Webmail Reply/Forward error in compose.php

MurphDog · 07-17-2003, 02:48 AM

Forgot to mention this change also...
I was getting the following errors

Quote:

Getting this when looking at my email list
Quote:
Warning: Cannot set time limit in safe mode in /home/virtual/site156/fst/var/www/html/modules/WebMail/inbox.php on line 37

Getting this when looking at the single email.
Quote:
Warning: Cannot set time limit in safe mode in /home/virtual/site156/fst/var/www/html/modules/WebMail/readmail.php on line 66

and I did the @ as this guy suggested.

Quote:

Quote:

By default, scripts are allowed to run for only 30 seconds. By setting "set_time_limit" to 0, it's telling the server not to impose any time limits. That function though cannot be executed if safe_mode is on. To suppress the first set of warnings all you have to do is prepend an at sign on the line like this: @set_time_limit(0); The script will time out when it hits 30 seconds. This won't be noticable unless you're sending/receiving a lot of mail at one time.

Not sure what's causing the second batch of warnings

IACOJ · 07-17-2003, 11:38 AM

Depending on what version of php you are using that @ will actually shut off errors so they don't display.

Can you go back and remove the @ and tell us what the errors are with debug on please.

MurphDog · 07-17-2003, 01:24 PM

Ok, debug is on, the @ in the 2 files is out, and still no change with that specific page. Check it out www.murphykling.com.

IACOJ · 07-17-2003, 01:38 PM

That didn't do what I thought it would. Ok shut it off again.

Maybe it is something more specific.

Do you get any errors when you try to read mail? Or if you are creating mail but not forwarding or replying?

MurphDog · 07-17-2003, 01:53 PM

This is the error I get when reading mail, as why the @ fix was suggested.

Quote:

SQL query: Select * from nuke_popsettings where id = 5

Warning: Cannot set time limit in safe mode in /home/virtual/site155/fst/var/www/html/modules/WebMail/readmail.php on line 66
SQL query: select account from nuke_popsettings where id='5'

No error when creating a new mail message

IACOJ · 07-17-2003, 01:55 PM

Talk to your host and see if they will disable safe mode for you.

MurphDog · 07-20-2003, 05:00 PM

Unfortunately, there's no way they are gonna disable safe mode, but I did locate the fix for this exact same error message in 6.0. Within the next few days I'm going to try and compare the files and figure out what the problem is. According to the fix description, it has to do with the readmail.php file.

MurphDog · 07-21-2003, 10:51 AM

Just to try it out, I uploaded the 6.0 fix to see what error it would give. I got none. These are the differences I noticed in the 2 versions.

Any suggestions on how to edit 6.8's readmail.php?

Line 21
6.8

Code:

if (!eregi("modules.php", $_SERVER['PHP_SELF'])) {

6.0

Code:

if (!eregi("modules.php", $PHP_SELF)) {

line 103
6.0

Code:

$message = $d->Result();

6.8

Code:

echo "<tr>
    <td align=\"left\" bgcolor=\"$bgcolor2\">"._SUBJECT.":</td>
    <td>".htmlspecialchars($subject)."</td>
    </tr><tr>
    <td align=\"left\" bgcolor=\"$bgcolor2\">"._DATE.":</td>
    <td>".htmlspecialchars($d->Headers("Date")) ."</td>
    </tr><tr>
    <td colspan=2>
    <table border=0 width=100% cellspacing=0><tr><td bgcolor=$bgcolor2>
    <table border=0 width=100% cellspacing=5 cellpadding=0><tr><td bgcolor=\"$bgcolor2\">
    <form action=\"modules.php?name=$module_name&file=inbox\" method=\"post\">
    <input type=hidden name=\"id\" value=\"$id\">
    <input type=hidden name=\"op\" value=\"delete\">
    <input type=hidden name=\"msgid\" value=\"$msgid\">
    <input type=submit value=\""._DELETE."\">";
if ($email_send == 1) {
    echo "</form>
	</td><td bgcolor=\"$bgcolor2\">
	<form action=modules.php?name=$module_name&file=compose method=\"post\">
	<input type=hidden name=to value=\"".htmlspecialchars($from_address)."\">
	<input type=hidden name=subject value=\"".htmlspecialchars($subject)."\">
	<input type=hidden name=body value=\"".htmlspecialchars($content)."\">
	<input type=hidden name=op value=\"reply\">
	<input type=submit value=\""._REPLY."\">
	</form>
	</td><td bgcolor=\"$bgcolor2\" width=\"100%\">
	<form action=\"modules.php?name=$module_name&file=compose\" method=\"post\">
	<input type=hidden name=\"to\" value=\"".htmlspecialchars($from_address)."\">
	<input type=hidden name=\"subject\" value=\"".htmlspecialchars($subject)."\">
	<input type=hidden name=\"body\" value=\"".htmlspecialchars($content)."\">
	<input type=hidden name=\"op\" value=\"forward\">
	<input type=submit value=\""._FORWARD."\">
	</form>";
}
echo "</td></tr></table></tr></td></table></td></tr><tr><td colspan=2 bgcolor=\"$bgcolor2\">";
OpenTable();
$message = $d->Result();

