Add compatibility with Dovecot's bigint UIDs

[squirrelmail.git] / src / compose.php
diff --git a/src/compose.php b/src/compose.php

index e49b174b9e8df55e24f8795dddaec6ad2645ab2e..189b65a84499979ac562e8a3eeeb6fda0011abc9 100644 (file)
--- a/src/compose.php
+++ b/src/compose.php
@@ -47,15 +47,22 @@ require_once(SM_PATH . 'functions/identity.php');
  /** SESSION VARS */
  sqgetGlobalVar('delimiter', $delimiter,     SQ_SESSION);
  
  /** SESSION VARS */
  sqgetGlobalVar('delimiter', $delimiter,     SQ_SESSION);
  
+sqgetGlobalVar('delayed_errors',  $delayed_errors,  SQ_SESSION);
  sqgetGlobalVar('composesession',    $composesession,    SQ_SESSION);
  sqgetGlobalVar('compose_messages',  $compose_messages,  SQ_SESSION);
  sqgetGlobalVar('composesession',    $composesession,    SQ_SESSION);
  sqgetGlobalVar('compose_messages',  $compose_messages,  SQ_SESSION);
-sqgetGlobalVar('delayed_errors',  $delayed_errors,  SQ_SESSION);
+
+// compose_messages only useful in SESSION when a forward-as-attachment
+// has been preconstructed for us and passed in via that mechanism; once
+// we have it, we can clear it from the SESSION
+sqsession_unregister('compose_messages');
  
  // Turn on delayed error handling in case we wind up redirecting below
  $oErrorHandler->setDelayedErrors(true);
  
  /** SESSION/POST/GET VARS */
  
  // Turn on delayed error handling in case we wind up redirecting below
  $oErrorHandler->setDelayedErrors(true);
  
  /** SESSION/POST/GET VARS */
-sqgetGlobalVar('send', $send, SQ_POST);
+sqgetGlobalVar('send_button_count', $send_button_count, SQ_POST, 1, SQ_TYPE_INT);
+for ($i = 1; $i <= $send_button_count; $i++)
+   if (sqgetGlobalVar('send' . $i, $send, SQ_POST)) break;
  // Send can only be achieved by setting $_POST var. If Send = true then
  // retrieve other form fields from $_POST
  if (isset($send) && $send) {
  // Send can only be achieved by setting $_POST var. If Send = true then
  // retrieve other form fields from $_POST
  if (isset($send) && $send) {
@@ -78,7 +85,7 @@ sqgetGlobalVar('request_mdn',$request_mdn, $SQ_GLOBAL);
  sqgetGlobalVar('request_dr',$request_dr, $SQ_GLOBAL);
  sqgetGlobalVar('html_addr_search',$html_addr_search, $SQ_GLOBAL);
  sqgetGlobalVar('mail_sent',$mail_sent, $SQ_GLOBAL);
  sqgetGlobalVar('request_dr',$request_dr, $SQ_GLOBAL);
  sqgetGlobalVar('html_addr_search',$html_addr_search, $SQ_GLOBAL);
  sqgetGlobalVar('mail_sent',$mail_sent, $SQ_GLOBAL);
-sqgetGlobalVar('passed_id',$passed_id, $SQ_GLOBAL);
+sqgetGlobalVar('passed_id',$passed_id, $SQ_GLOBAL, NULL, SQ_TYPE_BIGINT);
  sqgetGlobalVar('passed_ent_id',$passed_ent_id, $SQ_GLOBAL);
  
  sqgetGlobalVar('attach',$attach, SQ_POST);
  sqgetGlobalVar('passed_ent_id',$passed_ent_id, $SQ_GLOBAL);
  
  sqgetGlobalVar('attach',$attach, SQ_POST);
@@ -106,7 +113,7 @@ sqgetGlobalVar('addr_search_cancel',    $html_addr_search_cancel,   SQ_POST);
  sqgetGlobalVar('send_to_search',        $send_to_search,            SQ_POST);
  sqgetGlobalVar('do_delete',             $do_delete,                 SQ_POST);
  sqgetGlobalVar('delete',                $delete,                    SQ_POST);
  sqgetGlobalVar('send_to_search',        $send_to_search,            SQ_POST);
  sqgetGlobalVar('do_delete',             $do_delete,                 SQ_POST);
  sqgetGlobalVar('delete',                $delete,                    SQ_POST);
-sqgetGlobalVar('restoremessages',       $restoremessages,           SQ_POST);
+sqgetGlobalVar('attachments',           $attachments,               SQ_POST);
  if ( sqgetGlobalVar('return', $temp, SQ_POST) ) {
      $html_addr_search_done = 'Use Addresses';
  }
  if ( sqgetGlobalVar('return', $temp, SQ_POST) ) {
      $html_addr_search_done = 'Use Addresses';
  }
@@ -149,7 +156,7 @@ if ( sqgetGlobalVar('mailtodata', $mailtodata, SQ_GET) ) {
      unset($mailtodata,$mtdata, $trtable);
  }
  
