Minimize chance of race condition in session handling (#1485659, #1484678)

svncommit

2009-05-12 617b4f699f2e47991c50e05528b1f9ecbc3c3d9c

 program/steps/mail/compose.inc

@@ -5,7 +5,7 @@
 | program/steps/mail/compose.inc                                        |
 |                                                                       |
 | This file is part of the RoundCube Webmail client                     |
 | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland                 |
 | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                 |
 | Licensed under the GNU GPL                                            |
 |                                                                       |
 | PURPOSE:                                                              |
@@ -23,34 +23,6 @@
define('RCUBE_COMPOSE_REPLY', 0x0106);
define('RCUBE_COMPOSE_FORWARD', 0x0107);
define('RCUBE_COMPOSE_DRAFT', 0x0108);


// remove an attachment
if ($RCMAIL->action=='remove-attachment' && preg_match('/^rcmfile([0-9]+)$/', $_POST['_file'], $regs))
{
  $id = $regs[1];
  if (is_array($_SESSION['compose']['attachments'][$id]))
  {
    @unlink($_SESSION['compose']['attachments'][$id]['path']);
    unset($_SESSION['compose']['attachments'][$id]);
    $OUTPUT->command('remove_from_attachment_list', "rcmfile$id");
    $OUTPUT->send();
    exit;
  }
}

if ($RCMAIL->action=='display-attachment' && preg_match('/^rcmfile([0-9]+)$/', $_GET['_file'], $regs))
{
  $id = $regs[1];
  if (is_array($_SESSION['compose']['attachments'][$id]))
  {
    $apath = $_SESSION['compose']['attachments'][$id]['path'];
    header('Content-Type: ' . $_SESSION['compose']['attachments'][$id]['mimetype']);
    header('Content-Length: ' . filesize($apath));
    readfile($apath);
  }
  exit;
}

$MESSAGE_FORM = NULL;
$MESSAGE = NULL;
@@ -81,19 +53,27 @@
}

// add some labels to client
rcube_add_label('nosubject', 'norecipientwarning', 'nosubjectwarning', 'nobodywarning', 'notsentwarning', 'savingmessage', 'sendingmessage', 'messagesaved', 'converting');
$OUTPUT->add_label('nosubject', 'nosenderwarning', 'norecipientwarning', 'nosubjectwarning',
    'nobodywarning', 'notsentwarning', 'savingmessage', 'sendingmessage', 'messagesaved',
    'converting', 'editorwarning', 'searching');

// add config parameter to client script
$OUTPUT->set_env('draft_autosave', !empty($CONFIG['drafts_mbox']) ? $CONFIG['draft_autosave'] : 0);

// add config parameters to client script
if (!empty($CONFIG['drafts_mbox'])) {
  $OUTPUT->set_env('drafts_mailbox', $CONFIG['drafts_mbox']);
  $OUTPUT->set_env('draft_autosave', $CONFIG['draft_autosave']);
}
// set current mailbox in client environment
$OUTPUT->set_env('mailbox', $IMAP->get_mailbox_name());

// get reference message and set compose mode
if ($msg_uid = $_SESSION['compose']['param']['_reply_uid'])
  $compose_mode = RCUBE_COMPOSE_REPLY;
else if ($msg_uid = $_SESSION['compose']['param']['_forward_uid'])
  $compose_mode = RCUBE_COMPOSE_FORWARD;
else if ($msg_uid = $_SESSION['compose']['param']['_draft_uid'])
else if ($msg_uid = $_SESSION['compose']['param']['_draft_uid']) {
  $RCMAIL->imap->set_mailbox($CONFIG['drafts_mbox']);
  $compose_mode = RCUBE_COMPOSE_DRAFT;
}

