No longer store all message composition sessions in the PHP session, since it was...

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@12609 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/ChangeLog b/ChangeLog
index 8853c45ae4bf440a1d1a6676a5d3bb7b9e91ff9c..a2aefb4bc267ac899126f0e9f64d1610b4081489 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -211,6 +211,9 @@ Version 1.5.2 - SVN
   - Made the webmail_top hook work again for plugins that want to change
     the URI of the "right" frame; plugins have to change the value of the
     global variable $right_frame_url
+  - No longer store all message composition sessions in the PHP session,
+    since it was not made use of and in rare cases, made sessions too big
+  - Composition restoration functionality now correctly restores attachments
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------

diff --git a/include/init.php b/include/init.php
index c39db07a2dd93fbd3fe026d7de88c1c3c7c23506..7b5b2d9c571f72b73fc7a2b3824545e55c2e6987 100644 (file)
--- a/include/init.php
+++ b/include/init.php
@@ -399,6 +399,14 @@ switch (PAGE_NAME) {
         require(SM_PATH . 'functions/auth.php');
 
         if ( !sqsession_is_registered('user_is_logged_in') ) {
+
+            // use $message to indicate what logout text the user
+            // will see... if 0, typical "You must be logged in"
+            // if 1, information that the user session was saved
+            // and will be resumed after (re)login
+            //
+            $message = 0;
+
             //  First we store some information in the new session to prevent
             //  information-loss.
             //
@@ -409,6 +417,8 @@ switch (PAGE_NAME) {
             }
             if (!sqsession_is_registered('session_expired_location')) {
                 sqsession_register($session_expired_location,'session_expired_location');
+                if (stristr($session_expired_location, 'src/compose.php'))
+                    $message = 1;
             }
             // signout page will deal with users who aren't logged
             // in on its own; don't show error here
@@ -429,7 +439,10 @@ switch (PAGE_NAME) {
             $oTemplate = Template::construct_template($sTemplateID);
 
             set_up_language($squirrelmail_language, true);
-            logout_error( _("You must be logged in to access this page.") );
+            if (!$message)
+                logout_error( _("You must be logged in to access this page.") );
+            else
+                logout_error( _("Your session has expired, but will be resumed after logging in again.") );
             exit;
         }
 

diff --git a/src/compose.php b/src/compose.php
index 5f09af6b9d80e446ecc97db865fac4d158216761..cbde37838c6e033a72a64846f3d206f062ac25b3 100644 (file)
--- a/src/compose.php
+++ b/src/compose.php
@@ -47,9 +47,14 @@ require_once(SM_PATH . 'functions/identity.php');
 /** SESSION VARS */
 sqgetGlobalVar('delimiter', $delimiter,     SQ_SESSION);
 
+sqgetGlobalVar('delayed_errors',  $delayed_errors,  SQ_SESSION);
 sqgetGlobalVar('composesession',    $composesession,    SQ_SESSION);
 sqgetGlobalVar('compose_messages',  $compose_messages,  SQ_SESSION);
-sqgetGlobalVar('delayed_errors',  $delayed_errors,  SQ_SESSION);
+
+// compose_messages only useful in SESSION when a forward-as-attachment
+// has been preconstructed for us and passed in via that mechanism; once
+// we have it, we can clear it from the SESSION
+sqsession_unregister('compose_messages');
 
 // Turn on delayed error handling in case we wind up redirecting below
 $oErrorHandler->setDelayedErrors(true);
@@ -106,7 +111,7 @@ sqgetGlobalVar('addr_search_cancel',    $html_addr_search_cancel,   SQ_POST);
 sqgetGlobalVar('send_to_search',        $send_to_search,            SQ_POST);
 sqgetGlobalVar('do_delete',             $do_delete,                 SQ_POST);
 sqgetGlobalVar('delete',                $delete,                    SQ_POST);
-sqgetGlobalVar('restoremessages',       $restoremessages,           SQ_POST);
+sqgetGlobalVar('attachments',           $attachments,               SQ_POST);
 if ( sqgetGlobalVar('return', $temp, SQ_POST) ) {
     $html_addr_search_done = 'Use Addresses';
 }
@@ -317,6 +322,7 @@ function getforwardHeader($orig_header) {
  * If the session is expired during a post this restores the compose session
  * vars.
  */
+$session_expired = false;
 if (sqsession_is_registered('session_expired_post')) {
     sqgetGlobalVar('session_expired_post', $session_expired_post, SQ_SESSION);
     /*
@@ -329,11 +335,12 @@ if (sqsession_is_registered('session_expired_post')) {
         session_write_close();
     } else {
         // these are the vars that we can set from the expired composed session
-        $compo_var_list = array ( 'send_to', 'send_to_cc','body','startMessage',
-            'passed_body','use_signature','signature','subject','newmail',
-            'send_to_bcc', 'passed_id', 'mailbox', 'from_htmladdr_search', 'identity',
-            'draft_id', 'delete_draft', 'mailprio', 'edit_as_new', 'compose_messsages',
-            'composesession', 'request_mdn', 'request_dr');
+        $compo_var_list = array ('send_to', 'send_to_cc', 'body',
+            'startMessage', 'passed_body', 'use_signature', 'signature',
+            'subject', 'newmail', 'send_to_bcc', 'passed_id', 'mailbox', 
+            'from_htmladdr_search', 'identity', 'draft_id', 'delete_draft', 
+            'mailprio', 'edit_as_new', 'attachments', 'composesession', 
+            'request_mdn', 'request_dr');
 
         foreach ($compo_var_list as $var) {
             if ( isset($session_expired_post[$var]) && !isset($$var) ) {
@@ -341,9 +348,11 @@ if (sqsession_is_registered('session_expired_post')) {
             }
         }
 
