githubFork/roundcubemail.git

			@@ -76,7 +76,7 @@

			// set page title
			if (empty($_action) \|\| $_action == 'list')
			$OUTPUT->set_pagetitle(rcube_charset_convert($IMAP->get_mailbox_name(), 'UTF-7'));
			$OUTPUT->set_pagetitle(rcmail_localize_foldername($IMAP->get_mailbox_name()));



			@@ -290,6 +290,7 @@
			$OUTPUT->set_env('attachmenticon', $skin_path . $attrib['attachmenticon']);

			$OUTPUT->set_env('messages', $a_js_message_arr);
			$OUTPUT->set_env('coltypes', $a_show_cols);

			$OUTPUT->include_script('list.js');

			@@ -481,6 +482,127 @@
			}


			/* Stolen from Squirrelmail */
			function sq_deent(&$attvalue, $regex, $hex=false)
			{
			$ret_match = false;
			preg_match_all($regex, $attvalue, $matches);
			if (is_array($matches) && sizeof($matches[0]) > 0)
			{
			$repl = Array();
			for ($i = 0; $i < sizeof($matches[0]); $i++)
			{
			$numval = $matches[1][$i];
			if ($hex)
			$numval = hexdec($numval);
			$repl{$matches[0][$i]} = chr($numval);
			}
			$attvalue = strtr($attvalue, $repl);
			return true;
			}
			else
			return false;
			}


			/* Stolen verbatim from Squirrelmail */
			function sq_defang(&$attvalue)
			{
			/* Skip this if there aren't ampersands or backslashes. */
			if ((strpos($attvalue, '&') === false) &&
			(strpos($attvalue, '\\') === false))
			return;
			$m = false;
			do
			{
			$m = false;
			$m = $m \|\| sq_deent($attvalue, '/\&#0(\d+);/s');
			$m = $m \|\| sq_deent($attvalue, '/\&#x0((\d\|[a-f])+);/si', true);
			$m = $m \|\| sq_deent($attvalue, '/\\\\(\d+)/s', true);
			} while ($m == true);
			$attvalue = stripslashes($attvalue);
			}


			function rcmail_html_filter($html)
			{
			preg_match_all('/<\/?\w+((\s+\w+(\s=\s(?:".?"\|\'.?\'\|[^\'">\s]+))?)+\s\|\s)\/?>/', $html, $tags);