if (!empty($msg_uid))
{
@@ -213,10 +193,10 @@
      foreach ($to_addresses as $addr_part)
      {
        if (!empty($addr_part['mailto'])
       && !in_array($addr_part['mailto'], $sa_recipients)
       && (!$MESSAGE->compose_from
      || !in_array($addr_part['mailto'], $MESSAGE->compose_from)
      || count($to_addresses)==1)) // allow reply to yourself
            && !in_array($addr_part['mailto'], $sa_recipients)
            && (!$MESSAGE->compose_from
                || !in_array_nocase($addr_part['mailto'], $MESSAGE->compose_from)
                || (count($to_addresses)==1 && $header=='to'))) // allow reply to yourself
        {
          $fvalue .= (strlen($fvalue) ? ', ':'').$addr_part['string'];
          $sa_recipients[] = $addr_part['mailto'];
@@ -241,7 +221,7 @@
  if ($fname && $field_type)
  {
    // pass the following attributes to the form class
    $field_attrib = array('name' => $fname);
    $field_attrib = array('name' => $fname, 'spellcheck' => 'false');
    foreach ($attrib as $attr => $value)
      if (in_array($attr, $allow_attrib))
        $field_attrib[$attr] = $value;
@@ -279,7 +259,7 @@
    foreach ($a_to as $addr)
    {
      if (!empty($addr['mailto']))
        $a_recipients[] = $addr['mailto'];
        $a_recipients[] = rc_strtolower($addr['mailto']);
    }

    if (!empty($MESSAGE->headers->cc))
@@ -288,7 +268,7 @@
      foreach ($a_cc as $addr)
      {
        if (!empty($addr['mailto']))
          $a_recipients[] = $addr['mailto'];
          $a_recipients[] = rc_strtolower($addr['mailto']);
      }
    }
  }
@@ -310,31 +290,33 @@
      $select_from->add(format_email_recipient($sql_arr['email'], $sql_arr['name']), $identity_id);

      // add signature to array
      if (!empty($sql_arr['signature']))
      if (!empty($sql_arr['signature']) && empty($_SESSION['compose']['param']['_nosig']))
      {
        $a_signatures[$identity_id]['text'] = $sql_arr['signature'];
        $a_signatures[$identity_id]['is_html'] = ($sql_arr['html_signature'] == 1) ? true : false;
        if ($a_signatures[$identity_id]['is_html'])
        {
            $h2t = new html2text($a_signatures[$identity_id]['text'], false, false);
            $plainTextPart = $h2t->get_text();
            $a_signatures[$identity_id]['plain_text'] = trim(html_entity_decode($plainTextPart, ENT_NOQUOTES, 'UTF-8'));
            $a_signatures[$identity_id]['plain_text'] = trim($h2t->get_text());
        }
      }

      // set identity if it's one of the reply-message recipients
      if (in_array($sql_arr['email'], $a_recipients))
        $from_id = $sql_arr['identity_id'];

      if ($compose_mode == RCUBE_COMPOSE_REPLY && is_array($MESSAGE->compose_from))
        $MESSAGE->compose_from[] = $sql_arr['email'];

      if ($compose_mode == RCUBE_COMPOSE_DRAFT && strstr($MESSAGE->headers->from, $sql_arr['email']))
        $from_id = $sql_arr['identity_id'];
      if (empty($_POST['_from']))
      {
        // set draft's identity
        if ($compose_mode == RCUBE_COMPOSE_DRAFT && strstr($MESSAGE->headers->from, $sql_arr['email']))
          $from_id = $sql_arr['identity_id'];
        // set identity if it's one of the reply-message recipients (with prio for default identity)
        else if (in_array(rc_strtolower($sql_arr['email']), $a_recipients) && (empty($from_id) || $sql_arr['standard']))
          $from_id = $sql_arr['identity_id'];
      }
    }

    // overwrite identity selection with post parameter
    if (isset($_POST['_from']))
    if (!empty($_POST['_from']))
      $from_id = get_input_value('_from', RCUBE_INPUT_POST);

    $out = $select_from->show($from_id);
@@ -381,7 +363,7 @@
  }
  else if ($compose_mode)
  {
    if ($isHtml && $MESSAGE->has_html_part())
    if (($isHtml || $compose_mode == RCUBE_COMPOSE_DRAFT) && $MESSAGE->has_html_part())
    {
      $body = $MESSAGE->first_html_part();
      $isHtml = true;
@@ -407,14 +389,6 @@
    $body = $_SESSION['compose']['param']['_body'];
  }

