X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=src%2Fcompose.php;h=742d4bc985fe393ca40cf461e5d4c65da9d4c91a;hp=d6bc77491c891422706c651c4ffbd33d733b1af6;hb=167c6996539f53f02cd6fdbbaac71acb50c64774;hpb=4d1cb59ae648619fc2a90cb7d2c006e437f608cf

diff --git a/src/compose.php b/src/compose.php
index d6bc7749..742d4bc9 100644
--- a/src/compose.php
+++ b/src/compose.php
@@ -11,43 +11,39 @@
  *    - Send mail
  *    - Save As Draft
  *
- * @copyright &copy; 1999-2005 The SquirrelMail Project Team
+ * @copyright &copy; 1999-2006 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
  */
 
 /**
- * Path for SquirrelMail required files.
- * @ignore
+ * Include the SquirrelMail initialization file.
  */
-define('SM_PATH','../');
+require('../include/init.php');
 
 /* SquirrelMail required files. */
-require_once(SM_PATH . 'include/validate.php');
-require_once(SM_PATH . 'functions/global.php');
-require_once(SM_PATH . 'functions/imap.php');
+require_once(SM_PATH . 'functions/imap_general.php');
+require_once(SM_PATH . 'functions/imap_messages.php');
 require_once(SM_PATH . 'functions/date.php');
 require_once(SM_PATH . 'functions/mime.php');
-require_once(SM_PATH . 'functions/plugin.php');
-require_once(SM_PATH . 'functions/display_messages.php');
 require_once(SM_PATH . 'class/deliver/Deliver.class.php');
 require_once(SM_PATH . 'functions/addressbook.php');
 require_once(SM_PATH . 'functions/forms.php');
 require_once(SM_PATH . 'functions/identity.php');
 
 /* --------------------- Get globals ------------------------------------- */
-/** COOKIE VARS */
-sqgetGlobalVar('key',       $key,           SQ_COOKIE);
 
 /** SESSION VARS */
-sqgetGlobalVar('username',  $username,      SQ_SESSION);
-sqgetGlobalVar('onetimepad',$onetimepad,    SQ_SESSION);
-sqgetGlobalVar('base_uri',  $base_uri,      SQ_SESSION);
 sqgetGlobalVar('delimiter', $delimiter,     SQ_SESSION);
 
 sqgetGlobalVar('composesession',    $composesession,    SQ_SESSION);
 sqgetGlobalVar('compose_messages',  $compose_messages,  SQ_SESSION);
+sqgetGlobalVar('delayed_errors',  $delayed_errors,  SQ_SESSION);
+if (is_array($delayed_errors)) {
+    $oErrorHandler->AssignDelayedErrors($delayed_errors);
+    sqsession_unregister("delayed_errors");
+}
 
 /** SESSION/POST/GET VARS */
 sqgetGlobalVar('session',$session);
@@ -84,13 +80,14 @@ if ( sqgetGlobalVar('startMessage',$startMessage) ) {
 
 
 /** POST VARS */
-sqgetGlobalVar('sigappend',             $sigappend,             SQ_POST);
-sqgetGlobalVar('from_htmladdr_search',  $from_htmladdr_search,  SQ_POST);
-sqgetGlobalVar('addr_search_done',      $html_addr_search_done, SQ_POST);
-sqgetGlobalVar('send_to_search',        $send_to_search,        SQ_POST);
-sqgetGlobalVar('do_delete',             $do_delete,             SQ_POST);
-sqgetGlobalVar('delete',                $delete,                SQ_POST);
-sqgetGlobalVar('restoremessages',       $restoremessages,       SQ_POST);
+sqgetGlobalVar('sigappend',             $sigappend,                 SQ_POST);
+sqgetGlobalVar('from_htmladdr_search',  $from_htmladdr_search,      SQ_POST);
+sqgetGlobalVar('addr_search_done',      $html_addr_search_done,     SQ_POST);
+sqgetGlobalVar('addr_search_cancel',    $html_addr_search_cancel,   SQ_POST);
+sqgetGlobalVar('send_to_search',        $send_to_search,            SQ_POST);
+sqgetGlobalVar('do_delete',             $do_delete,                 SQ_POST);
+sqgetGlobalVar('delete',                $delete,                    SQ_POST);
+sqgetGlobalVar('restoremessages',       $restoremessages,           SQ_POST);
 if ( sqgetGlobalVar('return', $temp, SQ_POST) ) {
     $html_addr_search_done = 'Use Addresses';
 }
@@ -185,8 +182,6 @@ function getReplyCitation($orig_from, $orig_date) {
         $sOrig_from = decodeHeader($orig_from->getAddress(false),false,false,true);
     }
 
