* @package squirrelmail
*/
+/** This is the compose page */
+define('PAGE_NAME', 'compose');
+
/**
* Include the SquirrelMail initialization file.
*/
require('../include/init.php');
+/* If email_address not set and admin wants us to ask user for it,
+ * redirect to options page. */
+if ( $ask_user_info && getPref($data_dir, $username,'email_address') == "" ) {
+ header("Location: " . get_location() . "/options.php?optpage=personal");
+ exit;
+}
+
/* SquirrelMail required files. */
require_once(SM_PATH . 'functions/imap_general.php');
require_once(SM_PATH . 'functions/imap_messages.php');
/** SESSION VARS */
sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
+sqgetGlobalVar('delayed_errors', $delayed_errors, SQ_SESSION);
sqgetGlobalVar('composesession', $composesession, SQ_SESSION);
sqgetGlobalVar('compose_messages', $compose_messages, SQ_SESSION);
-sqgetGlobalVar('delayed_errors', $delayed_errors, SQ_SESSION);
+
+// compose_messages only useful in SESSION when a forward-as-attachment
+// has been preconstructed for us and passed in via that mechanism; once
+// we have it, we can clear it from the SESSION
+sqsession_unregister('compose_messages');
// Turn on delayed error handling in case we wind up redirecting below
$oErrorHandler->setDelayedErrors(true);
sqgetGlobalVar('send_to_search', $send_to_search, SQ_POST);
sqgetGlobalVar('do_delete', $do_delete, SQ_POST);
sqgetGlobalVar('delete', $delete, SQ_POST);
-sqgetGlobalVar('restoremessages', $restoremessages, SQ_POST);
+sqgetGlobalVar('attachments', $attachments, SQ_POST);
if ( sqgetGlobalVar('return', $temp, SQ_POST) ) {
$html_addr_search_done = 'Use Addresses';
}
/** GET VARS */
-sqgetGlobalVar('attachedmessages', $attachedmessages, SQ_GET);
if ( sqgetGlobalVar('account', $temp, SQ_GET) ) {
$iAccount = (int) $temp;
} else {
* If the session is expired during a post this restores the compose session
* vars.
*/
+$session_expired = false;
if (sqsession_is_registered('session_expired_post')) {
sqgetGlobalVar('session_expired_post', $session_expired_post, SQ_SESSION);
/*
* extra check for username so we don't display previous post data from
* another user during this session.
*/
- if ($session_expired_post['username'] != $username) {
- unset($session_expired_post);
- sqsession_unregister('session_expired_post');
- session_write_close();
- } else {
+ if (!empty($session_expired_post['username'])
+ && $session_expired_post['username'] == $username) {
// these are the vars that we can set from the expired composed session
- $compo_var_list = array ( 'send_to', 'send_to_cc','body','startMessage',
- 'passed_body','use_signature','signature','attachments','subject','newmail',
- 'send_to_bcc', 'passed_id', 'mailbox', 'from_htmladdr_search', 'identity',
- 'draft_id', 'delete_draft', 'mailprio', 'edit_as_new', 'compose_messsages',
- 'composesession', 'request_mdn', 'request_dr');
+ $compo_var_list = array ('send_to', 'send_to_cc', 'body',
+ 'startMessage', 'passed_body', 'use_signature', 'signature',
+ 'subject', 'newmail', 'send_to_bcc', 'passed_id', 'mailbox',
+ 'from_htmladdr_search', 'identity', 'draft_id', 'delete_draft',
+ 'mailprio', 'edit_as_new', 'attachments', 'composesession',
+ 'request_mdn', 'request_dr');
foreach ($compo_var_list as $var) {
if ( isset($session_expired_post[$var]) && !isset($$var) ) {
}
}
- $compose_messages = unserialize(urldecode($restoremessages));
- sqsession_register($compose_messages,'compose_messages');
+ if (!empty($attachments))
+ $attachments = unserialize(urldecode($attachments));
+
sqsession_register($composesession,'composesession');
+
if (isset($send)) {
unset($send);
}
showInputForm($session, false);
exit();
}
+
if (!isset($composesession)) {
$composesession = 0;
sqsession_register(0,'composesession');
$composeMessage->rfc822_header = $rfc822_header;
$composeMessage->reply_rfc822_header = '';
$compose_messages[$session] = $composeMessage;
-
- sqsession_register($compose_messages,'compose_messages');
} else {
$composeMessage=$compose_messages[$session];
}
+// re-add attachments that were already in this message
+// FIXME: note that technically this is very bad form -
+// should never directly manipulate an object like this
+if (!empty($attachments)) {
+ $attachments = unserialize(urldecode($attachments));
+ if (!empty($attachments) && is_array($attachments))
+ $composeMessage->entities = $attachments;
+}
+
if (empty($mailbox)) {
$mailbox = 'INBOX';
}
* of language interface.
