From b48d9bf5d412a6f56f3f9ba4bad141ddfe175727 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Mon, 07 Sep 2009 08:51:21 -0400
Subject: [PATCH] - Use faster/secure mt_rand() (#1486094)
---
program/steps/mail/compose.inc | 113 ++++++++++++++++++++++++++++++++++++++++----------------
1 files changed, 81 insertions(+), 32 deletions(-)
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index d178401..8b821c8 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -37,25 +37,59 @@
{
rcmail_compose_cleanup();
$_SESSION['compose'] = array(
- 'id' => uniqid(rand()),
- 'param' => array_map('strip_tags', $_GET),
+ 'id' => uniqid(mt_rand()),
+ 'param' => request2param(RCUBE_INPUT_GET),
'mailbox' => $IMAP->get_mailbox_name(),
);
// process values like "mailto:foo@bar.com?subject=new+message&cc=another"
- if ($_SESSION['compose']['param']['_to']) {
- $mailto = explode('?', $_SESSION['compose']['param']['_to']);
+ if ($_SESSION['compose']['param']['to']) {
+ $mailto = explode('?', $_SESSION['compose']['param']['to']);
if (count($mailto) > 1) {
- $_SESSION['compose']['param']['_to'] = $mailto[0];
+ $_SESSION['compose']['param']['to'] = $mailto[0];
parse_str($mailto[1], $query);
foreach ($query as $f => $val)
- $_SESSION['compose']['param']["_$f"] = $val;
+ $_SESSION['compose']['param'][$f] = $val;
+ }
+ }
+
+ // pipe compose parameters thru plugins
+ $plugin = $RCMAIL->plugins->exec_hook('message_compose', $_SESSION['compose']);
+ $_SESSION['compose']['param'] = $plugin['param'];
+
+ // add attachments listed by message_compose hook
+ if (is_array($plugin['attachments'])) {
+ foreach ($plugin['attachments'] as $attach) {
+ // we have structured data
+ if (is_array($attach)) {
+ $attachment = $attach;
+ }
+ // only a file path is given
+ else {
+ $filename = basename($attach);
+ $attachment = array(
+ 'name' => $filename,
+ 'mimetype' => rc_mime_content_type($attach, $filename),
+ 'path' => $attach
+ );
+ }
+
+ // save attachment if valid
+ if (($attachment['data'] && $attachment['name']) || ($attachment['path'] && file_exists($attachment['path']))) {
+ $attachment = rcmail::get_instance()->plugins->exec_hook('save_attachment', $attachment);
+ }
+
+ if ($attachment['status'] && !$attachment['abort']) {
+ unset($attachment['data'], $attachment['status'], $attachment['abort']);
+ $_SESSION['compose']['attachments'][$attachment['id']] = $attachment;
+ }
}
}
// redirect to a unique URL with all parameters stored in session
$OUTPUT->redirect(array('_action' => 'compose', '_id' => $_SESSION['compose']['id']));
}
+
// add some labels to client
$OUTPUT->add_label('nosubject', 'nosenderwarning', 'norecipientwarning', 'nosubjectwarning',
@@ -71,13 +105,13 @@
$OUTPUT->set_env('mailbox', $IMAP->get_mailbox_name());
// get reference message and set compose mode
-if ($msg_uid = $_SESSION['compose']['param']['_reply_uid'])
+if ($msg_uid = $_SESSION['compose']['param']['reply_uid'])
$compose_mode = RCUBE_COMPOSE_REPLY;
-else if ($msg_uid = $_SESSION['compose']['param']['_forward_uid'])
+else if ($msg_uid = $_SESSION['compose']['param']['forward_uid'])
$compose_mode = RCUBE_COMPOSE_FORWARD;
-else if ($msg_uid = $_SESSION['compose']['param']['_uid'])
+else if ($msg_uid = $_SESSION['compose']['param']['uid'])
