Roundcube Integration With An iFrame in a 3rd-Party CMS + Custom Attachments

Using RoundCube in a Custom Application/CMS

Recently I needed to use a clients existing RoundCube installation to allow users of a custom PHP application to send mail from the custom application using RoundCube’s interface.  The requirements where

  • Have the custom application/CMS interface display a New Message (compose) window from RoundCube
  • Prepopulate the email subject line, to email address, and add an attachment

Proposed Solution

  • Create a plugin to extend the core RoundCube plugin hook compose_message in order to support adding an attachment that exists on the RoundCube server, setting the to email address, and the subject line.
  • Use an iFrame to load the RoundCube interface and show the pre-populated Compose new message window

Setting Up The iFrame In The Custom Application

This is simply an iFrame with the parameters of the message which you would like to use, included in the URL (I used PHP to set these as you would too, for clarity here they are hard-coded).

<iframe id=”roundcube_interface” style=”width: 100%; height: 650px;”
src=”http://yourroundcubeserver.domain.com/roundcube/?_action=compose&_custom_app=true&_to=recipient@domain.com&_attach=/path/to/file/to/attach/on/roundcube/server.pdf&_subject=your subject line&_attach_display_name=invoice.php&_attach_mimetype=application/pdf” frameborder=”0″ width=”320″ height=”240″></iframe>

Explanation of the parameters:

  •  _custom_app=true                                         // flag to trigger the plugin
  •  to=recipient@email.com                                // recipient email address
  •  _attach=/tmp/PDF-am5xyi.pdf                 // path and file on the RoundCube server to attach
  •  _subject=Subject%20Line%20Here      // Subject line to use
  • _attach_display_name=invoice.pdf  // File name to display as the message attachment
  • _attach_mimetype=application/pdf   // File mime type.

The RoundCube Plugin Code

RoundCube provides ‘hooks’ into the functionality offered by their code. This plugin overrides the compose message hook and extends it to support adding attachments.

<?php
/**
 * This plugin will intercept a message compose if coming from a custom application and prepopulate
 * message defaults (including an attachment).
 * 
 * Install: It must be installed in the RoundCube plug-ins
 * directory ./compose_attach/compose_attach.php and enabled in the RoundCube config.
 * 
 * Usage: It should be called with:
 * https://roundcube.domain.com/roundcube/
 * 	?_action=compose
 * 	&_custom_app=true						// flag to trigger the plugin
 * 	&_to=recipient@email.com				// recipient email address
 * 	&_attach=/tmp/PDF-am5xyi.pdf				// path and file on the RoundCube server to attach 
 * 	&_subject=Subject%20Line%20Here			// Subject line to use 
 *  &_attach_display_name=invoice.pdf		// File name to display as the message attachment				
 *  &_attach_mimetype=application/pdf		// File mime type.
 *  
 * $Id: compose_attach.php 827 2012-07-30 21:14:34Z svn $
 */
class compose_attach extends rcube_plugin
{

  function init()
  {
    $this->add_hook('message_compose', array($this, 'message_compose'));
  }

  function message_compose($args)
  {

  	// check if sending from custom application
  	if ($args['param']['custom_app']) {
  		if ($args['param']['attach']) {
  			$args['attachments'] = array(array('path' => $args['param']['attach'], 'name' => $args['param']['attach_display_name'], 'mimetype' => $args['param']['attach_mimetype']));
  		}     
  	}
    return $args;
  }

}

Installing and Enabling the Plugin in RoundCube

Create a folder in your {roundcube root}/plugins/ directory called compose_attach and place the file above it in that directory as compose_attach.php. So you will end up with the following structure: {roundcube root}/plugins/compose_attach/compose_attach.php

To enable the plugin you will need to edit to edit the {roundcube root folder}/config/main.inc.php and modify the line (note you may/will have different plugins listed in that array):

from ->$rcmail_config['plugins'] = array(‘cpanellogin’,’cpanellogout’);

to -> $rcmail_config['plugins'] = array(‘cpanellogin’,’cpanellogout’, ‘compose_attach’);

Security Restrictions

  • CPanel/WHM: If running RoundCube through a Cpanel installation the security tokens will not get passed to the iframe after you login using the presented Cpanel webmail login dialog box. This can be fixed by disabling the Enable HTTP Authentication option in WHM’ Tweak Settingsinterface.The specific change can be accomplished using WebHost Manager via the following menu path (with linked documentation): WHM: Main >> Server Configuration >> Tweak Settings >> Security >> Enable HTTP Authentication [?] Enable HTTP Authentication for cPanel/WebMail/WHM Logins. This risks certain types of XSRF attacks that rely on cached HTTP Auth credentials. Disabling forces cookie authentication. Note that there are security implications of doing so.
  • RoundCube configuration and X-Frame-Options HTTP header causing the RoundCube interface to be blocked. This happens if your custom application/CMS is on a different domain from the RoundCube installation.  To fix it you need to edit to edit the {roundcube root folder}/config/main.inc.php and change the line:

    from ->$rcmail_config['x_frame_options'] = ‘sameorigin’;

    to -> $rcmail_config['x_frame_options'] = false;

    Note that there are security implications of doing so.

 

Reference Links

4 Responses to “Roundcube Integration With An iFrame in a 3rd-Party CMS + Custom Attachments”

  1. Raphael 29. Oct, 2012 at 6:49 am #

    Hi,

    You save my day ! I have to integrate Roundcube in my web application. I modify the indexp.php to allows authentication by GET VARS.

    But… when i want to integrate the result in an iframe… BLANK !

    But, with the help of your “security restrictions”… all works !

    Best regards from France

  2. admin 29. Oct, 2012 at 7:37 am #

    Hallo Raphael, je suis content d’avoir pu te aide – excuse my poor neglected French abilities.
    J.

  3. Tomothy 21. Aug, 2013 at 2:22 am #

    Dude, thanx for sharing this! Works perfect!

    Is there a way to prepopulate the message textarea,too?

    The parameter “_message=” unfortunately does not work…

  4. J S 25. Mar, 2014 at 5:45 pm #

    If you want to prepopulate the message area you can use:
    $args['param']['body'] = $args['param']['attach_message_body'];
    along with where the $args['param']['attach'] … line is and then define a parameter in the url like _attach_message_body=some message body text here… and remember to URLEncode the text of the _attach_message_body in the URL that redirects to RoundCube

    The Available Plugin Hooks parameters will help identify various other pre-filling/formatting options you could use with this approach.

Leave a Reply