6.0 fix

Code:

$message = $d->Result();
$rtext = "";
for ($j=0;$j<count($message);$j++) {
    for ($i=0;$i<count($message[$j]);$i++) {
	if (chop($message[$j][$i]["attachments"]) != '') {
	    $att_txt .= " <a href=\"".$d->attachment_path."/".$message[$j][$i]["attachments"]."\">".$message[$j][$i]["attachments"]."</a>";
	}
    }
    for ($i=0;$i<count($message[$j]);$i++) {
	if (eregi("text/html", $message[$j][$i]["body"]["type"])) {
	    $res = quoted_printable_decode($message[$j][$i]["body"]["body"]);
    	    $res = ereg_replace("(=\n)", "", $res);
    	    $res = eregi_replace("(<body)", "<xbody", $res);
    	    $res = eregi_replace("(<meta)", "<xmeta", $res);
	    $body_fix  = "
";
	    $body_fix .= $res;
	} else {
    	    $body_fix = nl2br(htmlspecialchars($message[$j][$i]["body"]["body"]))."
";
	}
	$content = $rtext .= strip_tags($message[$j][$i]["body"]["body"]);
    }
}

echo "<tr>
    <td align=\"left\" bgcolor=\"$bgcolor2\">"._SUBJECT.":</td>
    <td>".htmlspecialchars($subject)."</td>
    </tr><tr>
    <td align=\"left\" bgcolor=\"$bgcolor2\">"._DATE.":</td>
    <td>".htmlspecialchars($d->Headers("Date")) ."</td>
    </tr><tr>
    <td colspan=2>
    <table border=0 width=100% cellspacing=0><tr><td bgcolor=$bgcolor2>
    <table border=0 width=100% cellspacing=5 cellpadding=0><tr><td bgcolor=\"$bgcolor2\">
    <form action=\"modules.php?name=$module_name&file=inbox\" method=\"post\">
    <input type=hidden name=\"id\" value=\"$id\">
    <input type=hidden name=\"op\" value=\"delete\">
    <input type=hidden name=\"msgid\" value=\"$msgid\">
    <input type=submit value=\""._DELETE."\">";
if ($email_send == 1) {
    echo "</form>
	</td><td bgcolor=\"$bgcolor2\">
	<form action=modules.php?name=$module_name&file=compose method=\"post\">
	<input type=hidden name=to value=\"".htmlspecialchars($from_address)."\">
	<input type=hidden name=subject value=\"".htmlspecialchars($subject)."\">
	<input type=hidden name=body value=\"".htmlspecialchars($content)."\">
	<input type=hidden name=op value=\"reply\">
	<input type=submit value=\""._REPLY."\">
	</form>
	</td><td bgcolor=\"$bgcolor2\" width=\"100%\">
	<form action=\"modules.php?name=$module_name&file=compose\" method=\"post\">
	<input type=hidden name=\"to\" value=\"".htmlspecialchars($from_address)."\">
	<input type=hidden name=\"subject\" value=\"".htmlspecialchars($subject)."\">
	<input type=hidden name=\"body\" value=\"".htmlspecialchars($content)."\">
	<input type=hidden name=\"op\" value=\"forward\">
	<input type=submit value=\""._FORWARD."\">
	</form>";
}
echo "</td></tr></table></tr></td></table></td></tr><tr><td colspan=2 bgcolor=\"$bgcolor2\">";

OpenTable();
   echo $body_fix;
CloseTable();

echo "</td></tr></table>";

6.8

Code:

$message = $d->Result();
$rtext = "";

for ($j=0;$j<count($message);$j++) {
    for ($i=0;$i<count($message[$j]);$i++) {
	if (chop($message[$j][$i]["attachments"]) != '') {
	    $att_txt .= " <a href=\"".$d->attachment_path."/".$message[$j][$i]["attachments"]."\">".$message[$j][$i]["attachments"]."</a>";
	}
    }
    for ($i=0;$i<count($message[$j]);$i++) {
	if (eregi("text/html", $message[$j][$i]["body"]["type"])) {
	    $res = quoted_printable_decode($message[$j][$i]["body"]["body"]);
    	    $res = ereg_replace("(=\n)", "", $res);
    	    $res = eregi_replace("(<body)", "<xbody", $res);
    	    $res = eregi_replace("(<meta)", "<xmeta", $res);
	    $res = filter_text($res); // Security fix by Ulf Harnhammar 2002
	    echo "
";
	    echo $res;
	} else {
    	    echo nl2br(htmlspecialchars($message[$j][$i]["body"]["body"]))."
";
	}
	$content = $rtext .= strip_tags($message[$j][$i]["body"]["body"]);
    }
}
CloseTable();
echo "</td></tr></table>";

MurphDog · 07-25-2003, 01:27 AM

Does anyone have any idea as to what code in this file inserts the original message into the text box? I think that is the problem.

What security issues did earlier versions of readmail.php have? Can I be safe with the 6.0 fix since I get no error with it and it adds the original msg to the text box?