|
0
|
1 <?php
|
|
|
2
|
|
|
3 /**
|
|
|
4 +-----------------------------------------------------------------------+
|
|
|
5 | program/steps/mail/attachments.inc |
|
|
|
6 | |
|
|
|
7 | This file is part of the Roundcube Webmail client |
|
|
|
8 | Copyright (C) 2005-2013, The Roundcube Dev Team |
|
|
|
9 | |
|
|
|
10 | Licensed under the GNU General Public License version 3 or |
|
|
|
11 | any later version with exceptions for skins & plugins. |
|
|
|
12 | See the README file for a full license statement. |
|
|
|
13 | |
|
|
|
14 | PURPOSE: |
|
|
|
15 | Upload, remove, display attachments in compose form |
|
|
|
16 | |
|
|
|
17 +-----------------------------------------------------------------------+
|
|
|
18 | Author: Thomas Bruederli <roundcube@gmail.com> |
|
|
|
19 +-----------------------------------------------------------------------+
|
|
|
20 */
|
|
|
21
|
|
|
22 // Upload progress update
|
|
|
23 if (!empty($_GET['_progress'])) {
|
|
|
24 $RCMAIL->upload_progress();
|
|
|
25 }
|
|
|
26
|
|
|
27 $COMPOSE_ID = rcube_utils::get_input_value('_id', rcube_utils::INPUT_GPC);
|
|
|
28 $COMPOSE = null;
|
|
|
29
|
|
|
30 if ($COMPOSE_ID && $_SESSION['compose_data_' . $COMPOSE_ID]) {
|
|
|
31 $SESSION_KEY = 'compose_data_' . $COMPOSE_ID;
|
|
|
32 $COMPOSE =& $_SESSION[$SESSION_KEY];
|
|
|
33 }
|
|
|
34
|
|
|
35 if (!$COMPOSE) {
|
|
|
36 die("Invalid session var!");
|
|
|
37 }
|
|
|
38
|
|
|
39 $file_id = rcube_utils::get_input_value('_file', rcube_utils::INPUT_GPC);
|
|
|
40 $file_id = preg_replace('/^rcmfile/', '', $file_id) ?: 'unknown';
|
|
|
41
|
|
|
42 // remove an attachment
|
|
|
43 if ($RCMAIL->action == 'remove-attachment') {
|
|
|
44 if ($attachment = $COMPOSE['attachments'][$file_id]) {
|
|
|
45 $attachment = $RCMAIL->plugins->exec_hook('attachment_delete', $attachment);
|
|
|
46 }
|
|
|
47
|
|
|
48 if ($attachment['status']) {
|
|
|
49 if (is_array($COMPOSE['attachments'][$file_id])) {
|
|
|
50 $RCMAIL->session->remove($SESSION_KEY . '.attachments.' . $file_id);
|
|
|
51 $OUTPUT->command('remove_from_attachment_list', "rcmfile$file_id");
|
|
|
52 }
|
|
|
53 }
|
|
|
54
|
|
|
55 $OUTPUT->send();
|
|
|
56 exit;
|
|
|
57 }
|
|
|
58
|
|
|
59 // rename an attachment
|
|
|
60 if ($RCMAIL->action == 'rename-attachment') {
|
|
|
61 $filename = rcube_utils::get_input_value('_name', rcube_utils::INPUT_POST);
|
|
|
62 $filename = trim($filename);
|
|
|
63
|
|
|
64 if (strlen($filename)
|
|
|
65 && ($attachment = $COMPOSE['attachments'][$file_id])
|
|
|
66 && is_array($attachment)
|
|
|
67 ) {
|
|
|
68 $attachment['name'] = $filename;
|
|
|
69 $RCMAIL->session->remove($SESSION_KEY . '.attachments. ' . $file_id);
|
|
|
70 $RCMAIL->session->append($SESSION_KEY . '.attachments', $attachment['id'], $attachment);
|
|
|
71 $OUTPUT->command('rename_attachment_handler', "rcmfile$file_id", $filename);
|
|
|
72 }
|
|
|
73
|
|
|
