From c6f28eb1fd0a7e7de3eb16ba8e786e04d75ca6d1 Mon Sep 17 00:00:00 2001 From: kink Date: Thu, 3 Aug 2006 15:03:44 +0000 Subject: [PATCH] Fixed resuming of compose when session expired while writing, and make sure the code only sets those variables that are needed in compose and are not already set. Thanks James Bercegay from GulfTech for pointing this out. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@11460 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- ChangeLog | 4 ++++ functions/auth.php | 6 +++--- src/compose.php | 23 ++++++++++++++--------- src/login.php | 25 ++++++++++++++++++------- src/redirect.php | 16 +++++++++------- src/webmail.php | 3 --- 6 files changed, 48 insertions(+), 29 deletions(-) diff --git a/ChangeLog b/ChangeLog index 812e6322..d13d0bc4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -111,6 +111,10 @@ Version 1.5.2 - CVS - config_default.php is loaded before site configuration file. config_local.php overrides are removed from config.php and loaded by main initiation script. + - Fixed resuming of compose when session expired while writing, and make + sure the code only sets those variables that are needed in compose and + are not already set. Thanks James Bercegay from GulfTech for pointing + this out. Version 1.5.1 (branched on 2006-02-12) -------------------------------------- diff --git a/functions/auth.php b/functions/auth.php index 2729c749..53034f63 100644 --- a/functions/auth.php +++ b/functions/auth.php @@ -33,11 +33,10 @@ function sqauth_is_logged_in() { if ( sqsession_is_registered('user_is_logged_in') ) { return true; } else { - global $PHP_SELF, $session_expired_post, $session_expired_location; - // First we store some information in the new session to prevent // information-loss. - // + sqGetGlobalVar('PHP_SELF', $PHP_SELF, SQ_SERVER); + $session_expired_post = $_POST; $session_expired_location = $PHP_SELF; if (!sqsession_is_registered('session_expired_post')) { @@ -46,6 +45,7 @@ function sqauth_is_logged_in() { if (!sqsession_is_registered('session_expired_location')) { sqsession_register($session_expired_location,'session_expired_location'); } + session_write_close(); return false; } diff --git a/src/compose.php b/src/compose.php index f0e7a10e..3b59fbaf 100644 --- a/src/compose.php +++ b/src/compose.php @@ -295,13 +295,18 @@ if (sqsession_is_registered('session_expired_post')) { sqsession_unregister('session_expired_post'); session_write_close(); } else { - foreach ($session_expired_post as $postvar => $val) { - if (isset($val)) { - $$postvar = $val; - } else { - $$postvar = ''; - } + // these are the vars that we can set from the expired composed session + $compo_var_list = array ( 'send_to', 'send_to_cc','body','startMessage', + 'passed_body','use_signature','signature','attachments','subject','newmail', + 'send_to_bcc', 'passed_id', 'mailbox', 'from_htmladdr_search', 'identity', + 'draft_id', 'delete_draft', 'mailprio', 'edit_as_new', 'compose_messsages', + 'composesession', 'request_mdn', 'request_dr'); + + foreach ($compo_var_list as $var) { + if ( isset($session_expired_post[$var]) && !isset($$var) ) { + $$var = $session_expired_post[$var]; } + $compose_messages = unserialize(urldecode($restoremessages)); sqsession_register($compose_messages,'compose_messages'); sqsession_register($composesession,'composesession'); @@ -681,7 +686,7 @@ function getforwardSubject($subject) function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $session='') { global $editor_size, $default_use_priority, $body, $idents, $use_signature, $data_dir, $username, - $username, $key, $imapServerAddress, $imapPort, $compose_messages, + $key, $imapServerAddress, $imapPort, $compose_messages, $composeMessage, $body_quote; global $languages, $squirrelmail_language, $default_charset; @@ -1035,7 +1040,7 @@ function showInputForm ($session, $values=false) { $from_htmladdr_search, $location_of_buttons, $attachment_dir, $username, $data_dir, $identity, $idents, $delete_draft, $mailprio, $compose_new_win, $saved_draft, $mail_sent, $sig_first, - $username, $compose_messages, $composesession, $default_charset, + $compose_messages, $composesession, $default_charset, $compose_onsubmit, $oTemplate; if (checkForJavascript()) { @@ -1424,7 +1429,7 @@ function checkInput ($show) { * using $show=false, and then when i'm ready to display the error * message, show=true */ - global $body, $send_to, $send_to_bcc, $subject, $color; + global $send_to, $send_to_bcc; if ($send_to == '' && $send_to_bcc == '') { if ($show) { diff --git a/src/login.php b/src/login.php index e21cc3e6..870d4d43 100644 --- a/src/login.php +++ b/src/login.php @@ -31,20 +31,31 @@ require_once(SM_PATH . 'functions/forms.php'); */ set_up_language($squirrelmail_language, TRUE, TRUE); -/* +/** * In case the last session was not terminated properly, make sure - * we get a new one. + * we get a new one, but make sure we preserve session_expired_* */ -sqsession_destroy(); /** * PHP bug. http://bugs.php.net/11643 (warning, spammed bug tracker) and * http://bugs.php.net/13834 * SID constant is not destroyed in PHP 4.1.2, 4.2.3 and maybe other * versions. Produces warning on login page. Bug should be fixed only in 4.3.0 */ -@sqsession_is_active(); -$_SESSION=array(); - +if ( !empty($_SESSION['session_expired_post']) && !empty($_SESSION['session_expired_location']) ) { + $sep = $_SESSION['session_expired_post']; + $sel = $_SESSION['session_expired_location']; + + sqsession_destroy(); + + sqsession_is_active(); + $_SESSION=array(); + sqsession_register($sep, 'session_expired_post'); + sqsession_register($sel, 'session_expired_location'); +} else { + sqsession_destroy(); + @sqsession_is_active(); + $_SESSION=array(); +} /** * This detects if the IMAP server has logins disabled, and if so, @@ -174,4 +185,4 @@ $oTemplate->display('login.tpl'); #trigger_error('login'); $oTemplate->display('footer.tpl'); -?> \ No newline at end of file +?> diff --git a/src/redirect.php b/src/redirect.php index ac31a2c7..ce067196 100644 --- a/src/redirect.php +++ b/src/redirect.php @@ -143,13 +143,15 @@ $redirect_url = $location . '/webmail.php'; if ( sqgetGlobalVar('session_expired_location', $session_expired_location, SQ_SESSION) ) { sqsession_unregister('session_expired_location'); - $compose_new_win = getPref($data_dir, $username, 'compose_new_win', 0); - if ($compose_new_win) { - // do not prefix $location here because $session_expired_location is set to PHP_SELF - // of the last page - $redirect_url = $session_expired_location; - } elseif ( strpos($session_expired_location, 'webmail.php') === FALSE ) { - $redirect_url = $location.'/webmail.php?right_frame='.urldecode($session_expired_location); + if ( strpos($session_expired_location, 'compose.php') !== FALSE ) { + $compose_new_win = getPref($data_dir, $username, 'compose_new_win', 0); + if ($compose_new_win) { + // do not prefix $location here because $session_expired_location is set to PHP_SELF + // of the last page + $redirect_url = $session_expired_location; + } else { + $redirect_url = $location.'/webmail.php?right_frame='.urldecode($session_expired_location); + } } unset($session_expired_location); } diff --git a/src/webmail.php b/src/webmail.php index 24bc1b14..8a53880c 100644 --- a/src/webmail.php +++ b/src/webmail.php @@ -36,9 +36,6 @@ if (!sqgetGlobalVar('mailbox', $mailbox)) { sqgetGlobalVar('right_frame', $right_frame, SQ_GET); -if ( isset($_SESSION['session_expired_post']) ) { - sqsession_unregister('session_expired_post'); -} if(!sqgetGlobalVar('mailto', $mailto)) { $mailto = ''; } -- 2.25.1