source: subversion/trunk/roundcubemail/program/steps/mail/show.inc @ 668

Last change on this file since 668 was 668, checked in by thomasb, 6 years ago

Some bugfixes, security issues + minor improvements
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 6.1 KB
Line 
1<?php
2
3/*
4 +-----------------------------------------------------------------------+
5 | program/steps/mail/show.inc                                           |
6 |                                                                       |
7 | This file is part of the RoundCube Webmail client                     |
8 | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland                 |
9 | Licensed under the GNU GPL                                            |
10 |                                                                       |
11 | PURPOSE:                                                              |
12 |   Display a mail message similar as a usual mail application does     |
13 |                                                                       |
14 +-----------------------------------------------------------------------+
15 | Author: Thomas Bruederli <roundcube@gmail.com>                        |
16 +-----------------------------------------------------------------------+
17
18 $Id$
19
20*/
21
22require_once('Mail/mimeDecode.php');
23
24$PRINT_MODE = $_action=='print' ? TRUE : FALSE;
25
26// similar code as in program/steps/mail/get.inc
27if ($_GET['_uid'])
28  {
29  $MESSAGE = array('UID' => get_input_value('_uid', RCUBE_INPUT_GET));
30  $MESSAGE['headers'] = $IMAP->get_headers($MESSAGE['UID']);
31 
32  // go back to list if message not found (wrong UID)
33  if (!$MESSAGE['headers'])
34    {
35    $OUTPUT->show_message('messageopenerror', 'error');
36    if ($_action=='preview' && template_exists('messagepreview'))
37        parse_template('messagepreview');
38    else
39      {
40      $_action = 'list';
41      return;
42      }
43    }
44
45  // calculate Etag for this request
46  $etag = md5($MESSAGE['UID'].$IMAP->get_mailbox_name().session_id().($PRINT_MODE?1:0));
47
48  // allow caching, unless remote images are present
49  if ((bool)get_input_value('_safe', RCUBE_INPUT_GET))
50    send_nocacheing_headers();
51  else if (empty($CONFIG['devel_mode']))
52    send_modified_header($_SESSION['login_time'], $etag);
53
54  $MESSAGE['subject'] = rcube_imap::decode_mime_string($MESSAGE['headers']->subject, $MESSAGE['headers']->charset);
55  $OUTPUT->set_pagetitle($MESSAGE['subject']);
56 
57  if ($MESSAGE['structure'] = $IMAP->get_structure($MESSAGE['UID']))
58    list($MESSAGE['parts'], $MESSAGE['attachments']) = rcmail_parse_message(
59      $MESSAGE['structure'],
60      array('safe' => (bool)$_GET['_safe'],
61            'prefer_html' => $CONFIG['prefer_html'],
62            'get_url' => $GET_URL.'&_part=%s')
63      );
64  else
65    $MESSAGE['body'] = $IMAP->get_body($MESSAGE['UID']);
66
67
68  // mark message as read
69  if (!$MESSAGE['headers']->seen && $_action != 'preview')
70    $IMAP->set_flag($MESSAGE['UID'], 'SEEN');
71
72  // give message uid to the client
73  $OUTPUT->set_env('uid', $MESSAGE['UID']);
74  $OUTPUT->set_env('safemode', (bool)$_GET['_safe']);
75
76  $next = $prev = -1;
77  // get previous, first, next and last message UID
78  if (!($_SESSION['sort_col'] == 'date' && $_SESSION['sort_order'] == 'DESC') &&
79      $IMAP->get_capability('sort'))
80    {
81    // Only if we use custom sorting
82    $a_msg_index = $IMAP->message_index(NULL, $_SESSION['sort_col'], $_SESSION['sort_order']);
83 
84    $MESSAGE['index'] = array_search((string)$MESSAGE['UID'], $a_msg_index, TRUE);
85    $prev = isset($a_msg_index[$MESSAGE['index']-1]) ? $a_msg_index[$MESSAGE['index']-1] : -1 ;
86    $first = count($a_msg_index)>0 ? $a_msg_index[0] : -1;
87    $next = isset($a_msg_index[$MESSAGE['index']+1]) ? $a_msg_index[$MESSAGE['index']+1] : -1 ;
88    $last = count($a_msg_index)>0 ? $a_msg_index[count($a_msg_index)-1] : -1;
89    }
90  else
91    {
92    // this assumes that we are sorted by date_DESC
93    $seq = $IMAP->get_id($MESSAGE['UID']);
94    $prev = $IMAP->get_uid($seq + 1);
95    $first = $IMAP->get_uid($IMAP->messagecount());
96    $next = $IMAP->get_uid($seq - 1);
97    $last = $IMAP->get_uid(1);
98    $MESSAGE['index'] = $IMAP->messagecount() - $seq;
99    }
100 
101  if ($prev > 0)
102    $OUTPUT->set_env('prev_uid', $prev);
103  if ($first >0)
104    $OUTPUT->set_env('first_uid', $first);
105  if ($next > 0)
106    $OUTPUT->set_env('next_uid', $next);
107  if ($last >0)
108    $OUTPUT->set_env('last_uid', $last);
109  }
110
111
112
113function rcmail_message_attachments($attrib)
114  {
115  global $CONFIG, $OUTPUT, $PRINT_MODE, $MESSAGE, $GET_URL;
116
117  if (sizeof($MESSAGE['attachments']))
118    {
119    // allow the following attributes to be added to the <ul> tag
120    $attrib_str = create_attrib_string($attrib, array('style', 'class', 'id'));
121    $out = '<ul' . $attrib_str . ">\n";
122
123    foreach ($MESSAGE['attachments'] as $attach_prop)
124      {
125      if ($PRINT_MODE)
126        $out .= sprintf('<li>%s (%s)</li>'."\n",
127                        $attach_prop->filename,
128                        show_bytes($attach_prop->size));
129      else
130        $out .= sprintf('<li><a href="%s&amp;_part=%s" onclick="return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)">%s</a></li>'."\n",
131                        htmlspecialchars($GET_URL),
132                        $attach_prop->mime_id,
133                        JS_OBJECT_NAME,
134                        $attach_prop->mime_id,
135                        $attach_prop->mimetype,
136                        $attach_prop->filename);
137      }
138
139    $out .= "</ul>";
140    return $out;
141    } 
142  }
143
144
145
146function rcmail_remote_objects_msg($attrib)
147  {
148  global $CONFIG, $OUTPUT;
149 
150  if (!$attrib['id'])
151    $attrib['id'] = 'rcmremoteobjmsg';
152
153  // allow the following attributes to be added to the <div> tag
154  $attrib_str = create_attrib_string($attrib, array('style', 'class', 'id'));
155  $out = '<div' . $attrib_str . ">";
156 
157  $out .= sprintf('%s&nbsp;<a href="#loadimages" onclick="%s.command(\'load-images\')">%s</a>',
158                  Q(rcube_label('blockedimages')),
159                  JS_OBJECT_NAME,
160                  Q(rcube_label('showimages')));
161 
162  $out .= '</div>';
163 
164  $OUTPUT->add_gui_object('remoteobjectsmsg', $attrib['id']);
165  return $out;
166  }
167
168
169$OUTPUT->add_handlers(array(
170  'messageattachments' => 'rcmail_message_attachments',
171  'blockedobjects' => 'rcmail_remote_objects_msg'));
172
173
174if ($_action=='print' && template_exists('printmessage'))
175  parse_template('printmessage');
176else if ($_action=='preview' && template_exists('messagepreview'))
177    parse_template('messagepreview');
178else
179  parse_template('message');
180?>
Note: See TracBrowser for help on using the repository browser.