githubFork/roundcubemail.git

			@@ -5,7 +5,7 @@
			\| program/include/rcmail_output_html.php \|
			\| \|
			\| This file is part of the Roundcube Webmail client \|
			\| Copyright (C) 2006-2012, The Roundcube Dev Team \|
			\| Copyright (C) 2006-2014, The Roundcube Dev Team \|
			\| \|
			\| Licensed under the GNU General Public License version 3 or \|
			\| any later version with exceptions for skins & plugins. \|
			@@ -23,28 +23,31 @@
			/**
			* Class to create HTML page output using a skin template
			*
			* @package Core
			* @package Webmail
			* @subpackage View
			*/
			class rcmail_output_html extends rcmail_output
			{
			public $type = 'html';

			protected $message = null;
			protected $js_env = array();
			protected $js_labels = array();
			protected $js_commands = array();
			protected $skin_paths = array();
			protected $message;
			protected $template_name;
			protected $js_env = array();
			protected $js_labels = array();
			protected $js_commands = array();
			protected $skin_paths = array();
			protected $scripts_path = '';
			protected $script_files = array();
			protected $css_files = array();
			protected $scripts = array();
			protected $css_files = array();
			protected $scripts = array();
			protected $default_template = "<html>\n<head><title></title></head>\n<body></body>\n</html>";
			protected $header = '';
			protected $footer = '';
			protected $body = '';
			protected $base_path = '';
			protected $assets_path;
			protected $assets_dir = RCUBE_INSTALL_PATH;
			protected $devel_mode = false;

			// deprecated names of templates used before 0.5
			protected $deprecated_templates = array(
			@@ -57,34 +60,57 @@

			/**
			* Constructor
			*
			* @todo Replace $this->config with the real rcube_config object
			*/
			public function __construct($task = null, $framed = false)
			{
			parent::__construct();

			//$this->framed = $framed;
			$this->devel_mode = $this->config->get('devel_mode');

			$this->set_env('task', $task);
			$this->set_env('x_frame_options', $this->config->get('x_frame_options', 'sameorigin'));
			$this->set_env('standard_windows', (bool) $this->config->get('standard_windows'));
			$this->set_env('locale', $_SESSION['language']);

			// add cookie info
			$this->set_env('cookie_domain', ini_get('session.cookie_domain'));
			$this->set_env('cookie_path', ini_get('session.cookie_path'));
			$this->set_env('cookie_secure', ini_get('session.cookie_secure'));
			$this->set_env('cookie_secure', filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN));

			// load the correct skin (in case user-defined)
			$skin = $this->config->get('skin');
			$this->set_skin($skin);
			$this->set_env('skin', $skin);

			if (!empty($_REQUEST['_extwin']))
			$this->set_env('extwin', 1);
			if ($this->framed \|\| !empty($_REQUEST['_framed']))
			$this->set_env('framed', 1);
			$this->set_assets_path($this->config->get('assets_path'), $this->config->get('assets_dir'));

			if (!empty($_REQUEST['_extwin']))
			$this->set_env('extwin', 1);
			if ($this->framed \|\| $framed)
			$this->set_env('framed', 1);

			$lic = <<<EOF
			/*
			@licstart The following is the entire license notice for the
			JavaScript code in this page.

			Copyright (C) 2005-2014 The Roundcube Dev Team

			The JavaScript code in this page is free software: you can redistribute
			it and/or modify it under the terms of the GNU General Public License
			as published by the Free Software Foundation, either version 3 of
			the License, or (at your option) any later version.

			The code is distributed WITHOUT ANY WARRANTY; without even the implied
			warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
			See the GNU GPL for more details.