  $lang = $tinylang = strtolower(substr($_SESSION['language'], 0, 2));
  if (!file_exists(INSTALL_PATH . 'program/js/tiny_mce/langs/'.$tinylang.'.js'))
    $tinylang = 'en'; 

  $OUTPUT->include_script('tiny_mce/tiny_mce.js');
  $OUTPUT->include_script("editor.js");
  $OUTPUT->add_script('rcmail_editor_init("$__skin_path", "'.JQ($tinylang).'", '.intval($CONFIG['enable_spellcheck']).');');

  $out = $form_start ? "$form_start\n" : '';

  $saveid = new html_hiddenfield(array('name' => '_draft_saveid', 'value' => $compose_mode==RCUBE_COMPOSE_DRAFT ? str_replace(array('<','>'), "", $MESSAGE->headers->messageID) : ''));
@@ -426,14 +400,20 @@
  $msgtype = new html_hiddenfield(array('name' => '_is_html', 'value' => ($isHtml?"1":"0")));
  $out .= $msgtype->show();

  // If desired, set this text area to be editable by TinyMCE
  if ($isHtml) $attrib['class'] = "mce_editor";
  // If desired, set this textarea to be editable by TinyMCE
  if ($isHtml) $attrib['class'] = 'mce_editor';
  $textarea = new html_textarea($attrib);
  $out .= $textarea->show($body);
  $out .= $form_end ? "\n$form_end" : '';

  // include HTML editor
  rcube_html_editor();
  
  // include GoogieSpell
  if (!empty($CONFIG['enable_spellcheck'])) {

    $lang = strtolower(substr($_SESSION['language'], 0, 2));
  
    $spellcheck_langs = (array)$RCMAIL->config->get('spellcheck_languages', array('da'=>'Dansk', 'de'=>'Deutsch', 'en' => 'English', 'es'=>'Español', 'fr'=>'Français', 'it'=>'Italiano', 'nl'=>'Nederlands', 'pl'=>'Polski', 'pt'=>'Português', 'fi'=>'Suomi', 'sv'=>'Svenska'));
    if (!$spellcheck_langs[$lang])
      $lang = 'en';
@@ -441,7 +421,7 @@
    $editor_lang_set = array();
    foreach ($spellcheck_langs as $key => $name) {
      $editor_lang_set[] = ($key == $lang ? '+' : '') . JQ($name).'='.JQ($key);
    }
      }
    
    $OUTPUT->include_script('googiespell.js');
    $OUTPUT->add_script(sprintf(
@@ -453,6 +433,7 @@
      "googie.lang_no_error_found = \"%s\";\n".
      "googie.setLanguages(%s);\n".
      "googie.setCurrentLanguage('%s');\n".
      "googie.setSpellContainer('spellcheck-control');\n".
      "googie.decorateTextarea('%s');\n".
      "%s.set_env('spellcheck', googie);",
      $RCMAIL->comm_path,
@@ -466,7 +447,7 @@
      $attrib['id'],
      JS_OBJECT_NAME), 'foot');

    rcube_add_label('checking');
    $OUTPUT->add_label('checking');
    $OUTPUT->set_env('spellcheck_langs', join(',', $editor_lang_set));
  }
 
@@ -482,43 +463,55 @@

  if (! $bodyIsHtml)
  {
    // soft-wrap message first
    $body = rcmail_wrap_quoted($body, 75);
  
    // split body into single lines
    $a_lines = preg_split('/\r?\n/', $body);
  
    // add > to each line
    for($n=0; $n<sizeof($a_lines); $n++)
    {
      if (strpos($a_lines[$n], '>')===0)
        $a_lines[$n] = '>'.$a_lines[$n];
      else
        $a_lines[$n] = '> '.$a_lines[$n];
    }
 
    $body = join("\n", $a_lines);

    // add title line
    $prefix = sprintf("\n\n\nOn %s, %s wrote:\n",
      $MESSAGE->headers->date,
      $MESSAGE->get_header('from'));

