Minimize chance of race condition in session handling (#1485659, #1484678)

svncommit

2009-05-12 617b4f699f2e47991c50e05528b1f9ecbc3c3d9c

 program/steps/mail/compose.inc

@@ -5,7 +5,7 @@
 | program/steps/mail/compose.inc                                        |
 |                                                                       |
 | This file is part of the RoundCube Webmail client                     |
 | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland                 |
 | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                 |
 | Licensed under the GNU GPL                                            |
 |                                                                       |
 | PURPOSE:                                                              |
@@ -23,34 +23,6 @@
define('RCUBE_COMPOSE_REPLY', 0x0106);
define('RCUBE_COMPOSE_FORWARD', 0x0107);
define('RCUBE_COMPOSE_DRAFT', 0x0108);


// remove an attachment
if ($RCMAIL->action=='remove-attachment' && preg_match('/^rcmfile([0-9]+)$/', $_POST['_file'], $regs))
{
  $id = $regs[1];
  if (is_array($_SESSION['compose']['attachments'][$id]))
  {
    @unlink($_SESSION['compose']['attachments'][$id]['path']);
    unset($_SESSION['compose']['attachments'][$id]);
    $OUTPUT->command('remove_from_attachment_list', "rcmfile$id");
    $OUTPUT->send();
  }
  exit;
}

if ($RCMAIL->action=='display-attachment' && preg_match('/^rcmfile([0-9]+)$/', $_GET['_file'], $regs))
{
  $id = $regs[1];
  if (is_array($_SESSION['compose']['attachments'][$id]))
  {
    $apath = $_SESSION['compose']['attachments'][$id]['path'];
    header('Content-Type: ' . $_SESSION['compose']['attachments'][$id]['mimetype']);
    header('Content-Length: ' . filesize($apath));
    readfile($apath);
  }
  exit;
}

$MESSAGE_FORM = NULL;
$MESSAGE = NULL;
@@ -81,7 +53,9 @@
}

// add some labels to client
$OUTPUT->add_label('nosubject', 'nosenderwarning', 'norecipientwarning', 'nosubjectwarning', 'nobodywarning', 'notsentwarning', 'savingmessage', 'sendingmessage', 'messagesaved', 'converting');
$OUTPUT->add_label('nosubject', 'nosenderwarning', 'norecipientwarning', 'nosubjectwarning',
    'nobodywarning', 'notsentwarning', 'savingmessage', 'sendingmessage', 'messagesaved',
    'converting', 'editorwarning', 'searching');

// add config parameters to client script
if (!empty($CONFIG['drafts_mbox'])) {
@@ -96,8 +70,10 @@
  $compose_mode = RCUBE_COMPOSE_REPLY;
else if ($msg_uid = $_SESSION['compose']['param']['_forward_uid'])
  $compose_mode = RCUBE_COMPOSE_FORWARD;
else if ($msg_uid = $_SESSION['compose']['param']['_draft_uid'])
else if ($msg_uid = $_SESSION['compose']['param']['_draft_uid']) {
  $RCMAIL->imap->set_mailbox($CONFIG['drafts_mbox']);
  $compose_mode = RCUBE_COMPOSE_DRAFT;
}

if (!empty($msg_uid))
{
@@ -217,10 +193,10 @@
      foreach ($to_addresses as $addr_part)
      {
        if (!empty($addr_part['mailto'])
       && !in_array($addr_part['mailto'], $sa_recipients)
       && (!$MESSAGE->compose_from
      || !in_array($addr_part['mailto'], $MESSAGE->compose_from)
      || count($to_addresses)==1)) // allow reply to yourself
            && !in_array($addr_part['mailto'], $sa_recipients)
            && (!$MESSAGE->compose_from
                || !in_array_nocase($addr_part['mailto'], $MESSAGE->compose_from)
                || (count($to_addresses)==1 && $header=='to'))) // allow reply to yourself
        {
          $fvalue .= (strlen($fvalue) ? ', ':'').$addr_part['string'];
          $sa_recipients[] = $addr_part['mailto'];
@@ -314,15 +290,14 @@
      $select_from->add(format_email_recipient($sql_arr['email'], $sql_arr['name']), $identity_id);

