From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/steps/mail/compose.inc | 807 ++++++++++++++++++++++++++++++++++-----------------------
1 files changed, 477 insertions(+), 330 deletions(-)
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index b2cd584..2e12b0f 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -5,7 +5,7 @@
| program/steps/mail/compose.inc |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2009, The Roundcube Dev Team |
+ | Copyright (C) 2005-2011, The Roundcube Dev Team |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
@@ -25,50 +25,60 @@
define('RCUBE_COMPOSE_DRAFT', 0x0108);
define('RCUBE_COMPOSE_EDIT', 0x0109);
-$MESSAGE_FORM = NULL;
-$MESSAGE = NULL;
+$MESSAGE_FORM = null;
+$MESSAGE = null;
+$COMPOSE_ID = get_input_value('_id', RCUBE_INPUT_GET);
+$COMPOSE = null;
+
+if ($COMPOSE_ID && $_SESSION['compose_data_'.$COMPOSE_ID])
+ $COMPOSE =& $_SESSION['compose_data_'.$COMPOSE_ID];
+
+// give replicated session storage some time to synchronize
+$retries = 0;
+while ($COMPOSE_ID && !is_array($COMPOSE) && $RCMAIL->db->is_replicated() && $retries++ < 5) {
+ usleep(500000);
+ $RCMAIL->session->reload();
+ if ($_SESSION['compose_data_'.$COMPOSE_ID])
+ $COMPOSE =& $_SESSION['compose_data_'.$COMPOSE_ID];
+}
// Nothing below is called during message composition, only at "new/forward/reply/draft" initialization or
// if a compose-ID is given (i.e. when the compose step is opened in a new window/tab).
-// Since there are many ways to leave the compose page improperly, it seems necessary to clean-up an old
-// compose when a "new/forward/reply/draft" is called - otherwise the old session attachments will appear
-
-$MESSAGE_ID = get_input_value('_id', RCUBE_INPUT_GET);
-if (!is_array($_SESSION['compose']) || $_SESSION['compose']['id'] != $MESSAGE_ID)
+if (!is_array($COMPOSE))
{
- rcmail_compose_cleanup();
-
// Infinite redirect prevention in case of broken session (#1487028)
- if ($MESSAGE_ID)
+ if ($COMPOSE_ID)
raise_error(array('code' => 500, 'type' => 'php',
'file' => __FILE__, 'line' => __LINE__,
- 'message' => "Invalid session"), true, true);
+ 'message' => "Invalid compose ID"), true, true);
- $_SESSION['compose'] = array(
- 'id' => uniqid(mt_rand()),
- 'param' => request2param(RCUBE_INPUT_GET),
+ $COMPOSE_ID = uniqid(mt_rand());
+ $_SESSION['compose_data_'.$COMPOSE_ID] = array(
+ 'id' => $COMPOSE_ID,
+ 'param' => request2param(RCUBE_INPUT_GET),
'mailbox' => $IMAP->get_mailbox_name(),
);
-
+ $COMPOSE =& $_SESSION['compose_data_'.$COMPOSE_ID];
+
// process values like "mailto:foo@bar.com?subject=new+message&cc=another"
- if ($_SESSION['compose']['param']['to']) {
+ if ($COMPOSE['param']['to']) {
// #1486037: remove "mailto:" prefix
- $_SESSION['compose']['param']['to'] = preg_replace('/^mailto:/i', '', $_SESSION['compose']['param']['to']);
- $mailto = explode('?', $_SESSION['compose']['param']['to']);
+ $COMPOSE['param']['to'] = preg_replace('/^mailto:/i', '', $COMPOSE['param']['to']);
+ $mailto = explode('?', $COMPOSE['param']['to']);
if (count($mailto) > 1) {
- $_SESSION['compose']['param']['to'] = $mailto[0];
+ $COMPOSE['param']['to'] = $mailto[0];
parse_str($mailto[1], $query);
foreach ($query as $f => $val)
- $_SESSION['compose']['param'][$f] = $val;
+ $COMPOSE['param'][$f] = $val;
}
}
-
+
// select folder where to save the sent message
- $_SESSION['compose']['param']['sent_mbox'] = $RCMAIL->config->get('sent_mbox');
-
+ $COMPOSE['param']['sent_mbox'] = $RCMAIL->config->get('sent_mbox');
+
// pipe compose parameters thru plugins
- $plugin = $RCMAIL->plugins->exec_hook('message_compose', $_SESSION['compose']);
- $_SESSION['compose']['param'] = array_merge($_SESSION['compose']['param'], $plugin['param']);
+ $plugin = $RCMAIL->plugins->exec_hook('message_compose', $COMPOSE);
+ $COMPOSE['param'] = array_merge($COMPOSE['param'], $plugin['param']);
// add attachments listed by message_compose hook
if (is_array($plugin['attachments'])) {
@@ -81,39 +91,42 @@
else {
$filename = basename($attach);
$attachment = array(
+ 'group' => $COMPOSE_ID,
'name' => $filename,
'mimetype' => rc_mime_content_type($attach, $filename),
- 'path' => $attach
+ 'path' => $attach,
);
}
-
+
// save attachment if valid
if (($attachment['data'] && $attachment['name']) || ($attachment['path'] && file_exists($attachment['path']))) {
$attachment = rcmail::get_instance()->plugins->exec_hook('attachment_save', $attachment);
}
-
+
if ($attachment['status'] && !$attachment['abort']) {
unset($attachment['data'], $attachment['status'], $attachment['abort']);
- $_SESSION['compose']['attachments'][$attachment['id']] = $attachment;
+ $COMPOSE['attachments'][$attachment['id']] = $attachment;
}
}
}
// check if folder for saving sent messages exists and is subscribed (#1486802)
- if ($sent_folder = $_SESSION['compose']['param']['sent_mbox']) {
+ if ($sent_folder = $COMPOSE['param']['sent_mbox']) {
rcmail_check_sent_folder($sent_folder, true);
}
// redirect to a unique URL with all parameters stored in session
- $OUTPUT->redirect(array('_action' => 'compose', '_id' => $_SESSION['compose']['id']));
+ $OUTPUT->redirect(array('_action' => 'compose', '_id' => $COMPOSE['id']));
}
// add some labels to client
$OUTPUT->add_label('nosubject', 'nosenderwarning', 'norecipientwarning', 'nosubjectwarning', 'cancel',
'nobodywarning', 'notsentwarning', 'notuploadedwarning', 'savingmessage', 'sendingmessage',
- 'messagesaved', 'converting', 'editorwarning', 'searching', 'uploading', 'fileuploaderror',
- 'autocompletechars');
+ 'messagesaved', 'converting', 'editorwarning', 'searching', 'uploading', 'uploadingmany',
+ 'fileuploaderror', 'sendmessage');
+
+$OUTPUT->set_env('compose_id', $COMPOSE['id']);
// add config parameters to client script
if (!empty($CONFIG['drafts_mbox'])) {
@@ -122,21 +135,24 @@
}
// set current mailbox in client environment