      unset($mailtodata,$mtdata, $trtable);
  }
  
-/* Location (For HTTP 1.1 Header("Location: ...") redirects) */
+/* Location (For HTTP 1.1 header("Location: ...") redirects) */
  $location = get_location();
  /* Identities (fetch only once) */
  $idents = get_identities();
  $location = get_location();
  /* Identities (fetch only once) */
  $idents = get_identities();
@@ -232,9 +239,7 @@ function getReplyCitation($orig_from, $orig_date) {
      /* Otherwise, try to select the desired citation style. */
      switch ($reply_citation_style) {
      case 'author_said':
      /* Otherwise, try to select the desired citation style. */
      switch ($reply_citation_style) {
      case 'author_said':
-        /**
-         * To translators: %s is for author's name
-         */
+        // i18n: %s is for author's name
          $full_reply_citation = sprintf(_("%s wrote:"),$sOrig_from);
          break;
      case 'quote_who':
          $full_reply_citation = sprintf(_("%s wrote:"),$sOrig_from);
          break;
      case 'quote_who':
@@ -243,15 +248,14 @@ function getReplyCitation($orig_from, $orig_date) {
          $full_reply_citation = $start . $sOrig_from . $end;
          break;
      case 'date_time_author':
          $full_reply_citation = $start . $sOrig_from . $end;
          break;
      case 'date_time_author':
-        /**
-         * To translators:
-         *  first %s is for date string, second %s is for author's name. Date uses
-         *  formating from "D, F j, Y g:i a" and "D, F j, Y H:i" translations.
-         * Example string:
-         *  "On Sat, December 24, 2004 23:59, Santa wrote:"
-         * If you have to put author's name in front of date string, check comments about
-         * argument swapping at http://www.php.net/sprintf
-         */
+        // i18n:
+        // The first %s is for date string, the second %s is for author's name.
+        // The date uses formating from "D, F j, Y g:i a" and "D, F j, Y H:i"
+        // translations.
+        // Example string:
+        // "On Sat, December 24, 2004 23:59, Santa wrote:"
+        // If you have to put author's name in front of date string, check comments about
+        // argument swapping at http://php.net/sprintf
          $full_reply_citation = sprintf(_("On %s, %s wrote:"), getLongDateString($orig_date), $sOrig_from);
          break;
      case 'user-defined':
          $full_reply_citation = sprintf(_("On %s, %s wrote:"), getLongDateString($orig_date), $sOrig_from);
          break;
      case 'user-defined':
@@ -317,23 +321,22 @@ function getforwardHeader($orig_header) {
   * If the session is expired during a post this restores the compose session
   * vars.
   */
   * If the session is expired during a post this restores the compose session
   * vars.
   */
+$session_expired = false;
  if (sqsession_is_registered('session_expired_post')) {
      sqgetGlobalVar('session_expired_post', $session_expired_post, SQ_SESSION);
      /*
       * extra check for username so we don't display previous post data from
       * another user during this session.
       */
  if (sqsession_is_registered('session_expired_post')) {
      sqgetGlobalVar('session_expired_post', $session_expired_post, SQ_SESSION);
      /*
       * extra check for username so we don't display previous post data from
       * another user during this session.
       */
-    if ($session_expired_post['username'] != $username) {
-        unset($session_expired_post);
-        sqsession_unregister('session_expired_post');
-        session_write_close();
-    } else {
+    if (!empty($session_expired_post['username']) 
+     && $session_expired_post['username'] == $username) {
          // these are the vars that we can set from the expired composed session
          // these are the vars that we can set from the expired composed session
-        $compo_var_list = array ( 'send_to', 'send_to_cc','body','startMessage',
-            'passed_body','use_signature','signature','attachments','subject','newmail',
-            'send_to_bcc', 'passed_id', 'mailbox', 'from_htmladdr_search', 'identity',
-            'draft_id', 'delete_draft', 'mailprio', 'edit_as_new', 'compose_messsages',
-            'composesession', 'request_mdn', 'request_dr');
+        $compo_var_list = array ('send_to', 'send_to_cc', 'body',
+            'startMessage', 'passed_body', 'use_signature', 'signature',
+            'subject', 'newmail', 'send_to_bcc', 'passed_id', 'mailbox', 
+            'from_htmladdr_search', 'identity', 'draft_id', 'delete_draft', 
+            'mailprio', 'edit_as_new', 'attachments', 'composesession', 
+            'request_mdn', 'request_dr');
  
          foreach ($compo_var_list as $var) {
              if ( isset($session_expired_post[$var]) && !isset($$var) ) {
  
          foreach ($compo_var_list as $var) {
              if ( isset($session_expired_post[$var]) && !isset($$var) ) {
@@ -341,9 +344,11 @@ if (sqsession_is_registered('session_expired_post')) {
              }
          }
  
              }
          }
  
-        $compose_messages = unserialize($restoremessages);
-        sqsession_register($compose_messages,'compose_messages');
+        if (!empty($attachments))
+            $attachments = unserialize(urldecode($attachments));
+
          sqsession_register($composesession,'composesession');
          sqsession_register($composesession,'composesession');
+
          if (isset($send)) {
              unset($send);
          }
          if (isset($send)) {
              unset($send);
          }
@@ -360,15 +365,16 @@ if (sqsession_is_registered('session_expired_post')) {
      } else {
          $sHeaderJs = (isset($sHeaderJs)) ? $sHeaderJs : '';
          if (strpos($action, 'reply') !== false && $reply_focus) {
      } else {
          $sHeaderJs = (isset($sHeaderJs)) ? $sHeaderJs : '';
          if (strpos($action, 'reply') !== false && $reply_focus) {
-            $sBodyTagJs = 'onload="checkForm(\''.$replyfocus.'\');"';
+            $sOnload = 'checkForm(\''.$replyfocus.'\');';
          } else {
          } else {
-            $sBodyTagJs = 'onload="checkForm();"';
+            $sOnload = 'checkForm();';
          }
          }
-        displayPageHeader($color, $mailbox,$sHeaderJs,$sBodyTagJs);
+        displayPageHeader($color, $mailbox,$sHeaderJs,$sOnload);
      }
      showInputForm($session, false);
      exit();
  }
      }
      showInputForm($session, false);
      exit();
  }
+
  if (!isset($composesession)) {
      $composesession = 0;
      sqsession_register(0,'composesession');
  if (!isset($composesession)) {
      $composesession = 0;
      sqsession_register(0,'composesession');
@@ -382,20 +388,22 @@ if (!isset($session) || (isset($newmessage) && $newmessage)) {
      $composesession = $session;
      sqsession_register($composesession,'composesession');
  }
      $composesession = $session;
      sqsession_register($composesession,'composesession');
  }
-if (!isset($compose_messages)) {
-    $compose_messages = array();
-}
-
-if (!isset($compose_messages[$session]) || ($compose_messages[$session] == NULL)) {
+if (!empty($compose_messages[$session])) {
+    $composeMessage = $compose_messages[$session];
+} else {
      $composeMessage = new Message();
      $rfc822_header = new Rfc822Header();
      $composeMessage->rfc822_header = $rfc822_header;
      $composeMessage->reply_rfc822_header = '';
      $composeMessage = new Message();
      $rfc822_header = new Rfc822Header();
      $composeMessage->rfc822_header = $rfc822_header;
      $composeMessage->reply_rfc822_header = '';
-    $compose_messages[$session] = $composeMessage;
+}
  
