Roundcubemail devel
parent: 723a26cf | patch | commit | show whitespace
Aleksander Machniak
2014-03-11 d3883ddfbb0934077e6dbada6084b3fb5694a5b0 
Make sure attachment ID is really unique when uploading multiple files (#1489546)
1 files modified
34 ■■■■ changed files
plugins/filesystem_attachments/filesystem_attachments.php 34 ●●●● patch | view | raw | blame | history 
 plugins/filesystem_attachments/filesystem_attachments.php


@@ -16,7 +16,6 @@


 * @license GNU GPLv3+


 * @author Ziba Scott <ziba@umich.edu>


 * @author Thomas Bruederli <roundcube@gmail.com>


 *


 */


class filesystem_attachments extends rcube_plugin


{


@@ -64,7 +63,7 @@


            @chmod($tmpfname, 0600);  // set correct permissions (#1488996)




            // Note the file for later cleanup


            $_SESSION['plugins']['filesystem_attachments'][$group][] = $tmpfname;


            $_SESSION['plugins']['filesystem_attachments'][$group][$args['id']] = $tmpfname;


        }




        return $args;


@@ -87,15 +86,17 @@


                fwrite($fp, $args['data']);


                fclose($fp);


                $args['path'] = $tmp_path;


            } else


            }


            else {


                return $args;


            }


        }




        $args['id'] = $this->file_id();


        $args['status'] = true;




        // Note the file for later cleanup


        $_SESSION['plugins']['filesystem_attachments'][$group][] = $args['path'];


        $_SESSION['plugins']['filesystem_attachments'][$group][$args['id']] = $args['path'];




        return $args;


    }


@@ -141,13 +142,16 @@


        // the file to disk, but does not make an entry in that array


        if (is_array($_SESSION['plugins']['filesystem_attachments'])){


            foreach ($_SESSION['plugins']['filesystem_attachments'] as $group => $files) {


                if ($args['group'] && $args['group'] != $group)


                if ($args['group'] && $args['group'] != $group) {


                    continue;


                }




                foreach ((array)$files as $filename){


                    if(file_exists($filename)){


                        unlink($filename);


                    }


                }




                unset($_SESSION['plugins']['filesystem_attachments'][$group]);


            }


        }


@@ -158,6 +162,24 @@


    {


        $userid = rcmail::get_instance()->user->ID;


        list($usec, $sec) = explode(' ', microtime()); 


        return preg_replace('/[^0-9]/', '', $userid . $sec . $usec);


        $id = preg_replace('/[^0-9]/', '', $userid . $sec . $usec);




        // make sure the ID is really unique (#1489546)


        while ($this->find_file_by_id($id)) {


            // increment last four characters


            $x  = substr($id, -4) + 1;


            $id = substr($id, 0, -4) . sprintf('%04d', ($x > 9999 ? $x - 9999 : $x));


        }




        return $id;


    }




    private function find_file_by_id($id)


    {


        foreach ((array) $_SESSION['plugins']['filesystem_attachments'] as $group => $files) {


            if (isset($files[$id])) {


                return true;


            }


        }


    }


}