1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
<?php
/*
+-----------------------------------------------------------------------+
| program/steps/mail/attachments.inc |
| |
| This file is part of the RoundCube Webmail client |
| Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
| Upload, remove, display attachments in compose form |
| |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
$Id: compose.inc 2081 2008-11-23 12:38:44Z thomasb $
*/
if (!$_SESSION['compose']) {
die("Invalid session var!");
}
// remove an attachment
if ($RCMAIL->action=='remove-attachment')
{
if (preg_match('/^rcmfile([0-9]+)$/', $_POST['_file'], $regs))
{
$id = $regs[1];
if (is_array($_SESSION['compose']['attachments'][$id]))
{
@unlink($_SESSION['compose']['attachments'][$id]['path']);
unset($_SESSION['compose']['attachments'][$id]);
$OUTPUT->command('remove_from_attachment_list', "rcmfile$id");
$OUTPUT->send();
}
}
exit;
}
if ($RCMAIL->action=='display-attachment')
{
if (preg_match('/^rcmfile([0-9]+)$/', $_GET['_file'], $regs))
{
$id = $regs[1];
if (is_array($_SESSION['compose']['attachments'][$id]))
{
$apath = $_SESSION['compose']['attachments'][$id]['path'];
header('Content-Type: ' . $_SESSION['compose']['attachments'][$id]['mimetype']);
header('Content-Length: ' . filesize($apath));
readfile($apath);
}
}
exit;
}
// attachment upload action
// use common temp dir for file uploads
$temp_dir = unslashify($CONFIG['temp_dir']);
if (!is_array($_SESSION['compose']['attachments'])) {
$_SESSION['compose']['attachments'] = array();
}
// clear all stored output properties (like scripts and env vars)
$OUTPUT->reset();
if (is_array($_FILES['_attachments']['tmp_name'])) {
foreach ($_FILES['_attachments']['tmp_name'] as $i => $filepath) {
$tmpfname = tempnam($temp_dir, 'rcmAttmnt');
if (move_uploaded_file($filepath, $tmpfname)) {
$id = count($_SESSION['compose']['attachments']);
$_SESSION['compose']['attachments'][] = array(
'name' => $_FILES['_attachments']['name'][$i],
'mimetype' => rc_mime_content_type($tmpfname, $_FILES['_attachments']['type'][$i]),
'path' => $tmpfname,
);
if (is_file($icon = $CONFIG['skin_path'] . '/images/icons/remove-attachment.png')) {
$button = html::img(array(
'src' => $icon,
'alt' => rcube_label('delete'),
'style' => "padding-right:2px;vertical-align:middle",
));
}
else {
$button = Q(rcube_label('delete'));
}
$content = html::a(array(
'href' => "#delete",
'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%d', this)", JS_OBJECT_NAME, $id),
'title' => rcube_label('delete'),
), $button);
$content .= Q($_FILES['_attachments']['name'][$i]);
$OUTPUT->command('add2attachment_list', "rcmfile$id", $content);
}
else { // upload failed
$err = $_FILES['_attachments']['error'][$i];
if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE) {
$msg = rcube_label(array('name' => 'filesizeerror', 'vars' => array('size' => show_bytes(parse_bytes(ini_get('upload_max_filesize'))))));
}
else {
$msg = rcube_label('fileuploaderror');
}
$OUTPUT->command('display_message', $msg, 'error');
}
}
}
else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$OUTPUT->command('display_message', rcube_label('fileuploaderror'), 'error');
}
// send html page with JS calls as response
$OUTPUT->command('show_attachment_form', false);
$OUTPUT->command('auto_save_start', false);
$OUTPUT->send('iframe');
?>
|