      // add signature to array
      if (!empty($sql_arr['signature']))
      if (!empty($sql_arr['signature']) && empty($_SESSION['compose']['param']['_nosig']))
      {
        $a_signatures[$identity_id]['text'] = $sql_arr['signature'];
        $a_signatures[$identity_id]['is_html'] = ($sql_arr['html_signature'] == 1) ? true : false;
        if ($a_signatures[$identity_id]['is_html'])
        {
            $h2t = new html2text($a_signatures[$identity_id]['text'], false, false);
            $plainTextPart = $h2t->get_text();
            $a_signatures[$identity_id]['plain_text'] = trim(html_entity_decode($plainTextPart, ENT_NOQUOTES, 'UTF-8'));
            $a_signatures[$identity_id]['plain_text'] = trim($h2t->get_text());
        }
      }

@@ -388,7 +363,7 @@
  }
  else if ($compose_mode)
  {
    if ($isHtml && $MESSAGE->has_html_part())
    if (($isHtml || $compose_mode == RCUBE_COMPOSE_DRAFT) && $MESSAGE->has_html_part())
    {
      $body = $MESSAGE->first_html_part();
      $isHtml = true;
@@ -408,29 +383,11 @@
    // load draft message body
    else if ($compose_mode == RCUBE_COMPOSE_DRAFT)
      $body = rcmail_create_draft_body($body, $isHtml);

    if ($isHtml) {
      // replace cid with href in inline images links
      foreach ((array)$_SESSION['compose']['attachments'] as $pid => $attachment) {
        if ($attachment['content_id']) {
     $body = str_replace('cid:'. $attachment['content_id'], 
       $OUTPUT->app->comm_path.'&_action=display-attachment&_file=rcmfile'.$pid, $body);
        }
      }
    }
  }
  else if (!empty($_SESSION['compose']['param']['_body']))
  {
    $body = $_SESSION['compose']['param']['_body'];
  }

  $lang = $tinylang = strtolower(substr($_SESSION['language'], 0, 2));
  if (!file_exists(INSTALL_PATH . 'program/js/tiny_mce/langs/'.$tinylang.'.js'))
    $tinylang = 'en'; 

  $OUTPUT->include_script('tiny_mce/tiny_mce.js');
  $OUTPUT->include_script("editor.js");
  $OUTPUT->add_script('rcmail_editor_init("$__skin_path", "'.JQ($tinylang).'", '.intval($CONFIG['enable_spellcheck']).');');

  $out = $form_start ? "$form_start\n" : '';

@@ -449,8 +406,14 @@
  $out .= $textarea->show($body);
  $out .= $form_end ? "\n$form_end" : '';

  // include HTML editor
  rcube_html_editor();
  
  // include GoogieSpell
  if (!empty($CONFIG['enable_spellcheck'])) {

    $lang = strtolower(substr($_SESSION['language'], 0, 2));
  
    $spellcheck_langs = (array)$RCMAIL->config->get('spellcheck_languages', array('da'=>'Dansk', 'de'=>'Deutsch', 'en' => 'English', 'es'=>'Español', 'fr'=>'Français', 'it'=>'Italiano', 'nl'=>'Nederlands', 'pl'=>'Polski', 'pt'=>'Português', 'fi'=>'Suomi', 'sv'=>'Svenska'));
    if (!$spellcheck_langs[$lang])
      $lang = 'en';
@@ -458,7 +421,7 @@
    $editor_lang_set = array();
    foreach ($spellcheck_langs as $key => $name) {
      $editor_lang_set[] = ($key == $lang ? '+' : '') . JQ($name).'='.JQ($key);
    }
      }
    
    $OUTPUT->include_script('googiespell.js');
    $OUTPUT->add_script(sprintf(
@@ -470,6 +433,7 @@
      "googie.lang_no_error_found = \"%s\";\n".
      "googie.setLanguages(%s);\n".
      "googie.setCurrentLanguage('%s');\n".
      "googie.setSpellContainer('spellcheck-control');\n".
      "googie.decorateTextarea('%s');\n".
      "%s.set_env('spellcheck', googie);",
      $RCMAIL->comm_path,
@@ -499,45 +463,55 @@

  if (! $bodyIsHtml)
  {
    // soft-wrap message first
    $body = rcmail_wrap_quoted($body, 75);
  