  
-    sqsession_register($compose_messages,'compose_messages');
-} else {
-    $composeMessage=$compose_messages[$session];
+// re-add attachments that were already in this message
+// FIXME: note that technically this is very bad form -
+// should never directly manipulate an object like this
+if (!empty($attachments)) {
+    $attachments = unserialize(urldecode($attachments));
+    if (!empty($attachments) && is_array($attachments))
+        $composeMessage->entities = $attachments;
  }
  
  if (empty($mailbox)) {
  }
  
  if (empty($mailbox)) {
@@ -408,13 +416,10 @@ if ($draft) {
       * of language interface.
       */
      set_my_charset();
       * of language interface.
       */
      set_my_charset();
-    $composeMessage=$compose_messages[$session];
      if (! deliverMessage($composeMessage, true)) {
          showInputForm($session);
          exit();
      } else {
      if (! deliverMessage($composeMessage, true)) {
          showInputForm($session);
          exit();
      } else {
-        unset($compose_messages[$session]);
-        sqsession_register($compose_messages,'compose_messages');
          $draft_message = _("Draft Email Saved");
          /* If this is a resumed draft, then delete the original */
          if(isset($delete_draft)) {
          $draft_message = _("Draft Email Saved");
          /* If this is a resumed draft, then delete the original */
          if(isset($delete_draft)) {
@@ -435,7 +440,7 @@ if ($draft) {
  
          if ($compose_new_win == '1') {
              if ( !isset($pageheader_sent) || !$pageheader_sent ) {
  
          if ($compose_new_win == '1') {
              if ( !isset($pageheader_sent) || !$pageheader_sent ) {
-                Header("Location: $location/compose.php?saved_draft=yes&session=$composesession");
+                header("Location: $location/compose.php?saved_draft=yes&session=$composesession");
              } else {
  //FIXME: DON'T ECHO HTML FROM CORE!
                  echo '   <br><br><div style="text-align: center;"><a href="' . $location
              } else {
  //FIXME: DON'T ECHO HTML FROM CORE!
                  echo '   <br><br><div style="text-align: center;"><a href="' . $location
@@ -445,7 +450,7 @@ if ($draft) {
              exit();
          } else {
              if ( !isset($pageheader_sent) || !$pageheader_sent ) {
              exit();
          } else {
              if ( !isset($pageheader_sent) || !$pageheader_sent ) {
-                Header("Location: $location/right_main.php?mailbox=" . urlencode($draft_folder) .
+                header("Location: $location/right_main.php?mailbox=" . urlencode($draft_folder) .
                     "&startMessage=1&note=".urlencode($draft_message));
              } else {
  //FIXME: DON'T ECHO HTML FROM CORE!
                     "&startMessage=1&note=".urlencode($draft_message));
              } else {
  //FIXME: DON'T ECHO HTML FROM CORE!
@@ -506,8 +511,6 @@ if ($send) {
          }
          $body = $newBody;
  
          }
          $body = $newBody;
  
-        $composeMessage=$compose_messages[$session];
-
          $Result = deliverMessage($composeMessage);
  
          if ($Result)
          $Result = deliverMessage($composeMessage);
  
          if ($Result)
@@ -518,13 +521,12 @@ if ($send) {
          // NOTE: this hook changed in 1.5.2 from sending $Result and
          //       $composeMessage as args #2 and #3 to being in an array
          //       under arg #2
          // NOTE: this hook changed in 1.5.2 from sending $Result and
          //       $composeMessage as args #2 and #3 to being in an array
          //       under arg #2
-        do_hook('compose_send_after', $temp=array(&$Result, &$composeMessage, &$mail_sent));
+        $temp = array(&$Result, &$composeMessage, &$mail_sent);
+        do_hook('compose_send_after', $temp);
          if (! $Result) {
              showInputForm($session);
              exit();
          }
          if (! $Result) {
              showInputForm($session);
              exit();
          }
-        unset($compose_messages[$session]);
-        sqsession_register($compose_messages,'compose_messages');
  
          /* if it is resumed draft, delete draft message */
          if ( isset($delete_draft)) {
  
