source: subversion/trunk/roundcubemail/program/steps/mail/show.inc @ 483

Last change on this file since 483 was 483, checked in by thomasb, 6 years ago

Better input checking on GET and POST vars
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 6.1 KB
Line 
1<?php
2
3/*
4 +-----------------------------------------------------------------------+
5 | program/steps/mail/show.inc                                           |
6 |                                                                       |
7 | This file is part of the RoundCube Webmail client                     |
8 | Copyright (C) 2005, RoundCube Dev. - Switzerland                      |
9 | Licensed under the GNU GPL                                            |
10 |                                                                       |
11 | PURPOSE:                                                              |
12 |   Display a mail message similar as a usual mail application does     |
13 |                                                                       |
14 +-----------------------------------------------------------------------+
15 | Author: Thomas Bruederli <roundcube@gmail.com>                        |
16 +-----------------------------------------------------------------------+
17
18 $Id$
19
20*/
21
22require_once('Mail/mimeDecode.php');
23
24$PRINT_MODE = $_action=='print' ? TRUE : FALSE;
25
26// allow caching, unless remote images are present
27if ((bool)get_input_value('_safe', RCUBE_INPUT_GET))
28  send_nocacheing_headers();
29else
30  send_future_expire_header();
31
32// similar code as in program/steps/mail/get.inc
33if ($_GET['_uid'])
34  {
35  $MESSAGE = array('UID' => get_input_value('_uid', RCUBE_INPUT_GET));
36  $MESSAGE['headers'] = $IMAP->get_headers($MESSAGE['UID']);
37  $MESSAGE['structure'] = $IMAP->get_structure($MESSAGE['UID']);
38 
39  // go back to list if message not found (wrong UID)
40  if (!$MESSAGE['headers'] || !$MESSAGE['structure'])
41    {
42    show_message('messageopenerror', 'error');
43    if ($_action=='preview' && template_exists('messagepreview'))
44        parse_template('messagepreview');
45    else
46      {
47      $_action = 'list';
48      return;
49      }
50    }
51
52  $MESSAGE['subject'] = $IMAP->decode_header($MESSAGE['headers']->subject);
53 
54  if ($MESSAGE['structure'])
55    list($MESSAGE['parts'], $MESSAGE['attachments']) = rcmail_parse_message(
56      $MESSAGE['structure'],
57      array('safe' => (bool)$_GET['_safe'],
58            'prefer_html' => $CONFIG['prefer_html'],
59            'get_url' => $GET_URL.'&_part=%s')
60      );
61  else
62    $MESSAGE['body'] = $IMAP->get_body($MESSAGE['UID']);
63
64
65  // mark message as read
66  if (!$MESSAGE['headers']->seen && $_action != 'preview')
67    $IMAP->set_flag($MESSAGE['UID'], 'SEEN');
68
69  // give message uid to the client
70  $javascript = sprintf("%s.set_env('uid', '%s');\n", $JS_OBJECT_NAME, $MESSAGE['UID']);
71  $javascript .= sprintf("%s.set_env('safemode', '%b');", $JS_OBJECT_NAME, $_GET['_safe']);
72
73  $next = $prev = -1;
74  // get previous, first, next and last message UID
75  if (!($_SESSION['sort_col'] == 'date' && $_SESSION['sort_order'] == 'DESC') &&
76      $IMAP->get_capability('sort'))
77    {
78    // Only if we use custom sorting
79    $a_msg_index = $IMAP->message_index(NULL, $_SESSION['sort_col'], $_SESSION['sort_order']);
80 
81    $MESSAGE['index'] = array_search((string)$MESSAGE['UID'], $a_msg_index, TRUE);