    // split body into single lines
    $a_lines = preg_split('/\r?\n/', $body);
  
    // add > to each line
    for($n=0; $n<sizeof($a_lines); $n++)
    {
      if (strpos($a_lines[$n], '>')===0)
        $a_lines[$n] = '>'.$a_lines[$n];
      else
        $a_lines[$n] = '> '.$a_lines[$n];
    }
 
    $body = join("\n", $a_lines);

    // add title line
    $prefix = sprintf("On %s, %s wrote:\n",
      $MESSAGE->headers->date,
      $MESSAGE->get_header('from'));

    // try to remove the signature
    if ($sp = strrpos($body, '-- '))
    if (($sp = strrpos($body, '-- ')) !== false && ($sp == 0 || $body{$sp-1} == "\n"))
      {
      if ($body{$sp+3}==' ' || $body{$sp+3}=="\n" || $body{$sp+3}=="\r")
        $body = substr($body, 0, $sp-1);
        $body = substr($body, 0, max(0, $sp-1));
      }

    // soft-wrap message first
    $body = rcmail_wrap_quoted($body, 75);

    $body = rtrim($body, "\r\n");

    if ($body) {
      // split body into single lines
      $a_lines = preg_split('/\r?\n/', $body);

      // add > to each line
      for($n=0; $n<sizeof($a_lines); $n++) {
        if (strpos($a_lines[$n], '>')===0)
          $a_lines[$n] = '>'.$a_lines[$n];
        else
          $a_lines[$n] = '> '.$a_lines[$n];
        }
 
      $body = join("\n", $a_lines);
      }

    // add title line(s)
    $prefix = rc_wordwrap(sprintf("On %s, %s wrote:\n",
      $MESSAGE->headers->date,
      $MESSAGE->get_header('from')), 76);

    $suffix = '';
  }
  else
  {
    // save inline images to files
    $cid_map = rcmail_write_inline_attachments($MESSAGE);
    // set is_safe flag (we need this for html body washing)
    rcmail_check_safe($MESSAGE);
    // clean up html tags
    $body = rcmail_wash_html($body, array('safe' => $MESSAGE->is_safe), $cid_map);

    // build reply (quote content)
    $prefix = sprintf("On %s, %s wrote:<br />\n",
      $MESSAGE->headers->date,
      htmlspecialchars(Q($MESSAGE->get_header('from'), 'replace'), ENT_COMPAT, $OUTPUT->get_charset()));
    $prefix .= '<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px; width:100%">';
    $suffix = "</blockquote>";

    rcmail_write_inline_attachments($MESSAGE);
    $suffix = "</blockquote><p></p>";
  }

  return $prefix.$body.$suffix;
@@ -547,6 +521,10 @@
function rcmail_create_forward_body($body, $bodyIsHtml)
{
  global $IMAP, $MESSAGE, $OUTPUT;

  // add attachments
  if (!isset($_SESSION['compose']['forward_attachments']) && is_array($MESSAGE->mime_parts))
    $cid_map = rcmail_write_compose_attachments($MESSAGE, $bodyIsHtml);

  if (!$bodyIsHtml)
  {
@@ -561,6 +539,11 @@
  }
  else
  {
    // set is_safe flag (we need this for html body washing)
    rcmail_check_safe($MESSAGE);
    // clean up html tags
    $body = rcmail_wash_html($body, array('safe' => $MESSAGE->is_safe), $cid_map);

    $prefix = sprintf(
      "<br><br>-------- Original Message --------" .
        "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tbody>" .
@@ -579,10 +562,6 @@

    $prefix .= "</tbody></table><br>";
  }

  // add attachments
  if (!isset($_SESSION['compose']['forward_attachments']) && is_array($MESSAGE->mime_parts))
    rcmail_write_compose_attachments($MESSAGE, $bodyIsHtml);
    
  return $prefix.$body;
}
@@ -590,7 +569,7 @@

function rcmail_create_draft_body($body, $bodyIsHtml)
{
  global $MESSAGE;
  global $MESSAGE, $OUTPUT;
  
  /**
   * add attachments
@@ -599,61 +578,79 @@
  if (!isset($_SESSION['compose']['forward_attachments'])
      && is_array($MESSAGE->mime_parts)
      && count($MESSAGE->mime_parts) > 0)
    rcmail_write_compose_attachments($MESSAGE, $bodyIsHtml);
  {
    $cid_map = rcmail_write_compose_attachments($MESSAGE, $bodyIsHtml);

