program/steps/mail/attachments.inc

   1 <?php
   2
   3 /*
   4  +-----------------------------------------------------------------------+
   5  | program/steps/mail/attachments.inc                                    |
   6  |                                                                       |
   7  | This file is part of the RoundCube Webmail client                     |
   8  | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                 |
   9  | Licensed under the GNU GPL                                            |
  10  |                                                                       |
  11  | PURPOSE:                                                              |
  12  |   Upload, remove, display attachments in compose form                 |
  13  |                                                                       |
  14  +-----------------------------------------------------------------------+
  15  | Author: Thomas Bruederli <roundcube@gmail.com>                        |
  16  +-----------------------------------------------------------------------+
  17
  18  $Id: compose.inc 2081 2008-11-23 12:38:44Z thomasb $
  19
  20 */
  21
  22
  23 if (!$_SESSION['compose']) {
  24   die("Invalid session var!");
  25 }
  26
  27
  28 // remove an attachment
  29 if ($RCMAIL->action=='remove-attachment')
  30 {
  31   if (preg_match('/^rcmfile([0-9]+)$/', $_POST['_file'], $regs))
  32   {
  33     $id = $regs[1];
  34     if (is_array($_SESSION['compose']['attachments'][$id]))
  35     {
  36       @unlink($_SESSION['compose']['attachments'][$id]['path']);
  37       unset($_SESSION['compose']['attachments'][$id]);
  38       $OUTPUT->command('remove_from_attachment_list', "rcmfile$id");
  39       $OUTPUT->send();
  40     }
  41   }
  42   exit;
  43 }
  44
  45 if ($RCMAIL->action=='display-attachment')
  46 {
  47   if (preg_match('/^rcmfile([0-9]+)$/', $_GET['_file'], $regs))
  48   {
  49     $id = $regs[1];
  50     if (is_array($_SESSION['compose']['attachments'][$id]))
  51     {
  52       $apath = $_SESSION['compose']['attachments'][$id]['path'];
  53       header('Content-Type: ' . $_SESSION['compose']['attachments'][$id]['mimetype']);
  54       header('Content-Length: ' . filesize($apath));
  55       readfile($apath);
  56     }
  57   }
  58   exit;
  59 }
  60
  61 // attachment upload action
  62
  63 // use common temp dir for file uploads
  64 $temp_dir = unslashify($CONFIG['temp_dir']);
  65
  66 // #1484529: we need absolute path on Windows for move_uploaded_file()
  67 if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
  68   $temp_dir = realpath($temp_dir);
  69 }
  70
  71 if (!is_array($_SESSION['compose']['attachments'])) {
  72   $_SESSION['compose']['attachments'] = array();
  73 }
  74
  75 // clear all stored output properties (like scripts and env vars)
  76 $OUTPUT->reset();
  77
  78 if (is_array($_FILES['_attachments']['tmp_name'])) {
  79   foreach ($_FILES['_attachments']['tmp_name'] as $i => $filepath) {
  80     $tmpfname = tempnam($temp_dir, 'rcmAttmnt');
  81     if (move_uploaded_file($filepath, $tmpfname) && file_exists($tmpfname)) {
  82       $id = count($_SESSION['compose']['attachments']);
  83       $_SESSION['compose']['attachments'][] = array(
  84         'name' => $_FILES['_attachments']['name'][$i],
  85         'mimetype' => rc_mime_content_type($tmpfname, $_FILES['_attachments']['name'][$i], $_FILES['_attachments']['type'][$i]),
  86         'path' => $tmpfname,
  87       );
  88
  89       if (is_file($icon = $CONFIG['skin_path'] . '/images/icons/remove-attachment.png')) {
  90         $button = html::img(array(
  91           'src' => $icon,
  92           'alt' => rcube_label('delete'),
  93           'style' => "padding-right:2px;vertical-align:middle",
  94         ));
  95       }
  96       else {
  97         $button = Q(rcube_label('delete'));
  98       }
  99
 100       $content = html::a(array(
 101         'href' => "#delete",
 102         'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%d', this)", JS_OBJECT_NAME, $id),
 103         'title' => rcube_label('delete'),
 104       ), $button);
 105
 106       $content .= Q($_FILES['_attachments']['name'][$i]);
 107
 108       $OUTPUT->command('add2attachment_list', "rcmfile$id", $content);
 109     }
 110     else {  // upload failed
 111       $err = $_FILES['_attachments']['error'][$i];
 112       if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE) {
 113         $msg = rcube_label(array('name' => 'filesizeerror', 'vars' => array('size' => show_bytes(parse_bytes(ini_get('upload_max_filesize'))))));
 114       }
 115       else {
 116         $msg = rcube_label('fileuploaderror');
 117       }
 118
 119       $OUTPUT->command('display_message', $msg, 'error');
 120     }
 121   }
 122 }
 123 else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 124   $OUTPUT->command('display_message', rcube_label('fileuploaderror'), 'error');
 125 }
 126
 127 // send html page with JS calls as response
 128 $OUTPUT->command('show_attachment_form', false);
 129 $OUTPUT->command('auto_save_start', false);
 130 $OUTPUT->send('iframe');
 131
 132 ?>