			@licend The above is the entire license notice
			for the JavaScript code in this page.
			*/
			EOF;
			// add common javascripts
			$this->add_script($lic, 'head_top');
			$this->add_script('var '.self::JS_OBJECT_NAME.' = new rcube_webmail();', 'head_top');

			// don't wait for page onload. Call init at the bottom of the page (delayed)
			@@ -106,7 +132,6 @@
			));
			}


			/**
			* Set environment variable
			*
			@@ -117,11 +142,60 @@
			public function set_env($name, $value, $addtojs = true)
			{
			$this->env[$name] = $value;

			if ($addtojs \|\| isset($this->js_env[$name])) {
			$this->js_env[$name] = $value;
			}
			}

			/**
			* Parse and set assets path
			*
			* @param string Assets path (relative or absolute URL)
			*/
			public function set_assets_path($path, $fs_dir = null)
			{
			if (empty($path)) {
			return;
			}

			$path = rtrim($path, '/') . '/';

			// handle relative assets path
			if (!preg_match('\|^https?://\|', $path) && $path[0] != '/') {
			// save the path to search for asset files later
			$this->assets_dir = $path;

			$base = preg_replace('/[?#&].*$/', '', $_SERVER['REQUEST_URI']);
			$base = rtrim($base, '/');

			// remove url token if exists
			if ($len = intval($this->config->get('use_secure_urls'))) {
			$_base = explode('/', $base);
			$last = count($_base) - 1;
			$length = $len > 1 ? $len : 16; // as in rcube::get_secure_url_token()

			// we can't use real token here because it
			// does not exists in unauthenticated state,
			// hope this will not produce false-positive matches
			if ($last > -1 && preg_match('/^[a-f0-9]{' . $length . '}$/', $_base[$last])) {
			$path = '../' . $path;
			}
			}
			}

			// set filesystem path for assets
			if ($fs_dir) {
			if ($fs_dir[0] != '/') {
			$fs_dir = realpath(RCUBE_INSTALL_PATH . $fs_dir);
			}
			// ensure the path ends with a slash
			$this->assets_dir = rtrim($fs_dir, '/') . '/';
			}

			$this->assets_path = $path;
			$this->set_env('assets_path', $path);
			}

			/**
			* Getter for the current page title
			@@ -146,17 +220,17 @@
			return $title;
			}


			/**
			* Set skin
			*/
			public function set_skin($skin)
			{
			$valid = false;
			$path = RCUBE_INSTALL_PATH . 'skins/';

			if (!empty($skin) && is_dir('skins/'.$skin) && is_readable('skins/'.$skin)) {
			$skin_path = 'skins/'.$skin;
			$valid = true;
			if (!empty($skin) && is_dir($path . $skin) && is_readable($path . $skin)) {
			$skin_path = 'skins/' . $skin;
			$valid = true;
			}
			else {
			$skin_path = $this->config->get('skin_path');
			@@ -165,6 +239,8 @@
			}
			$valid = !$skin;
			}

			$skin_path = rtrim($skin_path, '/');

			$this->config->set('skin_path', $skin_path);
			$this->base_path = $skin_path;
			@@ -184,12 +260,23 @@
			$this->skin_paths[] = $skin_path;

			// read meta file and check for dependecies
			$meta = @json_decode(@file_get_contents($skin_path.'/meta.json'), true);
			if ($meta['extends'] && is_dir('skins/' . $meta['extends'])) {
			$this->load_skin('skins/' . $meta['extends']);
			$meta = @file_get_contents(RCUBE_INSTALL_PATH . $skin_path . '/meta.json');
			$meta = @json_decode($meta, true);

			$meta['path'] = $skin_path;
			$skin_id = end(explode('/', $skin_path));
			if (!$meta['name']) {
			$meta['name'] = $skin_id;
			}
			$this->skins[$skin_id] = $meta;

			if ($meta['extends']) {
			$path = RCUBE_INSTALL_PATH . 'skins/';
			if (is_dir($path . $meta['extends']) && is_readable($path . $meta['extends'])) {
			$this->load_skin('skins/' . $meta['extends']);
			}
			}
			}


