githubFork/roundcubemail.git

Fix path traversal vulnerability in setting a skin (#1490620)

Aleksander Machniak

2015-12-22 21b523c29b2d022f27c5c730d3afd394aff5cd0f

commit \| author \| age
47124c	1	<?php
T	2
	3	/*
	4	+-----------------------------------------------------------------------+
60226a	5	\| program/include/rcmail_output_html.php \|
47124c	6	\| \|
e019f2	7	\| This file is part of the Roundcube Webmail client \|
0301d9	8	\| Copyright (C) 2006-2013, The Roundcube Dev Team \|
7fe381	9	\| \|
T	10	\| Licensed under the GNU General Public License version 3 or \|
	11	\| any later version with exceptions for skins & plugins. \|
	12	\| See the README file for a full license statement. \|
47124c	13	\| \|
T	14	\| PURPOSE: \|
	15	\| Class to handle HTML page output using a skin template. \|
	16	\| \|
	17	+-----------------------------------------------------------------------+
	18	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
	19	+-----------------------------------------------------------------------+
041c93	20	*/
47124c	21
T	22
	23	/**
	24	* Class to create HTML page output using a skin template
	25	*
60226a	26	* @package Core
9ab346	27	* @subpackage View
47124c	28	*/
60226a	29	class rcmail_output_html extends rcmail_output
47124c	30	{
c8a21d	31	public $type = 'html';
0c2596	32
A	33	protected $message = null;
	34	protected $js_env = array();
	35	protected $js_labels = array();
	36	protected $js_commands = array();
8fa22e	37	protected $skin_paths = array();
0c2596	38	protected $template_name;
A	39	protected $scripts_path = '';
	40	protected $script_files = array();
	41	protected $css_files = array();
	42	protected $scripts = array();
	43	protected $default_template = "<html>\n<head><title></title></head>\n<body></body>\n</html>";
	44	protected $header = '';
	45	protected $footer = '';
	46	protected $body = '';
	47	protected $base_path = '';
538e64	48	protected $devel_mode = false;
47124c	49
7fcb56	50	// deprecated names of templates used before 0.5
0c2596	51	protected $deprecated_templates = array(
A	52	'contact' => 'showcontact',
	53	'contactadd' => 'addcontact',
	54	'contactedit' => 'editcontact',
7fcb56	55	'identityedit' => 'editidentity',
T	56	'messageprint' => 'printmessage',
	57	);
	58
47124c	59	/**
T	60	* Constructor
	61	*
197601	62	* @todo Replace $this->config with the real rcube_config object
47124c	63	*/
0c2596	64	public function __construct($task = null, $framed = false)
47124c	65	{
T	66	parent::__construct();
538e64	67
AM	68	$this->devel_mode = $this->config->get('devel_mode');
47124c	69
197601	70	//$this->framed = $framed;
83a763	71	$this->set_env('task', $task);
0c2596	72	$this->set_env('x_frame_options', $this->config->get('x_frame_options', 'sameorigin'));
3863a9	73	$this->set_env('standard_windows', (bool) $this->config->get('standard_windows'));
47124c	74
ae7027	75	// add cookie info
AM	76	$this->set_env('cookie_domain', ini_get('session.cookie_domain'));
	77	$this->set_env('cookie_path', ini_get('session.cookie_path'));
39b905	78	$this->set_env('cookie_secure', filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN));
ae7027	79
423065	80	// load the correct skin (in case user-defined)
740875	81	$skin = $this->config->get('skin');
AM	82	$this->set_skin($skin);
	83	$this->set_env('skin', $skin);
e58df3	84
271efe	85	if (!empty($_REQUEST['_extwin']))
0301d9	86	$this->set_env('extwin', 1);
d30460	87	if ($this->framed \|\| !empty($_REQUEST['_framed']))
0301d9	88	$this->set_env('framed', 1);
271efe	89
47124c	90	// add common javascripts
60226a	91	$this->add_script('var '.self::JS_OBJECT_NAME.' = new rcube_webmail();', 'head_top');
47124c	92
T	93	// don't wait for page onload. Call init at the bottom of the page (delayed)
60226a	94	$this->add_script(self::JS_OBJECT_NAME.'.init();', 'docready');
47124c	95
T	96	$this->scripts_path = 'program/js/';
79275b	97	$this->include_script('jquery.min.js');
47124c	98	$this->include_script('common.js');
T	99	$this->include_script('app.js');
	100
	101	// register common UI objects
	102	$this->add_handlers(array(
	103	'loginform' => array($this, 'login_form'),
8e211a	104	'preloader' => array($this, 'preloader'),
47124c	105	'username' => array($this, 'current_username'),
T	106	'message' => array($this, 'message_container'),
	107	'charsetselector' => array($this, 'charset_selector'),
1a0f60	108	'aboutcontent' => array($this, 'about_content'),
47124c	109	));
T	110	}
	111
	112	/**
	113	* Set environment variable
	114	*
	115	* @param string Property name
	116	* @param mixed Property value
	117	* @param boolean True if this property should be added to client environment
	118	*/
	119	public function set_env($name, $value, $addtojs = true)
	120	{
	121	$this->env[$name] = $value;
0301d9	122
47124c	123	if ($addtojs \|\| isset($this->js_env[$name])) {
T	124	$this->js_env[$name] = $value;
	125	}
	126	}
f645ce	127
T	128	/**
	129	* Getter for the current page title
	130	*
	131	* @return string The page title
	132	*/
0c2596	133	protected function get_pagetitle()
f645ce	134	{
T	135	if (!empty($this->pagetitle)) {
	136	$title = $this->pagetitle;
	137	}
	138	else if ($this->env['task'] == 'login') {
0c2596	139	$title = $this->app->gettext(array(
A	140	'name' => 'welcome',
	141	'vars' => array('product' => $this->config->get('product_name')
	142	)));
f645ce	143	}
T	144	else {
	145	$title = ucfirst($this->env['task']);
	146	}
ad334a	147
f645ce	148	return $title;
T	149	}
0c2596	150
e58df3	151	/**
A	152	* Set skin
	153	*/
	154	public function set_skin($skin)
	155	{
21b523	156	// Sanity check to prevent from path traversal vulnerability (#1490620)
AM	157	if (strpos($skin, '/') !== false \|\| strpos($skin, "\\") !== false) {
	158	rcube::raise_error(array(
	159	'file' => __FILE__,
	160	'line' => __LINE__,
	161	'message' => 'Invalid skin name'
	162	), true, false);
	163
	164	return false;
	165	}
	166
62c791	167	$valid = false;
b7addf	168	$path = RCUBE_INSTALL_PATH . 'skins/';
ad334a	169
b7addf	170	if (!empty($skin) && is_dir($path . $skin) && is_readable($path . $skin)) {
AM	171	$skin_path = 'skins/' . $skin;
	172	$valid = true;
62c791	173	}
T	174	else {
0c2596	175	$skin_path = $this->config->get('skin_path');
A	176	if (!$skin_path) {
aff970	177	$skin_path = 'skins/' . rcube_config::DEFAULT_SKIN;
0c2596	178	}
62c791	179	$valid = !$skin;
T	180	}
423065	181
73b146	182	$skin_path = rtrim($skin_path, '/');
AM	183
0c2596	184	$this->config->set('skin_path', $skin_path);
1730cf	185	$this->base_path = $skin_path;
ad334a	186
8fa22e	187	// register skin path(s)
TB	188	$this->skin_paths = array();
	189	$this->load_skin($skin_path);
	190
62c791	191	return $valid;
8fa22e	192	}
TB	193
	194	/**
	195	* Helper method to recursively read skin meta files and register search paths
	196	*/
	197	private function load_skin($skin_path)
	198	{
	199	$this->skin_paths[] = $skin_path;
	200
	201	// read meta file and check for dependecies
b7addf	202	$meta = @file_get_contents(RCUBE_INSTALL_PATH . $skin_path . '/meta.json');
AM	203	$meta = @json_decode($meta, true);
	204	if ($meta['extends']) {
	205	$path = RCUBE_INSTALL_PATH . 'skins/';
	206	if (is_dir($path . $meta['extends']) && is_readable($path . $meta['extends'])) {
	207	$this->load_skin('skins/' . $meta['extends']);
	208	}
8fa22e	209	}
e58df3	210	}
fc7b5b	211
T	212	/**
e58df3	213	* Check if a specific template exists
A	214	*
	215	* @param string Template name
	216	* @return boolean True if template exists
	217	*/
	218	public function template_exists($name)
	219	{
8fa22e	220	foreach ($this->skin_paths as $skin_path) {
b7addf	221	$filename = RCUBE_INSTALL_PATH . $skin_path . '/templates/' . $name . '.html';
AM	222	if ((is_file($filename) && is_readable($filename))
	223	\|\| ($this->deprecated_templates[$name] && $this->template_exists($this->deprecated_templates[$name]))
	224	) {
	225	return true;
	226	}
8fa22e	227	}
47124c	228
b7addf	229	return false;
AM	230	}
47124c	231
T	232	/**
28de39	233	* Find the given file in the current skin path stack
TB	234	*
	235	* @param string File name/path to resolve (starting with /)
	236	* @param string Reference to the base path of the matching skin
	237	* @param string Additional path to search in
	238	* @return mixed Relative path to the requested file or False if not found
	239	*/
bc53e2	240	public function get_skin_file($file, &$skin_path = null, $add_path = null)
28de39	241	{
TB	242	$skin_paths = $this->skin_paths;
	243	if ($add_path)
	244	array_unshift($skin_paths, $add_path);
	245
	246	foreach ($skin_paths as $skin_path) {
	247	$path = realpath($skin_path . $file);
	248	if (is_file($path)) {
	249	return $skin_path . $file;
	250	}
	251	}
	252
	253	return false;
	254	}
	255
	256	/**
47124c	257	* Register a GUI object to the client script
T	258	*
	259	* @param string Object name
	260	* @param string Object ID
	261	* @return void
	262	*/
	263	public function add_gui_object($obj, $id)
	264	{
60226a	265	$this->add_script(self::JS_OBJECT_NAME.".gui_object('$obj', '$id');");
47124c	266	}
T	267
	268	/**
	269	* Call a client method
	270	*
	271	* @param string Method to call
	272	* @param ... Additional arguments
	273	*/
	274	public function command()
	275	{
0e99d3	276	$cmd = func_get_args();
f66383	277	if (strpos($cmd[0], 'plugin.') !== false)
T	278	$this->js_commands[] = array('triggerEvent', $cmd[0], $cmd[1]);
	279	else
0e99d3	280	$this->js_commands[] = $cmd;
47124c	281	}
T	282
	283	/**
	284	* Add a localized label to the client environment
	285	*/
	286	public function add_label()
	287	{
cc97ea	288	$args = func_get_args();