-//    $from = decodeHeader($orig_header->getAddr_s('from',"\n$indent"),false,false);
-
     /* First, return an empty string when no citation style selected. */
     if (($reply_citation_style == '') || ($reply_citation_style == 'none')) {
         return '';
@@ -206,8 +201,7 @@ function getReplyCitation($orig_from, $orig_date) {
         $full_reply_citation = sprintf(_("%s wrote:"),$sOrig_from);
         break;
     case 'quote_who':
-        // FIXME: do we have to translate xml formating?
-        $start = '<' . _("quote") . ' ' . _("who") . '="';
+        $start = '<quote who="';
         $end   = '">';
         $full_reply_citation = $start . $sOrig_from . $end;
         break;
@@ -297,13 +291,19 @@ if (sqsession_is_registered('session_expired_post')) {
         sqsession_unregister('session_expired_post');
         session_write_close();
     } else {
-        foreach ($session_expired_post as $postvar => $val) {
-            if (isset($val)) {
-                $$postvar = $val;
-            } else {
-                $$postvar = '';
+        // these are the vars that we can set from the expired composed session   
+        $compo_var_list = array ( 'send_to', 'send_to_cc','body','startMessage',
+            'passed_body','use_signature','signature','attachments','subject','newmail',
+            'send_to_bcc', 'passed_id', 'mailbox', 'from_htmladdr_search', 'identity',
+            'draft_id', 'delete_draft', 'mailprio', 'edit_as_new', 'compose_messsages',
+            'composesession', 'request_mdn', 'request_dr');
+
+        foreach ($compo_var_list as $var) {
+            if ( isset($session_expired_post[$var]) && !isset($$var) ) {
+               $$var = $session_expired_post[$var];
             }
         }
+
         $compose_messages = unserialize(urldecode($restoremessages));
         sqsession_register($compose_messages,'compose_messages');
         sqsession_register($composesession,'composesession');
@@ -348,7 +348,6 @@ if (!isset($compose_messages)) {
 }
 