$OUTPUT->set_env('mailbox', $IMAP->get_mailbox_name());
-$OUTPUT->set_env('sig_above', $CONFIG['sig_above']);
-$OUTPUT->set_env('top_posting', $CONFIG['top_posting']);
-$OUTPUT->set_env('autocomplete_min_length', $CONFIG['autocomplete_min_length']);
+$OUTPUT->set_env('sig_above', $RCMAIL->config->get('sig_above', false));
+$OUTPUT->set_env('top_posting', $RCMAIL->config->get('top_posting', false));
+$OUTPUT->set_env('recipients_separator', trim($RCMAIL->config->get('recipients_separator', ',')));
+
+// use jquery UI for showing prompt() dialogs
+$RCMAIL->plugins->load_plugin('jqueryui');
// get reference message and set compose mode
-if ($msg_uid = $_SESSION['compose']['param']['reply_uid'])
- $compose_mode = RCUBE_COMPOSE_REPLY;
-else if ($msg_uid = $_SESSION['compose']['param']['forward_uid'])
- $compose_mode = RCUBE_COMPOSE_FORWARD;
-else if ($msg_uid = $_SESSION['compose']['param']['uid'])
- $compose_mode = RCUBE_COMPOSE_EDIT;
-else if ($msg_uid = $_SESSION['compose']['param']['draft_uid']) {
+if ($msg_uid = $COMPOSE['param']['draft_uid']) {
$RCMAIL->imap->set_mailbox($CONFIG['drafts_mbox']);
$compose_mode = RCUBE_COMPOSE_DRAFT;
}
+else if ($msg_uid = $COMPOSE['param']['reply_uid'])
+ $compose_mode = RCUBE_COMPOSE_REPLY;
+else if ($msg_uid = $COMPOSE['param']['forward_uid'])
+ $compose_mode = RCUBE_COMPOSE_FORWARD;
+else if ($msg_uid = $COMPOSE['param']['uid'])
+ $compose_mode = RCUBE_COMPOSE_EDIT;
$config_show_sig = $RCMAIL->config->get('show_sig', 1);
if ($config_show_sig == 1)
@@ -157,30 +173,30 @@
// re-set 'prefer_html' to have possibility to use html part for compose
$CONFIG['prefer_html'] = $CONFIG['prefer_html'] || $CONFIG['htmleditor'] || $compose_mode == RCUBE_COMPOSE_DRAFT || $compose_mode == RCUBE_COMPOSE_EDIT;
$MESSAGE = new rcube_message($msg_uid);
-
+
// make sure message is marked as read
- if ($MESSAGE && $MESSAGE->headers && !$MESSAGE->headers->seen)
+ if ($MESSAGE && $MESSAGE->headers && empty($MESSAGE->headers->flags['SEEN']))
$IMAP->set_flag($msg_uid, 'SEEN');
if (!empty($MESSAGE->headers->charset))
$IMAP->set_charset($MESSAGE->headers->charset);
-
+
if ($compose_mode == RCUBE_COMPOSE_REPLY)
{
- $_SESSION['compose']['reply_uid'] = $msg_uid;
- $_SESSION['compose']['reply_msgid'] = $MESSAGE->headers->messageID;
- $_SESSION['compose']['references'] = trim($MESSAGE->headers->references . " " . $MESSAGE->headers->messageID);
+ $COMPOSE['reply_uid'] = $msg_uid;
+ $COMPOSE['reply_msgid'] = $MESSAGE->headers->messageID;
+ $COMPOSE['references'] = trim($MESSAGE->headers->references . " " . $MESSAGE->headers->messageID);
- if (!empty($_SESSION['compose']['param']['all']))
- $MESSAGE->reply_all = $_SESSION['compose']['param']['all'];
+ if (!empty($COMPOSE['param']['all']))
+ $MESSAGE->reply_all = $COMPOSE['param']['all'];
$OUTPUT->set_env('compose_mode', 'reply');
// Save the sent message in the same folder of the message being replied to
- if ($RCMAIL->config->get('reply_same_folder') && ($sent_folder = $_SESSION['compose']['mailbox'])
+ if ($RCMAIL->config->get('reply_same_folder') && ($sent_folder = $COMPOSE['mailbox'])
&& rcmail_check_sent_folder($sent_folder, false)
) {
- $_SESSION['compose']['param']['sent_mbox'] = $sent_folder;
+ $COMPOSE['param']['sent_mbox'] = $sent_folder;
}
}
else if ($compose_mode == RCUBE_COMPOSE_DRAFT)
@@ -191,31 +207,245 @@
$info = rcmail_draftinfo_decode($MESSAGE->headers->others['x-draft-info']);
if ($info['type'] == 'reply')
- $_SESSION['compose']['reply_uid'] = $info['uid'];
+ $COMPOSE['reply_uid'] = $info['uid'];
else if ($info['type'] == 'forward')
- $_SESSION['compose']['forward_uid'] = $info['uid'];
+ $COMPOSE['forward_uid'] = $info['uid'];
- $_SESSION['compose']['mailbox'] = $info['folder'];
+ $COMPOSE['mailbox'] = $info['folder'];
// Save the sent message in the same folder of the message being replied to
if ($RCMAIL->config->get('reply_same_folder') && ($sent_folder = $info['folder'])
&& rcmail_check_sent_folder($sent_folder, false)
) {
- $_SESSION['compose']['param']['sent_mbox'] = $sent_folder;
+ $COMPOSE['param']['sent_mbox'] = $sent_folder;
}
}
if ($MESSAGE->headers->in_reply_to)
- $_SESSION['compose']['reply_msgid'] = '<'.$MESSAGE->headers->in_reply_to.'>';
+ $COMPOSE['reply_msgid'] = '<'.$MESSAGE->headers->in_reply_to.'>';
- $_SESSION['compose']['references'] = $MESSAGE->headers->references;
+ $COMPOSE['references'] = $MESSAGE->headers->references;
}
else if ($compose_mode == RCUBE_COMPOSE_FORWARD)
{
- $_SESSION['compose']['forward_uid'] = $msg_uid;
+ $COMPOSE['forward_uid'] = $msg_uid;
$OUTPUT->set_env('compose_mode', 'forward');
+
+ if (!empty($COMPOSE['param']['attachment']))
+ $MESSAGE->forward_attachment = true;
}
}
+
+$MESSAGE->compose = array();
+
+// get user's identities
+$MESSAGE->identities = $USER->list_identities();
+if (count($MESSAGE->identities))
+{
+ foreach ($MESSAGE->identities as $idx => $ident) {
+ $ident['email'] = format_email($ident['email']);
+ $email = format_email(rcube_idn_to_utf8($ident['email']));
+
+ $MESSAGE->identities[$idx]['email_ascii'] = $ident['email'];
+ $MESSAGE->identities[$idx]['ident'] = format_email_recipient($ident['email'], $ident['name']);
+ $MESSAGE->identities[$idx]['email'] = $email;
+ }
+}
+
+// Set From field value
+if (!empty($_POST['_from'])) {
+ $MESSAGE->compose['from'] = get_input_value('_from', RCUBE_INPUT_POST);
+}
+else if (!empty($COMPOSE['param']['from'])) {
+ $MESSAGE->compose['from'] = $COMPOSE['param']['from'];
+}
+else if (count($MESSAGE->identities)) {
+ $a_recipients = array();
+ $a_names = array();
+
+ // extract all recipients of the reply-message
+ if (is_object($MESSAGE->headers) && in_array($compose_mode, array(RCUBE_COMPOSE_REPLY, RCUBE_COMPOSE_FORWARD)))
+ {
+ $a_to = $IMAP->decode_address_list($MESSAGE->headers->to);
+ foreach ($a_to as $addr) {
+ if (!empty($addr['mailto'])) {