T	289	if (count($args) == 1 && is_array($args[0]))
	290	$args = $args[0];
ad334a	291
cc97ea	292	foreach ($args as $name) {
0c2596	293	$this->js_labels[$name] = $this->app->gettext($name);
47124c	294	}
T	295	}
	296
	297	/**
	298	* Invoke display_message command
	299	*
7f5a84	300	* @param string $message Message to display
A	301	* @param string $type Message type [notice\|confirm\|error]
	302	* @param array $vars Key-value pairs to be replaced in localized text
	303	* @param boolean $override Override last set message
	304	* @param int $timeout Message display time in seconds
47124c	305	* @uses self::command()
T	306	*/
7f5a84	307	public function show_message($message, $type='notice', $vars=null, $override=true, $timeout=0)
47124c	308	{
69f18a	309	if ($override \|\| !$this->message) {
0c2596	310	if ($this->app->text_exists($message)) {
8dd172	311	if (!empty($vars))
A	312	$vars = array_map('Q', $vars);
0c2596	313	$msgtext = $this->app->gettext(array('name' => $message, 'vars' => $vars));
8dd172	314	}
A	315	else
	316	$msgtext = $message;
	317
69f18a	318	$this->message = $message;
7f5a84	319	$this->command('display_message', $msgtext, $type, $timeout * 1000);
69f18a	320	}
47124c	321	}
T	322
	323	/**
	324	* Delete all stored env variables and commands
4d1fe2	325	*
AM	326	* @param bool $all Reset all env variables (including internal)
47124c	327	*/
4d1fe2	328	public function reset($all = false)
47124c	329	{
e46d06	330	$framed = $this->framed;
4d1fe2	331	$env = $all ? null : array_intersect_key($this->env, array('extwin'=>1, 'framed'=>1));
d30460	332
0c2596	333	parent::reset();
d30460	334
TB	335	// let some env variables survive
	336	$this->env = $this->js_env = $env;
e46d06	337	$this->framed = $framed \|\| $this->env['framed'];
4d1fe2	338	$this->js_labels = array();
AM	339	$this->js_commands = array();
0c2596	340	$this->script_files = array();
A	341	$this->scripts = array();
	342	$this->header = '';
	343	$this->footer = '';
	344	$this->body = '';
e46d06	345
TB	346	// load defaults
	347	if (!$all) {
	348	$this->__construct();
	349	}
47124c	350	}
0c2596	351
47124c	352	/**
c719f3	353	* Redirect to a certain url
T	354	*
0c2596	355	* @param mixed $p Either a string with the action or url parameters as key-value pairs
A	356	* @param int $delay Delay in seconds
c719f3	357	*/
0c2596	358	public function redirect($p = array(), $delay = 1)
c719f3	359	{
271efe	360	if ($this->env['extwin'])
TB	361	$p['extwin'] = 1;
c719f3	362	$location = $this->app->url($p);
T	363	header('Location: ' . $location);
	364	exit;
	365	}
	366
	367	/**
47124c	368	* Send the request output to the client.
T	369	* This will either parse a skin tempalte or send an AJAX response
	370	*
	371	* @param string Template name
	372	* @param boolean True if script should terminate (default)
	373	*/
	374	public function send($templ = null, $exit = true)
	375	{
	376	if ($templ != 'iframe') {
a366a3	377	// prevent from endless loops
f78dab	378	if ($exit != 'recur' && $this->app->plugins->is_processing('render_page')) {
0c2596	379	rcube::raise_error(array('code' => 505, 'type' => 'php',
030db5	380	'file' => __FILE__, 'line' => __LINE__,
T	381	'message' => 'Recursion alert: ignoring output->send()'), true, false);
a366a3	382	return;
T	383	}
47124c	384	$this->parse($templ, false);
T	385	}
	386	else {
4d1fe2	387	$this->framed = true;
47124c	388	$this->write();
T	389	}
	390
c6514e	391	// set output asap
T	392	ob_flush();
	393	flush();
ad334a	394
c6514e	395	if ($exit) {
47124c	396	exit;
T	397	}
	398	}
0c2596	399
47124c	400	/**
T	401	* Process template and write to stdOut
	402	*
0c2596	403	* @param string $template HTML template content
47124c	404	*/
T	405	public function write($template = '')
	406	{
	407	// unlock interface after iframe load
5bfa44	408	$unlock = preg_replace('/[^a-z0-9]/i', '', $_REQUEST['_unlock']);
47124c	409	if ($this->framed) {
72e24b	410	array_unshift($this->js_commands, array('iframe_loaded', $unlock));
ad334a	411	}
A	412	else if ($unlock) {
	413	array_unshift($this->js_commands, array('hide_message', $unlock));
47124c	414	}
ef27a6	415
49dac9	416	if (!empty($this->script_files))
T	417	$this->set_env('request_token', $this->app->get_request_token());
ef27a6	418
47124c	419	// write all env variables to client
4d1fe2	420	if ($commands = $this->get_js_commands()) {
AM	421	$js = $this->framed ? "if (window.parent) {\n" : '';
	422	$js .= $commands . ($this->framed ? ' }' : '');
	423	$this->add_script($js, 'head_top');
	424	}
ad334a	425
c170bf	426	// send clickjacking protection headers
T	427	$iframe = $this->framed \|\| !empty($_REQUEST['_framed']);
	428	if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin')))
	429	header('X-Frame-Options: ' . ($iframe && $xframe == 'deny' ? 'sameorigin' : $xframe));
47124c	430
T	431	// call super method
0c2596	432	$this->_write($template, $this->config->get('skin_path'));
47124c	433	}
T	434
	435	/**
c739c7	436	* Parse a specific skin template and deliver to stdout (or return)
47124c	437	*
T	438	* @param string Template name
	439	* @param boolean Exit script
c739c7	440	* @param boolean Don't write to stdout, return parsed content instead
A	441	*
47124c	442	* @link http://php.net/manual/en/function.exit.php
T	443	*/
c739c7	444	function parse($name = 'main', $exit = true, $write = true)
47124c	445	{
ca18a9	446	$plugin = false;
A	447	$realname = $name;
8fa22e	448	$this->template_name = $realname;
8e99ff	449
8fa22e	450	$temp = explode('.', $name, 2);
e7008c	451	if (count($temp) > 1) {
ca18a9	452	$plugin = $temp[0];
A	453	$name = $temp[1];
0c2596	454	$skin_dir = $plugin . '/skins/' . $this->config->get('skin');
ca18a9	455
8fa22e	456	// apply skin search escalation list to plugin directory
TB	457	$plugin_skin_paths = array();
	458	foreach ($this->skin_paths as $skin_path) {
28de39	459	$plugin_skin_paths[] = $this->app->plugins->url . $plugin . '/' . $skin_path;
8fa22e	460	}
TB	461
	462	// add fallback to default skin
	463	if (is_dir($this->app->plugins->dir . $plugin . '/skins/default')) {
20d50d	464	$skin_dir = $plugin . '/skins/default';
28de39	465	$plugin_skin_paths[] = $this->app->plugins->url . $skin_dir;
8fa22e	466	}
TB	467
	468	// add plugin skin paths to search list
	469	$this->skin_paths = array_merge($plugin_skin_paths, $this->skin_paths);
	470	}
	471
	472	// find skin template
	473	$path = false;
	474	foreach ($this->skin_paths as $skin_path) {
	475	$path = "$skin_path/templates/$name.html";
	476
	477	// fallback to deprecated template names
	478	if (!is_readable($path) && $this->deprecated_templates[$realname]) {
	479	$path = "$skin_path/templates/" . $this->deprecated_templates[$realname] . ".html";
bc66f7	480
TB	481	if (is_readable($path)) {
	482	rcube::raise_error(array(
	483	'code' => 502, 'type' => 'php',
	484	'file' => __FILE__, 'line' => __LINE__,
	485	'message' => "Using deprecated template '" . $this->deprecated_templates[$realname]
	486	. "' in $skin_path/templates. Please rename to '$realname'"),
	487	true, false);
	488	}
8fa22e	489	}
TB	490
	491	if (is_readable($path)) {
	492	$this->config->set('skin_path', $skin_path);
3806f1	493	$this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path); // set base_path to core skin directory (not plugin's skin)
44e3bf	494	$skin_dir = preg_replace('!^plugins/!', '', $skin_path);
8fa22e	495	break;
TB	496	}
	497	else {
	498	$path = false;
20d50d	499	}
e7008c	500	}
ad334a	501
ff73e0	502	// read template file
8fa22e	503	if (!$path \|\| ($templ = @file_get_contents($path)) === false) {
0c2596	504	rcube::raise_error(array(
47124c	505	'code' => 501,
T	506	'type' => 'php',
	507	'line' => __LINE__,
	508	'file' => __FILE__,
ca18a9	509	'message' => 'Error loading template for '.$realname
397cf7	510	), true, $write);
47124c	511	return false;
T	512	}
ad334a	513
66f68e	514	// replace all path references to plugins/... with the configured plugins dir
T	515	// and /this/ to the current plugin skin directory
e7008c	516	if ($plugin) {
20d50d	517	$templ = preg_replace(array('/\bplugins\//', '/(["\']?)\/this\//'), array($this->app->plugins->url, '\\1'.$this->app->plugins->url.$skin_dir.'/'), $templ);
e7008c	518	}
47124c	519
T	520	// parse for specialtags
	521	$output = $this->parse_conditions($templ);
	522	$output = $this->parse_xml($output);
ad334a	523
742d61	524	// trigger generic hook where plugins can put additional content to the page
ca18a9	525	$hook = $this->app->plugins->exec_hook("render_page", array('template' => $realname, 'content' => $output));
47124c	526
e4a4ca	527	// save some memory
A	528	$output = $hook['content'];
	529	unset($hook['content']);
	530
5172ac	531	// make sure all <form> tags have a valid request token
T	532	$output = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $output);
	533	$this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer);
	534
c739c7	535	if ($write) {
A	536	// add debug console
0c2596	537	if ($realname != 'error' && ($this->config->get('debug_level') & 8)) {
909a3a	538	$this->add_footer('<div id="console" style="position:absolute;top:5px;left:5px;width:405px;padding:2px;background:white;z-index:9000;display:none">
c739c7	539	<a href="#toggle" onclick="con=$(\'#dbgconsole\');con[con.is(\':visible\')?\'hide\':\'show\']();return false">console</a>
f23073	540	<textarea name="console" id="dbgconsole" rows="20" cols="40" style="display:none;width:400px;border:none;font-size:10px" spellcheck="false"></textarea></div>'
c739c7	541	);
909a3a	542	$this->add_script(
A	543	"if (!window.console \|\| !window.console.log) {\n".