          /* if it is resumed draft, delete draft message */
          if ( isset($delete_draft)) {
@@ -547,7 +549,7 @@ if ($send) {
  
          if ($compose_new_win == '1') {
              if ( !isset($pageheader_sent) || !$pageheader_sent ) {
  
          if ($compose_new_win == '1') {
              if ( !isset($pageheader_sent) || !$pageheader_sent ) {
-                Header("Location: $location/compose.php?mail_sent=$mail_sent");
+                header("Location: $location/compose.php?mail_sent=$mail_sent");
              } else {
  //FIXME: DON'T ECHO HTML FROM CORE!
                  echo '   <br><br><div style="text-align: center;"><a href="' . $location
              } else {
  //FIXME: DON'T ECHO HTML FROM CORE!
                  echo '   <br><br><div style="text-align: center;"><a href="' . $location
@@ -557,7 +559,7 @@ if ($send) {
              exit();
          } else {
              if ( !isset($pageheader_sent) || !$pageheader_sent ) {
              exit();
          } else {
              if ( !isset($pageheader_sent) || !$pageheader_sent ) {
-                Header("Location: $location/right_main.php?mailbox=$urlMailbox".
+                header("Location: $location/right_main.php?mailbox=$urlMailbox".
                      "&startMessage=$startMessage&mail_sent=$mail_sent");
              } else {
  //FIXME: DON'T ECHO HTML FROM CORE!
                      "&startMessage=$startMessage&mail_sent=$mail_sent");
              } else {
  //FIXME: DON'T ECHO HTML FROM CORE!
@@ -656,10 +658,11 @@ elseif (isset($sigappend)) {
      }
  
      if (isset($delete) && is_array($delete)) {
      }
  
      if (isset($delete) && is_array($delete)) {
-        $composeMessage = $compose_messages[$session];
          foreach($delete as $index) {
              if (!empty($composeMessage->entities) && isset($composeMessage->entities[$index])) {
                  $composeMessage->entities[$index]->purgeAttachments();
          foreach($delete as $index) {
              if (!empty($composeMessage->entities) && isset($composeMessage->entities[$index])) {
                  $composeMessage->entities[$index]->purgeAttachments();
+                // FIXME: one person reported that unset() didn't do anything at all here, so this is a work-around... but it triggers PHP notices if the unset() doesn't work, which should be fixed... but bigger question is if unset() doesn't work here, what about everywhere else? Anyway, uncomment this if you think you need it
+                //$composeMessage->entities[$index] = NULL;
                  unset ($composeMessage->entities[$index]);
              }
          }
                  unset ($composeMessage->entities[$index]);
              }
          }
@@ -668,8 +671,6 @@ elseif (isset($sigappend)) {
              $new_entities[] = $entity;
          }
          $composeMessage->entities = $new_entities;
              $new_entities[] = $entity;
          }
          $composeMessage->entities = $new_entities;
-        $compose_messages[$session] = $composeMessage;
-        sqsession_register($compose_messages, 'compose_messages');
      }
      showInputForm($session);
  } else {
      }
      showInputForm($session);
  } else {
@@ -735,7 +736,7 @@ function getforwardSubject($subject)
  function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $session='') {
      global $editor_size, $default_use_priority, $body, $idents,
          $use_signature, $data_dir, $username,
  function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $session='') {
      global $editor_size, $default_use_priority, $body, $idents,
          $use_signature, $data_dir, $username,
-        $key, $imapServerAddress, $imapPort, $compose_messages,
+        $key, $imapServerAddress, $imapPort, 
          $composeMessage, $body_quote, $request_mdn, $request_dr,
          $mdn_user_support, $languages, $squirrelmail_language,
          $default_charset;
          $composeMessage, $body_quote, $request_mdn, $request_dr,
          $mdn_user_support, $languages, $squirrelmail_language,
          $default_charset;
@@ -846,9 +847,10 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se
          if (count($idents) > 1) {
              foreach($idents as $nr=>$data) {
                  $enc_from_name = '"'.$data['full_name'].'" <'. $data['email_address'].'>';
          if (count($idents) > 1) {
              foreach($idents as $nr=>$data) {
                  $enc_from_name = '"'.$data['full_name'].'" <'. $data['email_address'].'>';
-                if($enc_from_name == $orig_from) {
+                if(strtolower($enc_from_name) == strtolower($orig_from)) {
                      $identity = $nr;
                      $identity = $nr;
-                    break;
+                    // don't stop!  need to build $identities array for idents match below
+                    //break;
                  }
                  $identities[] = $enc_from_name;
              }
                  }
                  $identities[] = $enc_from_name;
              }
@@ -878,6 +880,7 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se
                  $request_dr = $mdn_user_support && !empty($orig_header->drnt) ? '1' : '0';
  
                  /* remember the references and in-reply-to headers in case of an reply */
                  $request_dr = $mdn_user_support && !empty($orig_header->drnt) ? '1' : '0';
  
                  /* remember the references and in-reply-to headers in case of an reply */
+//FIXME: it would be better to fiddle with headers inside of the message object or possibly when delivering the message to its destination (drafts folder?); is this possible?
                  $composeMessage->rfc822_header->more_headers['References'] = $orig_header->references;
                  $composeMessage->rfc822_header->more_headers['In-Reply-To'] = $orig_header->in_reply_to;
                  // rewrap the body to clean up quotations and line lengths
                  $composeMessage->rfc822_header->more_headers['References'] = $orig_header->references;
                  $composeMessage->rfc822_header->more_headers['In-Reply-To'] = $orig_header->in_reply_to;
                  // rewrap the body to clean up quotations and line lengths
@@ -965,8 +968,7 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se
              default:
                  break;
          }
              default:
                  break;
          }
-        $compose_messages[$session] = $composeMessage;
-        sqsession_register($compose_messages, 'compose_messages');
+//FIXME: we used to register $compose_messages in the session here, but not any more - so do we still need the session_write_close() and sqimap_logout() here?  We probably need the IMAP logout, but what about the session closure?
          session_write_close();
          sqimap_logout($imapConnection);
      }
          session_write_close();
          sqimap_logout($imapConnection);
      }
@@ -992,7 +994,7 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se
   * @return object
   */
  function getAttachments($message, &$composeMessage, $passed_id, $entities, $imapConnection) {
   * @return object
   */
  function getAttachments($message, &$composeMessage, $passed_id, $entities, $imapConnection) {
-    global $squirrelmail_language, $languages;
+    global $squirrelmail_language, $languages, $username, $attachment_dir;
  