+ $a_recipients[] = format_email($addr['mailto']);
+ $a_names[] = $addr['name'];
+ }
+ }
+
+ if (!empty($MESSAGE->headers->cc)) {
+ $a_cc = $IMAP->decode_address_list($MESSAGE->headers->cc);
+ foreach ($a_cc as $addr) {
+ if (!empty($addr['mailto'])) {
+ $a_recipients[] = format_email($addr['mailto']);
+ $a_names[] = $addr['name'];
+ }
+ }
+ }
+ }
+
+ $from_idx = null;
+ $default_identity = null;
+ $return_path = $MESSAGE->headers->others['return-path'];
+
+ // Select identity
+ foreach ($MESSAGE->identities as $idx => $ident) {
+ // save default identity ID
+ if ($ident['standard']) {
+ $default_identity = $idx;
+ }
+
+ // use From header
+ if (in_array($compose_mode, array(RCUBE_COMPOSE_DRAFT, RCUBE_COMPOSE_EDIT))) {
+ if ($MESSAGE->headers->from == $ident['ident']) {
+ $from_idx = $idx;
+ break;
+ }
+ }
+ // reply to yourself
+ else if ($compose_mode == RCUBE_COMPOSE_REPLY && $MESSAGE->headers->from == $ident['ident']) {
+ $from_idx = $idx;
+ break;
+ }
+ // use replied message recipients
+ else if (($found = array_search($ident['email_ascii'], $a_recipients)) !== false) {
+ // match identity name, prefer default identity
+ if ($from_idx === null || ($a_names[$found] && $ident['name'] && $a_names[$found] == $ident['name'])) {
+ $from_idx = $idx;
+ }
+ }
+ }
+
+ // Fallback using Return-Path
+ if ($from_idx === null && $return_path) {
+ foreach ($MESSAGE->identities as $idx => $ident) {
+ if (strpos($return_path, str_replace('@', '=', $ident['email_ascii']).'@') !== false) {
+ $from_idx = $idx;
+ break;
+ }
+ }
+ }
+
+ // Still no ID, use default/first identity
+ if ($from_idx === null) {
+ $from_idx = $default_identity !== null ? $default_identity : key(reset($MESSAGE->identities));
+ }
+
+ $ident = $MESSAGE->identities[$from_idx];
+ $from_id = $ident['identity_id'];
+
+ $MESSAGE->compose['from_email'] = $ident['email'];
+ $MESSAGE->compose['from'] = $from_id;
+}
+
+// Set other headers
+$a_recipients = array();
+$parts = array('to', 'cc', 'bcc', 'replyto', 'followupto');
+$separator = trim($RCMAIL->config->get('recipients_separator', ',')) . ' ';
+
+foreach ($parts as $header) {
+ $fvalue = '';
+ $decode_header = true;
+
+ // we have a set of recipients stored is session
+ if ($header == 'to' && ($mailto_id = $COMPOSE['param']['mailto'])
+ && $_SESSION['mailto'][$mailto_id]
+ ) {
+ $fvalue = urldecode($_SESSION['mailto'][$mailto_id]);
+ $decode_header = false;
+
+ // make session to not grow up too much
+ unset($_SESSION['mailto'][$mailto_id]);
+ $COMPOSE['param']['to'] = $fvalue;
+ }
+ else if (!empty($_POST['_'.$header])) {
+ $fvalue = get_input_value('_'.$header, RCUBE_INPUT_POST, TRUE);
+ }
+ else if (!empty($COMPOSE['param'][$header])) {
+ $fvalue = $COMPOSE['param'][$header];
+ }
+ else if ($compose_mode == RCUBE_COMPOSE_REPLY) {
+ // get recipent address(es) out of the message headers
+ if ($header == 'to') {
+ $mailfollowup = $MESSAGE->headers->others['mail-followup-to'];
+ $mailreplyto = $MESSAGE->headers->others['mail-reply-to'];
+
+ // Reply to mailing list...
+ if ($MESSAGE->reply_all == 'list' && $mailfollowup)
+ $fvalue = $mailfollowup;
+ else if ($MESSAGE->reply_all == 'list'
+ && preg_match('/<mailto:([^>]+)>/i', $MESSAGE->headers->others['list-post'], $m))
+ $fvalue = $m[1];
+ // Reply to...
+ else if ($MESSAGE->reply_all && $mailfollowup)
+ $fvalue = $mailfollowup;
+ else if ($mailreplyto)
+ $fvalue = $mailreplyto;
+ else if (!empty($MESSAGE->headers->replyto))
+ $fvalue = $MESSAGE->headers->replyto;
+ else if (!empty($MESSAGE->headers->from))
+ $fvalue = $MESSAGE->headers->from;
+
+ // Reply to message sent by yourself (#1487074)
+ if (!empty($ident) && $fvalue == $ident['ident']) {
+ $fvalue = $MESSAGE->headers->to;
+ }
+ }
+ // add recipient of original message if reply to all
+ else if ($header == 'cc' && !empty($MESSAGE->reply_all) && $MESSAGE->reply_all != 'list') {
+ if ($v = $MESSAGE->headers->to)
+ $fvalue .= $v;
+ if ($v = $MESSAGE->headers->cc)
+ $fvalue .= (!empty($fvalue) ? $separator : '') . $v;
+ }
+ }
+ else if (in_array($compose_mode, array(RCUBE_COMPOSE_DRAFT, RCUBE_COMPOSE_EDIT))) {
+ // get drafted headers
+ if ($header=='to' && !empty($MESSAGE->headers->to))
+ $fvalue = $MESSAGE->get_header('to');
+ else if ($header=='cc' && !empty($MESSAGE->headers->cc))
+ $fvalue = $MESSAGE->get_header('cc');
+ else if ($header=='bcc' && !empty($MESSAGE->headers->bcc))
+ $fvalue = $MESSAGE->get_header('bcc');
+ else if ($header=='replyto' && !empty($MESSAGE->headers->others['mail-reply-to']))
+ $fvalue = $MESSAGE->get_header('mail-reply-to');
+ else if ($header=='replyto' && !empty($MESSAGE->headers->replyto))
+ $fvalue = $MESSAGE->get_header('reply-to');
+ else if ($header=='followupto' && !empty($MESSAGE->headers->others['mail-followup-to']))
+ $fvalue = $MESSAGE->get_header('mail-followup-to');
+ }
+
+ // split recipients and put them back together in a unique way
+ if (!empty($fvalue) && in_array($header, array('to', 'cc', 'bcc'))) {
+ $to_addresses = $IMAP->decode_address_list($fvalue, null, $decode_header);
+ $fvalue = array();
+
+ foreach ($to_addresses as $addr_part) {
+ if (empty($addr_part['mailto']))
+ continue;
+
+ $mailto = format_email(rcube_idn_to_utf8($addr_part['mailto']));
+
+ if (!in_array($mailto, $a_recipients)
+ && ($header == 'to' || empty($MESSAGE->compose['from_email']) || $mailto != $MESSAGE->compose['from_email'])
+ ) {
+ if ($addr_part['name'] && $addr_part['mailto'] != $addr_part['name'])
+ $string = format_email_recipient($mailto, $addr_part['name']);
+ else
+ $string = $mailto;
+
+ $fvalue[] = $string;
+ $a_recipients[] = $addr_part['mailto'];
+ }
+ }
+
+ $fvalue = implode($separator, $fvalue);
+ }
+
+ $MESSAGE->compose[$header] = $fvalue;
+}
+unset($a_recipients);
// process $MESSAGE body/attachments, set $MESSAGE_BODY/$HTML_MODE vars and some session data
