roundcubemail/program/steps/mail/attachments.inc

<?php

/*
 +-----------------------------------------------------------------------+
 | program/steps/mail/attachments.inc                                    |
 |                                                                       |
 | This file is part of the RoundCube Webmail client                     |
 | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                 |
 | Licensed under the GNU GPL                                            |
 |                                                                       |
 | PURPOSE:                                                              |
 |   Upload, remove, display attachments in compose form                 |
 |                                                                       |
 +-----------------------------------------------------------------------+
 | Author: Thomas Bruederli <roundcube@gmail.com>                        |
 +-----------------------------------------------------------------------+

 $Id: compose.inc 2081 2008-11-23 12:38:44Z thomasb $

*/


if (!$_SESSION['compose']) {
  die("Invalid session var!");
}


// remove an attachment
if ($RCMAIL->action=='remove-attachment')
{
  $id = 'undefined';
  if (preg_match('/^rcmfile(\w+)$/', $_POST['_file'], $regs))
    $id = $regs[1];
  if ($attachment = $_SESSION['compose']['attachments'][$id])
    $attachment = $RCMAIL->plugins->exec_hook('remove_attachment', $attachment);
  if ($attachment['status']) {
    if (is_array($_SESSION['compose']['attachments'][$id])) {
      unset($_SESSION['compose']['attachments'][$id]);
      $OUTPUT->command('remove_from_attachment_list', "rcmfile$id");
    }
  }
  
  $OUTPUT->send();
  exit;
}

if ($RCMAIL->action=='display-attachment')
{
  $id = 'undefined';
  if (preg_match('/^rcmfile(\w+)$/', $_GET['_file'], $regs))
    $id = $regs[1];
  if ($attachment = $_SESSION['compose']['attachments'][$id])
    $attachment = $RCMAIL->plugins->exec_hook('display_attachment', $attachment);
    
  if ($attachment['status']) {
    $size = $attachment['data'] ? strlen($attachment['data']) : @filesize($attachment['path']);
    header('Content-Type: ' . $attachment['mimetype']);
    header('Content-Length: ' . $size);
    
    if ($attachment['data'])
      echo $attachment['data'];
    else if ($attachment['path'])
      readfile($attachment['path']);
  }
  exit;
}

// attachment upload action

if (!is_array($_SESSION['compose']['attachments'])) {
  $_SESSION['compose']['attachments'] = array();
}

// clear all stored output properties (like scripts and env vars)
$OUTPUT->reset();

if (is_array($_FILES['_attachments']['tmp_name'])) {
  foreach ($_FILES['_attachments']['tmp_name'] as $i => $filepath) {
    $attachment = array(
      'path' => $filepath,
      'name' => $_FILES['_attachments']['name'][$i],
      'mimetype' => rc_mime_content_type($filepath, $_FILES['_attachments']['name'][$i], $_FILES['_attachments']['type'][$i])
    );

    $attachment = $RCMAIL->plugins->exec_hook('upload_attachment', $attachment);

    if ($attachment['status'] && !$attachment['abort']) {
      $id = $attachment['id'];
      
      // store new attachment in session
      unset($attachment['status'], $attachment['abort']);
      $_SESSION['compose']['attachments'][$id] = $attachment;
      
      if (($icon = $_SESSION['compose']['deleteicon']) && is_file($icon)) {
        $button = html::img(array(
          'src' => $icon,
          'alt' => rcube_label('delete')
        ));
      }
      else {
        $button = Q(rcube_label('delete'));
      }

      $content = html::a(array(
        'href' => "#delete",
        'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%s', this)", JS_OBJECT_NAME, $id),
        'title' => rcube_label('delete'),
      ), $button);

      $content .= Q($attachment['name']);
      
      $OUTPUT->command('add2attachment_list', "rcmfile$id", $content);
    }
    else {  // upload failed
      $err = $_FILES['_attachments']['error'][$i];
      if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE) {
        $msg = rcube_label(array('name' => 'filesizeerror', 'vars' => array('size' => show_bytes(parse_bytes(ini_get('upload_max_filesize'))))));
      }
      else if ($attachment['error']) {
        $msg = $attachment['error'];
      }
      else {
        $msg = rcube_label('fileuploaderror');
      }
    
      $OUTPUT->command('display_message', $msg, 'error');
    }
  }
}
else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  $OUTPUT->command('display_message', rcube_label('fileuploaderror'), 'error');
}

// send html page with JS calls as response
$OUTPUT->command('show_attachment_form', false);
$OUTPUT->command('auto_save_start', false);
$OUTPUT->send('iframe');

