where the mailboxes are listed. This controls most of what
7 * goes on in SquirrelMail.
8 *
9 * @copyright &copy; 1999-2006 The SquirrelMail Project Team
10 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
11 * @version $Id$
12 * @package squirrelmail
13 */
14
15 //xdebug_start_profiling("/var/spool/xdebug/right_main.txt");
16
17
18 /**
19 * Include the SquirrelMail initialization file.
20 */
21 include('../include/init.php');
22
23 /* SquirrelMail required files. */
24 require_once(SM_PATH . 'functions/imap_asearch.php');
25 require_once(SM_PATH . 'functions/imap_general.php');
26 require_once(SM_PATH . 'functions/imap_messages.php');
27 require_once(SM_PATH . 'functions/date.php');
28 require_once(SM_PATH . 'functions/mime.php');
29 require_once(SM_PATH . 'functions/mailbox_display.php');
30
31
32 /* lets get the global vars we may need */
33 sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
34 sqgetGlobalVar('delayed_errors', $delayed_errors, SQ_SESSION);
35 if (is_array($delayed_errors)) {
36 $oErrorHandler->AssignDelayedErrors($delayed_errors);
37 sqsession_unregister("delayed_errors");
38 }
39 sqgetGlobalVar('mailbox', $mailbox);
40 sqgetGlobalVar('lastTargetMailbox', $lastTargetMailbox, SQ_SESSION);
41 sqgetGlobalVar('targetMailbox', $lastTargetMailbox, SQ_POST);
42 sqgetGlobalVar('note', $note, SQ_GET);
43 sqgetGlobalVar('mail_sent', $mail_sent, SQ_GET);
44
45
46 if ( sqgetGlobalVar('startMessage', $temp) ) {
47 $startMessage = (int) $temp;
48 } else {
49 $startMessage = 1;
50 }
51 // sort => srt because of the changed behaviour which can break new behaviour
52 if ( sqgetGlobalVar('srt', $temp, SQ_GET) ) {
53 $srt = (int) $temp;
54 }
55
56 if ( sqgetGlobalVar('showall', $temp, SQ_GET) ) {
57 $showall = (int) $temp;
58 }
59
60 if ( sqgetGlobalVar('checkall', $temp, SQ_GET) ) {
61 $checkall = (int) $temp;
62 }
63
64 /* future work */
65 if ( sqgetGlobalVar('account', $account, SQ_GET) ) {
66 $account = (int) $account;
67 } else {
68 $account = 0;
69 }
70
71 /* end of get globals */
72
73
74 /* Open an imap connection */
75
76 $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
77
78 $mailbox = (isset($mailbox) && $mailbox) ? $mailbox : 'INBOX';
79
80 /**
81 * Set the global settings for a mailbox and merge them with the usersettings
82 * for the mailbox. In the future we can add more mailbox specific preferences
83 * preferences.
84 */
85
86 $aMailboxPrefSer=getPref($data_dir, $username,'pref_'.$account.'_'.$mailbox);
87 if ($aMailboxPrefSer) {
88 $aMailboxPref = unserialize($aMailboxPrefSer);
89 $aMailboxPref[MBX_PREF_COLUMNS] = $index_order; // index_order contains the columns to show and the order of the columns
90 } else {
91 setUserPref($username,'pref_'.$account.'_'.$mailbox,serialize($default_mailbox_pref));
92 $aMailboxPref = $default_mailbox_pref;
93 }
94 if (isset($srt)) {
95 $aMailboxPref[MBX_PREF_SORT] = (int) $srt;
96 }
97
98 $trash_folder = (isset($trash_folder)) ? $trash_folder : false;
99 $sent_folder = (isset($sent_folder)) ? $sent_folder : false;
100 $draft_folder = (isset($draft_folder)) ? $draft_folder : false;
101
102
103 /**
104 * until there is no per mailbox option screen to set prefs we override
105 * the mailboxprefs by the default ones
106 */
107 $aMailboxPref[MBX_PREF_LIMIT] = (int) $show_num;
108 $aMailboxPref[MBX_PREF_AUTO_EXPUNGE] = (bool) $auto_expunge;
