From: Thijs K. <ki...@us...> - 2007-01-07 17:30:52
|
Update of /cvsroot/squirrelmail/squirrelmail/functions In directory sc8-pr-cvs8.sourceforge.net:/tmp/cvs-serv7942/functions Modified Files: compose.php mailbox_display.php Log Message: Improve attachment file handling: use one new function to create a temp file for storing the attachment. This replaces the same code in five places. It also improves on the code, it's now much more safe against overwriting existing attachments by chance. Index: compose.php =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/functions/compose.php,v retrieving revision 1.1 retrieving revision 1.2 diff -u -w -r1.1 -r1.2 --- compose.php 7 Jan 2007 17:02:32 -0000 1.1 +++ compose.php 7 Jan 2007 17:30:09 -0000 1.2 @@ -13,3 +13,49 @@ */ +/** + * Get a new file to write an attachment to. + * This function makes sure it doesn't overwrite other attachments, + * preventing collisions and race conditions. + * + * @return filename + * @since 1.5.2 + */ +function sq_get_attach_tempfile() +{ + global $username, $attachment_dir; + + $hashed_attachment_dir = getHashedDir($username, $attachment_dir); + + // using PHP >= 4.3.2 we can be truly atomic here + $filemods = check_php_version ( 4,3,2 ) ? 'x' : 'w'; + + // give up after 1000 tries + $TMP_MAX = 1000; + for ($try=0; $try<$TMP_MAX; ++$try) { + + $localfilename = GenerateRandomString(32, '', 7); + $full_localfilename = "$hashed_attachment_dir/$localfilename"; + + // filename collision. try again + if ( file_exists($full_localfilename) ) { + continue; + } + + // try to open for (binary) writing + $fp = @fopen( $full_localfilename, $filemods); + + if ( $fp !== FALSE ) { + // success! make sure it's not readable, close and return filename + chmod($full_localfilename, 0600); + fclose($fp); + return $full_localfilename; + } + } + + // we tried 1000 times but didn't succeed. + error_box( _("Could not open temporary file to store attachment. Contact your system administrator to resolve this issue.") ); + return FALSE; +} + + Index: mailbox_display.php =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/functions/mailbox_display.php,v retrieving revision 1.468 retrieving revision 1.469 diff -u -w -r1.468 -r1.469 --- mailbox_display.php 3 Jan 2007 09:26:44 -0000 1.468 +++ mailbox_display.php 7 Jan 2007 17:30:09 -0000 1.469 @@ -1477,9 +1477,6 @@ * @author Marc Groot Koerkamp */ function attachSelectedMessages($imapConnection,$aMsgHeaders) { - global $username, $attachment_dir, - $data_dir; - sqgetGlobalVar('composesession', $composesession, SQ_SESSION); sqgetGlobalVar('compose_messages', $compose_messages, SQ_SESSION); @@ -1496,8 +1493,6 @@ sqsession_register($composesession,'composesession'); } - $hashed_attachment_dir = getHashedDir($username, $attachment_dir); - $composeMessage = new Message(); $rfc822_header = new Rfc822Header(); $composeMessage->rfc822_header = $rfc822_header; @@ -1517,14 +1512,13 @@ $body = implode('', $body_a); $body .= "\r\n"; - $localfilename = GenerateRandomString(32, 'FILE', 7); - $full_localfilename = "$hashed_attachment_dir/$localfilename"; - - $fp = fopen( $full_localfilename, 'wb'); + $filename = sq_get_attach_tempfile(); + $fp = fopen($filename, 'wb'); fwrite ($fp, $body); fclose($fp); + $composeMessage->initAttachment('message/rfc822',$subject.'.msg', - $full_localfilename); + $filename); } } @@ -1532,3 +1526,4 @@ sqsession_register($compose_messages,'compose_messages'); return $composesession; } + |