74 $OUTPUT->send();
|
|
|
75 exit;
|
|
|
76 }
|
|
|
77
|
|
|
78 if ($RCMAIL->action == 'display-attachment') {
|
|
|
79 $RCMAIL->display_uploaded_file($COMPOSE['attachments'][$file_id]);
|
|
|
80 exit;
|
|
|
81 }
|
|
|
82
|
|
|
83 /***** attachment upload action *****/
|
|
|
84
|
|
|
85 // clear all stored output properties (like scripts and env vars)
|
|
|
86 $OUTPUT->reset();
|
|
|
87
|
|
|
88 $uploadid = rcube_utils::get_input_value('_uploadid', rcube_utils::INPUT_GPC);
|
|
|
89 $uri = rcube_utils::get_input_value('_uri', rcube_utils::INPUT_POST);
|
|
|
90
|
|
|
91 // handle dropping a reference to an attachment part of some message
|
|
|
92 if ($uri) {
|
|
|
93 $url = parse_url($uri);
|
|
|
94 parse_str($url['query'], $params);
|
|
|
95
|
|
|
96 if (strlen($params['_mbox']) && $params['_uid'] && $params['_part']) {
|
|
|
97 // @TODO: at some point we might support drag-n-drop between
|
|
|
98 // two different accounts on the same server, for now make sure
|
|
|
99 // this is the same server and the same user
|
|
|
100 list($host, $port) = explode(':', $_SERVER['HTTP_HOST']);
|
|
|
101 if ($host == $url['host'] && $port == $url['port']
|
|
|
102 && $RCMAIL->get_user_name() == rawurldecode($url['user'])
|
|
|
103 ) {
|
|
|
104 $message = new rcube_message($params['_uid'], $params['_mbox']);
|
|
|
105
|
|
|
106 if ($message && !empty($message->headers)) {
|
|
|
107 $attachment = rcmail_save_attachment($message, $params['_part'], $COMPOSE_ID);
|
|
|
108 }
|
|
|
109 }
|
|
|
110 }
|
|
|
111
|
|
|
112 $plugin = $RCMAIL->plugins->exec_hook('attachment_from_uri', array(
|
|
|
113 'attachment' => $attachment, 'uri' => $uri, 'compose_id' => $COMPOSE_ID));
|
|
|
114
|
|
|
115 if ($plugin['attachment']) {
|
|
|
116 rcmail_attachment_success($plugin['attachment'], $uploadid);
|
|
|
117 }
|
|
|
118 else {
|
|
|
119 $OUTPUT->command('display_message', $RCMAIL->gettext('filelinkerror'), 'error');
|
|
|
120 $OUTPUT->command('remove_from_attachment_list', $uploadid);
|
|
|
121 }
|
|
|
122
|
|
|
123 $OUTPUT->send();
|
|
|
124 return;
|
|
|
125 }
|
|
|
126
|
|
|
127 // handle file(s) upload
|
|
|
128 if (is_array($_FILES['_attachments']['tmp_name'])) {
|
|
|
129 $multiple = count($_FILES['_attachments']['tmp_name']) > 1;
|
|
|
130 $errors = array();
|
|
|
131
|
|
|
132 foreach ($_FILES['_attachments']['tmp_name'] as $i => $filepath) {
|
|
|
133 // Process uploaded attachment if there is no error
|
|
|
134 $err = $_FILES['_attachments']['error'][$i];
|
|
|
135
|
|
|
136 if (!$err) {
|
|
|
137 $filename = $_FILES['_attachments']['name'][$i];
|
|
|
138 $filesize = $_FILES['_attachments']['size'][$i];
|
|
|
139 $filetype = rcube_mime::file_content_type($filepath, $filename, $_FILES['_attachments']['type'][$i]);
|
|
|
140
|
|
|
141 if ($err = rcmail_check_message_size($filesize, $filetype)) {
|
|
|
142 if (!in_array($err, $errors)) {
|
|
|