$compose_mode = RCUBE_COMPOSE_EDIT;
-else if ($msg_uid = $_SESSION['compose']['param']['_draft_uid']) {
+else if ($msg_uid = $_SESSION['compose']['param']['draft_uid']) {
$RCMAIL->imap->set_mailbox($CONFIG['drafts_mbox']);
$compose_mode = RCUBE_COMPOSE_DRAFT;
}
@@ -98,7 +132,7 @@
$_SESSION['compose']['reply_msgid'] = $MESSAGE->headers->messageID;
$_SESSION['compose']['references'] = trim($MESSAGE->headers->references . " " . $MESSAGE->headers->messageID);
- if (!empty($_SESSION['compose']['param']['_all']))
+ if (!empty($_SESSION['compose']['param']['all']))
$MESSAGE->reply_all = 1;
}
else if ($compose_mode == RCUBE_COMPOSE_DRAFT)
@@ -138,23 +172,23 @@
case 'to':
$fname = '_to';
- $header = 'to';
+ $header = $param = 'to';
// we have a set of recipients stored is session
- if (($mailto_id = $_SESSION['compose']['param']['_mailto']) && $_SESSION['mailto'][$mailto_id])
+ if (($mailto_id = $_SESSION['compose']['param']['mailto']) && $_SESSION['mailto'][$mailto_id])
$fvalue = urldecode($_SESSION['mailto'][$mailto_id]);
case 'cc':
if (!$fname)
{
$fname = '_cc';
- $header = 'cc';
+ $header = $param = 'cc';
}
case 'bcc':
if (!$fname)
{
$fname = '_bcc';
- $header = 'bcc';
+ $header = $param = 'bcc';
}
$allow_attrib = array('id', 'class', 'style', 'cols', 'rows', 'tabindex');
@@ -164,17 +198,19 @@
case 'replyto':
case 'reply-to':
$fname = '_replyto';
+ $param = 'replyto';
$allow_attrib = array('id', 'class', 'style', 'size', 'tabindex');
$field_type = 'html_inputfield';
break;
}
- if ($fname && !empty($_POST[$fname]))
+ if ($fname && !empty($_POST[$fname])) {
$fvalue = get_input_value($fname, RCUBE_INPUT_POST, TRUE);
- else if ($fname && !$fvalue && !empty($_SESSION['compose']['param'][$fname]))
- $fvalue = $_SESSION['compose']['param'][$fname];
- else if ($header && $compose_mode == RCUBE_COMPOSE_REPLY)
- {
+ }
+ else if ($fname && !$fvalue && !empty($_SESSION['compose']['param'][$param])) {
+ $fvalue = $_SESSION['compose']['param'][$param];
+ }
+ else if ($header && $compose_mode == RCUBE_COMPOSE_REPLY) {
// get recipent address(es) out of the message headers
if ($header=='to' && !empty($MESSAGE->headers->replyto))
$fvalue = $MESSAGE->headers->replyto;
@@ -298,7 +334,7 @@
$select_from->add(format_email_recipient($sql_arr['email'], $sql_arr['name']), $identity_id);
// add signature to array
- if (!empty($sql_arr['signature']) && empty($_SESSION['compose']['param']['_nosig']))
+ if (!empty($sql_arr['signature']) && empty($_SESSION['compose']['param']['nosig']))
{
$a_signatures[$identity_id]['text'] = $sql_arr['signature'];
$a_signatures[$identity_id]['is_html'] = ($sql_arr['html_signature'] == 1) ? true : false;
@@ -357,7 +393,7 @@
$attrib['name'] = '_message';
- if ($CONFIG['htmleditor'] || (($compose_mode == RCUBE_COMPOSE_DRAFT || $compose_mode == RCUBE_COMPOSE_EDIT) && $MESSAGE->first_html_part()))
+ if ($CONFIG['htmleditor'] || (($compose_mode == RCUBE_COMPOSE_DRAFT || $compose_mode == RCUBE_COMPOSE_EDIT) && $MESSAGE->has_html_part()))
$isHtml = true;
else
$isHtml = false;
@@ -368,6 +404,11 @@
if (!empty($_POST['_message']))
{
$body = get_input_value('_message', RCUBE_INPUT_POST, true);
+ }
+ else if ($_SESSION['compose']['param']['body'])
+ {
