X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=plugins%2Fsquirrelspell%2Fmodules%2Fcheck_me.mod;h=a6cb6e8abfbb847ca0d57fe89cafcbf3b2f4ca8a;hp=d5991fdf83ea7ae43e94fcd5fe4dd04589becd36;hb=38c5802facc2ab80b03eef5496f7c6ba9152764a;hpb=d112ed5aeee62953707e7042a1edc8e8c2b6a968 diff --git a/plugins/squirrelspell/modules/check_me.mod b/plugins/squirrelspell/modules/check_me.mod index d5991fdf..a6cb6e8a 100644 --- a/plugins/squirrelspell/modules/check_me.mod +++ b/plugins/squirrelspell/modules/check_me.mod @@ -4,7 +4,7 @@ * ------------- * Squirrelspell module. * - * Copyright (c) 1999-2002 The SquirrelMail development team + * Copyright (c) 1999-2004 The SquirrelMail development team * Licensed under the GNU GPL. For full terms see the file COPYING. * * This module is the main workhorse of SquirrelSpell. It submits @@ -29,15 +29,17 @@ */ function SpellLink($jscode, $title, $link) { echo "$ln" + . "title=\"$title\">$link" . ''; } /** * Declaring globals for users with E_ALL set. */ -global $sqspell_text, $SQSPELL_APP, $sqspell_use_app, $attachment_dir, - $username, $SQSPELL_EREG, $color; +global $SQSPELL_APP, $attachment_dir, $SQSPELL_EREG, $color; + +$sqspell_text = $_POST['sqspell_text']; +$sqspell_use_app = $_POST['sqspell_use_app']; /** * Now we explode the lines for three reasons: @@ -78,34 +80,53 @@ $sqspell_new_text=implode("\n", $sqspell_new_lines); */ $sqspell_command=$SQSPELL_APP[$sqspell_use_app]; /** - * For the simplicity's sake we'll put all text into a file in - * attachment_dir directory, then cat it and pipe it to - * sqspell_command. There are other ways to do it, including popen(), - * but it's unidirectional and no fun at all. - * - * The name of the file is an md5 hash of the message itself plus - * microtime. This prevents symlink attacks. The loop is here to - * further enhance this feature, and make sure we don't overwrite - * someone else's data, although the possibility of this happening is - * QUITE remote. - */ -do { - $floc = "$attachment_dir/" . md5($sqspell_new_text . microtime()); -} while (file_exists($floc)); -/** - * Write the contents to the file. - */ -$fp=fopen($floc, 'w'); -fwrite($fp, $sqspell_new_text); -fclose($fp); -/** - * Execute ispell/aspell and catch the output. + * If you have php >= 4.3.0, we can use proc_open and safe mode + * and not mess w/ temp files. Otherwise we will do it the old + * way, (minus the uneeded call to cat that messes up Wintel + * boxen.) + * Thanks Ray Ferguson for providing this patch. */ -exec("cat $floc | $sqspell_command", $sqspell_output); +if( check_php_version ( 4, 3 ) ) { + $descriptorspec = array( + 0 => array('pipe', 'r'), // stdin is a pipe that the child will read from + 1 => array('pipe', 'w'), // stdout is a pipe that the child will write to + 2 => array('pipe', 'w'), // stderr is a pipe that the child will write to + ); + $spell_proc=proc_open($sqspell_command, $descriptorspec, $pipes); + fwrite($pipes[0], $sqspell_new_text); + fclose($pipes[0]); + $sqspell_output = array(); + for($i=1; $i<=2; $i++){ + while(!feof($pipes[$i])) + array_push($sqspell_output, rtrim(fgetss($pipes[$i],999),"\n")); + fclose($pipes[$i]); + } + $sqspell_exitcode=proc_close($spell_proc); +} else { + do { + $floc = "$attachment_dir/" . md5($sqspell_new_text . microtime()); + } while (file_exists($floc)); + $fp=fopen($floc, 'w'); + fwrite($fp, $sqspell_new_text); + fclose($fp); + exec("$sqspell_command < $floc 2>&1", $sqspell_output, $sqspell_exitcode); + unlink($floc); +} + /** - * Remove the temp file. + * Check if the execution was successful. Bail out if it wasn't. */ -unlink($floc); +if ($sqspell_exitcode){ + $msg= "
" + . sprintf(_("I tried to execute '%s', but it returned:"), + $sqspell_command) . "
"
+     . join("\n", htmlspecialchars($sqspell_output)) . "
" + . "
" + . "
"; + sqspell_makeWindow(null, _("SquirrelSpell is misconfigured."), null, $msg); + exit; +} /** * Load the user dictionary. @@ -148,13 +169,15 @@ for ($i=0; $i