143 $OUTPUT->command('display_message', $err, 'error');
|
|
|
144 $OUTPUT->command('remove_from_attachment_list', $uploadid);
|
|
|
145 $errors[] = $err;
|
|
|
146 }
|
|
|
147 continue;
|
|
|
148 }
|
|
|
149
|
|
|
150 $attachment = $RCMAIL->plugins->exec_hook('attachment_upload', array(
|
|
|
151 'path' => $filepath,
|
|
|
152 'name' => $filename,
|
|
|
153 'size' => $filesize,
|
|
|
154 'mimetype' => $filetype,
|
|
|
155 'group' => $COMPOSE_ID,
|
|
|
156 ));
|
|
|
157 }
|
|
|
158
|
|
|
159 if (!$err && $attachment['status'] && !$attachment['abort']) {
|
|
|
160 // store new attachment in session
|
|
|
161 unset($attachment['status'], $attachment['abort']);
|
|
|
162 $RCMAIL->session->append($SESSION_KEY . '.attachments', $attachment['id'], $attachment);
|
|
|
163
|
|
|
164 rcmail_attachment_success($attachment, $uploadid);
|
|
|
165 }
|
|
|
166 else { // upload failed
|
|
|
167 if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE) {
|
|
|
168 $size = $RCMAIL->show_bytes(rcube_utils::max_upload_size());
|
|
|
169 $msg = $RCMAIL->gettext(array('name' => 'filesizeerror', 'vars' => array('size' => $size)));
|
|
|
170 }
|
|
|
171 else if ($attachment['error']) {
|
|
|
172 $msg = $attachment['error'];
|
|
|
173 }
|
|
|
174 else {
|
|
|
175 $msg = $RCMAIL->gettext('fileuploaderror');
|
|
|
176 }
|
|
|
177
|
|
|
178 if ($attachment['error'] || $err != UPLOAD_ERR_NO_FILE) {
|
|
|
179 if (!in_array($msg, $errors)) {
|
|
|
180 $OUTPUT->command('display_message', $msg, 'error');
|
|
|
181 $OUTPUT->command('remove_from_attachment_list', $uploadid);
|
|
|
182 $errors[] = $msg;
|
|
|
183 }
|
|
|
184 }
|
|
|
185 }
|
|
|
186 }
|
|
|
187 }
|
|
|
188 else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|
|
189 // if filesize exceeds post_max_size then $_FILES array is empty,
|
|
|
190 // show filesizeerror instead of fileuploaderror
|
|
|
191 if ($maxsize = ini_get('post_max_size')) {
|
|
|
192 $msg = $RCMAIL->gettext(array(
|
|
|
193 'name' => 'filesizeerror',
|
|
|
194 'vars' => array('size' => $RCMAIL->show_bytes(parse_bytes($maxsize)))
|
|
|
195 ));
|
|
|
196 }
|
|
|
197 else {
|
|
|
198 $msg = $RCMAIL->gettext('fileuploaderror');
|
|
|
199 }
|
|
|
200
|
|
|
201 $OUTPUT->command('display_message', $msg, 'error');
|
|
|
202 $OUTPUT->command('remove_from_attachment_list', $uploadid);
|
|
|
203 }
|
|
|
204
|
|
|
205 // send html page with JS calls as response
|
|
|
206 $OUTPUT->command('auto_save_start', false);
|
|
|
207 $OUTPUT->send('iframe');
|
|
|
208
|
|
|
209
|
|
|
210 function rcmail_attachment_success($attachment, $uploadid)
|
|
|
211 {
|
|
|
212 global $RCMAIL, $COMPOSE;
|
|
|
213
|
|
|
214 $id = $attachment['id'];
|
|
|
215
|
|
|
216 if (($icon = $COMPOSE['deleteicon']) && is_file($icon)) {
|
|
|
217 $button = html::img(array(
|
|
|
218 'src' => $icon,
|
|
|
219 'alt' => $RCMAIL->gettext('delete')
|
|
|
220 ));
|
|
|
221 }
|
|
|