*/
set_my_charset();
- $composeMessage=$compose_messages[$session];
+ $composeMessage = $compose_messages[$session];
if (! deliverMessage($composeMessage, true)) {
showInputForm($session);
exit();
} else {
- unset($compose_messages[$session]);
$draft_message = _("Draft Email Saved");
/* If this is a resumed draft, then delete the original */
if(isset($delete_draft)) {
if ( !isset($pageheader_sent) || !$pageheader_sent ) {
Header("Location: $location/compose.php?saved_draft=yes&session=$composesession");
} else {
+//FIXME: DON'T ECHO HTML FROM CORE!
echo ' <br><br><div style="text-align: center;"><a href="' . $location
. '/compose.php?saved_sent=yes&session=' . $composesession . '">'
. _("Return") . '</a></div>';
Header("Location: $location/right_main.php?mailbox=" . urlencode($draft_folder) .
"&startMessage=1¬e=".urlencode($draft_message));
} else {
+//FIXME: DON'T ECHO HTML FROM CORE!
echo ' <br><br><div style="text-align: center;"><a href="' . $location
. '/right_main.php?mailbox=' . urlencode($draft_folder)
. '&startMessage=1&note=' . urlencode($draft_message) .'">'
/* We entered compose via the search results page */
$mailbox = 'INBOX'; /* Send 'em to INBOX, that's safe enough */
}
- $urlMailbox = urlencode (trim($mailbox));
+ $urlMailbox = urlencode($mailbox);
if (! isset($passed_id)) {
$passed_id = 0;
}
showInputForm($session);
exit();
}
- unset($compose_messages[$session]);
/* if it is resumed draft, delete draft message */
if ( isset($delete_draft)) {
if ( !isset($pageheader_sent) || !$pageheader_sent ) {
Header("Location: $location/compose.php?mail_sent=$mail_sent");
} else {
+//FIXME: DON'T ECHO HTML FROM CORE!
echo ' <br><br><div style="text-align: center;"><a href="' . $location
. '/compose.php?mail_sent=$mail_sent">'
. _("Return") . '</a></div>';
Header("Location: $location/right_main.php?mailbox=$urlMailbox".
"&startMessage=$startMessage&mail_sent=$mail_sent");
} else {
+//FIXME: DON'T ECHO HTML FROM CORE!
echo ' <br><br><div style="text-align: center;"><a href="' . $location
. "/right_main.php?mailbox=$urlMailbox"
. "&startMessage=$startMessage&mail_sent=$mail_sent\">"
}
$composeMessage->entities = $new_entities;
$compose_messages[$session] = $composeMessage;
- sqsession_register($compose_messages, 'compose_messages');
}
showInputForm($session);
} else {
$use_signature, $data_dir, $username,
$key, $imapServerAddress, $imapPort, $compose_messages,
$composeMessage, $body_quote, $request_mdn, $request_dr,
- $default_use_mdn, $mdn_user_support;
- global $languages, $squirrelmail_language, $default_charset;
+ $mdn_user_support, $languages, $squirrelmail_language,
+ $default_charset;
/*
* Set $default_charset to correspond with the user's selection
(array(), $alt_order = array('text/plain'));
if (!count($entities)) {
$entities = $message->entities[0]->findDisplayEntity
- (array(), $alt_order = array('text/plain','html/plain'));
+ (array(), $alt_order = array('text/plain','text/html'));
}
$orig_header = $message->rfc822_header; /* here is the envelope located */
/* redefine the message for picking up the attachments */
} else {
$entities = $message->findDisplayEntity (array(), $alt_order = array('text/plain'));
if (!count($entities)) {
- $entities = $message->findDisplayEntity (array(), $alt_order = array('text/plain','html/plain'));
+ $entities = $message->findDisplayEntity (array(), $alt_order = array('text/plain','text/html'));