?>
Initial revision 19 years ago			`<?php`

			`/*`
			`+-----------------------------------------------------------------------+`
- performance: skip imap connection for attachments actions - created attachments.inc file for attachment upload, remove and display actions 16 years ago			`\| program/steps/mail/attachments.inc \|`
Initial revision 19 years ago			`\| \|`
			`\| This file is part of the RoundCube Webmail client \|`
* bumping up copyright (happy new year ;-)) 16 years ago			`\| Copyright (C) 2005-2009, RoundCube Dev. - Switzerland \|`
Minor bugfixes and correction of confusing License notfications 19 years ago			`\| Licensed under the GNU GPL \|`
Initial revision 19 years ago			`\| \|`
			`\| PURPOSE: \|`
- performance: skip imap connection for attachments actions - created attachments.inc file for attachment upload, remove and display actions 16 years ago			`\| Upload, remove, display attachments in compose form \|`
Initial revision 19 years ago			`\| \|`
			`+-----------------------------------------------------------------------+`
			`\| Author: Thomas Bruederli <roundcube@gmail.com> \|`
			`+-----------------------------------------------------------------------+`

- performance: skip imap connection for attachments actions - created attachments.inc file for attachment upload, remove and display actions 16 years ago			$Id: compose.inc 2081 2008-11-23 12:38:44Z thomasb $
Initial revision 19 years ago
			`*/`


Remove cruft from upload response 16 years ago			`if (!$_SESSION['compose']) {`
			`die("Invalid session var!");`
			`}`
Initial revision 19 years ago

- performance: skip imap connection for attachments actions - created attachments.inc file for attachment upload, remove and display actions 16 years ago			`// remove an attachment`
			`if ($RCMAIL->action=='remove-attachment')`
			`{`
Merged branch devel-api (from r2208 to r2387) back into trunk (omitting some sample plugins) 15 years ago			`$id = 'undefined';`
			`if (preg_match('/^rcmfile(\w+)$/', $_POST['_file'], $regs))`
- performance: skip imap connection for attachments actions - created attachments.inc file for attachment upload, remove and display actions 16 years ago			`$id = $regs[1];`
Merged branch devel-api (from r2208 to r2387) back into trunk (omitting some sample plugins) 15 years ago			`if ($attachment = $_SESSION['compose']['attachments'][$id])`
			`$attachment = $RCMAIL->plugins->exec_hook('remove_attachment', $attachment);`
			`if ($attachment['status']) {`
			`if (is_array($_SESSION['compose']['attachments'][$id])) {`
- performance: skip imap connection for attachments actions - created attachments.inc file for attachment upload, remove and display actions 16 years ago			`unset($_SESSION['compose']['attachments'][$id]);`
			`$OUTPUT->command('remove_from_attachment_list', "rcmfile$id");`
			`}`
			`}`
Merged branch devel-api (from r2208 to r2387) back into trunk (omitting some sample plugins) 15 years ago
			`$OUTPUT->send();`
- performance: skip imap connection for attachments actions - created attachments.inc file for attachment upload, remove and display actions 16 years ago			`exit;`
			`}`

			`if ($RCMAIL->action=='display-attachment')`
			`{`
Merged branch devel-api (from r2208 to r2387) back into trunk (omitting some sample plugins) 15 years ago			`$id = 'undefined';`
			`if (preg_match('/^rcmfile(\w+)$/', $_GET['_file'], $regs))`
- performance: skip imap connection for attachments actions - created attachments.inc file for attachment upload, remove and display actions 16 years ago			`$id = $regs[1];`
Merged branch devel-api (from r2208 to r2387) back into trunk (omitting some sample plugins) 15 years ago			`if ($attachment = $_SESSION['compose']['attachments'][$id])`
			`$attachment = $RCMAIL->plugins->exec_hook('display_attachment', $attachment);`

			`if ($attachment['status']) {`
			`$size = $attachment['data'] ? strlen($attachment['data']) : @filesize($attachment['path']);`
			`header('Content-Type: ' . $attachment['mimetype']);`
			`header('Content-Length: ' . $size);`

			`if ($attachment['data'])`
			`echo $attachment['data'];`
			`else if ($attachment['path'])`
			`readfile($attachment['path']);`
- performance: skip imap connection for attachments actions - created attachments.inc file for attachment upload, remove and display actions 16 years ago			`}`
			`exit;`
			`}`