109 $aMailboxPref[MBX_PREF_INTERNALDATE] = (bool) getPref($data_dir, $username, 'internal_date_sort');
110 $aMailboxPref[MBX_PREF_COLUMNS] = $index_order;
111
112 /**
113 * Replace From => To in case it concerns a draft or sent folder
114 */
115 if (($mailbox == $sent_folder || $mailbox == $draft_folder) &&
116 !in_array(SQM_COL_TO,$aMailboxPref[MBX_PREF_COLUMNS])) {
117 $aNewOrder = array(); // nice var name ;)
118 foreach($aMailboxPref[MBX_PREF_COLUMNS] as $iCol) {
119 if ($iCol == SQM_COL_FROM) {
120 $iCol = SQM_COL_TO;
121 }
122 $aNewOrder[] = $iCol;
123 }
124 $aMailboxPref[MBX_PREF_COLUMNS] = $aNewOrder;
125 setUserPref($username,'pref_'.$account.'_'.$mailbox,serialize($aMailboxPref));
126 }
127
128
129
130 /**
131 * Set the config options for the messages list
132 */
133 $aColumns = array(); // contains settings per column. Switch to key -> value based array, order is the order of the array keys
134 foreach ($aMailboxPref[MBX_PREF_COLUMNS] as $iCol) {
135 $aColumns[$iCol] = array();
136 switch ($iCol) {
137 case SQM_COL_SUBJ:
138 if ($truncate_subject) {
139 $aColumns[$iCol]['truncate'] = $truncate_subject;
140 }
141 break;
142 case SQM_COL_FROM:
143 case SQM_COL_TO:
144 case SQM_COL_CC:
145 case SQM_COL_BCC:
146 if ($truncate_sender) {
147 $aColumns[$iCol]['truncate'] = $truncate_sender;
148 }
149 break;
150 }
151 }
152
153 /**
154 * Properties required by showMessagesForMailbox
155 */
156 $aProps = array(
157 'columns' => $aColumns, // columns bound settings
158 'config' => array('alt_index_colors' => $alt_index_colors, // alternating row colors (should be a template thing)
159 'highlight_list' => $message_highlight_list, // row highlighting rules
160 'fancy_index_highlite' => $fancy_index_highlite, // highlight rows on hover or on click -> check
161 'show_flag_buttons' => (isset($show_flag_buttons)) ? $show_flag_buttons : true,
162 'lastTargetMailbox' => (isset($lastTargetMailbox)) ? $lastTargetMailbox : '', // last mailbox where messages are moved/copied to
163 'trash_folder' => $trash_folder,
164 'sent_folder' => $sent_folder,
165 'draft_folder' => $draft_folder,
166 'color' => $color,
167 'enablesort' => true // enable sorting on columns
168 ),
169 'mailbox' => $mailbox,
170 'account' => (isset($account)) ? $account : 0, // future usage if we support multiple imap accounts
171 'module' => 'read_body',
172 'email' => false);
173
174
175 /**
176 * system wide admin settings and incoming vars.
177 */
178 $aConfig = array(
179 'user' => $username,
180 // incoming vars
181 'offset' => $startMessage // offset in paginator
182 );
183 /**
184 * The showall functionality is for the moment added to the config array
185 * to avoid storage of the showall link in the mailbox pref. We could change
186 * this behaviour later and add it to $aMailboxPref instead
187 */
188 if (isset($showall)) {
189 $aConfig['showall'] = $showall; // show all messages in a mailbox (paginator is disabled)
190 } else {
191 $showall = false;
192 }
193
194
195 /**
196 * Retrieve the mailbox cache from the session.
197 */
198 sqgetGlobalVar('mailbox_cache',$mailbox_cache,SQ_SESSION);
199
200 /**
201 * Select the mailbox and retrieve the cached info.
202 */
203 $aMailbox = sqm_api_mailbox_select($imapConnection,$account, $mailbox,$aConfig,$aMailboxPref);
204
205 /**
206 * MOVE THIS to a central init section !!!!