			/**
			* Check if a specific template exists
			@@ -199,16 +286,17 @@
			*/
			public function template_exists($name)
			{
			$found = false;
			foreach ($this->skin_paths as $skin_path) {
			$filename = $skin_path . '/templates/' . $name . '.html';
			$found = (is_file($filename) && is_readable($filename)) \|\| ($this->deprecated_templates[$name] && $this->template_exists($this->deprecated_templates[$name]));
			if ($found)
			break;
			$filename = RCUBE_INSTALL_PATH . $skin_path . '/templates/' . $name . '.html';
			if ((is_file($filename) && is_readable($filename))
			\|\| ($this->deprecated_templates[$name] && $this->template_exists($this->deprecated_templates[$name]))
			) {
			return true;
			}
			}
			return $found;
			}

			return false;
			}

			/**
			* Find the given file in the current skin path stack
			@@ -216,24 +304,34 @@
			* @param string File name/path to resolve (starting with /)
			* @param string Reference to the base path of the matching skin
			* @param string Additional path to search in
			*
			* @return mixed Relative path to the requested file or False if not found
			*/
			public function get_skin_file($file, &$skin_path = null, $add_path = null)
			{
			$skin_paths = $this->skin_paths;
			if ($add_path)
			if ($add_path) {
			array_unshift($skin_paths, $add_path);
			}

			foreach ($skin_paths as $skin_path) {
			$path = realpath($skin_path . $file);
			if (is_file($path)) {
			$path = realpath(RCUBE_INSTALL_PATH . $skin_path . $file);

			if ($path && is_file($path)) {
			return $skin_path . $file;
			}

			if ($this->assets_dir != RCUBE_INSTALL_PATH) {
			$path = realpath($this->assets_dir . $skin_path . $file);

			if ($path && is_file($path)) {
			return $skin_path . $file;
			}
			}
			}

			return false;
			}


			/**
			* Register a GUI object to the client script
			@@ -247,7 +345,6 @@
			$this->add_script(self::JS_OBJECT_NAME.".gui_object('$obj', '$id');");
			}


			/**
			* Call a client method
			*
			@@ -258,11 +355,10 @@
			{
			$cmd = func_get_args();
			if (strpos($cmd[0], 'plugin.') !== false)
			$this->js_commands[] = array('triggerEvent', $cmd[0], $cmd[1]);
			$this->js_commands[] = array('triggerEvent', $cmd[0], $cmd[1]);
			else
			$this->js_commands[] = $cmd;
			$this->js_commands[] = $cmd;
			}


			/**
			* Add a localized label to the client environment
			@@ -271,13 +367,12 @@
			{
			$args = func_get_args();
			if (count($args) == 1 && is_array($args[0]))
			$args = $args[0];
			$args = $args[0];

			foreach ($args as $name) {
			$this->js_labels[$name] = $this->app->gettext($name);
			}
			}


			/**
			* Invoke display_message command
			@@ -305,7 +400,6 @@
			}
			}


			/**
			* Delete all stored env variables and commands
			*
			@@ -313,12 +407,14 @@
			*/
			public function reset($all = false)
			{
			$env = $all ? null : array_intersect_key($this->env, array('extwin'=>1, 'framed'=>1));
			$framed = $this->framed;
			$env = $all ? null : array_intersect_key($this->env, array('extwin'=>1, 'framed'=>1));

			parent::reset();

			// let some env variables survive
			$this->env = $this->js_env = $env;
			$this->env = $this->js_env = $env;
			$this->framed = $framed \|\| $this->env['framed'];
			$this->js_labels = array();
			$this->js_commands = array();
			$this->script_files = array();
			@@ -326,24 +422,28 @@
			$this->header = '';
			$this->footer = '';
			$this->body = '';
			}

			// load defaults
			if (!$all) {
			$this->__construct();
			}
			}

			/**
			* Redirect to a certain url
			*
			* @param mixed $p Either a string with the action or url parameters as key-value pairs
			* @param int $delay Delay in seconds
			* @param mixed $p Either a string with the action or url parameters as key-value pairs
			* @param int $delay Delay in seconds
			* @param bool $secure Redirect to secure location (see rcmail::url())
			*/
			public function redirect($p = array(), $delay = 1)
			public function redirect($p = array(), $delay = 1, $secure = false)
			{
			if ($this->env['extwin'])
			$p['extwin'] = 1;
			$location = $this->app->url($p);
			$location = $this->app->url($p, false, false, $secure);
			header('Location: ' . $location);
			exit;
			}


