summaryrefslogtreecommitdiff
path: root/program/steps
diff options
context:
space:
mode:
Diffstat (limited to 'program/steps')
-rw-r--r--program/steps/mail/compose.inc22
-rw-r--r--program/steps/mail/func.inc6
-rw-r--r--program/steps/mail/getunread.inc4
-rw-r--r--program/steps/mail/move_del.inc2
-rw-r--r--program/steps/mail/upload.inc6
-rw-r--r--program/steps/settings/manage_folders.inc4
6 files changed, 32 insertions, 12 deletions
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index ba80a54f1..6d4cf9a61 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -32,6 +32,20 @@ $DRAFT_MESSAGE = NULL;
if (!is_array($_SESSION['compose']))
$_SESSION['compose'] = array('id' => uniqid(rand()));
+// remove an attachment
+if ($_action=='remove-attachment' && !empty($_GET['_filename']))
+ {
+ if (is_array($_SESSION['compose']['attachments']))
+ foreach ($_SESSION['compose']['attachments'] as $i => $attachment)
+ if ($attachment['name'] == $_GET['_filename'])
+ {
+ @unlink($attachment['path']);
+ unset($_SESSION['compose']['attachments'][$i]);
+ $commands = sprintf("parent.%s.remove_from_attachment_list('%s');\n", $JS_OBJECT_NAME, $_GET['_filename']);
+ rcube_remote_response($commands);
+ exit;
+ }
+ }
// add some labels to client
rcube_add_label('nosubject', 'norecipientwarning', 'nosubjectwarning', 'nobodywarning', 'notsentwarning', 'savingmessage', 'savingmessage', 'messagesaved');
@@ -611,8 +625,13 @@ function rcmail_compose_attachment_list($attrib)
if (is_array($_SESSION['compose']['attachments']))
{
+ if ($attrib['deleteicon'])
+ $button = sprintf('<img src="%s%s" alt="%s" border="0" / style="padding-right:2px;vertical-align:middle">', $CONFIG['skin_path'], $attrib['deleteicon'], rcube_label('delete'));
+ else
+ $button = rcube_label('delete');
+
foreach ($_SESSION['compose']['attachments'] as $i => $a_prop)
- $out .= sprintf("<li>%s</li>\n", $a_prop['name']);
+ $out .= sprintf('<li id="%s"><a href="#" onclick="%s.command(\'remove-attachment\',\'%s\')" title="%s">%s</a>%s</li>', $a_prop['name'], $JS_OBJECT_NAME, $a_prop['name'], rcube_label('deletefolder'), $button, $a_prop['name']);
}
$OUTPUT->add_script(sprintf("%s.gui_object('attachmentlist', '%s');", $JS_OBJECT_NAME, $attrib['id']));
@@ -663,7 +682,6 @@ function rcmail_compose_attachment_field($attrib)
return $out;
}
-
function rcmail_priority_selector($attrib)
{
list($form_start, $form_end) = get_form_tags($attrib);
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index eac4e3747..7e2b3b28d 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -220,13 +220,13 @@ function rcmail_render_folder_tree_html(&$arrFolders, &$special, &$mbox_name, $m
$class_name,
$zebra_class,
$unread_count ? ' unread' : '',
- $folder['id']==$mbox_name ? ' selected' : '',
+ addslashes($folder['id'])==addslashes($mbox_name) ? ' selected' : '',
$COMM_PATH,
urlencode($folder['id']),
$JS_OBJECT_NAME,
- $folder['id'],
+ addslashes($folder['id']),
$JS_OBJECT_NAME,
- $folder['id'],
+ addslashes($folder['id']),
$title,
rep_specialchars_output($foldername, 'html', 'all'));
diff --git a/program/steps/mail/getunread.inc b/program/steps/mail/getunread.inc
index 437e3aa00..ed4a5fb77 100644
--- a/program/steps/mail/getunread.inc
+++ b/program/steps/mail/getunread.inc
@@ -27,10 +27,10 @@ if (!empty($a_folders))
{
foreach ($a_folders as $mbox_row)
{
- $commands = sprintf("this.set_unread_count('%s', %d);\n", $mbox_row, $IMAP->messagecount($mbox_row, 'UNSEEN'));
+ $commands = sprintf("this.set_unread_count('%s', %d);\n", addslashes($mbox_row), $IMAP->messagecount($mbox_row, 'UNSEEN'));
rcube_remote_response($commands, TRUE);
}
}
exit;
-?> \ No newline at end of file
+?>
diff --git a/program/steps/mail/move_del.inc b/program/steps/mail/move_del.inc
index e4da207f4..116332a64 100644
--- a/program/steps/mail/move_del.inc
+++ b/program/steps/mail/move_del.inc
@@ -88,4 +88,4 @@ if ($_GET['_from']!='show' && $pages>1 && $IMAP->list_page < $pages)
rcube_remote_response($commands);
exit;
-?> \ No newline at end of file
+?>
diff --git a/program/steps/mail/upload.inc b/program/steps/mail/upload.inc
index 4cd929d0d..7fe7d3dcc 100644
--- a/program/steps/mail/upload.inc
+++ b/program/steps/mail/upload.inc
@@ -45,7 +45,9 @@ foreach ($_FILES['_attachments']['tmp_name'] as $i => $filepath)
'mimetype' => $_FILES['_attachments']['type'][$i],
'path' => $tmpfname);
- $response .= sprintf("parent.%s.add2attachment_list('%s');\n", $JS_OBJECT_NAME, $_FILES['_attachments']['name'][$i]);
+ $button = sprintf('<img src="%s/images/icons/remove-attachment.png" alt="%s" border="0" style="padding-right:2px;vertical-align:middle">', $CONFIG['skin_path'], rcube_label('delete'));
+ $content = sprintf('<a href="#" onclick="%s.command(\\\'remove-attachment\\\',\\\'%s\\\')" title="%s">%s</a>%s',$JS_OBJECT_NAME, $_FILES['_attachments']['name'][$i], rcube_label('deletefolder'), $button, $_FILES['_attachments']['name'][$i]);
+ $response .= sprintf('parent.%s.add2attachment_list(\'%s\',\'%s\');',$JS_OBJECT_NAME, $_FILES['_attachments']['name'][$i], $content);
}
}
@@ -64,4 +66,4 @@ parent.$JS_OBJECT_NAME.show_attachment_form(false);
EOF;
exit;
-?> \ No newline at end of file
+?>
diff --git a/program/steps/settings/manage_folders.inc b/program/steps/settings/manage_folders.inc
index dd321f0d8..7274bdc50 100644
--- a/program/steps/settings/manage_folders.inc
+++ b/program/steps/settings/manage_folders.inc
@@ -71,8 +71,8 @@ else if ($_action=='rename-folder')
if ($rename && $REMOTE_REQUEST)
{
- $commands = sprintf("this.add_folder_row('%s');", rep_specialchars_output($rename, 'js'));
- $commands .= sprintf("this.remove_folder_row('%s')", rep_specialchars_output($_GET['_folder_oldname'], 'js'));
+ $commands = sprintf("this.add_folder_row('%s');\n", addslashes(rep_specialchars_output($rename, 'js')));
+ $commands .= sprintf("this.remove_folder_row('%s');", rep_specialchars_output($_GET['_folder_oldname'], 'js'));
rcube_remote_response($commands);
}
else if (!$rename && $REMOTE_REQUEST)