      if (!count($message->entities) ||
              ($message->type0 == 'message' && $message->type1 == 'rfc822')) {
  
      if (!count($message->entities) ||
              ($message->type0 == 'message' && $message->type1 == 'rfc822')) {
@@ -1004,7 +1006,7 @@ function getAttachments($message, &$composeMessage, $passed_id, $entities, $imap
                          if ($filename == "") {
                              $filename = "untitled-".$message->entity_id;
                          }
                          if ($filename == "") {
                              $filename = "untitled-".$message->entity_id;
                          }
-                        $filename .= '.msg';
+                        $filename .= '.eml';
                      } else {
                          $filename = $message->getFilename();
                      }
                      } else {
                          $filename = $message->getFilename();
                      }
@@ -1021,6 +1023,8 @@ function getAttachments($message, &$composeMessage, $passed_id, $entities, $imap
                      function_exists($languages[$squirrelmail_language]['XTRA_CODE'] . '_encode')) {
                  $filename =  call_user_func($languages[$squirrelmail_language]['XTRA_CODE'] . '_encode', $filename);
              }
                      function_exists($languages[$squirrelmail_language]['XTRA_CODE'] . '_encode')) {
                  $filename =  call_user_func($languages[$squirrelmail_language]['XTRA_CODE'] . '_encode', $filename);
              }
+
+            $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
              $localfilename = sq_get_attach_tempfile();
              $message->att_local_name = $localfilename;
  
              $localfilename = sq_get_attach_tempfile();
              $message->att_local_name = $localfilename;
  
@@ -1028,7 +1032,7 @@ function getAttachments($message, &$composeMessage, $passed_id, $entities, $imap
                      $localfilename);
  
              /* Write Attachment to file */
                      $localfilename);
  
              /* Write Attachment to file */
-            $fp = fopen ($localfilename, 'wb');
+            $fp = fopen ($hashed_attachment_dir . '/' . $localfilename, 'wb');
              mime_print_body_lines ($imapConnection, $passed_id, $message->entity_id, $message->header->encoding, $fp);
              fclose ($fp);
          }
              mime_print_body_lines ($imapConnection, $passed_id, $message->entity_id, $message->header->encoding, $fp);
              fclose ($fp);
          }
@@ -1059,11 +1063,13 @@ function getMessage_RFC822_Attachment($message, $composeMessage, $passed_id,
          array_pop($body_a);
          $body = implode('', $body_a) . "\r\n";
  
          array_pop($body_a);
          $body = implode('', $body_a) . "\r\n";
  
+        global $username, $attachment_dir;
+        $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
          $localfilename = sq_get_attach_tempfile();
          $localfilename = sq_get_attach_tempfile();
-        $fp = fopen($localfilename, 'wb');
+        $fp = fopen($hashed_attachment_dir . '/' . $localfilename, 'wb');
          fwrite ($fp, $body);
          fclose($fp);
          fwrite ($fp, $body);
          fclose($fp);
-        $composeMessage->initAttachment('message/rfc822',$subject.'.msg',
+        $composeMessage->initAttachment('message/rfc822',$subject.'.eml',
                  $localfilename);
      }
      return $composeMessage;
                  $localfilename);
      }
      return $composeMessage;
@@ -1071,14 +1077,14 @@ function getMessage_RFC822_Attachment($message, $composeMessage, $passed_id,
  
  function showInputForm ($session, $values=false) {
      global $send_to, $send_to_cc, $send_to_bcc,
  
  function showInputForm ($session, $values=false) {
      global $send_to, $send_to_cc, $send_to_bcc,
-        $body, $startMessage, $action,
-        $use_signature, $signature, $prefix_sig,
+        $body, $startMessage, $action, $attachments,
+        $use_signature, $signature, $prefix_sig, $session_expired,
          $editor_size, $editor_height, $subject, $newmail,
          $use_javascript_addr_book, $passed_id, $mailbox,
          $from_htmladdr_search, $location_of_buttons, $attachment_dir,
          $username, $data_dir, $identity, $idents, $delete_draft,
          $mailprio, $compose_new_win, $saved_draft, $mail_sent, $sig_first,
          $editor_size, $editor_height, $subject, $newmail,
          $use_javascript_addr_book, $passed_id, $mailbox,
          $from_htmladdr_search, $location_of_buttons, $attachment_dir,
          $username, $data_dir, $identity, $idents, $delete_draft,
          $mailprio, $compose_new_win, $saved_draft, $mail_sent, $sig_first,
-        $compose_messages, $composesession, $default_charset,
+        $composeMessage, $composesession, $default_charset,
          $compose_onsubmit, $oTemplate, $oErrorHandler;
  
      if (checkForJavascript()) {
          $compose_onsubmit, $oTemplate, $oErrorHandler;
  
      if (checkForJavascript()) {
@@ -1090,7 +1096,6 @@ function showInputForm ($session, $values=false) {
          $onfocus_array = array();
      }
  
          $onfocus_array = array();
      }
  
-    $composeMessage = $compose_messages[$session];
      if ($values) {
          $send_to = $values['send_to'];
          $send_to_cc = $values['send_to_cc'];
      if ($values) {
          $send_to = $values['send_to'];
          $send_to_cc = $values['send_to_cc'];
@@ -1261,6 +1266,12 @@ function showInputForm ($session, $values=false) {
          showComposeButtonRow();
      }
  
          showComposeButtonRow();
      }
  
+    // composeMessage can be empty when coming from a restored session
+    if (is_object($composeMessage) && $composeMessage->entities)
+        $attach_array = $composeMessage->entities;
+    if ($session_expired && !empty($attachments) && is_array($attachments))
+        $attach_array = $attachments;
+
      /* This code is for attachments */
      if ((bool) ini_get('file_uploads')) {
  