$MESSAGE_BODY = rcmail_prepare_message_body();
@@ -225,12 +455,11 @@
function rcmail_compose_headers($attrib)
{
- global $IMAP, $MESSAGE, $DB, $compose_mode;
- static $sa_recipients = array();
+ global $MESSAGE;
list($form_start, $form_end) = get_form_tags($attrib);
- $out = '';
+ $out = '';
$part = strtolower($attrib['part']);
switch ($part)
@@ -239,23 +468,10 @@
return $form_start . rcmail_compose_header_from($attrib);
case 'to':
- $fname = '_to';
- $header = $param = 'to';
-
- // we have a set of recipients stored is session
- if (($mailto_id = $_SESSION['compose']['param']['mailto']) && $_SESSION['mailto'][$mailto_id])
- $fvalue = urldecode($_SESSION['mailto'][$mailto_id]);
-
case 'cc':
- if (!$fname) {
- $fname = '_cc';
- $header = $param = 'cc';
- }
case 'bcc':
- if (!$fname) {
- $fname = '_bcc';
- $header = $param = 'bcc';
- }
+ $fname = '_' . $part;
+ $header = $param = $part;
$allow_attrib = array('id', 'class', 'style', 'cols', 'rows', 'tabindex');
$field_type = 'html_textarea';
@@ -280,96 +496,6 @@
break;
}
- if ($fname && !empty($_POST[$fname])) {
- $fvalue = get_input_value($fname, RCUBE_INPUT_POST, TRUE);
- }
- else if ($fname && !$fvalue && !empty($_SESSION['compose']['param'][$param])) {
- $fvalue = $_SESSION['compose']['param'][$param];
- }
- else if ($header && $compose_mode == RCUBE_COMPOSE_REPLY) {
- // get recipent address(es) out of the message headers
- if ($header == 'to') {
- $mailfollowup = $MESSAGE->headers->others['mail-followup-to'];
- $mailreplyto = $MESSAGE->headers->others['mail-reply-to'];
-
- if ($MESSAGE->reply_all == 'list' && $mailfollowup)
- $fvalue = $mailfollowup;
- else if ($MESSAGE->reply_all == 'list'
- && preg_match('/<mailto:([^>]+)>/i', $MESSAGE->headers->others['list-post'], $m))
- $fvalue = $m[1];
- else if ($mailreplyto)
- $fvalue = $mailreplyto;
- else if (!empty($MESSAGE->headers->replyto))
- $fvalue = $MESSAGE->headers->replyto;
- else if (!empty($MESSAGE->headers->from))
- $fvalue = $MESSAGE->headers->from;
- }
- // add recipent of original message if reply to all
- else if ($header == 'cc' && !empty($MESSAGE->reply_all) && $MESSAGE->reply_all != 'list') {
- if ($v = $MESSAGE->headers->to)
- $fvalue .= $v;
- if ($v = $MESSAGE->headers->cc)
- $fvalue .= (!empty($fvalue) ? ', ' : '') . $v;
- }
-
- // split recipients and put them back together in a unique way
- if (!empty($fvalue)) {
- $to_addresses = $IMAP->decode_address_list($fvalue);
- $fvalue = '';
-
- foreach ($to_addresses as $addr_part) {
- if (empty($addr_part['mailto']))
- continue;
-
- $mailto = idn_to_utf8($addr_part['mailto']);
-
- if (!in_array($mailto, $sa_recipients)
- && (!$MESSAGE->compose_from
- || !in_array_nocase($mailto, $MESSAGE->compose_from)
- || (count($to_addresses)==1 && $header=='to')) // allow reply to yourself
- ) {
- if ($addr_part['name'] && $addr_part['mailto'] != $addr_part['name'])
- $string = format_email_recipient($mailto, $addr_part['name']);
- else
- $string = $mailto;
- $fvalue .= (strlen($fvalue) ? ', ':'') . $string;
- $sa_recipients[] = $addr_part['mailto'];
- }
- }
- }
- }
- else if ($header && in_array($compose_mode, array(RCUBE_COMPOSE_DRAFT, RCUBE_COMPOSE_EDIT))) {
- // get drafted headers
- if ($header=='to' && !empty($MESSAGE->headers->to))
- $fvalue = $MESSAGE->get_header('to');
- else if ($header=='cc' && !empty($MESSAGE->headers->cc))
- $fvalue = $MESSAGE->get_header('cc');
- else if ($header=='bcc' && !empty($MESSAGE->headers->bcc))
- $fvalue = $MESSAGE->get_header('bcc');
- else if ($header=='reply-to' && !empty($MESSAGE->headers->others['mail-reply-to']))
- $fvalue = $MESSAGE->get_header('mail-reply-to');
- else if ($header=='reply-to' && !empty($MESSAGE->headers->replyto))
- $fvalue = $MESSAGE->get_header('reply-to');
- else if ($header=='mail-followup-to' && !empty($MESSAGE->headers->others['mail-followup-to']))
- $fvalue = $MESSAGE->get_header('mail-followup-to');
-
- $addresses = $IMAP->decode_address_list($fvalue);
- $fvalue = '';
-
- foreach ($addresses as $addr_part) {
- if (empty($addr_part['mailto']))
- continue;
-
- $mailto = idn_to_utf8($addr_part['mailto']);
-
- if ($addr_part['name'] && $addr_part['mailto'] != $addr_part['name'])
- $string = format_email_recipient($mailto, $addr_part['name']);
- else
- $string = $mailto;
- $fvalue .= (strlen($fvalue) ? ', ':'') . $string;
- }
- }
-
if ($fname && $field_type)
{
// pass the following attributes to the form class
@@ -380,11 +506,14 @@
// create teaxtarea object
$input = new $field_type($field_attrib);
- $out = $input->show($fvalue);
+ $out = $input->show($MESSAGE->compose[$param]);
}
-
+
if ($form_start)
$out = $form_start.$out;
+
+ // configure autocompletion
+ rcube_autocomplete_init();
return $out;
}
@@ -392,42 +521,15 @@
function rcmail_compose_header_from($attrib)
{
- global $IMAP, $MESSAGE, $DB, $USER, $OUTPUT, $compose_mode;
-
+ global $MESSAGE, $OUTPUT;
+
// pass the following attributes to the form class
$field_attrib = array('name' => '_from');
foreach ($attrib as $attr => $value)
if (in_array($attr, array('id', 'class', 'style', 'size', 'tabindex')))
$field_attrib[$attr] = $value;
- // extract all recipients of the reply-message
- $a_recipients = array();
- if ($compose_mode == RCUBE_COMPOSE_REPLY && is_object($MESSAGE->headers))
- {
- $MESSAGE->compose_from = array();
-
- $a_to = $IMAP->decode_address_list($MESSAGE->headers->to);
- foreach ($a_to as $addr)
- {
- if (!empty($addr['mailto']))
- $a_recipients[] = strtolower($addr['mailto']);
- }
-
- if (!empty($MESSAGE->headers->cc))
- {
- $a_cc = $IMAP->decode_address_list($MESSAGE->headers->cc);
- foreach ($a_cc as $addr)
- {
- if (!empty($addr['mailto']))
- $a_recipients[] = strtolower($addr['mailto']);
- }
- }
- }
-
- // get this user's identities
- $user_identities = $USER->list_identities();
-
- if (count($user_identities))
+ if (count($MESSAGE->identities))
{