    // try to remove the signature
    if ($sp = strrpos($body, '-- '))
    if (($sp = strrpos($body, '-- ')) !== false && ($sp == 0 || $body{$sp-1} == "\n"))
      {
      if ($body{$sp+3}==' ' || $body{$sp+3}=="\n" || $body{$sp+3}=="\r")
        $body = substr($body, 0, $sp-1);
        $body = substr($body, 0, max(0, $sp-1));
      }

    // soft-wrap message first
    $body = rcmail_wrap_quoted($body, 75);

    $body = rtrim($body, "\r\n");

    if ($body) {
      // split body into single lines
      $a_lines = preg_split('/\r?\n/', $body);

      // add > to each line
      for($n=0; $n<sizeof($a_lines); $n++) {
        if (strpos($a_lines[$n], '>')===0)
          $a_lines[$n] = '>'.$a_lines[$n];
        else
          $a_lines[$n] = '> '.$a_lines[$n];
        }
 
      $body = join("\n", $a_lines);
      }

    // add title line(s)
    $prefix = rc_wordwrap(sprintf("On %s, %s wrote:\n",
      $MESSAGE->headers->date,
      $MESSAGE->get_header('from')), 76);

    $suffix = '';
  }
  else
  {
    $prefix = sprintf("<br /><br />On %s, %s wrote:<br />\n",
    // save inline images to files
    $cid_map = rcmail_write_inline_attachments($MESSAGE);
    // set is_safe flag (we need this for html body washing)
    rcmail_check_safe($MESSAGE);
    // clean up html tags
    $body = rcmail_wash_html($body, array('safe' => $MESSAGE->is_safe), $cid_map);

    // build reply (quote content)
    $prefix = sprintf("On %s, %s wrote:<br />\n",
      $MESSAGE->headers->date,
      htmlspecialchars(Q($MESSAGE->get_header('from'), 'replace'), ENT_COMPAT, $OUTPUT->get_charset(), true));
      htmlspecialchars(Q($MESSAGE->get_header('from'), 'replace'), ENT_COMPAT, $OUTPUT->get_charset()));
    $prefix .= '<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px; width:100%">';
    $suffix = "</blockquote>";
    $suffix = "</blockquote><p></p>";
  }

  return $prefix.$body.$suffix;
@@ -529,33 +522,46 @@
{
  global $IMAP, $MESSAGE, $OUTPUT;

  // add attachments
  if (!isset($_SESSION['compose']['forward_attachments']) && is_array($MESSAGE->mime_parts))
    $cid_map = rcmail_write_compose_attachments($MESSAGE, $bodyIsHtml);

  if (!$bodyIsHtml)
  {
    $prefix = sprintf("\n\n\n-------- Original Message --------\nSubject: %s\nDate: %s\nFrom: %s\nTo: %s\n\n",
      $MESSAGE->subject,
      $MESSAGE->headers->date,
      $MESSAGE->get_header('from'),
      $MESSAGE->get_header('to'));
    $prefix = "\n\n\n-------- Original Message --------\n";
    $prefix .= 'Subject: ' . $MESSAGE->subject . "\n";
    $prefix .= 'Date: ' . $MESSAGE->headers->date . "\n";
    $prefix .= 'From: ' . $MESSAGE->get_header('from') . "\n";
    $prefix .= 'To: ' . $MESSAGE->get_header('to') . "\n";
    if ($MESSAGE->headers->replyto && $MESSAGE->headers->replyto != $MESSAGE->headers->from)
      $prefix .= 'Reply-To: ' . $MESSAGE->get_header('replyto') . "\n";
    $prefix .= "\n";
  }
  else
  {
    // set is_safe flag (we need this for html body washing)
    rcmail_check_safe($MESSAGE);
    // clean up html tags
    $body = rcmail_wash_html($body, array('safe' => $MESSAGE->is_safe), $cid_map);