 if (!isset($compose_messages[$session]) || ($compose_messages[$session] == NULL)) {
-    /* if (!array_key_exists($session, $compose_messages)) {  /* We can only do this in PHP >= 4.1 */
     $composeMessage = new Message();
     $rfc822_header = new Rfc822Header();
     $composeMessage->rfc822_header = $rfc822_header;
@@ -379,7 +378,7 @@ if ($draft) {
         $draft_message = _("Draft Email Saved");
         /* If this is a resumed draft, then delete the original */
         if(isset($delete_draft)) {
-            $imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, false);
+            $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, false);
             sqimap_mailbox_select($imap_stream, $draft_folder);
             // force bypass_trash=true because message should be saved when deliverMessage() returns true.
             // in current implementation of sqimap_msgs_list_flag() single message id can
@@ -390,13 +389,17 @@ if ($draft) {
             }
             sqimap_logout($imap_stream);
         }
+        if (count($oErrorHandler->aErrors)) {
+            sqsession_register($oErrorHandler->aErrors,"delayed_errors");
+        }
+        session_write_close();
         if ($compose_new_win == '1') {
             if ( !isset($pageheader_sent) || !$pageheader_sent ) {
                 Header("Location: $location/compose.php?saved_draft=yes&session=$composesession");
             } else {
-                echo '   <br><br><center><a href="' . $location
+                echo '   <br><br><div style="text-align: center;"><a href="' . $location
                     . '/compose.php?saved_sent=yes&amp;session=' . $composesession . '">'
-                    . _("Return") . '</a></center>';
+                    . _("Return") . '</a></div>';
             }
             exit();
         } else {
@@ -404,10 +407,10 @@ if ($draft) {
                 Header("Location: $location/right_main.php?mailbox=" . urlencode($draft_folder) .
                    "&startMessage=1&note=".urlencode($draft_message));
             } else {
-                echo '   <br><br><center><a href="' . $location
+                echo '   <br><br><div style="text-align: center;"><a href="' . $location
                     . '/right_main.php?mailbox=' . urlencode($draft_folder)
                     . '&amp;startMessage=1&amp;note=' . urlencode($draft_message) .'">'
-                    . _("Return") . '</a></center>';
+                    . _("Return") . '</a></div>';
             }
             exit();
         }
@@ -423,7 +426,7 @@ if ($send) {
     if (checkInput(false) && !isset($AttachFailure)) {
         if ($mailbox == "All Folders") {
             /* We entered compose via the search results page */
-            $mailbox="INBOX"; /* Send 'em to INBOX, that's safe enough */
+            $mailbox = 'INBOX'; /* Send 'em to INBOX, that's safe enough */
         }
         $urlMailbox = urlencode (trim($mailbox));
         if (! isset($passed_id)) {
@@ -464,14 +467,17 @@ if ($send) {
         $composeMessage=$compose_messages[$session];
 
         $Result = deliverMessage($composeMessage);
+
+        do_hook('compose_send_after', $Result, $composeMessage);
         if (! $Result) {
             showInputForm($session);
             exit();
         }
         unset($compose_messages[$session]);
+
         /* if it is resumed draft, delete draft message */
         if ( isset($delete_draft)) {
-            $imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, false);
+            $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, false);
             sqimap_mailbox_select($imap_stream, $draft_folder);
             // bypass_trash=true because message should be saved when deliverMessage() returns true.
             // in current implementation of sqimap_msgs_list_flag() single message id can
@@ -482,13 +488,20 @@ if ($send) {
             }
             sqimap_logout($imap_stream);
         }
+        /*
+         * Store the error array in the session because they will be lost on a redirect
+         */
+        if (count($oErrorHandler->aErrors)) {
+            sqsession_register($oErrorHandler->aErrors,"delayed_errors");
+        }
+        session_write_close();
         if ($compose_new_win == '1') {
             if ( !isset($pageheader_sent) || !$pageheader_sent ) {
                 Header("Location: $location/compose.php?mail_sent=yes");
             } else {
-                echo '   <br><br><center><a href="' . $location
+                echo '   <br><br><div style="text-align: center;"><a href="' . $location
                     . '/compose.php?mail_sent=yes">'
-                    . _("Return") . '</a></center>';
+                    . _("Return") . '</a></div>';
             }
             exit();
         } else {
@@ -496,10 +509,10 @@ if ($send) {
                 Header("Location: $location/right_main.php?mailbox=$urlMailbox".
                     "&startMessage=$startMessage&mail_sent=yes");
             } else {
-                echo '   <br><br><center><a href="' . $location
+                echo '   <br><br><div style="text-align: center;"><a href="' . $location
                     . "/right_main.php?mailbox=$urlMailbox"
                     . "&amp;startMessage=$startMessage&amp;mail_sent=yes\">"
-                    . _("Return") . '</a></center>';
+                    . _("Return") . '</a></div>';
             }
             exit();
         }
@@ -549,12 +562,12 @@ if ($send) {
         }
     }
     showInputForm($session);
-} elseif (isset($html_addr_search)) {
+} elseif (isset($html_addr_search) && !isset($html_addr_search_cancel)) {
     if (isset($_FILES['attachfile']) &&
             $_FILES['attachfile']['tmp_name'] &&
             $_FILES['attachfile']['tmp_name'] != 'none') {
         if(saveAttachedFiles($session)) {
-            plain_error_message(_("Could not move/copy file. File not attached"), $color);
+            plain_error_message(_("Could not move/copy file. File not attached"));
         }
     }
     /*
@@ -563,14 +576,14 @@ if ($send) {
      */
     include_once('./addrbook_search_html.php');
 } elseif (isset($attach)) {
-    if (saveAttachedFiles($session)) {
-        plain_error_message(_("Could not move/copy file. File not attached"), $color);
-    }
     if ($compose_new_win == '1') {
         compose_Header($color, $mailbox);
     } else {
         displayPageHeader($color, $mailbox);
     }
+    if (saveAttachedFiles($session)) {
+        plain_error_message(_("Could not move/copy file. File not attached"));
+    }
     showInputForm($session);
 }
 elseif (isset($sigappend)) {
@@ -593,9 +606,10 @@ elseif (isset($sigappend)) {
     if (isset($delete) && is_array($delete)) {
         $composeMessage = $compose_messages[$session];
         foreach($delete as $index) {
-            $attached_file = $composeMessage->entities[$index]->att_local_name;
-            unlink ($attached_file);
-            unset ($composeMessage->entities[$index]);
+            if (!empty($composeMessage->entities) && isset($composeMessage->entities[$index])) {
+                $composeMessage->entities[$index]->purgeAttachments();
+                unset ($composeMessage->entities[$index]);
+            }
         }
         $new_entities = array();
         foreach ($composeMessage->entities as $entity) {
@@ -669,7 +683,7 @@ function getforwardSubject($subject)
 function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $session='') {
     global $editor_size, $default_use_priority, $body, $idents,
         $use_signature, $data_dir, $username,
-        $username, $key, $imapServerAddress, $imapPort, $compose_messages,
+        $key, $imapServerAddress, $imapPort, $compose_messages,
         $composeMessage, $body_quote;
     global $languages, $squirrelmail_language, $default_charset;
 