	544	" window.console = new rcube_console();\n".
	545	" $('#console').show();\n".
	546	"}", 'foot');
c739c7	547	}
A	548	$this->write(trim($output));
	549	}
	550	else {
	551	return $output;
47124c	552	}
ad334a	553
47124c	554	if ($exit) {
T	555	exit;
	556	}
	557	}
	558
	559	/**
	560	* Return executable javascript code for all registered commands
	561	*
	562	* @return string $out
	563	*/
0c2596	564	protected function get_js_commands()
47124c	565	{
T	566	$out = '';
	567	if (!$this->framed && !empty($this->js_env)) {
60226a	568	$out .= self::JS_OBJECT_NAME . '.set_env('.self::json_serialize($this->js_env).");\n";
47124c	569	}
4dcd43	570	if (!empty($this->js_labels)) {
T	571	$this->command('add_label', $this->js_labels);
	572	}
47124c	573	foreach ($this->js_commands as $i => $args) {
T	574	$method = array_shift($args);
	575	foreach ($args as $i => $arg) {
0c2596	576	$args[$i] = self::json_serialize($arg);
47124c	577	}
T	578	$parent = $this->framed \|\| preg_match('/^parent\./', $method);
	579	$out .= sprintf(
	580	"%s.%s(%s);\n",
60226a	581	($parent ? 'if(window.parent && parent.'.self::JS_OBJECT_NAME.') parent.' : '') . self::JS_OBJECT_NAME,
cc97ea	582	preg_replace('/^parent\./', '', $method),
T	583	implode(',', $args)
47124c	584	);
T	585	}
ad334a	586
47124c	587	return $out;
T	588	}
	589
	590	/**
	591	* Make URLs starting with a slash point to skin directory
	592	*
	593	* @param string Input string
28de39	594	* @param boolean True if URL should be resolved using the current skin path stack
47124c	595	* @return string
T	596	*/
28de39	597	public function abs_url($str, $search_path = false)
47124c	598	{
28de39	599	if ($str[0] == '/') {
TB	600	if ($search_path && ($file_url = $this->get_skin_file($str, $skin_path)))
	601	return $file_url;
	602
8fa22e	603	return $this->base_path . $str;
28de39	604	}
2aa2b3	605	else
A	606	return $str;
0c2596	607	}
A	608
	609	/**
	610	* Show error page and terminate script execution
	611	*
	612	* @param int $code Error code
	613	* @param string $message Error message
	614	*/
	615	public function raise_error($code, $message)
	616	{
	617	global $__page_content, $ERROR_CODE, $ERROR_MESSAGE;
	618
	619	$ERROR_CODE = $code;
	620	$ERROR_MESSAGE = $message;
	621
9be2f4	622	include RCUBE_INSTALL_PATH . 'program/steps/utils/error.inc';
0c2596	623	exit;
47124c	624	}
T	625
	626
	627	/*** Template parsing methods ***/
	628
	629	/**
	630	* Replace all strings ($varname)
	631	* with the content of the according global variable.
	632	*/
0c2596	633	protected function parse_with_globals($input)
47124c	634	{
0c2596	635	$GLOBALS['__version'] = html::quote(RCMAIL_VERSION);
A	636	$GLOBALS['__comm_path'] = html::quote($this->app->comm_path);
8fa22e	637	$GLOBALS['__skin_path'] = html::quote($this->base_path);
0c2596	638
5740c0	639	return preg_replace_callback('/\$(__[a-z0-9_\-]+)/',
0c2596	640	array($this, 'globals_callback'), $input);
5740c0	641	}
0c2596	642
5740c0	643	/**
A	644	* Callback funtion for preg_replace_callback() in parse_with_globals()
	645	*/
0c2596	646	protected function globals_callback($matches)
5740c0	647	{
A	648	return $GLOBALS[$matches[1]];
8fa22e	649	}
TB	650
	651	/**
	652	* Correct absolute paths in images and other tags
	653	* add timestamp to .js and .css filename
	654	*/
	655	protected function fix_paths($output)
	656	{
	657	return preg_replace_callback(
	658	'!(src\|href\|background)=(["\']?)([a-z0-9/_.-]+)(["\'\s>])!i',
	659	array($this, 'file_callback'), $output);
	660	}
	661
	662	/**
	663	* Callback function for preg_replace_callback in write()
	664	*
	665	* @return string Parsed string
	666	*/
	667	protected function file_callback($matches)
	668	{
	669	$file = $matches[3];
76f4f7	670	$file = preg_replace('!^/this/!', '/', $file);
8fa22e	671
TB	672	// correct absolute paths
	673	if ($file[0] == '/') {
	674	$file = $this->base_path . $file;
	675	}
	676
	677	// add file modification timestamp
538e64	678	if (preg_match('/\.(js\|css)$/', $file, $m)) {
c562a3	679	$file = $this->file_mod($file);
8fa22e	680	}
TB	681
	682	return $matches[1] . '=' . $matches[2] . $file . $matches[4];
c562a3	683	}
AM	684
	685	/**
	686	* Modify file by adding mtime indicator
	687	*/
	688	protected function file_mod($file)
	689	{
	690	$fs = false;
	691	$ext = substr($file, strrpos($file, '.') + 1);
	692
	693	// use minified file if exists (not in development mode)
	694	if (!$this->devel_mode && !preg_match('/\.min\.' . $ext . '$/', $file)) {
	695	$minified_file = substr($file, 0, strlen($ext) * -1) . 'min.' . $ext;
	696	if ($fs = @filemtime($minified_file)) {
	697	return $minified_file . '?s=' . $fs;
	698	}
	699	}
	700
	701	if ($fs = @filemtime($file)) {
	702	$file .= '?s=' . $fs;
	703	}
	704
	705	return $file;
47124c	706	}
0c2596	707
47124c	708	/**
T	709	* Public wrapper to dipp into template parsing.