			/**
			* Send the request output to the client.
			@@ -378,7 +478,6 @@
			}
			}


			/**
			* Process template and write to stdOut
			*
			@@ -386,34 +485,33 @@
			*/
			public function write($template = '')
			{
			// unlock interface after iframe load
			$unlock = preg_replace('/[^a-z0-9]/i', '', $_REQUEST['_unlock']);
			if ($this->framed) {
			array_unshift($this->js_commands, array('iframe_loaded', $unlock));
			}
			else if ($unlock) {
			array_unshift($this->js_commands, array('hide_message', $unlock));
			if (!empty($this->script_files)) {
			$this->set_env('request_token', $this->app->get_request_token());
			}

			if (!empty($this->script_files))
			$this->set_env('request_token', $this->app->get_request_token());
			$commands = $this->get_js_commands($framed);

			// write all env variables to client
			if ($commands = $this->get_js_commands()) {
			$js = $this->framed ? "if (window.parent) {\n" : '';
			$js .= $commands . ($this->framed ? ' }' : '');
			$this->add_script($js, 'head_top');
			// if all js commands go to parent window we can ignore all
			// script files and skip rcube_webmail initialization (#1489792)
			if ($framed) {
			$this->scripts = array();
			$this->script_files = array();
			$this->header = '';
			$this->footer = '';
			}

			// write all javascript commands
			$this->add_script($commands, 'head_top');

			// send clickjacking protection headers
			$iframe = $this->framed \|\| !empty($_REQUEST['_framed']);
			if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin')))
			$iframe = $this->framed \|\| $this->env['framed'];
			if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin'))) {
			header('X-Frame-Options: ' . ($iframe && $xframe == 'deny' ? 'sameorigin' : $xframe));
			}

			// call super method
			$this->_write($template, $this->config->get('skin_path'));
			}


			/**
			* Parse a specific skin template and deliver to stdout (or return)
			@@ -426,18 +524,19 @@
			*/
			function parse($name = 'main', $exit = true, $write = true)
			{
			$plugin = false;
			$realname = $name;
			$plugin = false;
			$realname = $name;
			$plugin_skin_paths = array();

			$this->template_name = $realname;

			$temp = explode('.', $name, 2);
			if (count($temp) > 1) {
			$plugin = $temp[0];
			$name = $temp[1];
			$skin_dir = $plugin . '/skins/' . $this->config->get('skin');
			$plugin = $temp[0];
			$name = $temp[1];
			$skin_dir = $plugin . '/skins/' . $this->config->get('skin');

			// apply skin search escalation list to plugin directory
			$plugin_skin_paths = array();
			foreach ($this->skin_paths as $skin_path) {
			$plugin_skin_paths[] = $this->app->plugins->url . $plugin . '/' . $skin_path;
			}
			@@ -448,18 +547,18 @@
			$plugin_skin_paths[] = $this->app->plugins->url . $skin_dir;
			}

			// add plugin skin paths to search list
			// prepend plugin skin paths to search list
			$this->skin_paths = array_merge($plugin_skin_paths, $this->skin_paths);
			}

			// find skin template
			$path = false;
			foreach ($this->skin_paths as $skin_path) {
			$path = "$skin_path/templates/$name.html";
			$path = RCUBE_INSTALL_PATH . "$skin_path/templates/$name.html";

			// fallback to deprecated template names
			if (!is_readable($path) && $this->deprecated_templates[$realname]) {
			$path = "$skin_path/templates/" . $this->deprecated_templates[$realname] . ".html";
			$path = RCUBE_INSTALL_PATH . "$skin_path/templates/" . $this->deprecated_templates[$realname] . ".html";

			if (is_readable($path)) {
			rcube::raise_error(array(
			@@ -485,12 +584,14 @@
			// read template file
			if (!$path \|\| ($templ = @file_get_contents($path)) === false) {
			rcube::raise_error(array(
			'code' => 501,
			'code' => 404,
			'type' => 'php',
			'line' => __LINE__,
			'file' => __FILE__,
			'message' => 'Error loading template for '.$realname
			), true, $write);

			$this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));
			return false;
			}