      /* This code is for attachments */
      if ((bool) ini_get('file_uploads')) {
  
@@ -1280,9 +1291,10 @@ function showInputForm ($session, $values=false) {
          }
  
          $attach = array();
          }
  
          $attach = array();
-        // composeMessage can be empty when coming from a restored session
-        if (is_object($composeMessage) && $composeMessage->entities) {
-            foreach ($composeMessage->entities as $key => $attachment) {
+        global $username, $attachment_dir;
+        $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
+        if (!empty($attach_array)) {
+            foreach ($attach_array as $key => $attachment) {
                  $attached_file = $attachment->att_local_name;
                  if ($attachment->att_local_name || $attachment->body_part) {
                      $attached_filename = decodeHeader($attachment->mime_header->getParameter('name'));
                  $attached_file = $attachment->att_local_name;
                  if ($attachment->att_local_name || $attachment->body_part) {
                      $attached_filename = decodeHeader($attachment->mime_header->getParameter('name'));
@@ -1293,7 +1305,7 @@ function showInputForm ($session, $values=false) {
                      $a['Key'] = $key;
                      $a['FileName'] = $attached_filename;
                      $a['ContentType'] = $type;
                      $a['Key'] = $key;
                      $a['FileName'] = $attached_filename;
                      $a['ContentType'] = $type;
-                    $a['Size'] = filesize($attached_file);
+                    $a['Size'] = filesize($hashed_attachment_dir . '/' . $attached_file);
                      $attach[$key] = $a;
                  }
              }
                      $attach[$key] = $a;
                  }
              }
@@ -1311,15 +1323,12 @@ function showInputForm ($session, $values=false) {
      echo addHidden('username', $username).
           addHidden('smaction', $action).
           addHidden('mailbox', $mailbox);
      echo addHidden('username', $username).
           addHidden('smaction', $action).
           addHidden('mailbox', $mailbox);
-    /*
-       store the complete ComposeMessages array in a hidden input value
-       so we can restore them in case of a session timeout.
-     */
      sqgetGlobalVar('QUERY_STRING', $queryString, SQ_SERVER);
  //FIXME: no direct echoing to browser, no HTML output in core!
      sqgetGlobalVar('QUERY_STRING', $queryString, SQ_SERVER);
  //FIXME: no direct echoing to browser, no HTML output in core!
-    echo addHidden('restoremessages', urlencode(serialize($compose_messages))).
-        addHidden('composesession', $composesession).
+    echo addHidden('composesession', $composesession).
          addHidden('querystring', $queryString).
          addHidden('querystring', $queryString).
+        (!empty($attach_array) ?
+         addHidden('attachments', urlencode(serialize($attach_array))) : '').
          "</form>\n";
      if (!(bool) ini_get('file_uploads')) {
          /* File uploads are off, so we didn't show that part of the form.
          "</form>\n";
      if (!(bool) ini_get('file_uploads')) {
          /* File uploads are off, so we didn't show that part of the form.
@@ -1403,28 +1412,27 @@ function checkInput ($show) {
  
  /* True if FAILURE */
  function saveAttachedFiles($session) {
  
  /* True if FAILURE */
  function saveAttachedFiles($session) {
-    global $compose_messages;
+    global $composeMessage, $username, $attachment_dir;
  
      /* get out of here if no file was attached at all */
      if (! is_uploaded_file($_FILES['attachfile']['tmp_name']) ) {
          return true;
      }
  
  
      /* get out of here if no file was attached at all */
      if (! is_uploaded_file($_FILES['attachfile']['tmp_name']) ) {
          return true;
      }
  
+    $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
      $localfilename = sq_get_attach_tempfile();
      $localfilename = sq_get_attach_tempfile();
+    $fullpath = $hashed_attachment_dir . '/' . $localfilename;
  
      // m_u_f works better with restricted PHP installs (safe_mode, open_basedir),
      // if that doesn't work, try a simple rename.
  
      // m_u_f works better with restricted PHP installs (safe_mode, open_basedir),
      // if that doesn't work, try a simple rename.
-    if (!@move_uploaded_file($_FILES['attachfile']['tmp_name'],$localfilename)) {
-        if (!@rename($_FILES['attachfile']['tmp_name'], $localfilename)) {
+    if (!sq_call_function_suppress_errors('move_uploaded_file', array($_FILES['attachfile']['tmp_name'], $fullpath))) {
+        if (!sq_call_function_suppress_errors('rename', array($_FILES['attachfile']['tmp_name'], $fullpath))) {
              return true;
          }
      }
              return true;
          }
      }
-    $message = $compose_messages[$session];
      $type = strtolower($_FILES['attachfile']['type']);
      $name = $_FILES['attachfile']['name'];
      $type = strtolower($_FILES['attachfile']['type']);
      $name = $_FILES['attachfile']['name'];
-    $message->initAttachment($type, $name, $localfilename);
-    $compose_messages[$session] = $message;
-    sqsession_register($compose_messages , 'compose_messages');
+    $composeMessage->initAttachment($type, $name, $localfilename);
  }
  
  /* parse values like 8M and 2k into bytes */
  }
  
  /* parse values like 8M and 2k into bytes */
@@ -1463,8 +1471,18 @@ function getByteSize($ini_size) {
   * In the future the responsible backend should be automaticly loaded
   * and conf.pl should show a list of available backends.
   * The message also should be constructed by the message class.
   * In the future the responsible backend should be automaticly loaded
   * and conf.pl should show a list of available backends.
   * The message also should be constructed by the message class.
+ *
+ * @param object $composeMessage The message being sent.  Please note
+ *                               that it is passed by reference and
+ *                               will be returned modified, with additional
+ *                               headers, such as Message-ID, Date, In-Reply-To,
+ *                               References, and so forth.
+ *
+ * @return boolean FALSE if delivery failed, or some non-FALSE value
+ *                 upon success.
+ *
   */
   */
-function deliverMessage($composeMessage, $draft=false) {
+function deliverMessage(&$composeMessage, $draft=false) {
      global $send_to, $send_to_cc, $send_to_bcc, $mailprio, $subject, $body,
          $username, $identity, $idents, $data_dir,
          $request_mdn, $request_dr, $default_charset, $useSendmail,
      global $send_to, $send_to_cc, $send_to_bcc, $mailprio, $subject, $body,
          $username, $identity, $idents, $data_dir,
          $request_mdn, $request_dr, $default_charset, $useSendmail,
@@ -1507,8 +1525,9 @@ function deliverMessage($composeMessage, $draft=false) {
      }
  