$a_signatures = array();
@@ -435,14 +537,13 @@
$select_from = new html_select($field_attrib);
// create SELECT element
- foreach ($user_identities as $sql_arr)
+ foreach ($MESSAGE->identities as $sql_arr)
{
- $email = mb_strtolower(idn_to_utf8($sql_arr['email']));
$identity_id = $sql_arr['identity_id'];
- $select_from->add(format_email_recipient($email, $sql_arr['name']), $identity_id);
+ $select_from->add(format_email_recipient($sql_arr['email'], $sql_arr['name']), $identity_id);
// add signature to array
- if (!empty($sql_arr['signature']) && empty($_SESSION['compose']['param']['nosig']))
+ if (!empty($sql_arr['signature']) && empty($COMPOSE['param']['nosig']))
{
$a_signatures[$identity_id]['text'] = $sql_arr['signature'];
$a_signatures[$identity_id]['is_html'] = ($sql_arr['html_signature'] == 1) ? true : false;
@@ -452,43 +553,9 @@
$a_signatures[$identity_id]['plain_text'] = trim($h2t->get_text());
}
}
-
- if ($compose_mode == RCUBE_COMPOSE_REPLY && is_array($MESSAGE->compose_from))
- $MESSAGE->compose_from[] = $email;
}
- $from_id = 0;
-
- // overwrite identity selection with post parameter
- if (!empty($_POST['_from']))
- $from_id = get_input_value('_from', RCUBE_INPUT_POST);
- else if (!empty($_SESSION['compose']['param']['from']))
- $from_id = $_SESSION['compose']['param']['from'];
- else {
- $return_path = $MESSAGE->headers->others['return-path'];
-
- // Set identity
- foreach ($user_identities as $sql_arr) {
- // set draft's identity
- if ($compose_mode == RCUBE_COMPOSE_DRAFT || $compose_mode == RCUBE_COMPOSE_EDIT) {
- if ($MESSAGE->headers->from == format_email_recipient($sql_arr['email'], $sql_arr['name'])) {
- $from_id = $sql_arr['identity_id'];
- break;
- }
- }
- // set identity if it's one of the reply-message recipients (with prio for default identity)
- else if (in_array($sql_arr['email'], $a_recipients) && (empty($from_id) || $sql_arr['standard']))
- $from_id = $sql_arr['identity_id'];
- // set identity when replying to mailing list
- else if (strpos($return_path, str_replace('@', '=', $sql_arr['email']).'@') !== false)
- $from_id = $sql_arr['identity_id'];
-
- if ($from_id)
- break;
- }
- }
-
- $out = $select_from->show($from_id);
+ $out = $select_from->show($MESSAGE->compose['from']);
// add signatures to client
$OUTPUT->set_env('signatures', $a_signatures);
@@ -497,7 +564,7 @@
else {
$field_attrib['class'] = 'from_address';
$input_from = new html_inputfield($field_attrib);
- $out = $input_from->show($_POST['_from']);
+ $out = $input_from->show($MESSAGE->compose['from']);
}
return $out;
@@ -530,16 +597,23 @@
function rcmail_prepare_message_body()
{
- global $RCMAIL, $MESSAGE, $compose_mode, $LINE_LENGTH, $HTML_MODE;
+ global $RCMAIL, $MESSAGE, $COMPOSE, $compose_mode, $LINE_LENGTH, $HTML_MODE;
// use posted message body
if (!empty($_POST['_message'])) {
$body = get_input_value('_message', RCUBE_INPUT_POST, true);
$isHtml = (bool) get_input_value('_is_html', RCUBE_INPUT_POST);
}
- else if ($_SESSION['compose']['param']['body']) {
- $body = $_SESSION['compose']['param']['body'];
+ else if ($COMPOSE['param']['body']) {
+ $body = $COMPOSE['param']['body'];
$isHtml = false;
+ }
+ // forward as attachment
+ else if ($compose_mode == RCUBE_COMPOSE_FORWARD && $MESSAGE->forward_attachment) {
+ $isHtml = rcmail_compose_editor_mode();
+ $body = '';
+ if (empty($COMPOSE['attachments']))
+ rcmail_write_forward_attachment($MESSAGE);
}
// reply/edit/draft/forward
else if ($compose_mode) {
@@ -601,32 +675,32 @@
// add blocked.gif attachment (#1486516)
if ($isHtml && preg_match('#<img src="\./program/blocked\.gif"#', $body)) {
if ($attachment = rcmail_save_image('program/blocked.gif', 'image/gif')) {
- $_SESSION['compose']['attachments'][$attachment['id']] = $attachment;
+ $COMPOSE['attachments'][$attachment['id']] = $attachment;
$body = preg_replace('#\./program/blocked\.gif#',
- $RCMAIL->comm_path.'&_action=display-attachment&_file=rcmfile'.$attachment['id'],
+ $RCMAIL->comm_path.'&_action=display-attachment&_file=rcmfile'.$attachment['id'].'&_id='.$COMPOSE['id'],
$body);
}
}
-
+
$HTML_MODE = $isHtml;
-
+
return $body;
}
function rcmail_compose_body($attrib)
{
global $RCMAIL, $CONFIG, $OUTPUT, $MESSAGE, $compose_mode, $LINE_LENGTH, $HTML_MODE, $MESSAGE_BODY;
-
+
list($form_start, $form_end) = get_form_tags($attrib);
unset($attrib['form']);
-
+
if (empty($attrib['id']))
$attrib['id'] = 'rcmComposeBody';
$attrib['name'] = '_message';
$isHtml = $HTML_MODE;
-
+
$out = $form_start ? "$form_start\n" : '';
$saveid = new html_hiddenfield(array('name' => '_draft_saveid', 'value' => $compose_mode==RCUBE_COMPOSE_DRAFT ? str_replace(array('<','>'), "", $MESSAGE->headers->messageID) : ''));
@@ -642,7 +716,7 @@
if ($isHtml) {
$attrib['class'] = 'mce_editor';
$textarea = new html_textarea($attrib);
- $out .= $textarea->show($MESSAGE_BODY);
+ $out .= $textarea->show(htmlentities($MESSAGE_BODY, ENT_NOQUOTES, RCMAIL_CHARSET));
}
else {
$textarea = new html_textarea($attrib);
@@ -659,11 +733,11 @@
// include HTML editor
rcube_html_editor();
-
+
// include GoogieSpell
if (!empty($CONFIG['enable_spellcheck'])) {
-
- $engine = $RCMAIL->config->get('spellcheck_engine','googie');
+ $engine = $RCMAIL->config->get('spellcheck_engine','googie');
+ $dictionary = (bool) $RCMAIL->config->get('spellcheck_dictionary');
$spellcheck_langs = (array) $RCMAIL->config->get('spellcheck_languages',
array('da'=>'Dansk', 'de'=>'Deutsch', 'en' => 'English', 'es'=>'Español',
'fr'=>'Français', 'it'=>'Italiano', 'nl'=>'Nederlands', 'pl'=>'Polski',
@@ -693,25 +767,28 @@
foreach ($spellcheck_langs as $key => $name) {
$editor_lang_set[] = ($key == $lang ? '+' : '') . JQ($name).'='.JQ($key);
}
-
+
$OUTPUT->include_script('googiespell.js');
$OUTPUT->add_script(sprintf(
- "var googie = new GoogieSpell('\$__skin_path/images/googiespell/','?_task=utils&_action=spell&lang=');\n".
