X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=src%2Fmailto.php;h=0212af22250688c8231475f3a9861cb94a85b9ff;hp=a89c45a51e7c4506b132c6655b537517ede6dfc1;hb=c4faef335b2362c81b8ebf026d4066c12d70536c;hpb=8f6f9ba5df6491d396aa690dcf3e5b9070a565ca diff --git a/src/mailto.php b/src/mailto.php index a89c45a5..0212af22 100644 --- a/src/mailto.php +++ b/src/mailto.php @@ -3,72 +3,115 @@ /** * mailto.php -- mailto: url handler * - * Copyright (c) 1999-2003 The SquirrelMail Project Team - * Licensed under the GNU GPL. For full terms see the file COPYING. + * This page facilitates handling mailto: links in SquirrelMail. It checks + * to see if we're logged in, and if we are, it refers the user to the + * compose screen (embedded in a normal, full SquirrelMail interface) with + * the mailto: data auto-populated in the corresponding fields. If there + * is no user currently logged in, the user is redirected to the login screen + * first, but after login, the compose screen is shown with the correct + * fields pre-populated. * - * This checks to see if we're logged in. If we are we open up a new - * compose window for this email, otherwise we go to login.php - * (the above functionality has been disabled, by default you are required to - * login first) + * If the administrator desires, $compose_only can be set to TRUE, in which + * case only a compose screen will show, not embedded in the normal + * SquirrelMail interface. * - * Use the following url to use mailto: - * http:////src/mailto.php?emailaddress="%1" - * see ../contrib/squirrelmail.mailto.reg for a Windows Registry file + * If the administrator wants to force a re-login every time a mailto: link + * is clicked on (no matter if a user was already logged in), set $force_login + * to TRUE. + * + * Use the following URI when configuring a computer to handle mailto: links + * by using SquirrelMail: + * + * http:////src/mailto.php?emailaddress=%1 + * + * see ../contrib/squirrelmail.mailto.NT2KXP.reg for a Windows Registry file + * that will set this up in the most robust manner. + * + * @copyright 1999-2020 The SquirrelMail Project Team + * @license http://opensource.org/licenses/gpl-license.php GNU Public License + * @version $Id$ * @package squirrelmail */ -/** Path for SquirrelMail required files. */ -define('SM_PATH','../'); +/** This is the mailto page */ +define('PAGE_NAME', 'mailto'); + +/** + * Include the SquirrelMail initialization file. + */ +require('../include/init.php'); + + +// Force users to login each time? Setting this to TRUE does NOT mean +// that if no user is logged in that it won't require a correct login +// first! Instead, setting it to TRUE will log out anyone currently +// logged in and force a re-login. Setting this to FALSE will still +// require a login if no one is logged in, but it will allow you to go +// directly to compose your message if you are already logged in. +// +// Note, however, that depending on how the client browser manages +// sessions and how the client operating system is set to handle +// mailto: links, you may have to log in every time no matter what +// (IE under WinXP appears to pop up a new window and thus always +// start a new session; Firefox under WinXP seems to start a new tab +// which will find a current login if one exists). +// +$force_login = FALSE; -/* SquirrelMail required files. */ -require_once(SM_PATH . 'config/config.php'); -require_once(SM_PATH . 'functions/global.php'); +// Open only the compose window, meaningless if $force_login is TRUE +// +$compose_only = FALSE; + + +// Disable browser caching +// +header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0'); header('Pragma: no-cache'); -if(!sqgetGlobalVar('emailaddress', $emailaddress)) { - return; -} +header('Expires: Sat, 1 Jan 2000 00:00:00 GMT'); -$mailto_pos = strpos(strtolower($emailaddress), 'mailto:'); -if($mailto_pos !== false) { - $emailaddress = substr($emailaddress, $mailto_pos+7); - $_GET['emailaddress'] = $emailaddress; -} -if(($pos = strpos($emailaddress, '?')) !== false) { - $a = substr($emailaddress, $pos+1); - list($emailaddress, $a) = explode('?', $emailaddress, 2); - $a = explode('=', $a, 2); - $_GET['emailaddress'] = $emailaddress; - $_GET[$a[0]] = $a[1]; -} -$trtable = array('emailaddress' => 'send_to', - 'cc' => 'send_to_cc', - 'bcc' => 'send_to_bcc', +$trtable = array('cc' => 'cc', + 'bcc' => 'bcc', 'body' => 'body', 'subject' => 'subject'); $url = ''; -/* CC, BCC, etc could be any case, so we'll fix them here */ -foreach($_GET as $k=>$g) { - if($g != '') { + +$data = array(); + +if (sqgetGlobalVar('emailaddress', $emailaddress)) { + $emailaddress = trim($emailaddress); + if (stristr($emailaddress, 'mailto:')) { + $emailaddress = substr($emailaddress, 7); + } + if (strpos($emailaddress, '?') !== FALSE) { + list($emailaddress, $a) = explode('?', $emailaddress, 2); + if (strlen(trim($a)) > 0) { + $a = explode('=', $a, 2); + $data[strtolower($a[0])] = $a[1]; + } + } + $data['to'] = $emailaddress; + + /* CC, BCC, etc could be any case, so we'll fix them here */ + foreach($_GET as $k=>$g) { $k = strtolower($k); - $k = $trtable[$k]; - $url .= $k . '=' . urlencode($g) . '&'; + if (isset($trtable[$k])) { + $k = $trtable[$k]; + $data[$k] = $g; + } } } -$url = substr($url, 0, -1); - sqsession_is_active(); -/* Check to see if we're logged in */ -/* -if (sqsession_is_registered('user_is_logged_in')) { - $redirect = 'webmail.php?right_frame=compose.php?'; + +if (!$force_login && sqsession_is_registered('user_is_logged_in')) { + if ($compose_only) { + $redirect = 'compose.php?mailtodata=' . urlencode(serialize($data)); + } else { + $redirect = 'webmail.php?right_frame=compose.php&mailtodata=' . urlencode(serialize($data)); + } } else { - $redirect = 'login.php?mailto='; + $redirect = 'login.php?mailtodata=' . urlencode(serialize($data)); } -*/ -$url = urlencode($url); -/* $redirect .= $url; */ -$redirect = 'login.php?mailto=' . $url; + session_write_close(); -header('Location: ' .get_location(). $redirect); -?> +header('Location: ' . get_location() . '/' . $redirect);