    // replace cid with href in inline images links
    if ($cid_map)
      $body = str_replace(array_keys($cid_map), array_values($cid_map), $body);
  }
  
  return $body;
}
  
  
function rcmail_write_compose_attachments(&$message, $bodyIsHtml)
{
  global $OUTPUT;
  
  $cid_map = array();
  foreach ((array)$message->mime_parts as $pid => $part)
  {
    if (($part->ctype_primary != 'message' || !$bodyIsHtml) &&
        ($part->disposition=='attachment' || $part->disposition=='inline' || $part->headers['content-id']
   || (empty($part->disposition) && $part->filename)))
         || (empty($part->disposition) && $part->filename)))
    {
      if ($attachment = rcmail_save_attachment($message, $pid))
        $_SESSION['compose']['attachments'][] = $attachment;
      if ($attachment = rcmail_save_attachment($message, $pid)) {
        $_SESSION['compose']['attachments'][$attachment['id']] = $attachment;
        if ($bodyIsHtml && $part->filename && $part->content_id) {
          $cid_map['cid:'.$part->content_id] = $OUTPUT->app->comm_path.'&_action=display-attachment&_file=rcmfile'.$attachment['id'];
        }
      }
    }
  }
	

  $_SESSION['compose']['forward_attachments'] = true;

  return $cid_map;
}


function rcmail_write_inline_attachments(&$message)
{
  foreach ((array)$message->mime_parts as $pid => $part)
  {
    if ($part->content_id && $part->filename)
    {
      if ($attachment = rcmail_save_attachment($message, $pid))
        $_SESSION['compose']['attachments'][] = $attachment;
  global $OUTPUT;

  $cid_map = array();
  foreach ((array)$message->mime_parts as $pid => $part) {
    if ($part->content_id && $part->filename) {
      if ($attachment = rcmail_save_attachment($message, $pid)) {
        $_SESSION['compose']['attachments'][$attachment['id']] = $attachment;
        $cid_map['cid:'.$part->content_id] = $OUTPUT->app->comm_path.'&_action=display-attachment&_file=rcmfile'.$attachment['id'];
      }
    }
  }
  
  return $cid_map;
}

function rcmail_save_attachment(&$message, $pid)
{
  global $RCMAIL;

  $temp_dir = unslashify($RCMAIL->config->get('temp_dir'));
  $tmp_path = tempnam($temp_dir, 'rcmAttmnt');
  $part = $message->mime_parts[$pid];
  
  if ($fp = fopen($tmp_path, 'w'))
  {
    $message->get_part_content($pid, $fp);
    fclose($fp);

    return array(
        'mimetype' => $part->ctype_primary . '/' . $part->ctype_secondary,
        'name' => $part->filename,
        'path' => $tmp_path,
   'content_id' => $part->content_id
    );
  $attachment = array(
    'name' => $part->filename,
    'mimetype' => $part->ctype_primary . '/' . $part->ctype_secondary,
    'content_id' => $part->content_id,
    'data' => $message->get_part_content($pid),
  );
  
  $attachment = rcmail::get_instance()->plugins->exec_hook('save_attachment', $attachment);
  if ($attachment['status']) {
    unset($attachment['data'], $attachment['status']);
    return $attachment;
  }

  return false;
}


@@ -676,14 +673,14 @@
  }
  // create a reply-subject
  else if ($compose_mode == RCUBE_COMPOSE_REPLY) {
    if (eregi('^re:', $MESSAGE->subject))
    if (preg_match('/^re:/i', $MESSAGE->subject))
      $subject = $MESSAGE->subject;
    else
      $subject = 'Re: '.$MESSAGE->subject;
  }
  // create a forward-subject
  else if ($compose_mode == RCUBE_COMPOSE_FORWARD) {
    if (eregi('^fwd:', $MESSAGE->subject))
    if (preg_match('/^fwd:/i', $MESSAGE->subject))
      $subject = $MESSAGE->subject;
    else
      $subject = 'Fwd: '.$MESSAGE->subject;
@@ -719,8 +716,8 @@
    if ($attrib['deleteicon'])
      $button = html::img(array(
        'src' => $CONFIG['skin_path'] . $attrib['deleteicon'],
        'alt' => rcube_label('delete'),
        'style' => "padding-right:2px;vertical-align:middle"));
        'alt' => rcube_label('delete')
   ));
    else
      $button = Q(rcube_label('delete'));