+ "var googie = new GoogieSpell('\$__skin_path/images/googiespell/','?_task=utils&_action=spell&lang=', %s);\n".
"googie.lang_chck_spell = \"%s\";\n".
"googie.lang_rsm_edt = \"%s\";\n".
"googie.lang_close = \"%s\";\n".
"googie.lang_revert = \"%s\";\n".
"googie.lang_no_error_found = \"%s\";\n".
+ "googie.lang_learn_word = \"%s\";\n".
"googie.setLanguages(%s);\n".
"googie.setCurrentLanguage('%s');\n".
"googie.setSpellContainer('spellcheck-control');\n".
"googie.decorateTextarea('%s');\n".
"%s.set_env('spellcheck', googie);",
+ !empty($dictionary) ? 'true' : 'false',
JQ(Q(rcube_label('checkspelling'))),
JQ(Q(rcube_label('resumeediting'))),
JQ(Q(rcube_label('close'))),
JQ(Q(rcube_label('revertto'))),
JQ(Q(rcube_label('nospellerrors'))),
+ JQ(Q(rcube_label('addtodict'))),
json_serialize($spellcheck_langs),
$lang,
$attrib['id'],
@@ -720,7 +797,7 @@
$OUTPUT->add_label('checking');
$OUTPUT->set_env('spellcheck_langs', join(',', $editor_lang_set));
}
-
+
$out .= "\n".'<iframe name="savetarget" src="program/blank.gif" style="width:0;height:0;border:none;visibility:hidden;"></iframe>';
return $out;
@@ -733,8 +810,13 @@
// build reply prefix
$from = array_pop($RCMAIL->imap->decode_address_list($MESSAGE->get_header('from'), 1, false));
- $prefix = sprintf("On %s, %s wrote:",
- $MESSAGE->headers->date, $from['name'] ? $from['name'] : idn_to_utf8($from['mailto']));
+ $prefix = rcube_label(array(
+ 'name' => 'mailreplyintro',
+ 'vars' => array(
+ 'date' => format_date($MESSAGE->headers->date, $RCMAIL->config->get('date_long')),
+ 'sender' => $from['name'] ? $from['name'] : rcube_idn_to_utf8($from['mailto']),
+ )
+ ));
if (!$bodyIsHtml) {
$body = preg_replace('/\r?\n/', "\n", $body);
@@ -779,24 +861,27 @@
function rcmail_create_forward_body($body, $bodyIsHtml)
{
- global $IMAP, $MESSAGE, $OUTPUT;
+ global $RCMAIL, $MESSAGE, $COMPOSE;
// add attachments
- if (!isset($_SESSION['compose']['forward_attachments']) && is_array($MESSAGE->mime_parts))
+ if (!isset($COMPOSE['forward_attachments']) && is_array($MESSAGE->mime_parts))
$cid_map = rcmail_write_compose_attachments($MESSAGE, $bodyIsHtml);
+
+ $date = format_date($MESSAGE->headers->date, $RCMAIL->config->get('date_long'));
+ $charset = $RCMAIL->output->get_charset();
if (!$bodyIsHtml)
{
- $prefix = "\n\n\n-------- Original Message --------\n";
- $prefix .= 'Subject: ' . $MESSAGE->subject . "\n";
- $prefix .= 'Date: ' . $MESSAGE->headers->date . "\n";
- $prefix .= 'From: ' . $MESSAGE->get_header('from') . "\n";
- $prefix .= 'To: ' . $MESSAGE->get_header('to') . "\n";
+ $prefix = "\n\n\n-------- " . rcube_label('originalmessage') . " --------\n";
+ $prefix .= rcube_label('subject') . ': ' . $MESSAGE->subject . "\n";
+ $prefix .= rcube_label('date') . ': ' . $date . "\n";
+ $prefix .= rcube_label('from') . ': ' . $MESSAGE->get_header('from') . "\n";
+ $prefix .= rcube_label('to') . ': ' . $MESSAGE->get_header('to') . "\n";
if ($MESSAGE->headers->cc)
- $prefix .= 'Cc: ' . $MESSAGE->get_header('cc') . "\n";
+ $prefix .= rcube_label('cc') . ': ' . $MESSAGE->get_header('cc') . "\n";
if ($MESSAGE->headers->replyto && $MESSAGE->headers->replyto != $MESSAGE->headers->from)
- $prefix .= 'Reply-To: ' . $MESSAGE->get_header('replyto') . "\n";
+ $prefix .= rcube_label('replyto') . ': ' . $MESSAGE->get_header('replyto') . "\n";
$prefix .= "\n";
}
@@ -808,41 +893,43 @@
$body = rcmail_wash_html($body, array('safe' => $MESSAGE->is_safe), $cid_map);
$prefix = sprintf(
- "<br /><p>-------- Original Message --------</p>" .
+ "<br /><p>-------- " . rcube_label('originalmessage') . " --------</p>" .
"<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tbody>" .
- "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">Subject: </th><td>%s</td></tr>" .
- "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">Date: </th><td>%s</td></tr>" .
- "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">From: </th><td>%s</td></tr>" .
- "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">To: </th><td>%s</td></tr>",
- Q($MESSAGE->subject),
- Q($MESSAGE->headers->date),
- htmlspecialchars(Q($MESSAGE->get_header('from'), 'replace'), ENT_COMPAT, $OUTPUT->get_charset()),
- htmlspecialchars(Q($MESSAGE->get_header('to'), 'replace'), ENT_COMPAT, $OUTPUT->get_charset()));
+ "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>" .
+ "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>" .
+ "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>" .