}
$orig_header = $message->rfc822_header;
}
$mailprio = '';
}
- $identity = '';
$from_o = $orig_header->from;
if (is_array($from_o)) {
if (isset($from_o[0])) {
if (count($idents) > 1) {
foreach($idents as $nr=>$data) {
$enc_from_name = '"'.$data['full_name'].'" <'. $data['email_address'].'>';
- if($enc_from_name == $orig_from) {
+ if(strtolower($enc_from_name) == strtolower($orig_from)) {
$identity = $nr;
break;
}
$send_from_parts = new AddressStructure();
$send_from_parts = $orig_header->parseAddress($send_from);
$send_from_add = $send_from_parts->mailbox . '@' . $send_from_parts->host;
- $identities = get_identities();
- if (count($identities) > 0) {
- foreach($identities as $iddata) {
- if ($send_from_add == $iddata['email_address']) {
- $identity = $iddata['index'];
- break;
- }
- }
- }
+ $identity = find_identity(array($send_from_add));
$subject = decodeHeader($orig_header->subject,false,false,true);
// Remember the receipt settings
* @return object
*/
function getAttachments($message, &$composeMessage, $passed_id, $entities, $imapConnection) {
- global $squirrelmail_language, $languages;
+ global $squirrelmail_language, $languages, $username, $attachment_dir;
if (!count($message->entities) ||
($message->type0 == 'message' && $message->type1 == 'rfc822')) {
function_exists($languages[$squirrelmail_language]['XTRA_CODE'] . '_encode')) {
$filename = call_user_func($languages[$squirrelmail_language]['XTRA_CODE'] . '_encode', $filename);
}
+
+ $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
$localfilename = sq_get_attach_tempfile();
$message->att_local_name = $localfilename;
$localfilename);
/* Write Attachment to file */
- $fp = fopen ($localfilename, 'wb');
+ $fp = fopen ($hashed_attachment_dir . '/' . $localfilename, 'wb');
mime_print_body_lines ($imapConnection, $passed_id, $message->entity_id, $message->header->encoding, $fp);
fclose ($fp);
}
array_pop($body_a);
$body = implode('', $body_a) . "\r\n";
+ global $username, $attachment_dir;
+ $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
$localfilename = sq_get_attach_tempfile();
- $fp = fopen($localfilename, 'wb');
+ $fp = fopen($hashed_attachment_dir . '/' . $localfilename, 'wb');
fwrite ($fp, $body);
fclose($fp);
$composeMessage->initAttachment('message/rfc822',$subject.'.msg',
}
function showInputForm ($session, $values=false) {
- global $send_to, $send_to_cc, $body, $startMessage, $action,
- $color, $use_signature, $signature, $prefix_sig,
+ global $send_to, $send_to_cc, $send_to_bcc,
+ $body, $startMessage, $action, $attachments,
+ $use_signature, $signature, $prefix_sig, $session_expired,
$editor_size, $editor_height, $subject, $newmail,
- $use_javascript_addr_book, $send_to_bcc, $passed_id, $mailbox,
+ $use_javascript_addr_book, $passed_id, $mailbox,
$from_htmladdr_search, $location_of_buttons, $attachment_dir,
$username, $data_dir, $identity, $idents, $delete_draft,
$mailprio, $compose_new_win, $saved_draft, $mail_sent, $sig_first,
}
if ($use_javascript_addr_book) {
+//FIXME: NO HTML IN CORE!
echo "\n". '<script type="text/javascript">'."\n<!--\n" .
'function open_abook() { ' . "\n" .
' var nwin = window.open("addrbook_popup.php","abookpopup",' .
"// -->\n</script>\n\n";
}
+//FIXME: NO HTML IN CORE!
echo "\n" . '<form name="compose" action="compose.php" method="post" ' .