      /* Receipt: On Delivery */
      }
  
      /* Receipt: On Delivery */
-    if (isset($request_dr) && $request_dr) {
-        $rfc822_header->more_headers['Return-Receipt-To'] = $from->mailbox.'@'.$from->domain;
+    if (!empty($request_dr)) {
+//FIXME: it would be better to fiddle with headers inside of the message object or possibly when delivering the message to its destination; is this possible?
+        $rfc822_header->more_headers['Return-Receipt-To'] = $from_addr;
      } elseif (isset($rfc822_header->more_headers['Return-Receipt-To'])) {
          unset($rfc822_header->more_headers['Return-Receipt-To']);
      }
      } elseif (isset($rfc822_header->more_headers['Return-Receipt-To'])) {
          unset($rfc822_header->more_headers['Return-Receipt-To']);
      }
@@ -1546,6 +1565,14 @@ function deliverMessage($composeMessage, $draft=false) {
  
      $rfc822_header->content_type = $content_type;
      $composeMessage->rfc822_header = $rfc822_header;
  
      $rfc822_header->content_type = $content_type;
      $composeMessage->rfc822_header = $rfc822_header;
+    if ($action == 'reply' || $action == 'reply_all') {
+        global $passed_id, $passed_ent_id;
+        $reply_id = $passed_id;
+        $reply_ent_id = $passed_ent_id;
+    } else {
+        $reply_id = '';
+        $reply_ent_id = '';
+    }
  
      /* Here you can modify the message structure just before we hand
         it over to deliver; plugin authors note that $composeMessage
  
      /* Here you can modify the message structure just before we hand
         it over to deliver; plugin authors note that $composeMessage
@@ -1555,12 +1582,13 @@ function deliverMessage($composeMessage, $draft=false) {
      if (!$useSendmail && !$draft) {
          require_once(SM_PATH . 'class/deliver/Deliver_SMTP.class.php');
          $deliver = new Deliver_SMTP();
      if (!$useSendmail && !$draft) {
          require_once(SM_PATH . 'class/deliver/Deliver_SMTP.class.php');
          $deliver = new Deliver_SMTP();
-        global $smtpServerAddress, $smtpPort, $pop_before_smtp;
+        global $smtpServerAddress, $smtpPort, $pop_before_smtp, $pop_before_smtp_host;
  
          $authPop = (isset($pop_before_smtp) && $pop_before_smtp) ? true : false;
  
          $authPop = (isset($pop_before_smtp) && $pop_before_smtp) ? true : false;
+        if (empty($pop_before_smtp_host)) $pop_before_smtp_host = $smtpServerAddress;
          get_smtp_user($user, $pass);
          $stream = $deliver->initStream($composeMessage,$domain,0,
          get_smtp_user($user, $pass);
          $stream = $deliver->initStream($composeMessage,$domain,0,
-                $smtpServerAddress, $smtpPort, $user, $pass, $authPop);
+                $smtpServerAddress, $smtpPort, $user, $pass, $authPop, $pop_before_smtp_host);
      } elseif (!$draft) {
          require_once(SM_PATH . 'class/deliver/Deliver_SendMail.class.php');
          global $sendmail_path, $sendmail_args;
      } elseif (!$draft) {
          require_once(SM_PATH . 'class/deliver/Deliver_SendMail.class.php');
          global $sendmail_path, $sendmail_args;
@@ -1576,20 +1604,16 @@ function deliverMessage($composeMessage, $draft=false) {
          $stream = $deliver->initStream($composeMessage,$sendmail_path);
      } elseif ($draft) {
          global $draft_folder;
          $stream = $deliver->initStream($composeMessage,$sendmail_path);
      } elseif ($draft) {
          global $draft_folder;
-        require_once(SM_PATH . 'class/deliver/Deliver_IMAP.class.php');
          $imap_stream = sqimap_login($username, false, $imapServerAddress,
                  $imapPort, 0);
          if (sqimap_mailbox_exists ($imap_stream, $draft_folder)) {
              require_once(SM_PATH . 'class/deliver/Deliver_IMAP.class.php');
              $imap_deliver = new Deliver_IMAP();
          $imap_stream = sqimap_login($username, false, $imapServerAddress,
                  $imapPort, 0);
          if (sqimap_mailbox_exists ($imap_stream, $draft_folder)) {
              require_once(SM_PATH . 'class/deliver/Deliver_IMAP.class.php');
              $imap_deliver = new Deliver_IMAP();
-            $length = $imap_deliver->mail($composeMessage);
-            sqimap_append ($imap_stream, $draft_folder, $length);
-            $imap_deliver->mail($composeMessage, $imap_stream);
-            sqimap_append_done ($imap_stream, $draft_folder);
+            $success = $imap_deliver->mail($composeMessage, $imap_stream, $reply_id, $reply_ent_id, $imap_stream, $draft_folder);
              sqimap_logout($imap_stream);
              unset ($imap_deliver);
              $composeMessage->purgeAttachments();
              sqimap_logout($imap_stream);
              unset ($imap_deliver);
              $composeMessage->purgeAttachments();
-            return $length;
+            return $success;
          } else {
              $msg  = '<br />'.sprintf(_("Error: Draft folder %s does not exist."), htmlspecialchars($draft_folder));
              plain_error_message($msg);
          } else {
              $msg  = '<br />'.sprintf(_("Error: Draft folder %s does not exist."), htmlspecialchars($draft_folder));
              plain_error_message($msg);
@@ -1598,7 +1622,7 @@ function deliverMessage($composeMessage, $draft=false) {
      }
      $success = false;
      if ($stream) {
      }
      $success = false;
      if ($stream) {
-        $length = $deliver->mail($composeMessage, $stream);
+        $deliver->mail($composeMessage, $stream, $reply_id, $reply_ent_id);
          $success = $deliver->finalizeStream($stream);
      }
      if (!$success) {
          $success = $deliver->finalizeStream($stream);
      }
      if (!$success) {
@@ -1615,48 +1639,13 @@ function deliverMessage($composeMessage, $draft=false) {
          plain_error_message($msg);
      } else {
          unset ($deliver);
          plain_error_message($msg);
      } else {
          unset ($deliver);
-        $move_to_sent = getPref($data_dir,$username,'move_to_sent');
          $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
  