    $prefix = sprintf(
      "<br><br>-------- Original Message --------" .
        "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tbody>" .
        "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">Subject: </th><td>%s</td></tr>" .
        "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">Date: </th><td>%s</td></tr>" .
        "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">From: </th><td>%s</td></tr>" .
        "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">To: </th><td>%s</td></tr>" .
        "</tbody></table><br>",
        "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">To: </th><td>%s</td></tr>",
      Q($MESSAGE->subject),
      Q($MESSAGE->headers->date),
      htmlspecialchars(Q($MESSAGE->get_header('from'), 'replace'), ENT_COMPAT, $OUTPUT->get_charset(), true),
      htmlspecialchars(Q($MESSAGE->get_header('to'), 'replace'), ENT_COMPAT, $OUTPUT->get_charset(), true));
  }
   htmlspecialchars(Q($MESSAGE->get_header('to'), 'replace'), ENT_COMPAT, $OUTPUT->get_charset(), true));

  // add attachments
  if (!isset($_SESSION['compose']['forward_attachments']) && is_array($MESSAGE->mime_parts))
    rcmail_write_compose_attachments($MESSAGE, $bodyIsHtml);
    if ($MESSAGE->headers->replyto && $MESSAGE->headers->replyto != $MESSAGE->headers->from)
      $prefix .= sprintf("<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">Reply-To: </th><td>%s</td></tr>",
   htmlspecialchars(Q($MESSAGE->get_header('replyto'), 'replace'), ENT_COMPAT, $OUTPUT->get_charset(), true));

    $prefix .= "</tbody></table><br>";
  }
    
  return $prefix.$body;
}
@@ -563,7 +569,7 @@

function rcmail_create_draft_body($body, $bodyIsHtml)
{
  global $MESSAGE;
  global $MESSAGE, $OUTPUT;
  
  /**
   * add attachments
@@ -572,43 +578,79 @@
  if (!isset($_SESSION['compose']['forward_attachments'])
      && is_array($MESSAGE->mime_parts)
      && count($MESSAGE->mime_parts) > 0)
    rcmail_write_compose_attachments($MESSAGE, $bodyIsHtml);
  {
    $cid_map = rcmail_write_compose_attachments($MESSAGE, $bodyIsHtml);

    // replace cid with href in inline images links
    if ($cid_map)
      $body = str_replace(array_keys($cid_map), array_values($cid_map), $body);
  }
  
  return $body;
}
  
  
function rcmail_write_compose_attachments(&$message, $bodyIsHtml)
{
  global $RCMAIL, $IMAP;

  $temp_dir = unslashify($RCMAIL->config->get('temp_dir'));

  if (!is_array($_SESSION['compose']['attachments']))
    $_SESSION['compose']['attachments'] = array();
  global $OUTPUT;
  
  $cid_map = array();
  foreach ((array)$message->mime_parts as $pid => $part)
  {
    if (($part->ctype_primary != 'message' || !$bodyIsHtml) &&
        ($part->disposition=='attachment' || $part->disposition=='inline' || $part->headers['content-id'] ||
         (empty($part->disposition) && $part->filename)))
        ($part->disposition=='attachment' || $part->disposition=='inline' || $part->headers['content-id']
         || (empty($part->disposition) && $part->filename)))
    {
      $tmp_path = tempnam($temp_dir, 'rcmAttmnt');
      if ($fp = fopen($tmp_path, 'w'))
      {
        fwrite($fp, $message->get_part_content($pid));
        fclose($fp);
        
        $_SESSION['compose']['attachments'][] = array(
          'mimetype' => $part->ctype_primary . '/' . $part->ctype_secondary,
          'name' => $part->filename,
          'path' => $tmp_path
          );
      if ($attachment = rcmail_save_attachment($message, $pid)) {
        $_SESSION['compose']['attachments'][$attachment['id']] = $attachment;
        if ($bodyIsHtml && $part->filename && $part->content_id) {
          $cid_map['cid:'.$part->content_id] = $OUTPUT->app->comm_path.'&_action=display-attachment&_file=rcmfile'.$attachment['id'];
        }
      }
    }
  }
	

  $_SESSION['compose']['forward_attachments'] = true;

  return $cid_map;
}


function rcmail_write_inline_attachments(&$message)
{
  global $OUTPUT;

