githubFork/roundcubemail.git

			@@ -1,7 +1,7 @@
			<?php
			/**
			* Filesystem Attachments
			*
			*
			* This is a core plugin which provides basic, filesystem based
			* attachment temporary file handling. This includes storing
			* attachments of messages currently being composed, writing attachments
			@@ -13,33 +13,34 @@
			* require_once('plugins/filesystem_attachments/filesystem_attachments.php');
			* class myCustom_attachments extends filesystem_attachments
			*
			* @license GNU GPLv3+
			* @author Ziba Scott <ziba@umich.edu>
			* @author Thomas Bruederli <roundcube@gmail.com>
			*
			*/
			class filesystem_attachments extends rcube_plugin
			{
			public $task = 'mail';

			public $task = '?(?!login).*';

			function init()
			{
			// Save a newly uploaded attachment
			$this->add_hook('upload_attachment', array($this, 'upload'));
			$this->add_hook('attachment_upload', array($this, 'upload'));

			// Save an attachment from a non-upload source (draft or forward)
			$this->add_hook('save_attachment', array($this, 'save'));
			$this->add_hook('attachment_save', array($this, 'save'));

			// Remove an attachment from storage
			$this->add_hook('remove_attachment', array($this, 'remove'));
			$this->add_hook('attachment_delete', array($this, 'remove'));

			// When composing an html message, image attachments may be shown
			$this->add_hook('display_attachment', array($this, 'display'));
			$this->add_hook('attachment_display', array($this, 'display'));

			// Get the attachment from storage and place it on disk to be sent
			$this->add_hook('get_attachment', array($this, 'get_attachment'));
			$this->add_hook('attachment_get', array($this, 'get'));

			// Delete all temp files associated with this user
			$this->add_hook('cleanup_attachments', array($this, 'cleanup'));
			$this->add_hook('attachments_cleanup', array($this, 'cleanup'));
			$this->add_hook('session_destroy', array($this, 'cleanup'));
			}

			/**
			@@ -48,20 +49,21 @@
			function upload($args)
			{
			$args['status'] = false;
			$rcmail = rcmail::get_instance();
			$group = $args['group'];
			$rcmail = rcube::get_instance();

			// use common temp dir for file uploads
			// #1484529: we need absolute path on Windows for move_uploaded_file()
			$temp_dir = realpath($rcmail->config->get('temp_dir'));
			$temp_dir = $rcmail->config->get('temp_dir');
			$tmpfname = tempnam($temp_dir, 'rcmAttmnt');

			if (move_uploaded_file($args['path'], $tmpfname) && file_exists($tmpfname)) {
			$args['id'] = count($_SESSION['plugins']['filesystem_attachments']['tmp_files'])+1;
			$args['path'] = $tmpfname;
			$args['id'] = $this->file_id();
			$args['path'] = $tmpfname;
			$args['status'] = true;
			@chmod($tmpfname, 0600); // set correct permissions (#1488996)

			// Note the file for later cleanup
			$_SESSION['plugins']['filesystem_attachments']['tmp_files'][] = $tmpfname;
			$_SESSION['plugins']['filesystem_attachments'][$group][$args['id']] = $tmpfname;
			}

			return $args;
			@@ -72,26 +74,29 @@
			*/
			function save($args)
			{
			$group = $args['group'];
			$args['status'] = false;

			if (!$args['path']) {
			$rcmail = rcmail::get_instance();
			$temp_dir = unslashify($rcmail->config->get('temp_dir'));
			$tmp_path = tempnam($temp_dir, 'rcmAttmnt');

			if ($fp = fopen($tmp_path, 'w')) {
			fwrite($fp, $args['data']);
			fclose($fp);
			$args['path'] = $tmp_path;
			} else
			return $args;
			}

			$args['id'] = count($_SESSION['plugins']['filesystem_attachments']['tmp_files'])+1;
			if (!$args['path']) {
			$rcmail = rcube::get_instance();
			$temp_dir = $rcmail->config->get('temp_dir');
			$tmp_path = tempnam($temp_dir, 'rcmAttmnt');

			if ($fp = fopen($tmp_path, 'w')) {
			fwrite($fp, $args['data']);
			fclose($fp);
			$args['path'] = $tmp_path;
			}
			else {
			return $args;
			}
			}

			$args['id'] = $this->file_id();
			$args['status'] = true;


			// Note the file for later cleanup
			$_SESSION['plugins']['filesystem_attachments']['tmp_files'][] = $args['path'];
			$_SESSION['plugins']['filesystem_attachments'][$group][$args['id']] = $args['path'];

			return $args;
			}
			@@ -122,11 +127,11 @@
			* on disk for use. This stub function is kept here to make this
			* class handy as a parent class for other plugins which may need it.
			*/
			function get_attachment($args)
			function get($args)
			{
			return $args;
			}


			/**
			* Delete all temp files associated with this user
			*/
			@@ -135,14 +140,46 @@
			// $_SESSION['compose']['attachments'] is not a complete record of
			// temporary files because loading a draft or starting a forward copies
			// the file to disk, but does not make an entry in that array
			if (is_array($_SESSION['plugins']['filesystem_attachments']['tmp_files'])){
			foreach ($_SESSION['plugins']['filesystem_attachments']['tmp_files'] as $filename){
			if(file_exists($filename)){
			unlink($filename);
			if (is_array($_SESSION['plugins']['filesystem_attachments'])) {
			foreach ($_SESSION['plugins']['filesystem_attachments'] as $group => $files) {
			if ($args['group'] && $args['group'] != $group) {
			continue;
			}

			foreach ((array)$files as $filename) {
			if(file_exists($filename)) {
			unlink($filename);
			}
			}

			unset($_SESSION['plugins']['filesystem_attachments'][$group]);
			}
			unset($_SESSION['plugins']['filesystem_attachments']['tmp_files']);
			}
			return $args;
			}

			function file_id()
			{
			$userid = rcube::get_instance()->user->ID;
			list($usec, $sec) = explode(' ', microtime());
			$id = preg_replace('/[^0-9]/', '', $userid . $sec . $usec);

			// make sure the ID is really unique (#1489546)
			while ($this->find_file_by_id($id)) {
			// increment last four characters
			$x = substr($id, -4) + 1;
			$id = substr($id, 0, -4) . sprintf('%04d', ($x > 9999 ? $x - 9999 : $x));
			}

			return $id;
			}

			private function find_file_by_id($id)
			{
			foreach ((array) $_SESSION['plugins']['filesystem_attachments'] as $group => $files) {
			if (isset($files[$id])) {
			return true;
			}
			}
			}
			}