222 else if ($COMPOSE['textbuttons']) {
|
|
|
223 $button = rcube::Q($RCMAIL->gettext('delete'));
|
|
|
224 }
|
|
|
225 else {
|
|
|
226 $button = '';
|
|
|
227 }
|
|
|
228
|
|
|
229 $link_content = sprintf('%s <span class="attachment-size"> (%s)</span>',
|
|
|
230 rcube::Q($attachment['name']), $RCMAIL->show_bytes($attachment['size']));
|
|
|
231
|
|
|
232 $content_link = html::a(array(
|
|
|
233 'href' => "#load",
|
|
|
234 'class' => 'filename',
|
|
|
235 'onclick' => sprintf("return %s.command('load-attachment','rcmfile%s', this, event)", rcmail_output::JS_OBJECT_NAME, $id),
|
|
|
236 ), $link_content);
|
|
|
237
|
|
|
238 $delete_link = html::a(array(
|
|
|
239 'href' => "#delete",
|
|
|
240 'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%s', this, event)", rcmail_output::JS_OBJECT_NAME, $id),
|
|
|
241 'title' => $RCMAIL->gettext('delete'),
|
|
|
242 'class' => 'delete',
|
|
|
243 'aria-label' => $RCMAIL->gettext('delete') . ' ' . $attachment['name'],
|
|
|
244 ), $button);
|
|
|
245
|
|
|
246 $content = $COMPOSE['icon_pos'] == 'left' ? $delete_link.$content_link : $content_link.$delete_link;
|
|
|
247
|
|
|
248 $RCMAIL->output->command('add2attachment_list', "rcmfile$id", array(
|
|
|
249 'html' => $content,
|
|
|
250 'name' => $attachment['name'],
|
|
|
251 'mimetype' => $attachment['mimetype'],
|
|
|
252 'classname' => rcube_utils::file2class($attachment['mimetype'], $attachment['name']),
|
|
|
253 'complete' => true), $uploadid);
|
|
|
254 }
|
|
|
255
|
|
|
256 /**
|
|
|
257 * Checks if the attached file will fit in message size limit.
|
|
|
258 * Calculates size of all attachments and compares with the limit.
|
|
|
259 *
|
|
|
260 * @param int $filesize File size
|
|
|
261 * @param string $filetype File mimetype
|
|
|
262 *
|
|
|
263 * @return string Error message if the limit is exceeded
|
|
|
264 */
|
|
|
265 function rcmail_check_message_size($filesize, $filetype)
|
|
|
266 {
|
|
|
267 global $RCMAIL, $COMPOSE;
|
|
|
268
|
|
|
269 $limit = parse_bytes($RCMAIL->config->get('max_message_size'));
|
|
|
270 $size = 10 * 1024; // size of message body
|
|
|
271
|
|
|
272 if (!$limit) {
|
|
|
273 return;
|
|
|
274 }
|
|
|
275
|
|
|
276 // add size of already attached files
|
|
|
277 foreach ((array) $COMPOSE['attachments'] as $att) {
|
|
|
278 // All attachments are base64-encoded except message/rfc822 (see sendmail.inc)
|
|
|
279 $multip = $att['mimetype'] == 'message/rfc822' ? 1 : 1.33;
|
|
|
280 $size += $att['size'] * $multip;
|
|
|
281 }
|
|
|
282
|
|
|
283 // add size of the new attachment
|
|
|
284 $multip = $filetype == 'message/rfc822' ? 1 : 1.33;
|
|
|
285 $size += $filesize * $multip;
|
|
|
286
|
|
|
287 if ($size > $limit) {
|
|
|
288 $limit = $RCMAIL->show_bytes($limit);
|
|
|
289 return $RCMAIL->gettext(array('name' => 'msgsizeerror', 'vars' => array('size' => $limit)));
|
|
|
290 }
|
|
|
291 }
|