          $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
  
-        /* Move to sent code */
-        if (isset($default_move_to_sent) && ($default_move_to_sent != 0)) {
-            $svr_allow_sent = true;
-        } else {
-            $svr_allow_sent = false;
-        }
-
-        if (isset($sent_folder) && (($sent_folder != '') || ($sent_folder != 'none'))
-                && sqimap_mailbox_exists( $imap_stream, $sent_folder)) {
-            $fld_sent = true;
-        } else {
-            $fld_sent = false;
-        }
-
-        if ((isset($move_to_sent) && ($move_to_sent != 0)) || (!isset($move_to_sent))) {
-            $lcl_allow_sent = true;
-        } else {
-            $lcl_allow_sent = false;
-        }
-
-        global $passed_id, $mailbox;
-        if (($fld_sent && $svr_allow_sent && !$lcl_allow_sent) || ($fld_sent && $lcl_allow_sent)) {
-            if ($action == 'reply' || $action == 'reply_all') {
-                $save_reply_with_orig=getPref($data_dir,$username,'save_reply_with_orig');
-                if ($save_reply_with_orig) {
-                    $sent_folder = $mailbox;
-                }
-            }
-            sqimap_append ($imap_stream, $sent_folder, $length);
-            require_once(SM_PATH . 'class/deliver/Deliver_IMAP.class.php');
-            $imap_deliver = new Deliver_IMAP();
-            $imap_deliver->mail($composeMessage, $imap_stream);
-            sqimap_append_done ($imap_stream, $sent_folder);
-            unset ($imap_deliver);
-        }
  
  
-        global $what, $iAccount, $startMessage;
+        // mark as replied or forwarded if applicable
+        //
+        global $what, $iAccount, $startMessage, $passed_id, $mailbox;
  
  
-        $composeMessage->purgeAttachments();
          if ($action=='reply' || $action=='reply_all' || $action=='forward' || $action=='forward_as_attachment') {
              require(SM_PATH . 'functions/mailbox_display.php');
              $aMailbox = sqm_api_mailbox_select($imap_stream, $iAccount, $mailbox,array('setindex' => $what, 'offset' => $startMessage),array());
          if ($action=='reply' || $action=='reply_all' || $action=='forward' || $action=='forward_as_attachment') {
              require(SM_PATH . 'functions/mailbox_display.php');
              $aMailbox = sqm_api_mailbox_select($imap_stream, $iAccount, $mailbox,array('setindex' => $what, 'offset' => $startMessage),array());
@@ -1701,8 +1690,50 @@ function deliverMessage($composeMessage, $draft=false) {
                  sqsession_register($mailbox_cache,'mailbox_cache');
              }
  
                  sqsession_register($mailbox_cache,'mailbox_cache');
              }
  
-            sqimap_logout($imap_stream);
          }
          }
+
+
+        // move to sent folder
+        //
+        $move_to_sent = getPref($data_dir,$username,'move_to_sent');
+        if (isset($default_move_to_sent) && ($default_move_to_sent != 0)) {
+            $svr_allow_sent = true;
+        } else {
+            $svr_allow_sent = false;
+        }
+
+        if (isset($sent_folder) && (($sent_folder != '') || ($sent_folder != 'none'))
+                && sqimap_mailbox_exists( $imap_stream, $sent_folder)) {
+            $fld_sent = true;
+        } else {
+            $fld_sent = false;
+        }
+
+        if ((isset($move_to_sent) && ($move_to_sent != 0)) || (!isset($move_to_sent))) {
+            $lcl_allow_sent = true;
+        } else {
+            $lcl_allow_sent = false;
+        }
+
+        if (($fld_sent && $svr_allow_sent && !$lcl_allow_sent) || ($fld_sent && $lcl_allow_sent)) {
+            if ($action == 'reply' || $action == 'reply_all') {
+                $save_reply_with_orig=getPref($data_dir,$username,'save_reply_with_orig');
+                if ($save_reply_with_orig) {
+                    $sent_folder = $mailbox;
+                }
+            }
+            require_once(SM_PATH . 'class/deliver/Deliver_IMAP.class.php');
+            $imap_deliver = new Deliver_IMAP();
+            $imap_deliver->mail($composeMessage, $imap_stream, $reply_id, $reply_ent_id, $imap_stream, $sent_folder);
+            unset ($imap_deliver);
+        }
+
+
+        // final cleanup
+        //
+        $composeMessage->purgeAttachments();
+        sqimap_logout($imap_stream);
+
      }
      return $success;
  }
      }
      return $success;
  }