207 */
208 if (!sqgetGlobalVar('align',$align,SQ_SESSION)) {
209 $dir = ( isset( $languages[$squirrelmail_language]['DIR']) ) ? $languages[$squirrelmail_language]['DIR'] : 'ltr';
210 if ( $dir == 'ltr' ) {
211 $align = array('left' => 'left', 'right' => 'right');
212 } else {
213 $align = array('left' => 'right', 'right' => 'left');
214 }
215 sqsession_register($align, 'align');
216 }
217
218 /*
219 * After initialisation of the mailbox array it's time to handle the FORM data
220 */
221 $sError = handleMessageListForm($imapConnection,$aMailbox);
222 if ($sError) {
223 $note = $sError;
224 }
225
226
227
228 /*
229 * If we try to forward messages as attachment we have to open a new window
230 * in case of compose in new window or redirect to compose.php
231 */
232 if (isset($aMailbox['FORWARD_SESSION'])) {
233 if ($compose_new_win) {
234 /* add the mailbox to the cache */
235 $mailbox_cache[$account.'_'.$aMailbox['NAME']] = $aMailbox;
236 sqsession_register($mailbox_cache,'mailbox_cache');
237 // write the session in order to make sure that the compose window has
238 // access to the composemessages array which is stored in the session
239 session_write_close();
240 // restart the session. Do not use sqsession_is_active because the session_id
241 // isn't empty after a session_write_close
242 sqsession_start();
243 if (!preg_match("/^[0-9]{3,4}$/", $compose_width)) {
244 $compose_width = '640';
245 }
246 if (!preg_match("/^[0-9]{3,4}$/", $compose_height)) {
247 $compose_height = '550';
248 }
249 // do not use &amp;, it will break the query string and $session will not be detected!!!
250 $comp_uri = SM_PATH . 'src/compose.php?mailbox='. urlencode($mailbox).
251 '&session='.urlencode($aMailbox['FORWARD_SESSION']);
252 displayPageHeader($color, $mailbox, "comp_in_new('$comp_uri', $compose_width, $compose_height);", '');
253 } else {
254 $mailbox_cache[$account.'_'.$aMailbox['NAME']] = $aMailbox;
255 sqsession_register($mailbox_cache,'mailbox_cache');
256
257 // save mailboxstate
258 sqsession_register($aMailbox,'aLastSelectedMailbox');
259 session_write_close();
260 // we have to redirect to the compose page
261 $location = SM_PATH . 'src/compose.php?mailbox='. urlencode($mailbox).
262 '&session='.$aMailbox['FORWARD_SESSION'];
263 header("Location: $location");
264 exit;
265 }
266 } else {
267 displayPageHeader($color, $mailbox);
268 }
269
270 do_hook('right_main_after_header');
271
272 /* display a message to the user that their mail has been sent */
273 if (isset($mail_sent) && $mail_sent == 'yes') {
274 $note = _("Your Message has been sent.");
275 }
276 if (isset($note)) {
277 $oTemplate->assign('note', htmlspecialchars($note));
278 $oTemplate->display('note.tpl');
279 }
280
281 if ( sqgetGlobalVar('just_logged_in', $just_logged_in, SQ_SESSION) ) {
282 if ($just_logged_in == true) {
283 $just_logged_in = false;
284 sqsession_register($just_logged_in, 'just_logged_in');
285
286 $motd = trim($motd);
287 if (strlen($motd) > 0) {
288 $oTemplate->assign('motd', $motd);
289 $oTemplate->display('motd.tpl');
290 }
291 }
292 }
293
294
295 if ($aMailbox['EXISTS'] > 0) {
296 $aTemplateVars = showMessagesForMailbox($imapConnection,$aMailbox,$aProps,$iError);
297 if ($iError) {
298
299 }
300 foreach ($aTemplateVars as $k => $v) {
301 $oTemplate->assign($k, $v);
302 }
303
304 /*
305 * TODO: To many config related vars. We should move all config related vars to
306 * one single associative array and assign that to the template
307 */
308 $oTemplate->assign('page_selector', $page_selector);
309 $oTemplate->assign('page_selector_max', $page_selector_max);
310 $oTemplate->assign('compact_paginator', $compact_paginator);
311 $oTemplate->assign('javascript_on', $javascript_on);
312 $oTemplate->assign('enablesort', (isset($aProps['config']['enablesort'])) ? $aProps['config']['enablesort'] : false);
313 $oTemplate->assign('icon_theme_path', $icon_theme_path);
314 $oTemplate->assign('aOrder', array_keys($aColumns));
315 $oTemplate->assign('alt_index_colors', isset($alt_index_colors) ? $alt_index_colors: false);
316 $oTemplate->assign('color', $color);
317 $oTemplate->assign('align', $align);
318
319 $oTemplate->display('message_list.tpl');
320
321 } else {
322 $oTemplate->display('empty_folder.tpl');
323 }
324
325 do_hook('right_main_bottom');
326 sqimap_logout ($imapConnection);
327 $oTemplate->display('footer.tpl');
328
329
330 /* add the mailbox to the cache */
331 $mailbox_cache[$account.'_'.$aMailbox['NAME']] = $aMailbox;
332 sqsession_register($mailbox_cache,'mailbox_cache');
Unnamed repository; edit this file 'description' to name the repository.