			@@ -515,62 +616,83 @@
			$output = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $output);
			$this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer);

			if ($write) {
			// add debug console
			if ($realname != 'error' && ($this->config->get('debug_level') & 8)) {
			$this->add_footer('<div id="console" style="position:absolute;top:5px;left:5px;width:405px;padding:2px;background:white;z-index:9000;display:none">
			<a href="#toggle" onclick="con=$(\'#dbgconsole\');con[con.is(\':visible\')?\'hide\':\'show\']();return false">console</a>
			<textarea name="console" id="dbgconsole" rows="20" cols="40" style="display:none;width:400px;border:none;font-size:10px" spellcheck="false"></textarea></div>'
			);
			$this->add_script(
			"if (!window.console \|\| !window.console.log) {\n".
			" window.console = new rcube_console();\n".
			" $('#console').show();\n".
			"}", 'foot');
			}
			$this->write(trim($output));
			}
			else {
			// remove plugin skin paths from current context
			$this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));

			if (!$write) {
			return $output;
			}

			$this->write(trim($output));

			if ($exit) {
			exit;
			}
			}


			/**
			* Return executable javascript code for all registered commands
			*
			* @return string $out
			*/
			protected function get_js_commands()
			protected function get_js_commands(&$framed = null)
			{
			$out = '';
			$out = '';
			$parent_commands = 0;
			$top_commands = array();

			// these should be always on top,
			// e.g. hide_message() below depends on env.framed
			if (!$this->framed && !empty($this->js_env)) {
			$out .= self::JS_OBJECT_NAME . '.set_env('.self::json_serialize($this->js_env).");\n";
			$top_commands[] = array('set_env', $this->js_env);
			}
			if (!empty($this->js_labels)) {
			$this->command('add_label', $this->js_labels);
			$top_commands[] = array('add_label', $this->js_labels);
			}
			foreach ($this->js_commands as $i => $args) {

			// unlock interface after iframe load
			$unlock = preg_replace('/[^a-z0-9]/i', '', $_REQUEST['_unlock']);
			if ($this->framed) {
			$top_commands[] = array('iframe_loaded', $unlock);
			}
			else if ($unlock) {
			$top_commands[] = array('hide_message', $unlock);
			}

			$commands = array_merge($top_commands, $this->js_commands);

			foreach ($commands as $i => $args) {
			$method = array_shift($args);
			$parent = $this->framed \|\| preg_match('/^parent\./', $method);

			foreach ($args as $i => $arg) {
			$args[$i] = self::json_serialize($arg);
			}
			$parent = $this->framed \|\| preg_match('/^parent\./', $method);
			$out .= sprintf(
			"%s.%s(%s);\n",
			($parent ? 'if(window.parent && parent.'.self::JS_OBJECT_NAME.') parent.' : '') . self::JS_OBJECT_NAME,
			preg_replace('/^parent\./', '', $method),
			implode(',', $args)
			);

			if ($parent) {
			$parent_commands++;
			$method = preg_replace('/^parent\./', '', $method);
			$parent_prefix = 'if (window.parent && parent.' . self::JS_OBJECT_NAME . ') parent.';
			$method = $parent_prefix . self::JS_OBJECT_NAME . '.' . $method;
			}
			else {
			$method = self::JS_OBJECT_NAME . '.' . $method;
			}

			$out .= sprintf("%s(%s);\n", $method, implode(',', $args));
			}

			$framed = $parent_prefix && $parent_commands == count($commands);

			// make the output more compact if all commands go to parent window
			if ($framed) {
			$out = "if (window.parent && parent." . self::JS_OBJECT_NAME . ") {\n"
			. str_replace($parent_prefix, "\tparent.", $out)
			. "}\n";
			}

			return $out;
			}


			/**
			* Make URLs starting with a slash point to skin directory
			@@ -582,15 +704,15 @@
			public function abs_url($str, $search_path = false)
			{
			if ($str[0] == '/') {
			if ($search_path && ($file_url = $this->get_skin_file($str, $skin_path)))
			if ($search_path && ($file_url = $this->get_skin_file($str, $skin_path))) {
			return $file_url;
			}