	710	*
	711	* @param string $input
	712	* @return string
a7e8eb	713	* @uses rcmail_output_html::parse_xml()
47124c	714	* @since 0.1-rc1
T	715	*/
	716	public function just_parse($input)
	717	{
b01d84	718	$input = $this->parse_conditions($input);
AM	719	$input = $this->parse_xml($input);
	720
	721	return $input;
47124c	722	}
0c2596	723
47124c	724	/**
T	725	* Parse for conditional tags
	726	*
	727	* @param string $input
	728	* @return string
	729	*/
0c2596	730	protected function parse_conditions($input)
47124c	731	{
84581e	732	$matches = preg_split('/<roundcube:(if\|elseif\|else\|endif)\s+([^>]+)>\n?/is', $input, 2, PREG_SPLIT_DELIM_CAPTURE);
47124c	733	if ($matches && count($matches) == 4) {
T	734	if (preg_match('/^(else\|endif)$/i', $matches[1])) {
	735	return $matches[0] . $this->parse_conditions($matches[3]);
	736	}
0c2596	737	$attrib = html::parse_attrib_string($matches[2]);
47124c	738	if (isset($attrib['condition'])) {
T	739	$condmet = $this->check_condition($attrib['condition']);
84581e	740	$submatches = preg_split('/<roundcube:(elseif\|else\|endif)\s+([^>]+)>\n?/is', $matches[3], 2, PREG_SPLIT_DELIM_CAPTURE);
47124c	741	if ($condmet) {
T	742	$result = $submatches[0];
84581e	743	$result.= ($submatches[1] != 'endif' ? preg_replace('/.*<roundcube:endif\s+[^>]+>\n?/Uis', '', $submatches[3], 1) : $submatches[3]);
47124c	744	}
T	745	else {
	746	$result = "<roundcube:$submatches[1] $submatches[2]>" . $submatches[3];
	747	}
	748	return $matches[0] . $this->parse_conditions($result);
	749	}
0c2596	750	rcube::raise_error(array(
47124c	751	'code' => 500,
T	752	'type' => 'php',
	753	'line' => __LINE__,
	754	'file' => __FILE__,
	755	'message' => "Unable to parse conditional tag " . $matches[2]
	756	), true, false);
	757	}
	758	return $input;
	759	}
	760
	761	/**
	762	* Determines if a given condition is met
	763	*
	764	* @todo Extend this to allow real conditions, not just "set"
	765	* @param string Condition statement
8e1d4a	766	* @return boolean True if condition is met, False if not
47124c	767	*/
0c2596	768	protected function check_condition($condition)
47124c	769	{
029d18	770	return $this->eval_expression($condition);
549933	771	}
ad334a	772
549933	773	/**
2eb794	774	* Inserts hidden field with CSRF-prevention-token into POST forms
549933	775	*/
0c2596	776	protected function alter_form_tag($matches)
549933	777	{
0c2596	778	$out = $matches[0];
A	779	$attrib = html::parse_attrib_string($matches[1]);
ad334a	780
549933	781	if (strtolower($attrib['method']) == 'post') {
T	782	$hidden = new html_hiddenfield(array('name' => '_token', 'value' => $this->app->get_request_token()));
	783	$out .= "\n" . $hidden->show();
	784	}
ad334a	785
549933	786	return $out;
8e1d4a	787	}
A	788
	789	/**
58e3a5	790	* Parse & evaluate a given expression and return its result.
f790b4	791	*
AM	792	* @param string Expression statement
	793	*
	794	* @return mixed Expression result
8e1d4a	795	*/
f790b4	796	protected function eval_expression ($expression)
AM	797	{
58e3a5	798	$expression = preg_replace(
47124c	799	array(
T	800	'/session:([a-z0-9_]+)/i',
f645ce	801	'/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i',
40353f	802	'/env:([a-z0-9_]+)/i',
A	803	'/request:([a-z0-9_]+)/i',
	804	'/cookie:([a-z0-9_]+)/i',
8e99ff	805	'/browser:([a-z0-9_]+)/i',
A	806	'/template:name/i',
47124c	807	),
T	808	array(
	809	"\$_SESSION['\\1']",
d67485	810	"\$app->config->get('\\1',rcube_utils::get_boolean('\\3'))",
AW	811	"\$env['\\1']",
1aceb9	812	"rcube_utils::get_input_value('\\1', rcube_utils::INPUT_GPC)",
a17fe6	813	"\$_COOKIE['\\1']",
d67485	814	"\$browser->{'\\1'}",
8e99ff	815	$this->template_name,
47124c	816	),
58e3a5	817	$expression
AW	818	);
f790b4	819
d67485	820	$fn = create_function('$app,$browser,$env', "return ($expression);");
f790b4	821	if (!$fn) {
58e3a5	822	rcube::raise_error(array(
AW	823	'code' => 505,
	824	'type' => 'php',
	825	'file' => __FILE__,
	826	'line' => __LINE__,
	827	'message' => "Expression parse error on: ($expression)"), true, false);
f790b4	828
AM	829	return null;
58e3a5	830	}
f790b4	831
d67485	832	return $fn($this->app, $this->browser, $this->env);
47124c	833	}
T	834
	835	/**
	836	* Search for special tags in input and replace them
	837	* with the appropriate content
	838	*
	839	* @param string Input string to parse
	840	* @return string Altered input string
06655a	841	* @todo Use DOM-parser to traverse template HTML
47124c	842	* @todo Maybe a cache.
T	843	*/
0c2596	844	protected function parse_xml($input)
47124c	845	{
6af593	846	return preg_replace_callback('/<roundcube:([-_a-z]+)\s+((?:[^>]\|\\\\>)+)(?<!\\\\)>/Ui', array($this, 'xml_command'), $input);
6f488b	847	}
A	848
	849	/**
cc97ea	850	* Callback function for parsing an xml command tag
T	851	* and turn it into real html content
47124c	852	*
cc97ea	853	* @param array Matches array of preg_replace_callback
47124c	854	* @return string Tag/Object content
T	855	*/
0c2596	856	protected function xml_command($matches)
47124c	857	{
cc97ea	858	$command = strtolower($matches[1]);
0c2596	859	$attrib = html::parse_attrib_string($matches[2]);
47124c	860
T	861	// empty output if required condition is not met
	862	if (!empty($attrib['condition']) && !$this->check_condition($attrib['condition'])) {
	863	return '';
	864	}
	865
	866	// execute command
	867	switch ($command) {
	868	// return a button
	869	case 'button':
875a48	870	if ($attrib['name'] \|\| $attrib['command']) {
47124c	871	return $this->button($attrib);
T	872	}
	873	break;
	874
b7d33e	875	// frame
AM	876	case 'frame':
	877	return $this->frame($attrib);
	878	break;
	879
47124c	880	// show a label
T	881	case 'label':
8fa22e	882	if ($attrib['expression'])
fe245e	883	$attrib['name'] = $this->eval_expression($attrib['expression']);
8fa22e	884
47124c	885	if ($attrib['name'] \|\| $attrib['command']) {
0c2596	886	$vars = $attrib + array('product' => $this->config->get('product_name'));
c87806	887	unset($vars['name'], $vars['command']);
0d80fa	888
AM	889	$label = $this->app->gettext($attrib + array('vars' => $vars));
f707fe	890	$quoting = !empty($attrib['quoting']) ? strtolower($attrib['quoting']) : (rcube_utils::get_boolean((string)$attrib['html']) ? 'no' : '');
0d80fa	891
a5ce2d	892	// 'noshow' can be used in skins to define new labels
TB	893	if ($attrib['noshow']) {
	894	return '';
	895	}
	896
fa8f6e	897	switch ($quoting) {
TB	898	case 'no':
0d80fa	899	case 'raw':
AM	900	break;
fa8f6e	901	case 'javascript':
0d80fa	902	case 'js':
10da75	903	$label = rcube::JQ($label);
0d80fa	904	break;
AM	905	default:
	906	$label = html::quote($label);
	907	break;
fa8f6e	908	}
0d80fa	909
AM	910	return $label;
47124c	911	}
T	912	break;
	913
	914	// include a file
	915	case 'include':
8fa22e	916	$old_base_path = $this->base_path;
175739	917	if (!empty($attrib['skin_path'])) $attrib['skinpath'] = $attrib['skin_path'];
19b0d4	918	if ($path = $this->get_skin_file($attrib['file'], $skin_path, $attrib['skinpath'])) {
2a0d3f	919	$this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path); // set base_path to core skin directory (not plugin's skin)
28de39	920	$path = realpath($path);
8fa22e	921	}
0c2596	922
ff73e0	923	if (is_readable($path)) {
0c2596	924	if ($this->config->get('skin_include_php')) {
47124c	925	$incl = $this->include_php($path);
T	926	}
ff73e0	927	else {
cc97ea	928	$incl = file_get_contents($path);
T	929	}
b4f7c6	930	$incl = $this->parse_conditions($incl);
8fa22e	931	$incl = $this->parse_xml($incl);
TB	932	$incl = $this->fix_paths($incl);
	933	$this->base_path = $old_base_path;
	934	return $incl;
47124c	935	}
T	936	break;
	937
	938	case 'plugin.include':
cc97ea	939	$hook = $this->app->plugins->exec_hook("template_plugin_include", $attrib);
T	940	return $hook['content'];
ad334a	941
cc97ea	942	// define a container block
T	943	case 'container':
	944	if ($attrib['name'] && $attrib['id']) {
	945	$this->command('gui_container', $attrib['name'], $attrib['id']);
	946	// let plugins insert some content here
	947	$hook = $this->app->plugins->exec_hook("template_container", $attrib);
