program/steps/mail/attachments.inc

   1 <?php
   2
   3 /*
   4  +-----------------------------------------------------------------------+
   5  | program/steps/mail/attachments.inc                                    |
   6  |                                                                       |
   7  | This file is part of the Roundcube Webmail client                     |
   8  | Copyright (C) 2005-2009, Roundcube Dev. - Switzerland                 |
   9  | Licensed under the GNU GPL                                            |
  10  |                                                                       |
  11  | PURPOSE:                                                              |
  12  |   Upload, remove, display attachments in compose form                 |
  13  |                                                                       |
  14  +-----------------------------------------------------------------------+
  15  | Author: Thomas Bruederli <roundcube@gmail.com>                        |
  16  +-----------------------------------------------------------------------+
  17
  18  $Id: attachments.inc 3989 2010-09-25 13:03:53Z alec $
  19
  20 */
  21
  22
  23 if (!$_SESSION['compose']) {
  24   die("Invalid session var!");
  25 }
  26
  27
  28 // remove an attachment
  29 if ($RCMAIL->action=='remove-attachment')
  30 {
  31   $id = 'undefined';
  32   if (preg_match('/^rcmfile(\w+)$/', $_POST['_file'], $regs))
  33     $id = $regs[1];
  34   if ($attachment = $_SESSION['compose']['attachments'][$id])
  35     $attachment = $RCMAIL->plugins->exec_hook('attachment_delete', $attachment);
  36   if ($attachment['status']) {
  37     if (is_array($_SESSION['compose']['attachments'][$id])) {
  38       unset($_SESSION['compose']['attachments'][$id]);
  39       $OUTPUT->command('remove_from_attachment_list', "rcmfile$id");
  40     }
  41   }
  42
  43   $OUTPUT->send();
  44   exit;
  45 }
  46
  47 if ($RCMAIL->action=='display-attachment')
  48 {
  49   $id = 'undefined';
  50   if (preg_match('/^rcmfile(\w+)$/', $_GET['_file'], $regs))
  51     $id = $regs[1];
  52   if ($attachment = $_SESSION['compose']['attachments'][$id])
  53     $attachment = $RCMAIL->plugins->exec_hook('attachment_display', $attachment);
  54
  55   if ($attachment['status']) {
  56     if (empty($attachment['size']))
  57       $attachment['size'] = $attachment['data'] ? strlen($attachment['data']) : @filesize($attachment['path']);
  58
  59     header('Content-Type: ' . $attachment['mimetype']);
  60     header('Content-Length: ' . $attachment['size']);
  61
  62     if ($attachment['data'])
  63       echo $attachment['data'];
  64     else if ($attachment['path'])
  65       readfile($attachment['path']);
  66   }
  67   exit;
  68 }
  69
  70 // attachment upload action
  71
  72 if (!is_array($_SESSION['compose']['attachments'])) {
  73   $_SESSION['compose']['attachments'] = array();
  74 }
  75
  76 // clear all stored output properties (like scripts and env vars)
  77 $OUTPUT->reset();
  78
  79 $uploadid = get_input_value('_uploadid', RCUBE_INPUT_GET);
  80
  81 if (is_array($_FILES['_attachments']['tmp_name'])) {
  82   foreach ($_FILES['_attachments']['tmp_name'] as $i => $filepath) {
  83     $attachment = array(
  84       'path' => $filepath,
  85       'size' => $_FILES['_attachments']['size'][$i],
  86       'name' => $_FILES['_attachments']['name'][$i],
  87       'mimetype' => rc_mime_content_type($filepath, $_FILES['_attachments']['name'][$i], $_FILES['_attachments']['type'][$i])
  88     );
  89
  90     $attachment = $RCMAIL->plugins->exec_hook('attachment_upload', $attachment);
  91
  92     if ($attachment['status'] && !$attachment['abort']) {
  93       $id = $attachment['id'];
  94
  95       // store new attachment in session
  96       unset($attachment['status'], $attachment['abort']);
  97       $_SESSION['compose']['attachments'][$id] = $attachment;
  98
  99       if (($icon = $_SESSION['compose']['deleteicon']) && is_file($icon)) {
 100         $button = html::img(array(
 101           'src' => $icon,
 102           'alt' => rcube_label('delete')
 103         ));
 104       }
 105       else {
 106         $button = Q(rcube_label('delete'));
 107       }
 108
 109       $content = html::a(array(
 110         'href' => "#delete",
 111         'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%s', this)", JS_OBJECT_NAME, $id),
 112         'title' => rcube_label('delete'),
 113       ), $button);
 114
 115       $content .= Q($attachment['name']);
 116
 117       $OUTPUT->command('add2attachment_list', "rcmfile$id", array(
 118         'html' => $content,
 119         'name' => $attachment['name'],
 120         'mimetype' => $attachment['mimetype'],
 121         'complete' => true), $uploadid);
 122     }
 123     else {  // upload failed
 124       $err = $_FILES['_attachments']['error'][$i];
 125       if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE) {
 126         $msg = rcube_label(array('name' => 'filesizeerror', 'vars' => array('size' => show_bytes(parse_bytes(ini_get('upload_max_filesize'))))));
 127       }
 128       else if ($attachment['error']) {
 129         $msg = $attachment['error'];
 130       }
 131       else {
 132         $msg = rcube_label('fileuploaderror');
 133       }
 134
 135       $OUTPUT->command('display_message', $msg, 'error');
 136       $OUTPUT->command('remove_from_attachment_list', $uploadid);
 137     }
 138   }
 139 }
 140 else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 141   // if filesize exceeds post_max_size then $_FILES array is empty,
 142   // show filesizeerror instead of fileuploaderror
 143   if ($maxsize = ini_get('post_max_size'))
 144     $msg = rcube_label(array('name' => 'filesizeerror', 'vars' => array('size' => show_bytes(parse_bytes($maxsize)))));
 145   else
 146     $msg = rcube_label('fileuploaderror');
 147   $OUTPUT->command('display_message', $msg, 'error');
 148   $OUTPUT->command('remove_from_attachment_list', $uploadid);
 149 }
 150
 151 // send html page with JS calls as response
 152 $OUTPUT->command('auto_save_start', false);
 153 $OUTPUT->send('iframe');
 154