@@ -684,7 +698,7 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se
     $mailprio = 3;
 
     if ($passed_id) {
-        $imapConnection = sqimap_login($username, $key, $imapServerAddress,
+        $imapConnection = sqimap_login($username, false, $imapServerAddress,
                 $imapPort, 0);
 
         sqimap_mailbox_select($imapConnection, $mailbox);
@@ -762,7 +776,6 @@ function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $se
         } else {
             $mailprio = '';
         }
-        //ClearAttachments($session);
 
         $identity = '';
         $from_o = $orig_header->from;
@@ -1024,7 +1037,8 @@ function showInputForm ($session, $values=false) {
         $from_htmladdr_search, $location_of_buttons, $attachment_dir,
         $username, $data_dir, $identity, $idents, $delete_draft,
         $mailprio, $compose_new_win, $saved_draft, $mail_sent, $sig_first,
-        $username, $compose_messages, $composesession, $default_charset;
+        $compose_messages, $composesession, $default_charset,
+        $compose_onsubmit, $oTemplate;
 
     if (checkForJavascript()) {
         $onfocus = ' onfocus="alreadyFocused=true;"';
@@ -1051,7 +1065,7 @@ function showInputForm ($session, $values=false) {
     }
 
     if ($use_javascript_addr_book) {
-        echo "\n". '<script language="JavaScript">'."\n<!--\n" .
+        echo "\n". '<script type="text/javascript">'."\n<!--\n" .
             'function open_abook() { ' . "\n" .
             '  var nwin = window.open("addrbook_popup.php","abookpopup",' .
             '"width=670,height=300,resizable=yes,scrollbars=yes");' . "\n" .
@@ -1063,8 +1077,37 @@ function showInputForm ($session, $values=false) {
 
     echo "\n" . '<form name="compose" action="compose.php" method="post" ' .
         'enctype="multipart/form-data"';
+
+    $compose_onsubmit = array();
     do_hook('compose_form');
 
