X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=plugins%2Fsquirrelspell%2Fmodules%2Fcheck_me.mod;h=a6cb6e8abfbb847ca0d57fe89cafcbf3b2f4ca8a;hp=d5991fdf83ea7ae43e94fcd5fe4dd04589becd36;hb=38c5802facc2ab80b03eef5496f7c6ba9152764a;hpb=d112ed5aeee62953707e7042a1edc8e8c2b6a968
diff --git a/plugins/squirrelspell/modules/check_me.mod b/plugins/squirrelspell/modules/check_me.mod
index d5991fdf..a6cb6e8a 100644
--- a/plugins/squirrelspell/modules/check_me.mod
+++ b/plugins/squirrelspell/modules/check_me.mod
@@ -4,7 +4,7 @@
* -------------
* Squirrelspell module.
*
- * Copyright (c) 1999-2002 The SquirrelMail development team
+ * Copyright (c) 1999-2004 The SquirrelMail development team
* Licensed under the GNU GPL. For full terms see the file COPYING.
*
* This module is the main workhorse of SquirrelSpell. It submits
@@ -29,15 +29,17 @@
*/
function SpellLink($jscode, $title, $link) {
echo "
$ln"
+ . "title=\"$title\">$link"
. ' | ';
}
/**
* Declaring globals for users with E_ALL set.
*/
-global $sqspell_text, $SQSPELL_APP, $sqspell_use_app, $attachment_dir,
- $username, $SQSPELL_EREG, $color;
+global $SQSPELL_APP, $attachment_dir, $SQSPELL_EREG, $color;
+
+$sqspell_text = $_POST['sqspell_text'];
+$sqspell_use_app = $_POST['sqspell_use_app'];
/**
* Now we explode the lines for three reasons:
@@ -78,34 +80,53 @@ $sqspell_new_text=implode("\n", $sqspell_new_lines);
*/
$sqspell_command=$SQSPELL_APP[$sqspell_use_app];
/**
- * For the simplicity's sake we'll put all text into a file in
- * attachment_dir directory, then cat it and pipe it to
- * sqspell_command. There are other ways to do it, including popen(),
- * but it's unidirectional and no fun at all.
- *
- * The name of the file is an md5 hash of the message itself plus
- * microtime. This prevents symlink attacks. The loop is here to
- * further enhance this feature, and make sure we don't overwrite
- * someone else's data, although the possibility of this happening is
- * QUITE remote.
- */
-do {
- $floc = "$attachment_dir/" . md5($sqspell_new_text . microtime());
-} while (file_exists($floc));
-/**
- * Write the contents to the file.
- */
-$fp=fopen($floc, 'w');
-fwrite($fp, $sqspell_new_text);
-fclose($fp);
-/**
- * Execute ispell/aspell and catch the output.
+ * If you have php >= 4.3.0, we can use proc_open and safe mode
+ * and not mess w/ temp files. Otherwise we will do it the old
+ * way, (minus the uneeded call to cat that messes up Wintel
+ * boxen.)
+ * Thanks Ray Ferguson for providing this patch.
*/
-exec("cat $floc | $sqspell_command", $sqspell_output);
+if( check_php_version ( 4, 3 ) ) {
+ $descriptorspec = array(
+ 0 => array('pipe', 'r'), // stdin is a pipe that the child will read from
+ 1 => array('pipe', 'w'), // stdout is a pipe that the child will write to
+ 2 => array('pipe', 'w'), // stderr is a pipe that the child will write to
+ );
+ $spell_proc=proc_open($sqspell_command, $descriptorspec, $pipes);
+ fwrite($pipes[0], $sqspell_new_text);
+ fclose($pipes[0]);
+ $sqspell_output = array();
+ for($i=1; $i<=2; $i++){
+ while(!feof($pipes[$i]))
+ array_push($sqspell_output, rtrim(fgetss($pipes[$i],999),"\n"));
+ fclose($pipes[$i]);
+ }
+ $sqspell_exitcode=proc_close($spell_proc);
+} else {
+ do {
+ $floc = "$attachment_dir/" . md5($sqspell_new_text . microtime());
+ } while (file_exists($floc));
+ $fp=fopen($floc, 'w');
+ fwrite($fp, $sqspell_new_text);
+ fclose($fp);
+ exec("$sqspell_command < $floc 2>&1", $sqspell_output, $sqspell_exitcode);
+ unlink($floc);
+}
+
/**
- * Remove the temp file.
+ * Check if the execution was successful. Bail out if it wasn't.
*/
-unlink($floc);
+if ($sqspell_exitcode){
+ $msg= ""
+ . sprintf(_("I tried to execute '%s', but it returned:"),
+ $sqspell_command) . "
"
+ . join("\n", htmlspecialchars($sqspell_output)) . "
"
+ . "
";
+ sqspell_makeWindow(null, _("SquirrelSpell is misconfigured."), null, $msg);
+ exit;
+}
/**
* Load the user dictionary.
@@ -148,13 +169,15 @@ for ($i=0; $i