Fixed resuming of compose when session expired while writing, and make

sure the code only sets those variables that are needed in compose and
are not already set. Thanks James Bercegay from GulfTech for pointing
this out.

ChangeLog

@@ -111,6 +111,10 @@ Version 1.5.2 - CVS
   - config_default.php is loaded before site configuration file.
     config_local.php overrides are removed from config.php and loaded by
     main initiation script.
+  - Fixed resuming of compose when session expired while writing, and make
+    sure the code only sets those variables that are needed in compose and
+    are not already set. Thanks James Bercegay from GulfTech for pointing
+    this out.
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------

functions/auth.php

@@ -33,11 +33,10 @@ function sqauth_is_logged_in() {
     if ( sqsession_is_registered('user_is_logged_in') ) {
         return true;
     } else {
-        global $PHP_SELF, $session_expired_post, $session_expired_location;
-
         //  First we store some information in the new session to prevent
         //  information-loss.
-        //
+        sqGetGlobalVar('PHP_SELF', $PHP_SELF, SQ_SERVER);
+
         $session_expired_post = $_POST;
         $session_expired_location = $PHP_SELF;
         if (!sqsession_is_registered('session_expired_post')) {
@@ -46,6 +45,7 @@ function sqauth_is_logged_in() {
         if (!sqsession_is_registered('session_expired_location')) {
             sqsession_register($session_expired_location,'session_expired_location');
         }
+        session_write_close();
 
         return false;
      }

src/compose.php

@@ -295,13 +295,18 @@ if (sqsession_is_registered('session_expired_post')) {
         sqsession_unregister('session_expired_post');
         session_write_close();
     } else {
-        foreach ($session_expired_post as $postvar => $val) {
-            if (isset($val)) {
-                $$postvar = $val;
-            } else {
-                $$postvar = '';
-            }
+        // these are the vars that we can set from the expired composed session   
+        $compo_var_list = array ( 'send_to', 'send_to_cc','body','startMessage',
+            'passed_body','use_signature','signature','attachments','subject','newmail',
+            'send_to_bcc', 'passed_id', 'mailbox', 'from_htmladdr_search', 'identity',
+            'draft_id', 'delete_draft', 'mailprio', 'edit_as_new', 'compose_messsages',
+            'composesession', 'request_mdn', 'request_dr');
+
+        foreach ($compo_var_list as $var) {
+            if ( isset($session_expired_post[$var]) && !isset($$var) ) {
+               $$var = $session_expired_post[$var];
         }
+
         $compose_messages = unserialize(urldecode($restoremessages));
         sqsession_register($compose_messages,'compose_messages');
         sqsession_register($composesession,'composesession');
@@ -681,7 +686,7 @@ function getforwardSubject($subject)
 function newMail ($mailbox='', $passed_id='', $passed_ent_id='', $action='', $session='') {
     global $editor_size, $default_use_priority, $body, $idents,
         $use_signature, $data_dir, $username,
-        $username, $key, $imapServerAddress, $imapPort, $compose_messages,
+        $key, $imapServerAddress, $imapPort, $compose_messages,
         $composeMessage, $body_quote;
     global $languages, $squirrelmail_language, $default_charset;
 
@@ -1035,7 +1040,7 @@ function showInputForm ($session, $values=false) {
         $from_htmladdr_search, $location_of_buttons, $attachment_dir,
         $username, $data_dir, $identity, $idents, $delete_draft,
         $mailprio, $compose_new_win, $saved_draft, $mail_sent, $sig_first,
-        $username, $compose_messages, $composesession, $default_charset,
+        $compose_messages, $composesession, $default_charset,
         $compose_onsubmit, $oTemplate;
 
     if (checkForJavascript()) {
@@ -1424,7 +1429,7 @@ function checkInput ($show) {
      * using $show=false, and then when i'm ready to display the error
      * message, show=true
      */
-    global $body, $send_to, $send_to_bcc, $subject, $color;
+    global $send_to, $send_to_bcc;
 
     if ($send_to == '' && $send_to_bcc == '') {
         if ($show) {

src/login.php

@@ -31,20 +31,31 @@ require_once(SM_PATH . 'functions/forms.php');
  */
 set_up_language($squirrelmail_language, TRUE, TRUE);
 
-/*
+/**
  * In case the last session was not terminated properly, make sure
- * we get a new one.
+ * we get a new one, but make sure we preserve session_expired_*
  */
-sqsession_destroy();
 /**
  * PHP bug. http://bugs.php.net/11643 (warning, spammed bug tracker) and
  * http://bugs.php.net/13834
  * SID constant is not destroyed in PHP 4.1.2, 4.2.3 and maybe other
  * versions. Produces warning on login page. Bug should be fixed only in 4.3.0
  */
-@sqsession_is_active();
-$_SESSION=array();
-
+if ( !empty($_SESSION['session_expired_post']) && !empty($_SESSION['session_expired_location']) ) {
+    $sep = $_SESSION['session_expired_post'];
+    $sel = $_SESSION['session_expired_location'];
+
+    sqsession_destroy();
+  
+    sqsession_is_active();
+    $_SESSION=array();
+    sqsession_register($sep, 'session_expired_post');
+    sqsession_register($sel, 'session_expired_location');
+} else {
+    sqsession_destroy();
+    @sqsession_is_active();
+    $_SESSION=array();
+}
 
 /**
  * This detects if the IMAP server has logins disabled, and if so,
@@ -174,4 +185,4 @@ $oTemplate->display('login.tpl');
 
 #trigger_error('login');
 $oTemplate->display('footer.tpl');
-?>
+?>

src/redirect.php

@@ -143,13 +143,15 @@ $redirect_url = $location . '/webmail.php';
 
 if ( sqgetGlobalVar('session_expired_location', $session_expired_location, SQ_SESSION) ) {
     sqsession_unregister('session_expired_location');
-    $compose_new_win = getPref($data_dir, $username, 'compose_new_win', 0);
-    if ($compose_new_win) {
-        // do not prefix $location here because $session_expired_location is set to PHP_SELF
-        // of the last page
-        $redirect_url = $session_expired_location;
-    } elseif ( strpos($session_expired_location, 'webmail.php') === FALSE ) {
-        $redirect_url = $location.'/webmail.php?right_frame='.urldecode($session_expired_location);
+    if ( strpos($session_expired_location, 'compose.php') !== FALSE ) {
+        $compose_new_win = getPref($data_dir, $username, 'compose_new_win', 0);
+        if ($compose_new_win) {
+            // do not prefix $location here because $session_expired_location is set to PHP_SELF
+            // of the last page
+            $redirect_url = $session_expired_location;
+        } else {
+            $redirect_url = $location.'/webmail.php?right_frame='.urldecode($session_expired_location);
+        }
     }
     unset($session_expired_location);
 }

src/webmail.php

@@ -36,9 +36,6 @@ if (!sqgetGlobalVar('mailbox', $mailbox)) {
 
 sqgetGlobalVar('right_frame', $right_frame, SQ_GET);
 
-if ( isset($_SESSION['session_expired_post']) ) {
-    sqsession_unregister('session_expired_post');
-}
 if(!sqgetGlobalVar('mailto', $mailto)) {
     $mailto = '';
 }