+    // Plugins that use compose_form hook can add an array entry
+    // to the globally scoped $compose_onsubmit; we add them up
+    // here and format the form tag's full onsubmit handler.
+    // Each plugin should use "return false" if they need to
+    // stop form submission but otherwise should NOT use "return
+    // true" to give other plugins the chance to do what they need
+    // to do; SquirrelMail itself will add the final "return true".
+    // Onsubmit text is enclosed inside of double quotes, so plugins
+    // need to quote accordingly.
+    if (checkForJavascript()) {
+        $onsubmit_text = ' onsubmit="';
+        if (empty($compose_onsubmit))
+            $compose_onsubmit = array();
+        else if (!is_array($compose_onsubmit))
+            $compose_onsubmit = array($compose_onsubmit);
+
+        foreach ($compose_onsubmit as $text) {
+            $text = trim($text);
+            if (substr($text, -1) != ';' && substr($text, -1) != '}')
+                $text .= '; ';
+            $onsubmit_text .= $text;
+        }
+
+        echo $onsubmit_text . ' return true;"';
+    }
+
+
     echo ">\n";
 
     echo addHidden('startMessage', $startMessage);
@@ -1084,10 +1127,10 @@ function showInputForm ($session, $values=false) {
     }
 
     if ($saved_draft == 'yes') {
-        echo '<br /><center><b>'. _("Draft Saved").'</center></b>';
+        echo '<br /><div style="text-align: center;"><b>'. _("Draft Saved").'</div></b>';
     }
     if ($mail_sent == 'yes') {
-        echo '<br /><center><b>'. _("Your Message has been sent.").'</center></b>';
+        echo '<br /><div style="text-align: center;"><b>'. _("Your Message has been sent.").'</div></b>';
     }
     if ($compose_new_win == '1') {
         echo '<table align="center" bgcolor="'.$color[0].'" width="100%" border="0">'."\n" .
@@ -1110,7 +1153,7 @@ function showInputForm ($session, $values=false) {
         }
         echo '   <tr>' . "\n" .
             html_tag( 'td', '', 'right', $color[4], 'width="10%"' ) .
-            _("From:") . '</td>' . "\n" .
+            '<label for="identity">' . _("From:") . '</label></td>' . "\n" .
             html_tag( 'td', '', 'left', $color[4], 'width="90%"' ) .
             '         '.
             addSelect('identity', $ident_list, $identity, TRUE);
@@ -1121,28 +1164,28 @@ function showInputForm ($session, $values=false) {
 
     echo '   <tr>' . "\n" .
         html_tag( 'td', '', 'right', $color[4], 'width="10%"' ) .
-        _("To") . ':</td>' . "\n" .
+        '<label for="send_to">' . _("To") . '</label>:</td>' . "\n" .
         html_tag( 'td', '', 'left', $color[4], 'width="90%"' ) .
         addInput('send_to', $send_to, 60, 0, $onfocus_array). '<br />' . "\n" .
         '      </td>' . "\n" .
         '   </tr>' . "\n" .
         '   <tr>' . "\n" .
         html_tag( 'td', '', 'right', $color[4] ) .
-        _("Cc") . ':</td>' . "\n" .
+        '<label for="send_to_cc">' . _("Cc") . '</label>:</td>' . "\n" .
         html_tag( 'td', '', 'left', $color[4] ) .
         addInput('send_to_cc', $send_to_cc, 60, 0, $onfocus_array). '<br />' . "\n" .
         '      </td>' . "\n" .
         '   </tr>' . "\n" .
         '   <tr>' . "\n" .
         html_tag( 'td', '', 'right', $color[4] ) .
-        _("Bcc") . ':</td>' . "\n" .
+        '<label for="send_to_bcc">' . _("Bcc") . '</label>:</td>' . "\n" .
         html_tag( 'td', '', 'left', $color[4] ) .
         addInput('send_to_bcc', $send_to_bcc, 60, 0, $onfocus_array).'<br />' . "\n" .
         '      </td>' . "\n" .
         '   </tr>' . "\n" .
         '   <tr>' . "\n" .
         html_tag( 'td', '', 'right', $color[4] ) .
-        _("Subject") . ':</td>' . "\n" .
+        '<label for="subject">' . _("Subject") . '</label>:</td>' . "\n" .
         html_tag( 'td', '', 'left', $color[4] ) . "\n";
     echo '         '.addInput('subject', $subject, 60, 0, $onfocus_array).
         '      </td>' . "\n" .
@@ -1152,18 +1195,20 @@ function showInputForm ($session, $values=false) {
         showComposeButtonRow();
     }
 