+ "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>",
+ rcube_label('subject'), Q($MESSAGE->subject),
+ rcube_label('date'), Q($date),
+ rcube_label('from'), Q($MESSAGE->get_header('from'), 'replace'),
+ rcube_label('to'), Q($MESSAGE->get_header('to'), 'replace'));
if ($MESSAGE->headers->cc)
- $prefix .= sprintf("<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">Cc: </th><td>%s</td></tr>",
- htmlspecialchars(Q($MESSAGE->get_header('cc'), 'replace'), ENT_COMPAT, $OUTPUT->get_charset()));
+ $prefix .= sprintf("<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>",
+ rcube_label('cc'),
+ Q($MESSAGE->get_header('cc'), 'replace'));
if ($MESSAGE->headers->replyto && $MESSAGE->headers->replyto != $MESSAGE->headers->from)
- $prefix .= sprintf("<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">Reply-To: </th><td>%s</td></tr>",
- htmlspecialchars(Q($MESSAGE->get_header('replyto'), 'replace'), ENT_COMPAT, $OUTPUT->get_charset()));
+ $prefix .= sprintf("<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>",
+ rcube_label('replyto'),
+ Q($MESSAGE->get_header('replyto'), 'replace'));
$prefix .= "</tbody></table><br>";
}
-
+
return $prefix.$body;
}
function rcmail_create_draft_body($body, $bodyIsHtml)
{
- global $MESSAGE, $OUTPUT;
-
+ global $MESSAGE, $OUTPUT, $COMPOSE;
+
/**
* add attachments
* sizeof($MESSAGE->mime_parts can be 1 - e.g. attachment, but no text!
*/
- if (empty($_SESSION['compose']['forward_attachments'])
+ if (empty($COMPOSE['forward_attachments'])
&& is_array($MESSAGE->mime_parts)
&& count($MESSAGE->mime_parts) > 0)
{
@@ -852,7 +939,7 @@
if ($cid_map)
$body = str_replace(array_keys($cid_map), array_values($cid_map), $body);
}
-
+
return $body;
}
@@ -880,7 +967,7 @@
function rcmail_write_compose_attachments(&$message, $bodyIsHtml)
{
- global $RCMAIL;
+ global $RCMAIL, $COMPOSE;
$cid_map = $messages = array();
foreach ((array)$message->mime_parts as $pid => $part)
@@ -902,9 +989,9 @@
}
if (!$skip && ($attachment = rcmail_save_attachment($message, $pid))) {
- $_SESSION['compose']['attachments'][$attachment['id']] = $attachment;
+ $COMPOSE['attachments'][$attachment['id']] = $attachment;
if ($bodyIsHtml && ($part->content_id || $part->content_location)) {
- $url = $RCMAIL->comm_path.'&_action=display-attachment&_file=rcmfile'.$attachment['id'];
+ $url = $RCMAIL->comm_path.'&_action=display-attachment&_file=rcmfile'.$attachment['id'].'&_id='.$COMPOSE['id'];
if ($part->content_id)
$cid_map['cid:'.$part->content_id] = $url;
else
@@ -914,7 +1001,7 @@
}
}
- $_SESSION['compose']['forward_attachments'] = true;
+ $COMPOSE['forward_attachments'] = true;
return $cid_map;
}
@@ -922,14 +1009,14 @@
function rcmail_write_inline_attachments(&$message)
{
- global $RCMAIL;
+ global $RCMAIL, $COMPOSE;
$cid_map = array();
foreach ((array)$message->mime_parts as $pid => $part) {
if (($part->content_id || $part->content_location) && $part->filename) {
if ($attachment = rcmail_save_attachment($message, $pid)) {
- $_SESSION['compose']['attachments'][$attachment['id']] = $attachment;
- $url = $RCMAIL->comm_path.'&_action=display-attachment&_file=rcmfile'.$attachment['id'];
+ $COMPOSE['attachments'][$attachment['id']] = $attachment;
+ $url = $RCMAIL->comm_path.'&_action=display-attachment&_file=rcmfile'.$attachment['id'].'&_id='.$COMPOSE['id'];
if ($part->content_id)
$cid_map['cid:'.$part->content_id] = $url;
else
@@ -941,8 +1028,63 @@
return $cid_map;
}
+// Creates an attachment from the forwarded message
+function rcmail_write_forward_attachment(&$message)
+{
+ global $RCMAIL, $COMPOSE;
+
+ if (strlen($message->subject)) {
+ $name = mb_substr($message->subject, 0, 64) . '.eml';
+ }
+ else {
+ $name = 'message_rfc822.eml';
+ }
+
+ $mem_limit = parse_bytes(ini_get('memory_limit'));
+ $curr_mem = function_exists('memory_get_usage') ? memory_get_usage() : 16*1024*1024; // safe value: 16MB
+ $data = $path = null;
+
+ // don't load too big attachments into memory
+ if ($mem_limit > 0 && $message->size > $mem_limit - $curr_mem) {
+ $temp_dir = unslashify($RCMAIL->config->get('temp_dir'));
+ $path = tempnam($temp_dir, 'rcmAttmnt');
+ if ($fp = fopen($path, 'w')) {
+ $RCMAIL->imap->get_raw_body($message->uid, $fp);
+ fclose($fp);
+ } else
+ return false;
+ } else {
+ $data = $RCMAIL->imap->get_raw_body($message->uid);
+ }
+
+ $attachment = array(
+ 'group' => $COMPOSE['id'],
+ 'name' => $name,
+ 'mimetype' => 'message/rfc822',
+ 'data' => $data,
+ 'path' => $path,
+ 'size' => $path ? filesize($path) : strlen($data),
+ );
+
+ $attachment = $RCMAIL->plugins->exec_hook('attachment_save', $attachment);
+
+ if ($attachment['status']) {
+ unset($attachment['data'], $attachment['status'], $attachment['content_id'], $attachment['abort']);
+ $COMPOSE['attachments'][$attachment['id']] = $attachment;
+ return true;
+ } else if ($path) {
+ @unlink($path);
+ }
+
+ return false;
+}
+
+
function rcmail_save_attachment(&$message, $pid)
{
+ global $COMPOSE;
+
+ $rcmail = rcmail::get_instance();
$part = $message->mime_parts[$pid];
$mem_limit = parse_bytes(ini_get('memory_limit'));
$curr_mem = function_exists('memory_get_usage') ? memory_get_usage() : 16*1024*1024; // safe value: 16MB
@@ -950,7 +1092,6 @@
// don't load too big attachments into memory
if ($mem_limit > 0 && $part->size > $mem_limit - $curr_mem) {
- $rcmail = rcmail::get_instance();
$temp_dir = unslashify($rcmail->config->get('temp_dir'));
$path = tempnam($temp_dir, 'rcmAttmnt');
if ($fp = fopen($path, 'w')) {
@@ -963,6 +1104,7 @@
}
$attachment = array(
+ 'group' => $COMPOSE['id'],
'name' => $part->filename ? $part->filename : 'Part_'.$pid.'.'.$part->ctype_secondary,
'mimetype' => $part->ctype_primary . '/' . $part->ctype_secondary,
'content_id' => $part->content_id,
@@ -971,7 +1113,7 @@
'size' => $path ? filesize($path) : strlen($data),
);
- $attachment = rcmail::get_instance()->plugins->exec_hook('attachment_save', $attachment);