	948	return $hook['content'];
47124c	949	}
T	950	break;
	951
	952	// return code for a specific application object
	953	case 'object':
	954	$object = strtolower($attrib['name']);
cc97ea	955	$content = '';
47124c	956
T	957	// we are calling a class/method
	958	if (($handler = $this->object_handlers[$object]) && is_array($handler)) {
	959	if ((is_object($handler[0]) && method_exists($handler[0], $handler[1])) \|\|
	960	(is_string($handler[0]) && class_exists($handler[0])))
cc97ea	961	$content = call_user_func($handler, $attrib);
47124c	962	}
cc97ea	963	// execute object handler function
47124c	964	else if (function_exists($handler)) {
cc97ea	965	$content = call_user_func($handler, $attrib);
47124c	966	}
f23073	967	else if ($object == 'doctype') {
T	968	$content = html::doctype($attrib['value']);
	969	}
ae39c4	970	else if ($object == 'logo') {
T	971	$attrib += array('alt' => $this->xml_command(array('', 'object', 'name="productname"')));
a77504	972
fb4474	973	if ($logo = $this->config->get('skin_logo')) {
P	974	if (is_array($logo)) {
	975	if ($template_logo = $logo[$this->template_name]) {
	976	$attrib['src'] = $template_logo;
	977	}
	978	elseif ($template_logo = $logo['*']) {
	979	$attrib['src'] = $template_logo;
	980	}
	981	}
	982	else {
	983	$attrib['src'] = $logo;
	984	}
a77504	985	}
P	986
ae39c4	987	$content = html::img($attrib);
T	988	}
cc97ea	989	else if ($object == 'productname') {
0c2596	990	$name = $this->config->get('product_name', 'Roundcube Webmail');
A	991	$content = html::quote($name);
47124c	992	}
cc97ea	993	else if ($object == 'version') {
c8fb2b	994	$ver = (string)RCMAIL_VERSION;
9be2f4	995	if (is_file(RCUBE_INSTALL_PATH . '.svn/entries')) {
c8fb2b	996	if (preg_match('/Revision:\s(\d+)/', @shell_exec('svn info'), $regs))
T	997	$ver .= ' [SVN r'.$regs[1].']';
	998	}
9be2f4	999	else if (is_file(RCUBE_INSTALL_PATH . '.git/index')) {
914c3e	1000	if (preg_match('/Date:\s+([^\n]+)/', @shell_exec('git log -1'), $regs)) {
AM	1001	if ($date = date('Ymd.Hi', strtotime($regs[1]))) {
	1002	$ver .= ' [GIT '.$date.']';
	1003	}
	1004	}
	1005	}
0c2596	1006	$content = html::quote($ver);
47124c	1007	}
cc97ea	1008	else if ($object == 'steptitle') {
0c2596	1009	$content = html::quote($this->get_pagetitle());
f645ce	1010	}
cc97ea	1011	else if ($object == 'pagetitle') {
538e64	1012	if ($this->devel_mode && !empty($_SESSION['username']))
0c2596	1013	$title = $_SESSION['username'].' :: ';
A	1014	else if ($prod_name = $this->config->get('product_name'))
	1015	$title = $prod_name . ' :: ';
159763	1016	else
0c2596	1017	$title = '';
f645ce	1018	$title .= $this->get_pagetitle();
0c2596	1019	$content = html::quote($title);
47124c	1020	}
ad334a	1021
cc97ea	1022	// exec plugin hooks for this template object
T	1023	$hook = $this->app->plugins->exec_hook("template_object_$object", $attrib + array('content' => $content));
	1024	return $hook['content'];
8e1d4a	1025
A	1026	// return code for a specified eval expression
	1027	case 'exp':
f790b4	1028	return html::quote($this->eval_expression($attrib['expression']));
ad334a	1029
47124c	1030	// return variable
T	1031	case 'var':
	1032	$var = explode(':', $attrib['name']);
	1033	$name = $var[1];
	1034	$value = '';
	1035
	1036	switch ($var[0]) {
	1037	case 'env':
	1038	$value = $this->env[$name];
	1039	break;
	1040	case 'config':
0c2596	1041	$value = $this->config->get($name);
c321a9	1042	if (is_array($value) && $value[$_SESSION['storage_host']]) {
T	1043	$value = $value[$_SESSION['storage_host']];
47124c	1044	}
T	1045	break;
	1046	case 'request':
1aceb9	1047	$value = rcube_utils::get_input_value($name, rcube_utils::INPUT_GPC);
47124c	1048	break;
T	1049	case 'session':
	1050	$value = $_SESSION[$name];
	1051	break;
d4273b	1052	case 'cookie':
A	1053	$value = htmlspecialchars($_COOKIE[$name]);
	1054	break;
a17fe6	1055	case 'browser':
A	1056	$value = $this->browser->{$name};
	1057	break;
47124c	1058	}
T	1059
	1060	if (is_array($value)) {
	1061	$value = implode(', ', $value);
	1062	}
	1063
0c2596	1064	return html::quote($value);
deb2b8	1065
TB	1066	case 'form':
	1067	return $this->form_tag($attrib);
47124c	1068	}
T	1069	return '';
	1070	}
0c2596	1071
47124c	1072	/**
T	1073	* Include a specific file and return it's contents
	1074	*
	1075	* @param string File path
	1076	* @return string Contents of the processed file
	1077	*/
0c2596	1078	protected function include_php($file)
47124c	1079	{
T	1080	ob_start();
	1081	include $file;
	1082	$out = ob_get_contents();
	1083	ob_end_clean();
	1084
	1085	return $out;
	1086	}
	1087
	1088	/**
	1089	* Create and register a button
	1090	*
	1091	* @param array Named button attributes
	1092	* @return string HTML button
	1093	* @todo Remove all inline JS calls and use jQuery instead.
	1094	* @todo Remove all sprintf()'s - they are pretty, but also slow.
	1095	*/
ed132e	1096	public function button($attrib)
47124c	1097	{
T	1098	static $s_button_count = 100;
	1099
	1100	// these commands can be called directly via url
cc97ea	1101	$a_static_commands = array('compose', 'list', 'preferences', 'folders', 'identities');
47124c	1102
c49c35	1103	if (!($attrib['command'] \|\| $attrib['name'] \|\| $attrib['href'])) {
47124c	1104	return '';
T	1105	}
ae0c82	1106
47124c	1107	// try to find out the button type
T	1108	if ($attrib['type']) {
	1109	$attrib['type'] = strtolower($attrib['type']);
	1110	}
	1111	else {
	1112	$attrib['type'] = ($attrib['image'] \|\| $attrib['imagepas'] \|\| $attrib['imageact']) ? 'image' : 'link';
	1113	}
e9b5a6	1114
47124c	1115	$command = $attrib['command'];
T	1116
e9b5a6	1117	if ($attrib['task'])
T	1118	$command = $attrib['task'] . '.' . $command;
ad334a	1119
af3cf8	1120	if (!$attrib['image']) {
T	1121	$attrib['image'] = $attrib['imagepas'] ? $attrib['imagepas'] : $attrib['imageact'];
	1122	}
47124c	1123
T	1124	if (!$attrib['id']) {
	1125	$attrib['id'] = sprintf('rcmbtn%d', $s_button_count++);
	1126	}
	1127	// get localized text for labels and titles
	1128	if ($attrib['title']) {
0c2596	1129	$attrib['title'] = html::quote($this->app->gettext($attrib['title'], $attrib['domain']));
47124c	1130	}
T	1131	if ($attrib['label']) {
0c2596	1132	$attrib['label'] = html::quote($this->app->gettext($attrib['label'], $attrib['domain']));
47124c	1133	}
T	1134	if ($attrib['alt']) {
0c2596	1135	$attrib['alt'] = html::quote($this->app->gettext($attrib['alt'], $attrib['domain']));
47124c	1136	}
9b2ccd	1137
47124c	1138	// set title to alt attribute for IE browsers
c9e9fe	1139	if ($this->browser->ie && !$attrib['title'] && $attrib['alt']) {
A	1140	$attrib['title'] = $attrib['alt'];
47124c	1141	}
T	1142
	1143	// add empty alt attribute for XHTML compatibility
	1144	if (!isset($attrib['alt'])) {
	1145	$attrib['alt'] = '';
	1146	}
	1147
	1148	// register button in the system
	1149	if ($attrib['command']) {
	1150	$this->add_script(sprintf(
	1151	"%s.register_button('%s', '%s', '%s', '%s', '%s', '%s');",
60226a	1152	self::JS_OBJECT_NAME,
47124c	1153	$command,
T	1154	$attrib['id'],
	1155	$attrib['type'],
ae0c82	1156	$attrib['imageact'] ? $this->abs_url($attrib['imageact']) : $attrib['classact'],
A	1157	$attrib['imagesel'] ? $this->abs_url($attrib['imagesel']) : $attrib['classsel'],
	1158	$attrib['imageover'] ? $this->abs_url($attrib['imageover']) : ''
47124c	1159	));
T	1160
	1161	// make valid href to specific buttons
197601	1162	if (in_array($attrib['command'], rcmail::$main_tasks)) {
0c2596	1163	$attrib['href'] = $this->app->url(array('task' => $attrib['command']));
60226a	1164	$attrib['onclick'] = sprintf("return %s.command('switch-task','%s',this,event)", self::JS_OBJECT_NAME, $attrib['command']);
47124c	1165	}
e9b5a6	1166	else if ($attrib['task'] && in_array($attrib['task'], rcmail::$main_tasks)) {
0c2596	1167	$attrib['href'] = $this->app->url(array('action' => $attrib['command'], 'task' => $attrib['task']));
e9b5a6	1168	}
47124c	1169	else if (in_array($attrib['command'], $a_static_commands)) {
0c2596	1170	$attrib['href'] = $this->app->url(array('action' => $attrib['command']));
