Aleksander Machniak
2016-05-20 9e64dc2debfa1c7410f82bf71f4d10856751e258
plugins/filesystem_attachments/filesystem_attachments.php
@@ -13,9 +13,9 @@
 *   require_once('plugins/filesystem_attachments/filesystem_attachments.php');
 *   class myCustom_attachments extends filesystem_attachments
 *
 * @license GNU GPLv3+
 * @author Ziba Scott <ziba@umich.edu>
 * @author Thomas Bruederli <roundcube@gmail.com>
 *
 */
class filesystem_attachments extends rcube_plugin
{
@@ -49,20 +49,21 @@
    function upload($args)
    {
        $args['status'] = false;
        $group = $args['group'];
        $rcmail = rcmail::get_instance();
        $group  = $args['group'];
        $rcmail = rcube::get_instance();
        // use common temp dir for file uploads
        $temp_dir = $rcmail->config->get('temp_dir');
        $tmpfname = tempnam($temp_dir, 'rcmAttmnt');
        if (move_uploaded_file($args['path'], $tmpfname) && file_exists($tmpfname)) {
            $args['id'] = $this->file_id();
            $args['path'] = $tmpfname;
            $args['id']     = $this->file_id();
            $args['path']   = $tmpfname;
            $args['status'] = true;
            @chmod($tmpfname, 0600);  // set correct permissions (#1488996)
            // Note the file for later cleanup
            $_SESSION['plugins']['filesystem_attachments'][$group][] = $tmpfname;
            $_SESSION['plugins']['filesystem_attachments'][$group][$args['id']] = $tmpfname;
        }
        return $args;
@@ -77,7 +78,7 @@
        $args['status'] = false;
        if (!$args['path']) {
            $rcmail = rcmail::get_instance();
            $rcmail   = rcube::get_instance();
            $temp_dir = $rcmail->config->get('temp_dir');
            $tmp_path = tempnam($temp_dir, 'rcmAttmnt');
@@ -85,15 +86,17 @@
                fwrite($fp, $args['data']);
                fclose($fp);
                $args['path'] = $tmp_path;
            } else
            }
            else {
                return $args;
            }
        }
        $args['id'] = $this->file_id();
        $args['id']     = $this->file_id();
        $args['status'] = true;
        // Note the file for later cleanup
        $_SESSION['plugins']['filesystem_attachments'][$group][] = $args['path'];
        $_SESSION['plugins']['filesystem_attachments'][$group][$args['id']] = $args['path'];
        return $args;
    }
@@ -137,15 +140,18 @@
        // $_SESSION['compose']['attachments'] is not a complete record of
        // temporary files because loading a draft or starting a forward copies
        // the file to disk, but does not make an entry in that array
        if (is_array($_SESSION['plugins']['filesystem_attachments'])){
        if (is_array($_SESSION['plugins']['filesystem_attachments'])) {
            foreach ($_SESSION['plugins']['filesystem_attachments'] as $group => $files) {
                if ($args['group'] && $args['group'] != $group)
                if ($args['group'] && $args['group'] != $group) {
                    continue;
                foreach ((array)$files as $filename){
                    if(file_exists($filename)){
                }
                foreach ((array)$files as $filename) {
                    if(file_exists($filename)) {
                        unlink($filename);
                    }
                }
                unset($_SESSION['plugins']['filesystem_attachments'][$group]);
            }
        }
@@ -154,8 +160,26 @@
    function file_id()
    {
        $userid = rcmail::get_instance()->user->ID;
       list($usec, $sec) = explode(' ', microtime());
        return preg_replace('/[^0-9]/', '', $userid . $sec . $usec);
        $userid = rcube::get_instance()->user->ID;
        list($usec, $sec) = explode(' ', microtime());
        $id = preg_replace('/[^0-9]/', '', $userid . $sec . $usec);
        // make sure the ID is really unique (#1489546)
        while ($this->find_file_by_id($id)) {
            // increment last four characters
            $x  = substr($id, -4) + 1;
            $id = substr($id, 0, -4) . sprintf('%04d', ($x > 9999 ? $x - 9999 : $x));
        }
        return $id;
    }
    private function find_file_by_id($id)
    {
        foreach ((array) $_SESSION['plugins']['filesystem_attachments'] as $group => $files) {
            if (isset($files[$id])) {
                return true;
            }
        }
    }
}