82    $prev = isset($a_msg_index[$MESSAGE['index']-1]) ? $a_msg_index[$MESSAGE['index']-1] : -1 ;
83    $first = count($a_msg_index)>0 ? $a_msg_index[0] : -1;
84    $next = isset($a_msg_index[$MESSAGE['index']+1]) ? $a_msg_index[$MESSAGE['index']+1] : -1 ;
85    $last = count($a_msg_index)>0 ? $a_msg_index[count($a_msg_index)-1] : -1;
86    }
87  else
88    {
89    // this assumes that we are sorted by date_DESC
90    $seq = $IMAP->get_id($MESSAGE['UID']);
91    $prev = $IMAP->get_uid($seq + 1);
92    $first = $IMAP->get_uid($IMAP->messagecount());
93    $next = $IMAP->get_uid($seq - 1);
94    $last = $IMAP->get_uid(1);
95    $MESSAGE['index'] = $IMAP->messagecount() - $seq;
96    }
97 
98  if ($prev > 0)
99    $javascript .= sprintf("\n%s.set_env('prev_uid', '%s');", $JS_OBJECT_NAME, $prev);
100  if ($first >0)
101    $javascript .= sprintf("\n%s.set_env('first_uid', '%s');", $JS_OBJECT_NAME, $first);
102  if ($next > 0)
103    $javascript .= sprintf("\n%s.set_env('next_uid', '%s');", $JS_OBJECT_NAME, $next);
104  if ($last >0)
105    $javascript .= sprintf("\n%s.set_env('last_uid', '%s');", $JS_OBJECT_NAME, $last);
106
107  $OUTPUT->add_script($javascript);
108  }
109
110
111
112function rcmail_message_attachments($attrib)
113  {
114  global $CONFIG, $OUTPUT, $PRINT_MODE, $MESSAGE, $GET_URL, $JS_OBJECT_NAME;
115
116  if (sizeof($MESSAGE['attachments']))
117    {
118    // allow the following attributes to be added to the <ul> tag
119    $attrib_str = create_attrib_string($attrib, array('style', 'class', 'id'));
120    $out = '<ul' . $attrib_str . ">\n";
121
122    foreach ($MESSAGE['attachments'] as $attach_prop)
123      {
124      if ($PRINT_MODE)
125        $out .= sprintf('<li>%s (%s)</li>'."\n",
126                        $attach_prop->filename,
127                        show_bytes($attach_prop->size));
128      else
129        $out .= sprintf('<li><a href="%s&amp;_part=%s" onclick="return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)">%s</a></li>'."\n",
130                        htmlspecialchars($GET_URL),
131                        $attach_prop->mime_id,
132                        $JS_OBJECT_NAME,
133                        $attach_prop->mime_id,
134                        $attach_prop->mimetype,
135                        $attach_prop->filename);
136      }
137
138    $out .= "</ul>";
139    return $out;
140    } 
141  }
142
143
144
145function rcmail_remote_objects_msg($attrib)
146  {
147  global $CONFIG, $OUTPUT, $JS_OBJECT_NAME;
148 
149  if (!$attrib['id'])
150    $attrib['id'] = 'rcmremoteobjmsg';
151
152  // allow the following attributes to be added to the <div> tag
153  $attrib_str = create_attrib_string($attrib, array('style', 'class', 'id'));
154  $out = '<div' . $attrib_str . ">";
155 
156  $out .= sprintf('%s&nbsp;<a href="#loadimages" onclick="%s.command(\'load-images\')">%s</a>',
157                  Q(rcube_label('blockedimages')),
158                  $JS_OBJECT_NAME,
159                  Q(rcube_label('showimages')));
160 
161  $out .= '</div>';
162 
163  $OUTPUT->add_script(sprintf("%s.gui_object('remoteobjectsmsg', '%s');", $JS_OBJECT_NAME, $attrib['id']));
164  return $out;
165  }
166
167
168if ($_action=='print' && template_exists('printmessage'))
169  parse_template('printmessage');
170else if ($_action=='preview' && template_exists('messagepreview'))
171    parse_template('messagepreview');
172else
173  parse_template('message');
174?>
Note: See TracBrowser for help on using the repository browser.