-    /* why this distinction? */
+    /**
+     * When message is compose in new window, different colors are used.
+     */
     if ($compose_new_win == '1') {
         echo '   <tr>' . "\n" .
             '      <td bgcolor="' . $color[0] . '" colspan="2" align="center">' . "\n" .
             '         <textarea name="body" id="body" rows="' . (int)$editor_height .
-            '" cols="' . (int)$editor_size . '" wrap="virtual"' . $onfocus . '>';
+            '" cols="' . (int)$editor_size . '"' . $onfocus . '>';
     }
     else {
         echo '   <tr>' . "\n" .
             '      <td bgcolor="' . $color[4] . '" colspan="2">' . "\n" .
             '         &nbsp;&nbsp;<textarea name="body" id="body" rows="' . (int)$editor_height .
-            '" cols="' . (int)$editor_size . '" wrap="virtual"' . $onfocus . '>';
+            '" cols="' . (int)$editor_size . '"' . $onfocus . '>';
     }
 
     if ($use_signature == true && $newmail == true && !isset($from_htmladdr_search)) {
@@ -1230,8 +1275,8 @@ function showInputForm ($session, $values=false) {
         }
 
         if(count($sizes) > 0) {
-            $maxsize = '(max.&nbsp;' . show_readable_size( min( $sizes ) ) . ')';
-            echo addHidden('MAX_FILE_SIZE', min( $sizes ));
+            $maxsize = '(max.&nbsp;' . show_readable_size( min( $sizes ) ) . ')'
+                . addHidden('MAX_FILE_SIZE', min( $sizes ));
         } else {
             $maxsize = '';
         }
@@ -1310,7 +1355,7 @@ function showInputForm ($session, $values=false) {
     }
 
     do_hook('compose_bottom');
-    echo '</body></html>' . "\n";
+    $oTemplate->display('footer.tpl');
 }
 
 
@@ -1327,7 +1372,7 @@ function showComposeButtonRow() {
         if(!isset($mailprio)) {
             $mailprio = '3';
         }
-        echo '          ' . _("Priority") .
+        echo '          <label for="mailprio">' . _("Priority") . '</label>: '.
             addSelect('mailprio', array(
                         '1' => _("High"),
                         '3' => _("Normal"),
@@ -1337,8 +1382,10 @@ function showComposeButtonRow() {
     if ($default_use_mdn) {
         if ($mdn_user_support) {
             echo '          ' . _("Receipt") .': '.
-                addCheckBox('request_mdn', $request_mdn == '1', '1'). _("On Read").
-                addCheckBox('request_dr',  $request_dr  == '1', '1'). _("On Delivery");
+                addCheckBox('request_mdn', $request_mdn == '1', '1') .
+                    '<label for="request_mdn">' . _("On Read") . '</label>' .
+                addCheckBox('request_dr',  $request_dr  == '1', '1') .
+                    '<label for="request_dr">' .  _("On Delivery") . '</label>';
         }
     }
 
@@ -1349,7 +1396,7 @@ function showComposeButtonRow() {
         '      <td>' . "\n" .
         '         <input type="submit" name="sigappend" value="' . _("Signature") . '" />' . "\n";
     if ($use_javascript_addr_book) {
-        echo "         <script language=\"JavaScript\"><!--\n document.write(\"".
+        echo "         <script type=\"text/javascript\"><!--\n document.write(\"".
             "            <input type=button value=\\\""._("Addresses").
             "\\\" onclick=\\\"javascript:open_abook();\\\" />\");".
             "            // --></script><noscript>\n".
@@ -1379,11 +1426,11 @@ function checkInput ($show) {
      * using $show=false, and then when i'm ready to display the error
      * message, show=true
      */
-    global $body, $send_to, $send_to_bcc, $subject, $color;
+    global $send_to, $send_to_bcc;
 
     if ($send_to == '' && $send_to_bcc == '') {
         if ($show) {
-            plain_error_message(_("You have not filled in the \"To:\" field."), $color);
+            plain_error_message(_("You have not filled in the \"To:\" field."));
         }
         return false;
     }
@@ -1393,7 +1440,7 @@ function checkInput ($show) {
 