'enctype="multipart/form-data"';
$onsubmit_text .= $text;
}
+//FIXME: DON'T ECHO HTML FROM CORE!
echo $onsubmit_text . ' return true;"';
}
+//FIXME: NO HTML IN CORE!
echo ">\n";
+//FIXME: DON'T ECHO HTML FROM CORE!
echo addHidden('startMessage', $startMessage);
if ($action == 'draft') {
+//FIXME: DON'T ECHO HTML FROM CORE!
echo addHidden('delete_draft', $passed_id);
}
if (isset($delete_draft)) {
+//FIXME: DON'T ECHO HTML FROM CORE!
echo addHidden('delete_draft', $delete_draft);
}
if (isset($session)) {
+//FIXME: DON'T ECHO HTML FROM CORE!
echo addHidden('session', $session);
}
if (isset($passed_id)) {
+//FIXME: DON'T ECHO HTML FROM CORE!
echo addHidden('passed_id', $passed_id);
}
}
if ($location_of_buttons == 'top') {
+//FIXME: DON'T ECHO HTML FROM CORE!
showComposeButtonRow();
}
$oTemplate->display('compose_header.tpl');
if ($location_of_buttons == 'between') {
+//FIXME: DON'T ECHO HTML FROM CORE!
showComposeButtonRow();
}
$oTemplate->display ('compose_body.tpl');
if ($location_of_buttons == 'bottom') {
+//FIXME: DON'T ECHO HTML FROM CORE!
showComposeButtonRow();
}
+ // composeMessage can be empty when coming from a restored session
+ if (is_object($composeMessage) && $composeMessage->entities)
+ $attach_array = $composeMessage->entities;
+ if ($session_expired && !empty($attachments) && is_array($attachments))
+ $attach_array = $attachments;
+
/* This code is for attachments */
if ((bool) ini_get('file_uploads')) {
}
$attach = array();
- if ($composeMessage->entities) {
- foreach ($composeMessage->entities as $key => $attachment) {
+ global $username, $attachment_dir;
+ $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
+ if (!empty($attach_array)) {
+ foreach ($attach_array as $key => $attachment) {
$attached_file = $attachment->att_local_name;
if ($attachment->att_local_name || $attachment->body_part) {
$attached_filename = decodeHeader($attachment->mime_header->getParameter('name'));
$a['Key'] = $key;
$a['FileName'] = $attached_filename;
$a['ContentType'] = $type;
- $a['Size'] = filesize($attached_file);
+ $a['Size'] = filesize($hashed_attachment_dir . '/' . $attached_file);
$attach[$key] = $a;
}
}
echo addHidden('username', $username).
addHidden('smaction', $action).
addHidden('mailbox', $mailbox);
- /*
- store the complete ComposeMessages array in a hidden input value
- so we can restore them in case of a session timeout.
- */
sqgetGlobalVar('QUERY_STRING', $queryString, SQ_SERVER);
//FIXME: no direct echoing to browser, no HTML output in core!
- echo addHidden('restoremessages', urlencode(serialize($compose_messages))).
- addHidden('composesession', $composesession).
+ echo addHidden('composesession', $composesession).
addHidden('querystring', $queryString).
+ (!empty($attach_array) ?
+ addHidden('attachments', urlencode(serialize($attach_array))) : '').
"</form>\n";
if (!(bool) ini_get('file_uploads')) {
/* File uploads are off, so we didn't show that part of the form.
* using $show=false, and then when i'm ready to display the error
* message, show=true
*/
- global $send_to, $send_to_bcc;
+ global $send_to, $send_to_cc, $send_to_bcc;
- if ($send_to == '' && $send_to_bcc == '') {
+ $send_to = trim($send_to);
+ $send_to_cc = trim($send_to_cc);
+ $send_to_bcc = trim($send_to_bcc);
+ if (empty($send_to) && empty($send_to_cc) && empty($send_to_bcc)) {
if ($show) {
plain_error_message(_("You have not filled in the \"To:\" field."));
}
/* True if FAILURE */
function saveAttachedFiles($session) {
- global $compose_messages;
+ global $compose_messages, $username, $attachment_dir;
/* get out of here if no file was attached at all */
if (! is_uploaded_file($_FILES['attachfile']['tmp_name']) ) {
return true;
}
+ $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
$localfilename = sq_get_attach_tempfile();
+ $fullpath = $hashed_attachment_dir . '/' . $localfilename;
// m_u_f works better with restricted PHP installs (safe_mode, open_basedir),
// if that doesn't work, try a simple rename.
