Fixed mailto: again. Should work with all the cc, bcc, subject parameters as well. Sample Windows registry entry for HKEY_CLASSES_ROOT\mailto\shell\open\command is "C:\Program Files\Mozilla Firefox\firefox.exe" "http://example.org/webmail/src/mailto.php?emailaddress=%1" or "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "http://example.org/webmail/src/mailto.php?emailaddress=%1"

include/init.php

@@ -394,7 +394,7 @@ if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE))
 
 
 /**
- * Do something special for some pages. This is based on the PAGE_NAME constand
+ * Do something special for some pages. This is based on the PAGE_NAME constant
  * set at the top of every page.
  */
 switch (PAGE_NAME) {
@@ -430,6 +430,10 @@ switch (PAGE_NAME) {
         session_write_close();
         break;
 
+    case 'mailto':
+        // nothing to do
+        break;
+
     case 'redirect':
         require(SM_PATH . 'functions/auth.php');
         //nobreak;
@@ -531,8 +535,6 @@ switch (PAGE_NAME) {
             exit;
         }
 
-//FIXME: remove next line if the placement of the copy of this line above does not prove to be problematic
-        sqgetGlobalVar('username',$username,SQ_SESSION);
         sqgetGlobalVar('authz',$authz,SQ_SESSION);
 
         /**
@@ -673,6 +675,12 @@ if (version_compare(PHP_VERSION, "4.3.0", ">=")) {
     $oldErrorHandler = set_error_handler('SquirrelMailErrorhandler');
 }
 
+
+// ============================================================================
+// ================= End of Live Code, Beginning of Functions ================= 
+// ============================================================================
+
+
 /**
  * Javascript support detection function
  * @param boolean $reset recheck javascript support if set to true.

src/mailto.php

@@ -3,14 +3,30 @@
 /**
  * mailto.php -- mailto: url handler
  *
- * This checks to see if we're logged in.  If we are we open up a new
- * compose window for this email, otherwise we go to login.php
- * (the above functionality has been disabled, by default you are required to
- *  login first)
+ * This page facilitates handling mailto: links in SquirrelMail.  It checks 
+ * to see if we're logged in, and if we are, it refers the user to the
+ * compose screen (embedded in a normal, full SquirrelMail interface) with 
+ * the mailto: data auto-populated in the corresponding fields.  If there
+ * is no user currently logged in, the user is redirected to the login screen
+ * first, but after login, the compose screen is shown with the correct
+ * fields pre-populated.
+ *
+ * If the administrator desires, $compose_only can be set to TRUE, in which 
+ * case only a compose screen will show, not embedded in the normal 
+ * SquirrelMail interface.
+ *
+ * If the administrator wants to force a re-login every time a mailto: link
+ * is clicked on (no matter if a user was already logged in), set $force_login
+ * to TRUE.
+ *
+ * Use the following URI when configuring a computer to handle mailto: links
+ * by using SquirrelMail:
+ *
+ *  http://<your server>/<squirrelmail base dir>/src/mailto.php?emailaddress=%1
+ *
+ * see ../contrib/squirrelmail.mailto.NT2KXP.reg for a Windows Registry file
+ * that will set this up in the most robust manner.
  *
- * Use the following url to use mailto:
- * http://<your server>/<squirrelmail base dir>/src/mailto.php?emailaddress=%1
- * see ../contrib/squirrelmail.mailto.reg for a Windows Registry file
  * @copyright &copy; 1999-2007 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
@@ -20,37 +36,52 @@
 /** This is the mailto page */
 define('PAGE_NAME', 'mailto');
 
-// reduce the included files in int.php
-$bLogin = true;
-
 /**
  * Include the SquirrelMail initialization file.
  */
 require('../include/init.php');
 
-/* Force users to login each time? */
-$force_login  = true;
-/* Open only the compose window, meaningless if $force_login is true */
-$compose_only = false;
+
+// Force users to login each time?  Setting this to TRUE does NOT mean
+// that if no user is logged in that it won't require a correct login
+// first!  Instead, setting it to TRUE will log out anyone currently
+// logged in and force a re-login.  Setting this to FALSE will still
+// require a login if no one is logged in, but it will allow you to go
+// directly to compose your message if you are already logged in.
+//
+// Note, however, that depending on how the client browser manages
+// sessions and how the client operating system is set to handle
+// mailto: links, you may have to log in every time no matter what
+// (IE under WinXP appears to pop up a new window and thus always
+// start a new session; Firefox under WinXP seems to start a new tab
+// which will find a current login if one exists).
+//
+$force_login = FALSE;
+
+
+// Open only the compose window, meaningless if $force_login is TRUE
+//
+$compose_only = FALSE;
+
 
 header('Pragma: no-cache');
 
-$trtable = array('cc'           => 'send_to_cc',
-                 'bcc'          => 'send_to_bcc',
+$trtable = array('cc'           => 'cc',
+                 'bcc'          => 'bcc',
                  'body'         => 'body',
                  'subject'      => 'subject');
 $url = '';
 
 $data = array();
 
-if(sqgetGlobalVar('emailaddress', $emailaddress)) {
+if (sqgetGlobalVar('emailaddress', $emailaddress)) {
     $emailaddress = trim($emailaddress);
-    if(stristr($emailaddress, 'mailto:')) {
+    if (stristr($emailaddress, 'mailto:')) {
         $emailaddress = substr($emailaddress, 7);
     }
-    if(strpos($emailaddress, '?') !== false) {
+    if (strpos($emailaddress, '?') !== FALSE) {
         list($emailaddress, $a) = explode('?', $emailaddress, 2);
-        if(strlen(trim($a)) > 0) {
+        if (strlen(trim($a)) > 0) {
             $a = explode('=', $a, 2);
             $data[strtolower($a[0])] = $a[1];
         }
@@ -60,7 +91,7 @@ if(sqgetGlobalVar('emailaddress', $emailaddress)) {
     /* CC, BCC, etc could be any case, so we'll fix them here */
     foreach($_GET as $k=>$g) {
         $k = strtolower($k);
-        if(isset($trtable[$k])) {
+        if (isset($trtable[$k])) {
             $k = $trtable[$k];
             $data[$k] = $g;
         }
@@ -68,11 +99,11 @@ if(sqgetGlobalVar('emailaddress', $emailaddress)) {
 }
 sqsession_is_active();
 
-if($force_login == false && sqsession_is_registered('user_is_logged_in')) {
-    if($compose_only == true) {
+if (!$force_login && sqsession_is_registered('user_is_logged_in')) {
+    if ($compose_only) {
         $redirect = 'compose.php?mailtodata=' . urlencode(serialize($data));
     } else {
-        $redirect = 'webmail.php?mailtodata=' . urlencode(serialize($data));
+        $redirect = 'webmail.php?right_frame=compose.php&mailtodata=' . urlencode(serialize($data));
     }
 } else {
     $redirect = 'login.php?mailtodata=' . urlencode(serialize($data));
@@ -80,4 +111,3 @@ if($force_login == false && sqsession_is_registered('user_is_logged_in')) {
 
 session_write_close();
 header('Location: ' . get_location() . '/' . $redirect);
-

src/webmail.php

@@ -34,7 +34,7 @@ if (!sqgetGlobalVar('mailbox', $mailbox)) {
 
 sqgetGlobalVar('right_frame', $right_frame, SQ_GET);
 
-if(!sqgetGlobalVar('mailtodata', $mailtodata)) {
+if (sqgetGlobalVar('mailtodata', $mailtodata)) {
     $mailtourl = 'mailtodata='.urlencode($mailtodata);
 } else {
     $mailtourl = '';