			`// attachment upload action`

Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago			`if (!is_array($_SESSION['compose']['attachments'])) {`
Initial revision 19 years ago			`$_SESSION['compose']['attachments'] = array();`
Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago			`}`
Initial revision 19 years ago
Remove cruft from upload response 16 years ago			`// clear all stored output properties (like scripts and env vars)`
			`$OUTPUT->reset();`
Initial revision 19 years ago
Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago			`if (is_array($_FILES['_attachments']['tmp_name'])) {`
			`foreach ($_FILES['_attachments']['tmp_name'] as $i => $filepath) {`
Merged branch devel-api (from r2208 to r2387) back into trunk (omitting some sample plugins) 15 years ago			`$attachment = array(`
			`'path' => $filepath,`
			`'name' => $_FILES['_attachments']['name'][$i],`
Fix usage of rc_mime_content_type() 15 years ago			`'mimetype' => rc_mime_content_type($filepath, $_FILES['_attachments']['name'][$i], $_FILES['_attachments']['type'][$i])`
Merged branch devel-api (from r2208 to r2387) back into trunk (omitting some sample plugins) 15 years ago			`);`

			`$attachment = $RCMAIL->plugins->exec_hook('upload_attachment', $attachment);`
- fix attachment mimetype setting after upload - move style of delete button in attachment-list to mail.css file 15 years ago
Check abort flag and display error message from plugin if available 15 years ago			`if ($attachment['status'] && !$attachment['abort']) {`
Merged branch devel-api (from r2208 to r2387) back into trunk (omitting some sample plugins) 15 years ago			`$id = $attachment['id'];`

			`// store new attachment in session`
Check abort flag and display error message from plugin if available 15 years ago			`unset($attachment['status'], $attachment['abort']);`
Merged branch devel-api (from r2208 to r2387) back into trunk (omitting some sample plugins) 15 years ago			`$_SESSION['compose']['attachments'][$id] = $attachment;`

Better icon for deleting folders + remove hard-coded icon path 15 years ago			`if (($icon = $_SESSION['compose']['deleteicon']) && is_file($icon)) {`
Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago			`$button = html::img(array(`
			`'src' => $icon,`
- fix attachment mimetype setting after upload - move style of delete button in attachment-list to mail.css file 15 years ago			`'alt' => rcube_label('delete')`
Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago			`));`
			`}`
			`else {`
* committed patch from #1484775 17 years ago			`$button = Q(rcube_label('delete'));`
Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago			`}`
* committed patch from #1484775 17 years ago
Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago			`$content = html::a(array(`
			`'href' => "#delete",`
Merged branch devel-api (from r2208 to r2387) back into trunk (omitting some sample plugins) 15 years ago			`'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%s', this)", JS_OBJECT_NAME, $id),`
Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago			`'title' => rcube_label('delete'),`
			`), $button);`
Merged branch devel-api (from r2208 to r2387) back into trunk (omitting some sample plugins) 15 years ago
			`$content .= Q($attachment['name']);`
Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago
* committed patch from #1484775 17 years ago			`$OUTPUT->command('add2attachment_list', "rcmfile$id", $content);`
Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago			`}`
			`else { // upload failed`
* committed patch from #1484775 17 years ago			`$err = $_FILES['_attachments']['error'][$i];`
Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago			`if ($err == UPLOAD_ERR_INI_SIZE \|\| $err == UPLOAD_ERR_FORM_SIZE) {`
* committed patch from #1484775 17 years ago			`$msg = rcube_label(array('name' => 'filesizeerror', 'vars' => array('size' => show_bytes(parse_bytes(ini_get('upload_max_filesize'))))));`
Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago			`}`
Check abort flag and display error message from plugin if available 15 years ago			`else if ($attachment['error']) {`
			`$msg = $attachment['error'];`
			`}`
Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago			`else {`
* committed patch from #1484775 17 years ago			`$msg = rcube_label('fileuploaderror');`
Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago			`}`
Error handling for attachment uploads; multibyte-safe string functions; XSS improvements 18 years ago
* committed patch from #1484775 17 years ago			`$OUTPUT->command('display_message', $msg, 'error');`
Error handling for attachment uploads; multibyte-safe string functions; XSS improvements 18 years ago			`}`
Initial revision 19 years ago			`}`
Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago			`}`
			`else if ($_SERVER['REQUEST_METHOD'] == 'POST') {`
-display error on any upload error (eg. on post_max_size overlimit) 16 years ago			`$OUTPUT->command('display_message', rcube_label('fileuploaderror'), 'error');`
Prefer File_Info over mime_content_type + detect mime type when uploading + some code style 16 years ago			`}`
Initial revision 19 years ago
			`// send html page with JS calls as response`
Merged branch devel-addressbook from r443 back to trunk 17 years ago			`$OUTPUT->command('show_attachment_form', false);`
			`$OUTPUT->command('auto_save_start', false);`
			`$OUTPUT->send('iframe');`
Initial revision 19 years ago
- performance: skip imap connection for attachments actions - created attachments.inc file for attachment upload, remove and display actions 16 years ago			`?>`