From 06dc9838e0327c9472cbd3f353b40317eba0ecef Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 16 Sep 2011 13:53:35 -0400
Subject: [PATCH] Fix session race conditions when composing new messages

---
 program/steps/mail/attachments.inc |   47 +++++++++++++++++++++++++++++------------------
 1 files changed, 29 insertions(+), 18 deletions(-)

diff --git a/program/steps/mail/attachments.inc b/program/steps/mail/attachments.inc
index 2b4a590..ffb1642 100644
--- a/program/steps/mail/attachments.inc
+++ b/program/steps/mail/attachments.inc
@@ -4,8 +4,8 @@
  +-----------------------------------------------------------------------+
  | program/steps/mail/attachments.inc                                    |
  |                                                                       |
- | This file is part of the RoundCube Webmail client                     |
- | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                 |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2005-2009, The Roundcube Dev Team                       |
  | Licensed under the GNU GPL                                            |
  |                                                                       |
  | PURPOSE:                                                              |
@@ -19,6 +19,13 @@
 
 */
 
+// Upload progress update
+if (!empty($_GET['_progress'])) {
+  rcube_upload_progress();
+}
+
+$COMPOSE_ID = get_input_value('_id', RCUBE_INPUT_GPC);
+$_SESSION['compose'] = $_SESSION['compose_data_'.$COMPOSE_ID];
 
 if (!$_SESSION['compose']) {
   die("Invalid session var!");
@@ -32,7 +39,7 @@
   if (preg_match('/^rcmfile(\w+)$/', $_POST['_file'], $regs))
     $id = $regs[1];
   if ($attachment = $_SESSION['compose']['attachments'][$id])
-    $attachment = $RCMAIL->plugins->exec_hook('remove_attachment', $attachment);
+    $attachment = $RCMAIL->plugins->exec_hook('attachment_delete', $attachment);
   if ($attachment['status']) {
     if (is_array($_SESSION['compose']['attachments'][$id])) {
       unset($_SESSION['compose']['attachments'][$id]);
@@ -50,7 +57,7 @@
   if (preg_match('/^rcmfile(\w+)$/', $_GET['_file'], $regs))
     $id = $regs[1];
   if ($attachment = $_SESSION['compose']['attachments'][$id])
-    $attachment = $RCMAIL->plugins->exec_hook('display_attachment', $attachment);
+    $attachment = $RCMAIL->plugins->exec_hook('attachment_display', $attachment);
     
   if ($attachment['status']) {
     if (empty($attachment['size']))
@@ -80,22 +87,28 @@
 
 if (is_array($_FILES['_attachments']['tmp_name'])) {
   foreach ($_FILES['_attachments']['tmp_name'] as $i => $filepath) {
-    $attachment = array(
-      'path' => $filepath,
-      'size' => $_FILES['_attachments']['size'][$i],
-      'name' => $_FILES['_attachments']['name'][$i],
-      'mimetype' => rc_mime_content_type($filepath, $_FILES['_attachments']['name'][$i], $_FILES['_attachments']['type'][$i])
-    );
+    // Process uploaded attachment if there is no error
+    $err = $_FILES['_attachments']['error'][$i];
 
-    $attachment = $RCMAIL->plugins->exec_hook('upload_attachment', $attachment);
+    if (!$err) {
+      $attachment = array(
+        'path' => $filepath,
+        'size' => $_FILES['_attachments']['size'][$i],
+        'name' => $_FILES['_attachments']['name'][$i],
+        'mimetype' => rc_mime_content_type($filepath, $_FILES['_attachments']['name'][$i], $_FILES['_attachments']['type'][$i]),
+        'group' => $COMPOSE_ID,
+      );
 
-    if ($attachment['status'] && !$attachment['abort']) {
+      $attachment = $RCMAIL->plugins->exec_hook('attachment_upload', $attachment);
+    }
+
+    if (!$err && $attachment['status'] && !$attachment['abort']) {
       $id = $attachment['id'];
-      
+
       // store new attachment in session
       unset($attachment['status'], $attachment['abort']);
       $_SESSION['compose']['attachments'][$id] = $attachment;
-      
+
       if (($icon = $_SESSION['compose']['deleteicon']) && is_file($icon)) {
         $button = html::img(array(
           'src' => $icon,
@@ -113,7 +126,7 @@
       ), $button);
 
       $content .= Q($attachment['name']);
-      
+
       $OUTPUT->command('add2attachment_list', "rcmfile$id", array(
         'html' => $content,
         'name' => $attachment['name'],
@@ -121,7 +134,6 @@
         'complete' => true), $uploadid);
     }
     else {  // upload failed
-      $err = $_FILES['_attachments']['error'][$i];
       if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE) {
         $msg = rcube_label(array('name' => 'filesizeerror', 'vars' => array('size' => show_bytes(parse_bytes(ini_get('upload_max_filesize'))))));
       }
@@ -131,7 +143,7 @@
       else {
         $msg = rcube_label('fileuploaderror');
       }
-    
+
       $OUTPUT->command('display_message', $msg, 'error');
       $OUTPUT->command('remove_from_attachment_list', $uploadid);
     }
@@ -152,4 +164,3 @@
 $OUTPUT->command('auto_save_start', false);
 $OUTPUT->send('iframe');
 
-?>

--
Gitblit v1.9.1