@@ -733,7 +730,7 @@
        html::a(array(
            'href' => "#delete",
            'title' => rcube_label('delete'),
            'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%d', this)", JS_OBJECT_NAME, $id)),
            'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%s', this)", JS_OBJECT_NAME, $id)),
          $button) . Q($a_prop['name']));
    }
  }
@@ -796,7 +793,12 @@
                       rcube_label('highest')),
                 array(5, 4, 0, 2, 1));
                 
  $sel = isset($_POST['_priority']) ? $_POST['_priority'] : intval($MESSAGE->headers->priority);
  if (isset($_POST['_priority']))
    $sel = $_POST['_priority'];
  else if (intval($MESSAGE->headers->priority) != 3)
    $sel = intval($MESSAGE->headers->priority);
  else
    $sel = 0;

  $out = $form_start ? "$form_start\n" : '';
  $out .= $selector->show($sel);
@@ -833,20 +835,27 @@
{
  global $CONFIG, $MESSAGE, $compose_mode;

  $choices = array(
    'html'  => 'htmltoggle',
    'plain' => 'plaintoggle'
  );

  // determine whether HTML or plain text should be checked
  $useHtml = $CONFIG['htmleditor'] ? true : false;

  if ($compose_mode)
    $useHtml = ($useHtml && $MESSAGE->has_html_part());

  $selector = '';
  $chosenvalue = $useHtml ? 'html' : 'plain';
  $radio = new html_radiobutton(array('name' => '_editorSelect', 'onclick' => 'return rcmail_toggle_editor(this)'));
  if (empty($attrib['editorid']))
    $attrib['editorid'] = 'rcmComposeMessage';

  if (empty($attrib['name']))
    $attrib['name'] = 'editorSelect';
    
    $attrib['onchange'] = "return rcmail_toggle_editor(this.value=='html', '".$attrib['editorid']."', '_is_html')";

  $select = new html_select($attrib);

  $select->add(Q(rcube_label('htmltoggle')), 'html');
  $select->add(Q(rcube_label('plaintoggle')), 'plain');

  return $select->show($useHtml ? 'html' : 'plain');

  foreach ($choices as $value => $text)
  {
    $attrib['id'] = '_' . $value;
@@ -905,54 +914,6 @@
  'receiptcheckbox' => 'rcmail_receipt_checkbox',
  'storetarget' => 'rcmail_store_target_selection',
));

/****** get contacts for this user and add them to client scripts ********/

$CONTACTS = new rcube_contacts($DB, $USER->ID);
$CONTACTS->set_pagesize(1000);

$a_contacts = array(); 
                                   
if ($result = $CONTACTS->list_records())
  {
  while ($sql_arr = $result->iterate())
    if ($sql_arr['email'])
      $a_contacts[] = format_email_recipient($sql_arr['email'], $sql_arr['name']);
  }
if (!empty($CONFIG['ldap_public']) && is_array($CONFIG['ldap_public']))
  {
  /* LDAP autocompletion */ 
  foreach ($CONFIG['ldap_public'] as $ldapserv_config) 
    { 
    if ($ldapserv_config['fuzzy_search'] != 1 || 
        $ldapserv_config['global_search'] != 1)
      { 
      continue; 
      }
	 
    $LDAP = new rcube_ldap($ldapserv_config); 
    $LDAP->connect(); 
    $LDAP->set_pagesize(1000);
  
    $results = $LDAP->search($ldapserv_config['mail_field'], ""); 
 
    for ($i = 0; $i < $results->count; $i++) 
      { 
      if ($results->records[$i]['email'] != '') 
        { 
        $email = $results->records[$i]['email']; 
        $name = $results->records[$i]['name']; 
 		 
        $a_contacts[] = format_email_recipient($email, $name);
        } 
      }
    $LDAP->close(); 
    }
  }
if ($a_contacts) 
  { 
    $OUTPUT->set_env('contacts', $a_contacts); 
  }

$OUTPUT->send('compose');