			return $this->base_path . $str;
			}
			else
			return $str;
			}

			return $str;
			}

			/**
			* Show error page and terminate script execution
			@@ -607,6 +729,21 @@

			include RCUBE_INSTALL_PATH . 'program/steps/utils/error.inc';
			exit;
			}

			/**
			* Modify path by adding URL prefix if configured
			*/
			public function asset_url($path)
			{
			// iframe content can't be in a different domain
			// @TODO: check if assests are on a different domain

			if (!$this->assets_path \|\| in_array($path[0], array('?', '/', '.')) \|\| strpos($path, '://')) {
			return $path;
			}

			return $this->assets_path . $path;
			}


			@@ -626,7 +763,6 @@
			array($this, 'globals_callback'), $input);
			}


			/**
			* Callback funtion for preg_replace_callback() in parse_with_globals()
			*/
			@@ -634,7 +770,6 @@
			{
			return $GLOBALS[$matches[1]];
			}


			/**
			* Correct absolute paths in images and other tags
			@@ -647,9 +782,8 @@
			array($this, 'file_callback'), $output);
			}


			/**
			* Callback function for preg_replace_callback in write()
			* Callback function for preg_replace_callback in fix_paths()
			*
			* @return string Parsed string
			*/
			@@ -664,15 +798,57 @@
			}

			// add file modification timestamp
			if (preg_match('/\.(js\|css)$/', $file)) {
			if ($fs = @filemtime($file)) {
			$file .= '?s=' . $fs;
			}
			if (preg_match('/\.(js\|css)$/', $file, $m)) {
			$file = $this->file_mod($file);
			}

			return $matches[1] . '=' . $matches[2] . $file . $matches[4];
			}

			/**
			* Correct paths of asset files according to assets_path
			*/
			protected function fix_assets_paths($output)
			{
			return preg_replace_callback(
			'!(src\|href\|background)=(["\']?)([a-z0-9/_.?=-]+)(["\'\s>])!i',
			array($this, 'assets_callback'), $output);
			}

			/**
			* Callback function for preg_replace_callback in fix_assets_paths()
			*
			* @return string Parsed string
			*/
			protected function assets_callback($matches)
			{
			$file = $this->asset_url($matches[3]);

			return $matches[1] . '=' . $matches[2] . $file . $matches[4];
			}

			/**
			* Modify file by adding mtime indicator
			*/
			protected function file_mod($file)
			{
			$fs = false;
			$ext = substr($file, strrpos($file, '.') + 1);

			// use minified file if exists (not in development mode)
			if (!$this->devel_mode && !preg_match('/\.min\.' . $ext . '$/', $file)) {
			$minified_file = substr($file, 0, strlen($ext) * -1) . 'min.' . $ext;
			if ($fs = @filemtime($this->assets_dir . $minified_file)) {
			return $minified_file . '?s=' . $fs;
			}
			}

			if ($fs = @filemtime($this->assets_dir . $file)) {
			$file .= '?s=' . $fs;
			}

			return $file;
			}

			/**
			* Public wrapper to dipp into template parsing.
			@@ -689,7 +865,6 @@

			return $input;
			}


			/**
			* Parse for conditional tags
			@@ -728,7 +903,6 @@
			return $input;
			}


			/**
			* Determines if a given condition is met
			*
			@@ -740,7 +914,6 @@
			{
			return $this->eval_expression($condition);
			}


			/**
			* Inserts hidden field with CSRF-prevention-token into POST forms
			@@ -757,7 +930,6 @@

			return $out;
			}


			/**
			* Parse & evaluate a given expression and return its result.
			@@ -805,7 +977,6 @@
			return $fn($this->app, $this->browser, $this->env);
			}


			/**
			* Search for special tags in input and replace them
			* with the appropriate content
			@@ -819,7 +990,6 @@
			{
			return preg_replace_callback('/<roundcube:([-_a-z]+)\s+((?:[^>]\|\\\\>)+)(?<!\\\\)>/Ui', array($this, 'xml_command'), $input);
			}


			/**
			* Callback function for parsing an xml command tag
			@@ -836,6 +1006,14 @@
			// empty output if required condition is not met
			if (!empty($attrib['condition']) && !$this->check_condition($attrib['condition'])) {
			return '';
			}