 /* True if FAILURE */
 function saveAttachedFiles($session) {
-    global $_FILES, $attachment_dir, $attachments, $username,
+    global $_FILES, $attachment_dir, $username,
         $data_dir, $compose_messages;
 
     /* get out of here if no file was attached at all */
@@ -1409,10 +1456,10 @@ function saveAttachedFiles($session) {
         $full_localfilename = "$hashed_attachment_dir/$localfilename";
     }
 
-    // FIXME: we SHOULD prefer move_uploaded_file over rename because
-    // m_u_f works better with restricted PHP installs (safe_mode, open_basedir)
-    if (!@rename($_FILES['attachfile']['tmp_name'], $full_localfilename)) {
-        if (!@move_uploaded_file($_FILES['attachfile']['tmp_name'],$full_localfilename)) {
+    // m_u_f works better with restricted PHP installs (safe_mode, open_basedir),
+    // if that doesn't work, try a simple rename.
+    if (!@move_uploaded_file($_FILES['attachfile']['tmp_name'],$full_localfilename)) {
+        if (!@rename($_FILES['attachfile']['tmp_name'], $full_localfilename)) {
             return true;
         }
     }
@@ -1424,18 +1471,6 @@ function saveAttachedFiles($session) {
     sqsession_register($compose_messages , 'compose_messages');
 }
 
-function ClearAttachments($composeMessage) {
-    if ($composeMessage->att_local_name) {
-        $attached_file = $composeMessage->att_local_name;
-        if (file_exists($attached_file)) {
-            unlink($attached_file);
-        }
-    }
-    for ($i=0, $entCount=count($composeMessage->entities);$i< $entCount; ++$i) {
-        ClearAttachments($composeMessage->entities[$i]);
-    }
-}
-
 /* parse values like 8M and 2k into bytes */
 function getByteSize($ini_size) {
 