- if (!@move_uploaded_file($_FILES['attachfile']['tmp_name'],$localfilename)) {
- if (!@rename($_FILES['attachfile']['tmp_name'], $localfilename)) {
+ if (!@move_uploaded_file($_FILES['attachfile']['tmp_name'],$fullpath)) {
+ if (!@rename($_FILES['attachfile']['tmp_name'], $fullpath)) {
return true;
}
}
$name = $_FILES['attachfile']['name'];
$message->initAttachment($type, $name, $localfilename);
$compose_messages[$session] = $message;
- sqsession_register($compose_messages , 'compose_messages');
}
/* parse values like 8M and 2k into bytes */
*/
function deliverMessage($composeMessage, $draft=false) {
global $send_to, $send_to_cc, $send_to_bcc, $mailprio, $subject, $body,
- $username, $popuser, $usernamedata, $identity, $idents, $data_dir,
- $request_mdn, $request_dr, $default_charset, $color, $useSendmail,
- $domain, $action, $default_move_to_sent, $move_to_sent;
- global $imapServerAddress, $imapPort, $sent_folder, $key;
+ $username, $identity, $idents, $data_dir,
+ $request_mdn, $request_dr, $default_charset, $useSendmail,
+ $domain, $action, $default_move_to_sent, $move_to_sent,
+ $imapServerAddress, $imapPort, $sent_folder, $key;
$rfc822_header = $composeMessage->rfc822_header;
}
$composeMessage->setBody($body);
- if (ereg("^([^@%/]+)[@%/](.+)$", $username, $usernamedata)) {
- $popuser = $usernamedata[1];
- $domain = $usernamedata[2];
- unset($usernamedata);
- } else {
- $popuser = $username;
- }
$reply_to = '';
- $from_mail = $idents[$identity]['email_address'];
- $full_name = $idents[$identity]['full_name'];
$reply_to = $idents[$identity]['reply_to'];
- if (!$from_mail) {
- $from_mail = "$popuser@$domain";
- }
- $rfc822_header->from = $rfc822_header->parseAddress($from_mail,true);
- if ($full_name) {
- $from = $rfc822_header->from[0];
- if (!$from->host) $from->host = $domain;
- $full_name_encoded = encodeHeader($full_name);
- if ($full_name_encoded != $full_name) {
- $from_addr = $full_name_encoded .' <'.$from->mailbox.'@'.$from->host.'>';
- } else {
- $from_addr = '"'.$full_name .'" <'.$from->mailbox.'@'.$from->host.'>';
- }
- $rfc822_header->from = $rfc822_header->parseAddress($from_addr,true);
- }
+
+ $from_addr = build_from_header($identity);
+ $rfc822_header->from = $rfc822_header->parseAddress($from_addr,true);
if ($reply_to) {
$rfc822_header->reply_to = $rfc822_header->parseAddress($reply_to,true);
}
/* Receipt: On Read */
if (isset($request_mdn) && $request_mdn) {
- $rfc822_header->dnt = $rfc822_header->parseAddress($from_mail,true);
+ $rfc822_header->dnt = $rfc822_header->parseAddress($from_addr,true);
} elseif (isset($rfc822_header->dnt)) {
unset($rfc822_header->dnt);
}
/* Receipt: On Delivery */
if (isset($request_dr) && $request_dr) {
- $rfc822_header->more_headers['Return-Receipt-To'] = $from_mail;
+ $rfc822_header->more_headers['Return-Receipt-To'] = $from->mailbox.'@'.$from->domain;
} elseif (isset($rfc822_header->more_headers['Return-Receipt-To'])) {
unset($rfc822_header->more_headers['Return-Receipt-To']);
}
$lcl_allow_sent = false;
}
+ global $passed_id, $mailbox;
if (($fld_sent && $svr_allow_sent && !$lcl_allow_sent) || ($fld_sent && $lcl_allow_sent)) {
- global $passed_id, $mailbox, $action;
if ($action == 'reply' || $action == 'reply_all') {
$save_reply_with_orig=getPref($data_dir,$username,'save_reply_with_orig');
if ($save_reply_with_orig) {
unset ($imap_deliver);
}
- global $passed_id, $mailbox, $action, $what, $iAccount,$startMessage;
+ global $what, $iAccount, $startMessage;
$composeMessage->purgeAttachments();
if ($action=='reply' || $action=='reply_all' || $action=='forward' || $action=='forward_as_attachment') {
}
return $success;
}
-?>