+ $body = $_SESSION['compose']['param']['body'];
+ $isHtml = false;
}
else if ($compose_mode)
{
@@ -381,7 +422,7 @@
$body = $MESSAGE->first_text_part();
$isHtml = false;
}
-
+
// compose reply-body
if ($compose_mode == RCUBE_COMPOSE_REPLY)
$body = rcmail_create_reply_body($body, $isHtml);
@@ -392,9 +433,9 @@
else if ($compose_mode == RCUBE_COMPOSE_DRAFT || $compose_mode == RCUBE_COMPOSE_EDIT)
$body = rcmail_create_draft_body($body, $isHtml);
}
- else if (!empty($_SESSION['compose']['param']['_body']))
+ else if (!empty($_SESSION['compose']['param']['body']))
{
- $body = $_SESSION['compose']['param']['_body'];
+ $body = $_SESSION['compose']['param']['body'];
}
$out = $form_start ? "$form_start\n" : '';
@@ -674,7 +715,7 @@
$attachment = rcmail::get_instance()->plugins->exec_hook('save_attachment', $attachment);
if ($attachment['status']) {
- unset($attachment['data'], $attachment['status'], $attachment['content_id']);
+ unset($attachment['data'], $attachment['status'], $attachment['content_id'], $attachment['abort']);
return $attachment;
} else if ($path) {
@unlink($path);
@@ -719,8 +760,8 @@
else if ($compose_mode == RCUBE_COMPOSE_DRAFT || $compose_mode == RCUBE_COMPOSE_EDIT) {
$subject = $MESSAGE->subject;
}
- else if (!empty($_SESSION['compose']['param']['_subject'])) {
- $subject = $_SESSION['compose']['param']['_subject'];
+ else if (!empty($_SESSION['compose']['param']['subject'])) {
+ $subject = $_SESSION['compose']['param']['subject'];
}
$out = $form_start ? "$form_start\n" : '';
@@ -782,13 +823,20 @@
// add ID if not given
if (!$attrib['id'])
$attrib['id'] = 'rcmUploadbox';
+
+ // find max filesize value
+ $max_filesize = parse_bytes(ini_get('upload_max_filesize'));
+ $max_postsize = parse_bytes(ini_get('post_max_size'));
+ if ($max_postsize && $max_postsize < $max_filesize)
+ $max_filesize = $max_postsize;
+ $max_filesize = show_bytes($max_filesize);
$button = new html_inputfield(array('type' => 'button', 'class' => 'button'));
$out = html::div($attrib,
$OUTPUT->form_tag(array('name' => 'form', 'method' => 'post', 'enctype' => 'multipart/form-data'),
html::div(null, rcmail_compose_attachment_field(array())) .
- html::div('hint', rcube_label(array('name' => 'maxuploadsize', 'vars' => array('size' => show_bytes(parse_bytes(ini_get('upload_max_filesize'))))))) .
+ html::div('hint', rcube_label(array('name' => 'maxuploadsize', 'vars' => array('size' => $max_filesize)))) .
html::div('buttons',
$button->show(rcube_label('close'), array('onclick' => "document.getElementById('$attrib[id]').style.visibility='hidden'")) . ' ' .
$button->show(rcube_label('upload'), array('onclick' => JS_OBJECT_NAME . ".command('send-attachment', this.form)"))
@@ -870,10 +918,11 @@
global $CONFIG, $MESSAGE, $compose_mode;
// determine whether HTML or plain text should be checked
- $useHtml = $CONFIG['htmleditor'] ? true : false;
-
if ($compose_mode)
- $useHtml = ($useHtml && $MESSAGE->has_html_part());
+ $useHtml = (($CONFIG['htmleditor'] || $compose_mode == RCUBE_COMPOSE_DRAFT || $compose_mode == RCUBE_COMPOSE_EDIT)
+ && $MESSAGE->has_html_part());
+ else
+ $useHtml = $CONFIG['htmleditor'] ? true : false;
if (empty($attrib['editorid']))
$attrib['editorid'] = 'rcmComposeBody';
--
Gitblit v1.9.1