  $cid_map = array();
  foreach ((array)$message->mime_parts as $pid => $part) {
    if ($part->content_id && $part->filename) {
      if ($attachment = rcmail_save_attachment($message, $pid)) {
        $_SESSION['compose']['attachments'][$attachment['id']] = $attachment;
        $cid_map['cid:'.$part->content_id] = $OUTPUT->app->comm_path.'&_action=display-attachment&_file=rcmfile'.$attachment['id'];
      }
    }
  }
  
  return $cid_map;
}

function rcmail_save_attachment(&$message, $pid)
{
  $part = $message->mime_parts[$pid];
  
  $attachment = array(
    'name' => $part->filename,
    'mimetype' => $part->ctype_primary . '/' . $part->ctype_secondary,
    'content_id' => $part->content_id,
    'data' => $message->get_part_content($pid),
  );
  
  $attachment = rcmail::get_instance()->plugins->exec_hook('save_attachment', $attachment);
  if ($attachment['status']) {
    unset($attachment['data'], $attachment['status']);
    return $attachment;
  }

  return false;
}


@@ -620,6 +662,7 @@
  unset($attrib['form']);
  
  $attrib['name'] = '_subject';
  $attrib['spellcheck'] = 'true';
  $textfield = new html_inputfield($attrib);

  $subject = '';
@@ -630,14 +673,14 @@
  }
  // create a reply-subject
  else if ($compose_mode == RCUBE_COMPOSE_REPLY) {
    if (eregi('^re:', $MESSAGE->subject))
    if (preg_match('/^re:/i', $MESSAGE->subject))
      $subject = $MESSAGE->subject;
    else
      $subject = 'Re: '.$MESSAGE->subject;
  }
  // create a forward-subject
  else if ($compose_mode == RCUBE_COMPOSE_FORWARD) {
    if (eregi('^fwd:', $MESSAGE->subject))
    if (preg_match('/^fwd:/i', $MESSAGE->subject))
      $subject = $MESSAGE->subject;
    else
      $subject = 'Fwd: '.$MESSAGE->subject;
@@ -673,8 +716,8 @@
    if ($attrib['deleteicon'])
      $button = html::img(array(
        'src' => $CONFIG['skin_path'] . $attrib['deleteicon'],
        'alt' => rcube_label('delete'),
        'style' => "border:0;padding-right:2px;vertical-align:middle"));
        'alt' => rcube_label('delete')
   ));
    else
      $button = Q(rcube_label('delete'));

@@ -687,7 +730,7 @@
        html::a(array(
            'href' => "#delete",
            'title' => rcube_label('delete'),
            'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%d', this)", JS_OBJECT_NAME, $id)),
            'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%s', this)", JS_OBJECT_NAME, $id)),
          $button) . Q($a_prop['name']));
    }
  }
@@ -709,14 +752,15 @@
  $button = new html_inputfield(array('type' => 'button', 'class' => 'button'));
  
  $out = html::div($attrib,
    $OUTPUT->form_tag(array('name' => 'form', 'method' => 'post', 'enctype' => 'multipart/form-data')) .
    html::div(null, rcmail_compose_attachment_field(array())) .
    html::div('hint', rcube_label(array('name' => 'maxuploadsize', 'vars' => array('size' => show_bytes(parse_bytes(ini_get('upload_max_filesize'))))))) .
    html::div('buttons',
      $button->show(rcube_label('close'), array('onclick' => "document.getElementById('$attrib[id]').style.visibility='hidden'")) . ' ' .
      $button->show(rcube_label('upload'), array('onclick' => JS_OBJECT_NAME . ".command('send-attachment', this.form)")))
    $OUTPUT->form_tag(array('name' => 'form', 'method' => 'post', 'enctype' => 'multipart/form-data'),
      html::div(null, rcmail_compose_attachment_field(array())) .
      html::div('hint', rcube_label(array('name' => 'maxuploadsize', 'vars' => array('size' => show_bytes(parse_bytes(ini_get('upload_max_filesize'))))))) .
      html::div('buttons',
        $button->show(rcube_label('close'), array('onclick' => "document.getElementById('$attrib[id]').style.visibility='hidden'")) . ' ' .
        $button->show(rcube_label('upload'), array('onclick' => JS_OBJECT_NAME . ".command('send-attachment', this.form)"))
      )
    )
  );
  