+ $attachment = $rcmail->plugins->exec_hook('attachment_save', $attachment);
if ($attachment['status']) {
unset($attachment['data'], $attachment['status'], $attachment['content_id'], $attachment['abort']);
@@ -979,16 +1121,19 @@
} else if ($path) {
@unlink($path);
}
-
+
return false;
}
function rcmail_save_image($path, $mimetype='')
{
+ global $COMPOSE;
+
// handle attachments in memory
$data = file_get_contents($path);
$attachment = array(
+ 'group' => $COMPOSE['id'],
'name' => rcmail_basename($path),
'mimetype' => $mimetype ? $mimetype : rc_mime_content_type($path, $name),
'data' => $data,
@@ -1001,7 +1146,7 @@
unset($attachment['data'], $attachment['status'], $attachment['content_id'], $attachment['abort']);
return $attachment;
}
-
+
return false;
}
@@ -1017,11 +1162,11 @@
function rcmail_compose_subject($attrib)
{
- global $MESSAGE, $compose_mode;
-
+ global $MESSAGE, $COMPOSE, $compose_mode;
+
list($form_start, $form_end) = get_form_tags($attrib);
unset($attrib['form']);
-
+
$attrib['name'] = '_subject';
$attrib['spellcheck'] = 'true';
$textfield = new html_inputfield($attrib);
@@ -1050,10 +1195,10 @@
else if ($compose_mode == RCUBE_COMPOSE_DRAFT || $compose_mode == RCUBE_COMPOSE_EDIT) {
$subject = $MESSAGE->subject;
}
- else if (!empty($_SESSION['compose']['param']['subject'])) {
- $subject = $_SESSION['compose']['param']['subject'];
+ else if (!empty($COMPOSE['param']['subject'])) {
+ $subject = $COMPOSE['param']['subject'];
}
-
+
$out = $form_start ? "$form_start\n" : '';
$out .= $textfield->show($subject);
$out .= $form_end ? "\n$form_end" : '';
@@ -1064,17 +1209,16 @@
function rcmail_compose_attachment_list($attrib)
{
- global $OUTPUT, $CONFIG;
-
+ global $OUTPUT, $CONFIG, $COMPOSE;
+
// add ID if not given
if (!$attrib['id'])
$attrib['id'] = 'rcmAttachmentList';
-
+
$out = "\n";
$jslist = array();
- if (is_array($_SESSION['compose']['attachments']))
- {
+ if (is_array($COMPOSE['attachments'])) {
if ($attrib['deleteicon']) {
$button = html::img(array(
'src' => $CONFIG['skin_path'] . $attrib['deleteicon'],
@@ -1084,24 +1228,24 @@
else
$button = Q(rcube_label('delete'));
- foreach ($_SESSION['compose']['attachments'] as $id => $a_prop)
+ foreach ($COMPOSE['attachments'] as $id => $a_prop)
{
if (empty($a_prop))
continue;
-
+
$out .= html::tag('li', array('id' => 'rcmfile'.$id),
html::a(array(
'href' => "#delete",
'title' => rcube_label('delete'),
'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%s', this)", JS_OBJECT_NAME, $id)),
$button) . Q($a_prop['name']));
-
+
$jslist['rcmfile'.$id] = array('name' => $a_prop['name'], 'complete' => true, 'mimetype' => $a_prop['mimetype']);
}
}
if ($attrib['deleteicon'])
- $_SESSION['compose']['deleteicon'] = $CONFIG['skin_path'] . $attrib['deleteicon'];
+ $COMPOSE['deleteicon'] = $CONFIG['skin_path'] . $attrib['deleteicon'];
if ($attrib['cancelicon'])
$OUTPUT->set_env('cancelicon', $CONFIG['skin_path'] . $attrib['cancelicon']);
if ($attrib['loadingicon'])
@@ -1109,7 +1253,7 @@
$OUTPUT->set_env('attachments', $jslist);
$OUTPUT->add_gui_object('attachmentlist', $attrib['id']);
-
+
return html::tag('ul', $attrib, $out, html::$common_attrib);
}
@@ -1122,15 +1266,11 @@
if (!$attrib['id'])
$attrib['id'] = 'rcmUploadbox';
- // find max filesize value
- $max_filesize = parse_bytes(ini_get('upload_max_filesize'));
- $max_postsize = parse_bytes(ini_get('post_max_size'));
- if ($max_postsize && $max_postsize < $max_filesize)
- $max_filesize = $max_postsize;
- $max_filesize = show_bytes($max_filesize);
-
+ // Get filesize, enable upload progress bar
+ $max_filesize = rcube_upload_init();
+
$button = new html_inputfield(array('type' => 'button'));
-
+
$out = html::div($attrib,
$OUTPUT->form_tag(array('name' => 'uploadform', 'method' => 'post', 'enctype' => 'multipart/form-data'),
html::div(null, rcmail_compose_attachment_field(array('size' => $attrib['attachmentfieldsize']))) .
@@ -1141,7 +1281,7 @@
)
)
);
-
+
$OUTPUT->add_gui_object('uploadbox', $attrib['id']);
return $out;
}
@@ -1151,6 +1291,8 @@
{
$attrib['type'] = 'file';
$attrib['name'] = '_attachments[]';
+ $attrib['multiple'] = 'multiple';
+
$field = new html_inputfield($attrib);
return $field->show();
}
@@ -1159,7 +1301,7 @@
function rcmail_priority_selector($attrib)
{
global $MESSAGE;
-
+
list($form_start, $form_end) = get_form_tags($attrib);
unset($attrib['form']);
@@ -1196,7 +1338,7 @@
unset($attrib['form']);
if (!isset($attrib['id']))
- $attrib['id'] = 'receipt';
+ $attrib['id'] = 'receipt';
$attrib['name'] = '_receipt';
$attrib['value'] = '1';
@@ -1239,8 +1381,6 @@
function rcmail_editor_selector($attrib)
{
- global $CONFIG, $MESSAGE, $compose_mode;
-
// determine whether HTML or plain text should be checked
$useHtml = rcmail_compose_editor_mode();
@@ -1271,9 +1411,15 @@
function rcmail_store_target_selection($attrib)
{
+ global $COMPOSE;
+
$attrib['name'] = '_store_target';
- $select = rcmail_mailbox_select(array_merge($attrib, array('noselection' => '- '.rcube_label('dontsave').' -')));
- return $select->show($_SESSION['compose']['param']['sent_mbox'], $attrib);
+ $select = rcmail_mailbox_select(array_merge($attrib, array(
+ 'noselection' => '- '.rcube_label('dontsave').' -',
+ 'folder_filter' => 'mail',
+ 'folder_rights' => 'w',
+ )));
+ return $select->show($COMPOSE['param']['sent_mbox'], $attrib);
}
@@ -1299,13 +1445,14 @@
function get_form_tags($attrib)
{
- global $RCMAIL, $MESSAGE_FORM;
+ global $RCMAIL, $MESSAGE_FORM, $COMPOSE;
$form_start = '';
if (!$MESSAGE_FORM)
{
$hiddenfields = new html_hiddenfield(array('name' => '_task', 'value' => $RCMAIL->task));
$hiddenfields->add(array('name' => '_action', 'value' => 'send'));
+ $hiddenfields->add(array('name' => '_id', 'value' => $COMPOSE['id']));
$form_start = empty($attrib['form']) ? $RCMAIL->output->form_tag(array('name' => "form", 'method' => "post")) : '';
$form_start .= $hiddenfields->show();
--
Gitblit v1.9.1