@@ -1469,7 +1504,7 @@ function getByteSize($ini_size) {
 
 /**
  * temporary function to make use of the deliver class.
- * In the future the responsable backend should be automaticly loaded
+ * In the future the responsible backend should be automaticly loaded
  * and conf.pl should show a list of available backends.
  * The message also should be constructed by the message class.
  */
@@ -1590,13 +1625,21 @@ function deliverMessage($composeMessage, $draft=false) {
                 $smtpServerAddress, $smtpPort, $user, $pass, $authPop);
     } elseif (!$draft) {
         require_once(SM_PATH . 'class/deliver/Deliver_SendMail.class.php');
-        global $sendmail_path;
-        $deliver = new Deliver_SendMail();
+        global $sendmail_path, $sendmail_args;
+        // Check for outdated configuration
+        if (!isset($sendmail_args)) {
+            if ($sendmail_path=='/var/qmail/bin/qmail-inject') {
+                $sendmail_args = '';
+            } else {
+                $sendmail_args = '-i -t';
+            }
+        }
+        $deliver = new Deliver_SendMail(array('sendmail_args'=>$sendmail_args));
         $stream = $deliver->initStream($composeMessage,$sendmail_path);
     } elseif ($draft) {
         global $draft_folder;
         require_once(SM_PATH . 'class/deliver/Deliver_IMAP.class.php');
-        $imap_stream = sqimap_login($username, $key, $imapServerAddress,
+        $imap_stream = sqimap_login($username, false, $imapServerAddress,
                 $imapPort, 0);
         if (sqimap_mailbox_exists ($imap_stream, $draft_folder)) {
             require_once(SM_PATH . 'class/deliver/Deliver_IMAP.class.php');
@@ -1607,27 +1650,34 @@ function deliverMessage($composeMessage, $draft=false) {
             sqimap_append_done ($imap_stream, $draft_folder);
             sqimap_logout($imap_stream);
             unset ($imap_deliver);
+            $composeMessage->purgeAttachments();
             return $length;
         } else {
-            $msg  = '<br />'.sprintf(_("Error: Draft folder %s does not exist."), $draft_folder);
-            plain_error_message($msg, $color);
+            $msg  = '<br />'.sprintf(_("Error: Draft folder %s does not exist."), htmlspecialchars($draft_folder));
+            plain_error_message($msg);
             return false;
         }
     }
-    $succes = false;
+    $success = false;
     if ($stream) {
         $length = $deliver->mail($composeMessage, $stream);
-        $succes = $deliver->finalizeStream($stream);
-    }
-    if (!$succes) {
-        $msg  = $deliver->dlv_msg . '<br />' .
-            _("Server replied:") . ' ' . $deliver->dlv_ret_nr . ' ' .
-            $deliver->dlv_server_msg;
-        plain_error_message($msg, $color);
+        $success = $deliver->finalizeStream($stream);
+    }
+    if (!$success) {
+        // $deliver->dlv_server_msg is not always server's reply
+        $msg  = $deliver->dlv_msg;
+        if (!empty($deliver->dlv_server_msg)) {
+            // add 'server replied' part only when it is not empty.
+            // Delivery error can be generated by delivery class itself
+            $msg.='<br />' .
+                _("Server replied:") . ' ' . $deliver->dlv_ret_nr . ' ' .
+                nl2br(htmlspecialchars($deliver->dlv_server_msg));
+        }
+        plain_error_message($msg);
     } else {
         unset ($deliver);
         $move_to_sent = getPref($data_dir,$username,'move_to_sent');
-        $imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
+        $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
 
         /* Move to sent code */
         if (isset($default_move_to_sent) && ($default_move_to_sent != 0)) {
@@ -1667,18 +1717,21 @@ function deliverMessage($composeMessage, $draft=false) {
 
         global $passed_id, $mailbox, $action, $what, $iAccount,$startMessage;
 
-        ClearAttachments($composeMessage);
+        $composeMessage->purgeAttachments();
         if ($action == 'reply' || $action == 'reply_all') {
+            require(SM_PATH . 'functions/mailbox_display.php');
             $aMailbox = sqm_api_mailbox_select($imap_stream, $iAccount, $mailbox,array('setindex' => $what, 'offset' => $startMessage),array());
-            //sqimap_mailbox_select ($imap_stream, $mailbox);
-            $aUpdatedMsgs = sqimap_toggle_flag($imap_stream, array($passed_id), '\\Answered', true, false);
-             if (isset($aUpdatedMsgs[$passed_id]['FLAGS'])) {
-                /**
-                 * Only update the cached headers if the header is
-                 * cached.
-                 */
-                if (isset($aMailbox['MSG_HEADERS'][$passed_id])) {
-                    $aMailbox['MSG_HEADERS'][$passed_id]['FLAGS'] = $aMsg['FLAGS'];
+            // check if we are allowed to set the \\Answered flag
+            if (in_array('\\answered',$aMailbox['PERMANENTFLAGS'], true)) {
+                $aUpdatedMsgs = sqimap_toggle_flag($imap_stream, array($passed_id), '\\Answered', true, false);
+                if (isset($aUpdatedMsgs[$passed_id]['FLAGS'])) {
+                    /**
+                     * Only update the cached headers if the header is
+                     * cached.
+                     */
+                    if (isset($aMailbox['MSG_HEADERS'][$passed_id])) {
+                        $aMailbox['MSG_HEADERS'][$passed_id]['FLAGS'] = $aMsg['FLAGS'];
+                    }
                 }
             }
             /**
@@ -1689,7 +1742,6 @@ function deliverMessage($composeMessage, $draft=false) {
         }
         sqimap_logout($imap_stream);
     }
-    return $succes;
+    return $success;
 }
-
-?>
\ No newline at end of file
+?>