a25d39	1171	}
271efe	1172	else if (($attrib['command'] == 'permaurl' \|\| $attrib['command'] == 'extwin') && !empty($this->env['permaurl'])) {
29f977	1173	$attrib['href'] = $this->env['permaurl'];
T	1174	}
47124c	1175	}
T	1176
	1177	// overwrite attributes
	1178	if (!$attrib['href']) {
	1179	$attrib['href'] = '#';
	1180	}
e9b5a6	1181	if ($attrib['task']) {
T	1182	if ($attrib['classact'])
	1183	$attrib['class'] = $attrib['classact'];
	1184	}
	1185	else if ($command && !$attrib['onclick']) {
47124c	1186	$attrib['onclick'] = sprintf(
c28161	1187	"return %s.command('%s','%s',this,event)",
60226a	1188	self::JS_OBJECT_NAME,
47124c	1189	$command,
T	1190	$attrib['prop']
	1191	);
	1192	}
	1193
	1194	$out = '';
	1195
	1196	// generate image tag
0c2596	1197	if ($attrib['type'] == 'image') {
47124c	1198	$attrib_str = html::attrib_string(
T	1199	$attrib,
	1200	array(
c9e9fe	1201	'style', 'class', 'id', 'width', 'height', 'border', 'hspace',
A	1202	'vspace', 'align', 'alt', 'tabindex', 'title'
47124c	1203	)
T	1204	);
ae0c82	1205	$btn_content = sprintf('<img src="%s"%s />', $this->abs_url($attrib['image']), $attrib_str);
47124c	1206	if ($attrib['label']) {
T	1207	$btn_content .= ' '.$attrib['label'];
	1208	}
c9e9fe	1209	$link_attrib = array('href', 'onclick', 'onmouseover', 'onmouseout', 'onmousedown', 'onmouseup', 'target');
47124c	1210	}
0c2596	1211	else if ($attrib['type'] == 'link') {
356a67	1212	$btn_content = isset($attrib['content']) ? $attrib['content'] : ($attrib['label'] ? $attrib['label'] : $attrib['command']);
59cdb4	1213	$link_attrib = array_merge(html::$common_attrib, array('href', 'onclick', 'tabindex', 'target'));
5587b3	1214	if ($attrib['innerclass'])
T	1215	$btn_content = html::span($attrib['innerclass'], $btn_content);
47124c	1216	}
0c2596	1217	else if ($attrib['type'] == 'input') {
47124c	1218	$attrib['type'] = 'button';
T	1219
	1220	if ($attrib['label']) {
	1221	$attrib['value'] = $attrib['label'];
	1222	}
f94e44	1223	if ($attrib['command']) {
T	1224	$attrib['disabled'] = 'disabled';
	1225	}
47124c	1226
ce6433	1227	$out = html::tag('input', $attrib, null, array('type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex', 'disabled'));
47124c	1228	}
T	1229
	1230	// generate html code for button
	1231	if ($btn_content) {
59865f	1232	$attrib_str = html::attrib_string($attrib, array_merge($link_attrib, array('data-*')));
47124c	1233	$out = sprintf('<a%s>%s</a>', $attrib_str, $btn_content);
T	1234	}
	1235
bc2c43	1236	if ($attrib['wrapper']) {
AM	1237	$out = html::tag($attrib['wrapper'], null, $out);
47124c	1238	}
T	1239
	1240	return $out;
0c2596	1241	}
A	1242
	1243	/**
	1244	* Link an external script file
	1245	*
	1246	* @param string File URL
	1247	* @param string Target position [head\|foot]
	1248	*/
	1249	public function include_script($file, $position='head')
	1250	{
	1251	if (!preg_match('\|^https?://\|i', $file) && $file[0] != '/') {
c562a3	1252	$file = $this->file_mod($this->scripts_path . $file);
0c2596	1253	}
A	1254
	1255	if (!is_array($this->script_files[$position])) {
	1256	$this->script_files[$position] = array();
	1257	}
	1258
e46d06	1259	if (!in_array($file, $this->script_files[$position])) {
TB	1260	$this->script_files[$position][] = $file;
	1261	}
0c2596	1262	}
A	1263
	1264	/**
	1265	* Add inline javascript code
	1266	*
	1267	* @param string JS code snippet
	1268	* @param string Target position [head\|head_top\|foot]
	1269	*/
	1270	public function add_script($script, $position='head')
	1271	{
	1272	if (!isset($this->scripts[$position])) {
	1273	$this->scripts[$position] = "\n" . rtrim($script);
	1274	}
	1275	else {
	1276	$this->scripts[$position] .= "\n" . rtrim($script);
	1277	}
	1278	}
	1279
	1280	/**
	1281	* Link an external css file
	1282	*
	1283	* @param string File URL
	1284	*/
	1285	public function include_css($file)
	1286	{
	1287	$this->css_files[] = $file;
	1288	}
	1289
	1290	/**
	1291	* Add HTML code to the page header
	1292	*
	1293	* @param string $str HTML code
	1294	*/
	1295	public function add_header($str)
	1296	{
	1297	$this->header .= "\n" . $str;
	1298	}
	1299
	1300	/**
	1301	* Add HTML code to the page footer
	1302	* To be added right befor </body>
	1303	*
	1304	* @param string $str HTML code
	1305	*/
	1306	public function add_footer($str)
	1307	{
	1308	$this->footer .= "\n" . $str;
	1309	}
	1310
	1311	/**
	1312	* Process template and write to stdOut
	1313	*
	1314	* @param string HTML template
	1315	* @param string Base for absolute paths
	1316	*/
	1317	public function _write($templ = '', $base_path = '')
	1318	{
e2f90d	1319	$output = trim($templ);
AM	1320
	1321	if (empty($output)) {
	1322	$output = $this->default_template;
	1323	$is_empty = true;
	1324	}
0c2596	1325
A	1326	// set default page title
	1327	if (empty($this->pagetitle)) {
	1328	$this->pagetitle = 'Roundcube Mail';
	1329	}
	1330
	1331	// replace specialchars in content
	1332	$page_title = html::quote($this->pagetitle);
	1333	$page_header = '';
	1334	$page_footer = '';
	1335
	1336	// include meta tag with charset
	1337	if (!empty($this->charset)) {
	1338	if (!headers_sent()) {
	1339	header('Content-Type: text/html; charset=' . $this->charset);
	1340	}
	1341	$page_header = '<meta http-equiv="content-type"';
	1342	$page_header.= ' content="text/html; charset=';
	1343	$page_header.= $this->charset . '" />'."\n";
	1344	}
	1345
	1346	// definition of the code to be placed in the document header and footer
	1347	if (is_array($this->script_files['head'])) {
	1348	foreach ($this->script_files['head'] as $file) {
	1349	$page_header .= html::script($file);
	1350	}
	1351	}
	1352
	1353	$head_script = $this->scripts['head_top'] . $this->scripts['head'];
	1354	if (!empty($head_script)) {
	1355	$page_header .= html::script(array(), $head_script);
	1356	}
	1357
	1358	if (!empty($this->header)) {
	1359	$page_header .= $this->header;
	1360	}
	1361
	1362	// put docready commands into page footer
	1363	if (!empty($this->scripts['docready'])) {
	1364	$this->add_script('$(document).ready(function(){ ' . $this->scripts['docready'] . "\n});", 'foot');
	1365	}
	1366
	1367	if (is_array($this->script_files['foot'])) {
	1368	foreach ($this->script_files['foot'] as $file) {
	1369	$page_footer .= html::script($file);
	1370	}
	1371	}
	1372
	1373	if (!empty($this->footer)) {
	1374	$page_footer .= $this->footer . "\n";
	1375	}
	1376
	1377	if (!empty($this->scripts['foot'])) {
	1378	$page_footer .= html::script(array(), $this->scripts['foot']);
	1379	}
	1380
	1381	// find page header
	1382	if ($hpos = stripos($output, '</head>')) {
	1383	$page_header .= "\n";
	1384	}
	1385	else {
	1386	if (!is_numeric($hpos)) {
	1387	$hpos = stripos($output, '<body');
	1388	}
	1389	if (!is_numeric($hpos) && ($hpos = stripos($output, '<html'))) {
	1390	while ($output[$hpos] != '>') {
	1391	$hpos++;
	1392	}
	1393	$hpos++;
	1394	}
	1395	$page_header = "<head>\n<title>$page_title</title>\n$page_header\n</head>\n";
	1396	}
	1397
	1398	// add page hader
	1399	if ($hpos) {
	1400	$output = substr_replace($output, $page_header, $hpos, 0);
	1401	}
	1402	else {
	1403	$output = $page_header . $output;
	1404	}
	1405
	1406	// add page footer
	1407	if (($fpos = strripos($output, '</body>')) \|\| ($fpos = strripos($output, '</html>'))) {
	1408	$output = substr_replace($output, $page_footer."\n", $fpos, 0);
	1409	}
	1410	else {
	1411	$output .= "\n".$page_footer;
	1412	}
	1413
	1414	// add css files in head, before scripts, for speed up with parallel downloads
e2f90d	1415	if (!empty($this->css_files) && !$is_empty
AM	1416	&& (($pos = stripos($output, '<script ')) \|\| ($pos = stripos($output, '</head>')))
0c2596	1417	) {
A	1418	$css = '';
	1419	foreach ($this->css_files as $file) {
	1420	$css .= html::tag('link', array('rel' => 'stylesheet',
	1421	'type' => 'text/css', 'href' => $file, 'nl' => true));
	1422	}
	1423	$output = substr_replace($output, $css, $pos, 0);
	1424	}
	1425
2a0d3f	1426	$output = $this->parse_with_globals($this->fix_paths($output));