-        $compose_messages = unserialize($restoremessages);
-        sqsession_register($compose_messages,'compose_messages');
+        if (!empty($attachments))
+            $attachments = unserialize($attachments);
+
         sqsession_register($composesession,'composesession');
+
         if (isset($send)) {
             unset($send);
         }
@@ -369,6 +378,7 @@ if (sqsession_is_registered('session_expired_post')) {
     showInputForm($session, false);
     exit();
 }
+
 if (!isset($composesession)) {
     $composesession = 0;
     sqsession_register(0,'composesession');
@@ -392,12 +402,19 @@ if (!isset($compose_messages[$session]) || ($compose_messages[$session] == NULL)
     $composeMessage->rfc822_header = $rfc822_header;
     $composeMessage->reply_rfc822_header = '';
     $compose_messages[$session] = $composeMessage;
-
-    sqsession_register($compose_messages,'compose_messages');
 } else {
     $composeMessage=$compose_messages[$session];
 }
 
+// re-add attachments that were already in this message
+// FIXME: note that technically this is very bad form -
+// should never directly manipulate an object like this
+if (!empty($attachments)) {
+    $attachments = unserialize($attachments);
+    if (!empty($attachments) && is_array($attachments))
+        $composeMessage->entities = $attachments;
+}
+
 if (empty($mailbox)) {
     $mailbox = 'INBOX';
 }
@@ -408,13 +425,11 @@ if ($draft) {
      * of language interface.
      */
     set_my_charset();
-    $composeMessage=$compose_messages[$session];
+    $composeMessage = $compose_messages[$session];
     if (! deliverMessage($composeMessage, true)) {
         showInputForm($session);
         exit();
     } else {
-        unset($compose_messages[$session]);
-        sqsession_register($compose_messages,'compose_messages');
         $draft_message = _("Draft Email Saved");
         /* If this is a resumed draft, then delete the original */
         if(isset($delete_draft)) {
@@ -523,8 +538,6 @@ if ($send) {
             showInputForm($session);
             exit();
         }
-        unset($compose_messages[$session]);
-        sqsession_register($compose_messages,'compose_messages');
 
         /* if it is resumed draft, delete draft message */
         if ( isset($delete_draft)) {
@@ -669,7 +682,6 @@ elseif (isset($sigappend)) {
         }
         $composeMessage->entities = $new_entities;
         $compose_messages[$session] = $composeMessage;
-        sqsession_register($compose_messages, 'compose_messages');
     }
     showInputForm($session);
 } else {
@@ -1075,7 +1087,7 @@ function getMessage_RFC822_Attachment($message, $composeMessage, $passed_id,
 
 function showInputForm ($session, $values=false) {
     global $send_to, $send_to_cc, $send_to_bcc,
-        $body, $startMessage, $action,
+        $body, $startMessage, $action, $attachments,
         $use_signature, $signature, $prefix_sig,
         $editor_size, $editor_height, $subject, $newmail,
         $use_javascript_addr_book, $passed_id, $mailbox,
@@ -1265,6 +1277,12 @@ function showInputForm ($session, $values=false) {
         showComposeButtonRow();
     }
 
+    // composeMessage can be empty when coming from a restored session
+    if (is_object($composeMessage) && $composeMessage->entities)
+        $attach_array = $composeMessage->entities;
+    if ($session_expired && !empty($attachments) && is_array($attachments))
+        $attach_array = $attachments;
+
     /* This code is for attachments */
     if ((bool) ini_get('file_uploads')) {
 
@@ -1286,9 +1304,8 @@ function showInputForm ($session, $values=false) {
         $attach = array();
         global $username, $attachment_dir;
         $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
-        // composeMessage can be empty when coming from a restored session
-        if (is_object($composeMessage) && $composeMessage->entities) {
-            foreach ($composeMessage->entities as $key => $attachment) {
+        if (!empty($attach_array)) {
+            foreach ($attach_array as $key => $attachment) {
                 $attached_file = $attachment->att_local_name;
                 if ($attachment->att_local_name || $attachment->body_part) {
                     $attached_filename = decodeHeader($attachment->mime_header->getParameter('name'));
@@ -1317,15 +1334,12 @@ function showInputForm ($session, $values=false) {
     echo addHidden('username', $username).
          addHidden('smaction', $action).
          addHidden('mailbox', $mailbox);
-    /*
-       store the complete ComposeMessages array in a hidden input value
-       so we can restore them in case of a session timeout.
-     */
     sqgetGlobalVar('QUERY_STRING', $queryString, SQ_SERVER);
 //FIXME: no direct echoing to browser, no HTML output in core!
-    echo addHidden('restoremessages', urlencode(serialize($compose_messages))).
-        addHidden('composesession', $composesession).
+    echo addHidden('composesession', $composesession).
         addHidden('querystring', $queryString).
+        (!empty($attach_array) ?
+         addHidden('attachments', urlencode(serialize($attach_array))) : '').
         "</form>\n";
     if (!(bool) ini_get('file_uploads')) {
         /* File uploads are off, so we didn't show that part of the form.
@@ -1432,7 +1446,6 @@ function saveAttachedFiles($session) {
     $name = $_FILES['attachfile']['name'];
     $message->initAttachment($type, $name, $localfilename);
     $compose_messages[$session] = $message;
-    sqsession_register($compose_messages , 'compose_messages');
 }
 
 /* parse values like 8M and 2k into bytes */