diff options
author | thomascube <thomas@roundcube.net> | 2006-12-29 21:06:39 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2006-12-29 21:06:39 +0000 |
commit | 86df1529feb4b7eb1a9721baa194518bacbfd8ff (patch) | |
tree | 380827ed01c3e3e3a3253d0b00c350b467186a25 /program/steps/mail/compose.inc | |
parent | 3b12aeeeca89bbc3d8cc5342beb07643067e3760 (diff) |
Error handling for attachment uploads; multibyte-safe string functions; XSS improvements
Diffstat (limited to 'program/steps/mail/compose.inc')
-rw-r--r-- | program/steps/mail/compose.inc | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index a50b1ecf0..1c2639d9b 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -46,12 +46,16 @@ if ($_action=='remove-attachment' && preg_match('/^rcmfile([0-9]+)$/', $_GET['_f $MESSAGE_FORM = NULL; $MESSAGE = NULL; -// nothing below is called during message composition, only at "new/forward/reply/draft" initialization -// since there are many ways to leave the compose page improperly, it seems necessary to clean-up an old +// Nothing below is called during message composition, only at "new/forward/reply/draft" initialization or +// if a compose-ID is given (i.e. when the compose step is opened in a new window/tab). +// Since there are many ways to leave the compose page improperly, it seems necessary to clean-up an old // compose when a "new/forward/reply/draft" is called - otherwise the old session attachments will appear -rcmail_compose_cleanup(); -$_SESSION['compose'] = array('id' => uniqid(rand())); +if (!is_array($_SESSION['compose']) || $_SESSION['compose']['id'] != get_input_value('_id', RCUBE_INPUT_GET)) + { + rcmail_compose_cleanup(); + $_SESSION['compose'] = array('id' => uniqid(rand())); + } // add some labels to client rcube_add_label('nosubject', 'norecipientwarning', 'nosubjectwarning', 'nobodywarning', 'notsentwarning', 'savingmessage', 'sendingmessage', 'messagesaved', 'converting'); |