TB	1427
0c2596	1428	// trigger hook with final HTML content to be sent
be98df	1429	$hook = $this->app->plugins->exec_hook("send_page", array('content' => $output));
0c2596	1430	if (!$hook['abort']) {
a92beb	1431	if ($this->charset != RCUBE_CHARSET) {
AM	1432	echo rcube_charset::convert($hook['content'], RCUBE_CHARSET, $this->charset);
0c2596	1433	}
A	1434	else {
	1435	echo $hook['content'];
	1436	}
	1437	}
47124c	1438	}
T	1439
b7d33e	1440	/**
AM	1441	* Returns iframe object, registers some related env variables
	1442	*
	1443	* @param array $attrib HTML attributes
28de39	1444	* @param boolean $is_contentframe Register this iframe as the 'contentframe' gui object
b7d33e	1445	* @return string IFRAME element
AM	1446	*/
28de39	1447	public function frame($attrib, $is_contentframe = false)
b7d33e	1448	{
28de39	1449	static $idcount = 0;
TB	1450
b7d33e	1451	if (!$attrib['id']) {
28de39	1452	$attrib['id'] = 'rcmframe' . ++$idcount;
b7d33e	1453	}
AM	1454
28de39	1455	$attrib['name'] = $attrib['id'];
TB	1456	$attrib['src'] = $attrib['src'] ? $this->abs_url($attrib['src'], true) : 'program/resources/blank.gif';
b7d33e	1457
28de39	1458	// register as 'contentframe' object
e0f7b9	1459	if ($is_contentframe \|\| $attrib['contentframe']) {
AM	1460	$this->set_env('contentframe', $attrib['contentframe'] ? $attrib['contentframe'] : $attrib['name']);
28de39	1461	$this->set_env('blankpage', $attrib['src']);
TB	1462	}
b7d33e	1463
AM	1464	return html::iframe($attrib);
	1465	}
	1466
	1467
47124c	1468	/* *********** common functions delivering gui objects ************ */
T	1469
	1470	/**
197601	1471	* Create a form tag with the necessary hidden fields
T	1472	*
	1473	* @param array Named tag parameters
	1474	* @return string HTML code for the form
	1475	*/
	1476	public function form_tag($attrib, $content = null)
	1477	{
57f0c8	1478	if ($this->framed \|\| !empty($_REQUEST['_framed'])) {
197601	1479	$hiddenfield = new html_hiddenfield(array('name' => '_framed', 'value' => '1'));
T	1480	$hidden = $hiddenfield->show();
	1481	}
271efe	1482	if ($this->env['extwin']) {
TB	1483	$hiddenfield = new html_hiddenfield(array('name' => '_extwin', 'value' => '1'));
	1484	$hidden = $hiddenfield->show();
	1485	}
ad334a	1486
197601	1487	if (!$content)
T	1488	$attrib['noclose'] = true;
ad334a	1489
197601	1490	return html::tag('form',
deb2b8	1491	$attrib + array('action' => $this->app->comm_path, 'method' => "get"),
57f0c8	1492	$hidden . $content,
T	1493	array('id','class','style','name','method','action','enctype','onsubmit'));
	1494	}
ad334a	1495
57f0c8	1496	/**
T	1497	* Build a form tag with a unique request token
	1498	*
	1499	* @param array Named tag parameters including 'action' and 'task' values which will be put into hidden fields
	1500	* @param string Form content
	1501	* @return string HTML code for the form
	1502	*/
747797	1503	public function request_form($attrib, $content = '')
57f0c8	1504	{
T	1505	$hidden = new html_hiddenfield();
	1506	if ($attrib['task']) {
	1507	$hidden->add(array('name' => '_task', 'value' => $attrib['task']));
	1508	}
	1509	if ($attrib['action']) {
	1510	$hidden->add(array('name' => '_action', 'value' => $attrib['action']));
	1511	}
ad334a	1512
57f0c8	1513	unset($attrib['task'], $attrib['request']);
T	1514	$attrib['action'] = './';
ad334a	1515
57f0c8	1516	// we already have a <form> tag
0501b6	1517	if ($attrib['form']) {
T	1518	if ($this->framed \|\| !empty($_REQUEST['_framed']))
	1519	$hidden->add(array('name' => '_framed', 'value' => '1'));
57f0c8	1520	return $hidden->show() . $content;
0501b6	1521	}
57f0c8	1522	else
T	1523	return $this->form_tag($attrib, $hidden->show() . $content);
197601	1524	}
T	1525
	1526	/**
47124c	1527	* GUI object 'username'
T	1528	* Showing IMAP username of the current session
	1529	*
	1530	* @param array Named tag parameters (currently not used)
	1531	* @return string HTML code for the gui object
	1532	*/
197601	1533	public function current_username($attrib)
47124c	1534	{
T	1535	static $username;
	1536
	1537	// alread fetched
	1538	if (!empty($username)) {
	1539	return $username;
	1540	}
	1541
e99991	1542	// Current username is an e-mail address
A	1543	if (strpos($_SESSION['username'], '@')) {
	1544	$username = $_SESSION['username'];
	1545	}
929a50	1546	// get e-mail address from default identity
e99991	1547	else if ($sql_arr = $this->app->user->get_identity()) {
7e9cec	1548	$username = $sql_arr['email'];
47124c	1549	}
T	1550	else {
7e9cec	1551	$username = $this->app->user->get_username();
47124c	1552	}
T	1553
1aceb9	1554	return rcube_utils::idn_to_utf8($username);
47124c	1555	}
T	1556
	1557	/**
	1558	* GUI object 'loginform'
	1559	* Returns code for the webmail login form
	1560	*
	1561	* @param array Named parameters
	1562	* @return string HTML code for the gui object
	1563	*/
0c2596	1564	protected function login_form($attrib)
47124c	1565	{
0c2596	1566	$default_host = $this->config->get('default_host');
A	1567	$autocomplete = (int) $this->config->get('login_autocomplete');
47124c	1568
T	1569	$_SESSION['temp'] = true;
ad334a	1570
cc97ea	1571	// save original url
1aceb9	1572	$url = rcube_utils::get_input_value('_url', rcube_utils::INPUT_POST);
3a2b27	1573	if (empty($url) && !preg_match('/_(task\|action)=logout/', $_SERVER['QUERY_STRING']))
cc97ea	1574	$url = $_SERVER['QUERY_STRING'];
47124c	1575
b8dc3e	1576	// Disable autocapitalization on iPad/iPhone (#1488609)
AM	1577	$attrib['autocapitalize'] = 'off';
	1578
1cca4f	1579	// set atocomplete attribute
A	1580	$user_attrib = $autocomplete > 0 ? array() : array('autocomplete' => 'off');
	1581	$host_attrib = $autocomplete > 0 ? array() : array('autocomplete' => 'off');
	1582	$pass_attrib = $autocomplete > 1 ? array() : array('autocomplete' => 'off');
	1583
c3be8e	1584	$input_task = new html_hiddenfield(array('name' => '_task', 'value' => 'login'));
47124c	1585	$input_action = new html_hiddenfield(array('name' => '_action', 'value' => 'login'));
c8ae24	1586	$input_tzone = new html_hiddenfield(array('name' => '_timezone', 'id' => 'rcmlogintz', 'value' => '_default_'));
cc97ea	1587	$input_url = new html_hiddenfield(array('name' => '_url', 'id' => 'rcmloginurl', 'value' => $url));
8df6bb	1588	$input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser', 'required' => 'required')
1cca4f	1589	+ $attrib + $user_attrib);
8df6bb	1590	$input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'required' => 'required')
1cca4f	1591	+ $attrib + $pass_attrib);
47124c	1592	$input_host = null;
T	1593
f3e101	1594	if (is_array($default_host) && count($default_host) > 1) {
47124c	1595	$input_host = new html_select(array('name' => '_host', 'id' => 'rcmloginhost'));
T	1596
	1597	foreach ($default_host as $key => $value) {
	1598	if (!is_array($value)) {
	1599	$input_host->add($value, (is_numeric($key) ? $value : $key));
	1600	}
	1601	else {
	1602	$input_host = null;
	1603	break;
	1604	}
	1605	}
f3e101	1606	}
6ff0c3	1607	else if (is_array($default_host) && ($host = key($default_host)) !== null) {
f3e101	1608	$hide_host = true;
A	1609	$input_host = new html_hiddenfield(array(
6ff0c3	1610	'name' => '_host', 'id' => 'rcmloginhost', 'value' => is_numeric($host) ? $default_host[$host] : $host) + $attrib);
47124c	1611	}
e3e597	1612	else if (empty($default_host)) {
1cca4f	1613	$input_host = new html_inputfield(array('name' => '_host', 'id' => 'rcmloginhost')
A	1614	+ $attrib + $host_attrib);
47124c	1615	}
T	1616
	1617	$form_name = !empty($attrib['form']) ? $attrib['form'] : 'form';
	1618	$this->add_gui_object('loginform', $form_name);
	1619
	1620	// create HTML table with two cols
	1621	$table = new html_table(array('cols' => 2));
	1622
0c2596	1623	$table->add('title', html::label('rcmloginuser', html::quote($this->app->gettext('username'))));
1aceb9	1624	$table->add('input', $input_user->show(rcube_utils::get_input_value('_user', rcube_utils::INPUT_GPC)));
47124c	1625
0c2596	1626	$table->add('title', html::label('rcmloginpwd', html::quote($this->app->gettext('password'))));