			/* From Squirrelmail: Translate all dangerous Unicode or Shift_JIS characters which are accepted by
			* IE as regular characters. */
			$replace = array(array('ʟ', 'ʟ', /* L UNICODE IPA Extension */
			'ʀ', 'ʀ', /* R UNICODE IPA Extension */
			'ɴ', 'ɴ', /* N UNICODE IPA Extension */
			'Ｅ', 'Ｅ', /* Unicode FULLWIDTH LATIN CAPITAL LETTER E */
			'ｅ', 'ｅ', /* Unicode FULLWIDTH LATIN SMALL LETTER E */
			'Ｘ', 'Ｘ', /* Unicode FULLWIDTH LATIN CAPITAL LETTER X */
			'ｘ', 'ｘ', /* Unicode FULLWIDTH LATIN SMALL LETTER X */
			'Ｐ', 'Ｐ', /* Unicode FULLWIDTH LATIN CAPITAL LETTER P */
			'ｐ', 'ｐ', /* Unicode FULLWIDTH LATIN SMALL LETTER P */
			'Ｒ', 'Ｒ', /* Unicode FULLWIDTH LATIN CAPITAL LETTER R */
			'ｒ', 'ｒ', /* Unicode FULLWIDTH LATIN SMALL LETTER R */
			'Ｓ', 'Ｓ', /* Unicode FULLWIDTH LATIN CAPITAL LETTER S */
			'ｓ', 'ｓ', /* Unicode FULLWIDTH LATIN SMALL LETTER S */
			'Ｉ', 'Ｉ', /* Unicode FULLWIDTH LATIN CAPITAL LETTER I */
			'ｉ', 'ｉ', /* Unicode FULLWIDTH LATIN SMALL LETTER I */
			'Ｏ', 'Ｏ', /* Unicode FULLWIDTH LATIN CAPITAL LETTER O */
			'ｏ', 'ｏ', /* Unicode FULLWIDTH LATIN SMALL LETTER O */
			'Ｎ', 'Ｎ', /* Unicode FULLWIDTH LATIN CAPITAL LETTER N */
			'ｎ', 'ｎ', /* Unicode FULLWIDTH LATIN SMALL LETTER N */
			'Ｌ', 'Ｌ', /* Unicode FULLWIDTH LATIN CAPITAL LETTER L */
			'ｌ', 'ｌ', /* Unicode FULLWIDTH LATIN SMALL LETTER L */
			'Ｕ', 'Ｕ', /* Unicode FULLWIDTH LATIN CAPITAL LETTER U */
			'ｕ', 'ｕ', /* Unicode FULLWIDTH LATIN SMALL LETTER U */
			'ⁿ', 'ⁿ' , /* Unicode SUPERSCRIPT LATIN SMALL LETTER N */
			"\xEF\xBC\xA5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */
			/* in unicode this is some Chinese char range */
			"\xEF\xBD\x85", /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */
			"\xEF\xBC\xB8", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */
			"\xEF\xBD\x98", /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */
			"\xEF\xBC\xB0", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */
			"\xEF\xBD\x90", /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */
			"\xEF\xBC\xB2", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */
			"\xEF\xBD\x92", /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */
			"\xEF\xBC\xB3", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */
			"\xEF\xBD\x93", /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */
			"\xEF\xBC\xA9", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */
			"\xEF\xBD\x89", /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */
			"\xEF\xBC\xAF", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */
			"\xEF\xBD\x8F", /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */
			"\xEF\xBC\xAE", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */
			"\xEF\xBD\x8E", /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */
			"\xEF\xBC\xAC", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER L */
			"\xEF\xBD\x8C", /* Shift JIS FULLWIDTH LATIN SMALL LETTER L */
			"\xEF\xBC\xB5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER U */
			"\xEF\xBD\x95", /* Shift JIS FULLWIDTH LATIN SMALL LETTER U */
			"\xE2\x81\xBF", /* Shift JIS FULLWIDTH SUPERSCRIPT N */
			"\xCA\x9F", /* L UNICODE IPA Extension */
			"\xCA\x80", /* R UNICODE IPA Extension */
			"\xC9\xB4"), /* N UNICODE IPA Extension */
			array('l', 'l', 'r', 'r', 'n', 'n', 'E', 'E', 'e', 'e', 'X', 'X', 'x', 'x',
			'P', 'P', 'p', 'p', 'R', 'R', 'r', 'r', 'S', 'S', 's', 's', 'I', 'I',
			'i', 'i', 'O', 'O', 'o', 'o', 'N', 'N', 'n', 'n', 'L', 'L', 'l', 'l',
			'U', 'U', 'u', 'u', 'n', 'n', 'E', 'e', 'X', 'x', 'P', 'p', 'R', 'r',
			'S', 's', 'I', 'i', 'O', 'o', 'N', 'n', 'L', 'l', 'U', 'u', 'n', 'l', 'r', 'n'));
			if ((count($tags)>3) && (count($tags[3])>0))
			foreach ($tags[3] as $nr=>$value)
			{
			/* Remove comments */
			$newvalue = preg_replace('/(\/\.\*\/)/','$2',$value);
			/* Translate dangerous characters */
			$newvalue = str_replace($replace[0], $replace[1], $newvalue);
			sq_defang($newvalue);
			/* Rename dangerous CSS */
			$newvalue = preg_replace('/expression/i', 'idiocy', $newvalue);
			$newvalue = preg_replace('/url/i', 'idiocy', $newvalue);
			$newattrs = preg_replace('/'.preg_quote($value, '/').'$/', $newvalue, $tags[1][$nr]);
			$newtag = preg_replace('/'.preg_quote($tags[1][$nr], '/').'/', $newattrs, $tags[0][$nr]);
			$html = preg_replace('/'.preg_quote($tags[0][$nr], '/').'/', $newtag, $html);
			}
			return $html;
			}


			function rcmail_print_body($part, $safe=FALSE, $plain=FALSE)
			{
			global $IMAP, $REMOTE_OBJECTS;
			@@ -532,7 +654,7 @@
			$body = preg_replace($remote_patterns, $remote_replaces, $body);
			}

			return Q($body, 'show', FALSE);
			return Q(rcmail_html_filter($body), 'show', FALSE);
			}

			// text/enriched
			@@ -573,10 +695,10 @@
			$quotation = '';
			$q = 0;

			if (preg_match('/^(>+\s*)/', $line, $regs))
			if (preg_match('/^(>+\s*)+/', $line, $regs))
			{
			$q = strlen(preg_replace('/\s/', '', $regs[1]));
			$line = substr($line, strlen($regs[1]));
			$q = strlen(preg_replace('/\s/', '', $regs[0]));
			$line = substr($line, strlen($regs[0]));

			if ($q > $quote_level)
			$quotation = str_repeat('<blockquote>', $q - $quote_level);
			@@ -988,7 +1110,7 @@
			while ($body != $prev_body)
			{
			$prev_body = $body;
			$body = preg_replace('/(<[^!][^>]*\s)(on[^=>]+)=([^>]+>)/im', '$1__removed=$3', $body);
			$body = preg_replace('/(<[^!][^>]*\s)on(?:load\|unload\|click\|dblclick\|mousedown\|mouseup\|mouseover\|mousemove\|mouseout\|focus\|blur\|keypress\|keydown\|keyup\|submit\|reset\|select\|change)=([^>]+>)/im', '$1__removed=$2', $body);
			$body = preg_replace('/(<[^!][^>]\shref=["\']?)(javascript:)([^>]?>)/im', '$1null:$3', $body);
			}

			@@ -1313,6 +1435,8 @@
			$sent = mail($headers_enc['To'], $headers_enc['Subject'], $msg_body, $header_str, "-f$from");
			}

			if ($sent) // remove MDN headers after sending
			unset($headers['Return-Receipt-To'], $headers['Disposition-Notification-To']);

			$message->_headers = array();
			$message->headers($headers);