  
  $OUTPUT->add_gui_object('uploadbox', $attrib['id']);
  return $out;
@@ -725,11 +769,10 @@

function rcmail_compose_attachment_field($attrib)
{
  // allow the following attributes to be added to the <input> tag
  $attrib_str = create_attrib_string($attrib, array('id', 'class', 'style', 'size'));
 
  $out = '<input type="file" name="_attachments[]"'. $attrib_str . " />";
  return $out;
  $attrib['type'] = 'file';
  $attrib['name'] = '_attachments[]';
  $field = new html_inputfield($attrib);
  return $field->show();
}


@@ -750,7 +793,12 @@
                       rcube_label('highest')),
                 array(5, 4, 0, 2, 1));
                 
  $sel = isset($_POST['_priority']) ? $_POST['_priority'] : intval($MESSAGE->headers->priority);
  if (isset($_POST['_priority']))
    $sel = $_POST['_priority'];
  else if (intval($MESSAGE->headers->priority) != 3)
    $sel = intval($MESSAGE->headers->priority);
  else
    $sel = 0;

  $out = $form_start ? "$form_start\n" : '';
  $out .= $selector->show($sel);
@@ -787,20 +835,27 @@
{
  global $CONFIG, $MESSAGE, $compose_mode;

  $choices = array(
    'html'  => 'htmltoggle',
    'plain' => 'plaintoggle'
  );

  // determine whether HTML or plain text should be checked
  $useHtml = $CONFIG['htmleditor'] ? true : false;

  if ($compose_mode)
    $useHtml = ($useHtml && $MESSAGE->has_html_part());

  $selector = '';
  $chosenvalue = $useHtml ? 'html' : 'plain';
  $radio = new html_radiobutton(array('name' => '_editorSelect', 'onclick' => 'return rcmail_toggle_editor(this)'));
  if (empty($attrib['editorid']))
    $attrib['editorid'] = 'rcmComposeMessage';

  if (empty($attrib['name']))
    $attrib['name'] = 'editorSelect';
    
    $attrib['onchange'] = "return rcmail_toggle_editor(this.value=='html', '".$attrib['editorid']."', '_is_html')";

  $select = new html_select($attrib);

  $select->add(Q(rcube_label('htmltoggle')), 'html');
  $select->add(Q(rcube_label('plaintoggle')), 'plain');

  return $select->show($useHtml ? 'html' : 'plain');

  foreach ($choices as $value => $text)
  {
    $attrib['id'] = '_' . $value;
@@ -859,54 +914,6 @@
  'receiptcheckbox' => 'rcmail_receipt_checkbox',
  'storetarget' => 'rcmail_store_target_selection',
));

/****** get contacts for this user and add them to client scripts ********/

$CONTACTS = new rcube_contacts($DB, $USER->ID);
$CONTACTS->set_pagesize(1000);

$a_contacts = array(); 
                                   
if ($result = $CONTACTS->list_records())
  {
  while ($sql_arr = $result->iterate())
    if ($sql_arr['email'])
      $a_contacts[] = format_email_recipient($sql_arr['email'], $sql_arr['name']);
  }
if (!empty($CONFIG['ldap_public']) && is_array($CONFIG['ldap_public']))
  {
  /* LDAP autocompletion */ 
  foreach ($CONFIG['ldap_public'] as $ldapserv_config) 
    { 
    if ($ldapserv_config['fuzzy_search'] != 1 || 
        $ldapserv_config['global_search'] != 1)
      { 
      continue; 
      }
	 
    $LDAP = new rcube_ldap($ldapserv_config); 
    $LDAP->connect(); 
    $LDAP->set_pagesize(1000);
  
    $results = $LDAP->search($ldapserv_config['mail_field'], ""); 
 
    for ($i = 0; $i < $results->count; $i++) 
      { 
      if ($results->records[$i]['email'] != '') 
        { 
        $email = $results->records[$i]['email']; 
        $name = $results->records[$i]['name']; 
 		 
        $a_contacts[] = format_email_recipient($email, $name);
        } 
      }
    $LDAP->close(); 
    }
  }
if ($a_contacts) 
  { 
    $OUTPUT->set_env('contacts', $a_contacts); 
  }

$OUTPUT->send('compose');