497013	1627	$table->add('input', $input_pass->show());
47124c	1628
T	1629	// add host selection row
f3e101	1630	if (is_object($input_host) && !$hide_host) {
0c2596	1631	$table->add('title', html::label('rcmloginhost', html::quote($this->app->gettext('server'))));
1aceb9	1632	$table->add('input', $input_host->show(rcube_utils::get_input_value('_host', rcube_utils::INPUT_GPC)));
47124c	1633	}
T	1634
c3be8e	1635	$out = $input_task->show();
T	1636	$out .= $input_action->show();
c8ae24	1637	$out .= $input_tzone->show();
cc97ea	1638	$out .= $input_url->show();
47124c	1639	$out .= $table->show();
ad334a	1640
f3e101	1641	if ($hide_host) {
A	1642	$out .= $input_host->show();
	1643	}
47124c	1644
b23f20	1645	if (rcube_utils::get_boolean($attrib['submit'])) {
AM	1646	$submit = new html_inputfield(array('type' => 'submit', 'id' => 'rcmloginsubmit',
	1647	'class' => 'button mainaction', 'value' => $this->app->gettext('login')));
	1648	$out .= html::p('formbuttons', $submit->show());
	1649	}
	1650
47124c	1651	// surround html output with a form tag
T	1652	if (empty($attrib['form'])) {
f3e101	1653	$out = $this->form_tag(array('name' => $form_name, 'method' => 'post'), $out);
47124c	1654	}
T	1655
086b15	1656	// include script for timezone detection
TB	1657	$this->include_script('jstz.min.js');
	1658
47124c	1659	return $out;
T	1660	}
	1661
	1662	/**
8e211a	1663	* GUI object 'preloader'
A	1664	* Loads javascript code for images preloading
	1665	*
	1666	* @param array Named parameters
	1667	* @return void
	1668	*/
0c2596	1669	protected function preloader($attrib)
8e211a	1670	{
A	1671	$images = preg_split('/[\s\t\n,]+/', $attrib['images'], -1, PREG_SPLIT_NO_EMPTY);
	1672	$images = array_map(array($this, 'abs_url'), $images);
	1673
	1674	if (empty($images) \|\| $this->app->task == 'logout')
	1675	return;
	1676
0c2596	1677	$this->add_script('var images = ' . self::json_serialize($images) .';
8e211a	1678	for (var i=0; i<images.length; i++) {
A	1679	img = new Image();
	1680	img.src = images[i];
044d66	1681	}', 'docready');
8e211a	1682	}
A	1683
	1684	/**
47124c	1685	* GUI object 'searchform'
T	1686	* Returns code for search function
	1687	*
	1688	* @param array Named parameters
	1689	* @return string HTML code for the gui object
	1690	*/
0c2596	1691	protected function search_form($attrib)
47124c	1692	{
T	1693	// add some labels to client
	1694	$this->add_label('searching');
	1695
	1696	$attrib['name'] = '_q';
	1697
	1698	if (empty($attrib['id'])) {
	1699	$attrib['id'] = 'rcmqsearchbox';
	1700	}
a3f149	1701	if ($attrib['type'] == 'search' && !$this->browser->khtml) {
2eb794	1702	unset($attrib['type'], $attrib['results']);
a3f149	1703	}
ad334a	1704
47124c	1705	$input_q = new html_inputfield($attrib);
T	1706	$out = $input_q->show();
	1707
	1708	$this->add_gui_object('qsearchbox', $attrib['id']);
	1709
	1710	// add form tag around text field
	1711	if (empty($attrib['form'])) {
197601	1712	$out = $this->form_tag(array(
b23f20	1713	'name' => "rcmqsearchform",
60226a	1714	'onsubmit' => self::JS_OBJECT_NAME . ".command('search'); return false",
b23f20	1715	'style' => "display:inline"),
2eb794	1716	$out);
47124c	1717	}
T	1718
	1719	return $out;
	1720	}
	1721
	1722	/**
	1723	* Builder for GUI object 'message'
	1724	*
	1725	* @param array Named tag parameters
	1726	* @return string HTML code for the gui object
	1727	*/
0c2596	1728	protected function message_container($attrib)
47124c	1729	{
T	1730	if (isset($attrib['id']) === false) {
	1731	$attrib['id'] = 'rcmMessageContainer';
	1732	}
	1733
	1734	$this->add_gui_object('message', $attrib['id']);
0c2596	1735
A	1736	return html::div($attrib, '');
47124c	1737	}
T	1738
	1739	/**
	1740	* GUI object 'charsetselector'
	1741	*
	1742	* @param array Named parameters for the select tag
	1743	* @return string HTML code for the gui object
	1744	*/
0c2596	1745	public function charset_selector($attrib)
47124c	1746	{
T	1747	// pass the following attributes to the form class
	1748	$field_attrib = array('name' => '_charset');
	1749	foreach ($attrib as $attr => $value) {
e55ab0	1750	if (in_array($attr, array('id', 'name', 'class', 'style', 'size', 'tabindex'))) {
47124c	1751	$field_attrib[$attr] = $value;
T	1752	}
	1753	}
e55ab0	1754
47124c	1755	$charsets = array(
0c2596	1756	'UTF-8' => 'UTF-8 ('.$this->app->gettext('unicode').')',
A	1757	'US-ASCII' => 'ASCII ('.$this->app->gettext('english').')',
	1758	'ISO-8859-1' => 'ISO-8859-1 ('.$this->app->gettext('westerneuropean').')',
	1759	'ISO-8859-2' => 'ISO-8859-2 ('.$this->app->gettext('easterneuropean').')',
	1760	'ISO-8859-4' => 'ISO-8859-4 ('.$this->app->gettext('baltic').')',
	1761	'ISO-8859-5' => 'ISO-8859-5 ('.$this->app->gettext('cyrillic').')',
	1762	'ISO-8859-6' => 'ISO-8859-6 ('.$this->app->gettext('arabic').')',
	1763	'ISO-8859-7' => 'ISO-8859-7 ('.$this->app->gettext('greek').')',
	1764	'ISO-8859-8' => 'ISO-8859-8 ('.$this->app->gettext('hebrew').')',
	1765	'ISO-8859-9' => 'ISO-8859-9 ('.$this->app->gettext('turkish').')',
	1766	'ISO-8859-10' => 'ISO-8859-10 ('.$this->app->gettext('nordic').')',
	1767	'ISO-8859-11' => 'ISO-8859-11 ('.$this->app->gettext('thai').')',
	1768	'ISO-8859-13' => 'ISO-8859-13 ('.$this->app->gettext('baltic').')',
	1769	'ISO-8859-14' => 'ISO-8859-14 ('.$this->app->gettext('celtic').')',
	1770	'ISO-8859-15' => 'ISO-8859-15 ('.$this->app->gettext('westerneuropean').')',
	1771	'ISO-8859-16' => 'ISO-8859-16 ('.$this->app->gettext('southeasterneuropean').')',
	1772	'WINDOWS-1250' => 'Windows-1250 ('.$this->app->gettext('easterneuropean').')',
	1773	'WINDOWS-1251' => 'Windows-1251 ('.$this->app->gettext('cyrillic').')',
	1774	'WINDOWS-1252' => 'Windows-1252 ('.$this->app->gettext('westerneuropean').')',
	1775	'WINDOWS-1253' => 'Windows-1253 ('.$this->app->gettext('greek').')',
	1776	'WINDOWS-1254' => 'Windows-1254 ('.$this->app->gettext('turkish').')',
	1777	'WINDOWS-1255' => 'Windows-1255 ('.$this->app->gettext('hebrew').')',
	1778	'WINDOWS-1256' => 'Windows-1256 ('.$this->app->gettext('arabic').')',
	1779	'WINDOWS-1257' => 'Windows-1257 ('.$this->app->gettext('baltic').')',
	1780	'WINDOWS-1258' => 'Windows-1258 ('.$this->app->gettext('vietnamese').')',
	1781	'ISO-2022-JP' => 'ISO-2022-JP ('.$this->app->gettext('japanese').')',
	1782	'ISO-2022-KR' => 'ISO-2022-KR ('.$this->app->gettext('korean').')',
	1783	'ISO-2022-CN' => 'ISO-2022-CN ('.$this->app->gettext('chinese').')',
	1784	'EUC-JP' => 'EUC-JP ('.$this->app->gettext('japanese').')',
	1785	'EUC-KR' => 'EUC-KR ('.$this->app->gettext('korean').')',
	1786	'EUC-CN' => 'EUC-CN ('.$this->app->gettext('chinese').')',
	1787	'BIG5' => 'BIG5 ('.$this->app->gettext('chinese').')',
	1788	'GB2312' => 'GB2312 ('.$this->app->gettext('chinese').')',
e55ab0	1789	);
47124c	1790
089e53	1791	if (!empty($_POST['_charset'])) {
AM	1792	$set = $_POST['_charset'];
	1793	}
	1794	else if (!empty($attrib['selected'])) {
	1795	$set = $attrib['selected'];
	1796	}
	1797	else {
	1798	$set = $this->get_charset();
	1799	}
47124c	1800
089e53	1801	$set = strtoupper($set);
AM	1802	if (!isset($charsets[$set])) {
	1803	$charsets[$set] = $set;
	1804	}
e55ab0	1805
A	1806	$select = new html_select($field_attrib);
	1807	$select->add(array_values($charsets), array_keys($charsets));
	1808
	1809	return $select->show($set);
47124c	1810	}
T	1811
1a0f60	1812	/**
T	1813	* Include content from config/about.<LANG>.html if available
	1814	*/
0c2596	1815	protected function about_content($attrib)
1a0f60	1816	{
T	1817	$content = '';
	1818	$filenames = array(
	1819	'about.' . $_SESSION['language'] . '.html',
	1820	'about.' . substr($_SESSION['language'], 0, 2) . '.html',
	1821	'about.html',
	1822	);
	1823	foreach ($filenames as $file) {
592668	1824	$fn = RCUBE_CONFIG_DIR . $file;
1a0f60	1825	if (is_readable($fn)) {
T	1826	$content = file_get_contents($fn);
	1827	$content = $this->parse_conditions($content);
	1828	$content = $this->parse_xml($content);
	1829	break;
	1830	}
	1831	}
	1832
	1833	return $content;
	1834	}
	1835
0c2596	1836	}