			// localize title and summary attributes
			if ($command != 'button' && !empty($attrib['title']) && $this->app->text_exists($attrib['title'])) {
			$attrib['title'] = $this->app->gettext($attrib['title']);
			}
			if ($command != 'button' && !empty($attrib['summary']) && $this->app->text_exists($attrib['summary'])) {
			$attrib['summary'] = $this->app->gettext($attrib['summary']);
			}

			// execute command
			@@ -858,16 +1036,16 @@
			$attrib['name'] = $this->eval_expression($attrib['expression']);

			if ($attrib['name'] \|\| $attrib['command']) {
			// @FIXME: 'noshow' is useless, remove?
			if ($attrib['noshow']) {
			return '';
			}

			$vars = $attrib + array('product' => $this->config->get('product_name'));
			unset($vars['name'], $vars['command']);

			$label = $this->app->gettext($attrib + array('vars' => $vars));
			$quoting = !empty($attrib['quoting']) ? strtolower($attrib['quoting']) : (rcube_utils::get_boolean((string)$attrib['html']) ? 'no' : '');

			// 'noshow' can be used in skins to define new labels
			if ($attrib['noshow']) {
			return '';
			}

			switch ($quoting) {
			case 'no':
			@@ -892,7 +1070,7 @@
			if (!empty($attrib['skin_path'])) $attrib['skinpath'] = $attrib['skin_path'];
			if ($path = $this->get_skin_file($attrib['file'], $skin_path, $attrib['skinpath'])) {
			$this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path); // set base_path to core skin directory (not plugin's skin)
			$path = realpath($path);
			$path = realpath(RCUBE_INSTALL_PATH . $path);
			}

			if (is_readable($path)) {
			@@ -944,8 +1122,21 @@
			}
			else if ($object == 'logo') {
			$attrib += array('alt' => $this->xml_command(array('', 'object', 'name="productname"')));
			if ($logo = $this->config->get('skin_logo'))
			$attrib['src'] = $logo;

			if ($logo = $this->config->get('skin_logo')) {
			if (is_array($logo)) {
			if ($template_logo = $logo[$this->template_name]) {
			$attrib['src'] = $template_logo;
			}
			elseif ($template_logo = $logo['*']) {
			$attrib['src'] = $template_logo;
			}
			}
			else {
			$attrib['src'] = $logo;
			}
			}

			$content = html::img($attrib);
			}
			else if ($object == 'productname') {
			@@ -971,7 +1162,7 @@
			$content = html::quote($this->get_pagetitle());
			}
			else if ($object == 'pagetitle') {
			if ($this->config->get('devel_mode') && !empty($_SESSION['username']))
			if ($this->devel_mode && !empty($_SESSION['username']))
			$title = $_SESSION['username'].' :: ';
			else if ($prod_name = $this->config->get('product_name'))
			$title = $prod_name . ' :: ';
			@@ -1024,11 +1215,12 @@
			}

			return html::quote($value);
			break;

			case 'form':
			return $this->form_tag($attrib);
			}
			return '';
			}


			/**
			* Include a specific file and return it's contents
			@@ -1046,7 +1238,6 @@
			return $out;
			}


			/**
			* Create and register a button
			*
			@@ -1057,18 +1248,24 @@
			*/
			public function button($attrib)
			{
			static $s_button_count = 100;
			static $s_button_count = 100;
			static $disabled_actions = null;

			// these commands can be called directly via url
			$a_static_commands = array('compose', 'list', 'preferences', 'folders', 'identities');

			if (!($attrib['command'] \|\| $attrib['name'])) {
			if (!($attrib['command'] \|\| $attrib['name'] \|\| $attrib['href'])) {
			return '';
			}


			// try to find out the button type
			if ($attrib['type']) {
			$attrib['type'] = strtolower($attrib['type']);
			if ($pos = strpos($attrib['type'], '-menuitem')) {
			$attrib['type'] = substr($attrib['type'], 0, -9);
			$menuitem = true;
			}
			}
			else {
			$attrib['type'] = ($attrib['image'] \|\| $attrib['imagepas'] \|\| $attrib['imageact']) ? 'image' : 'link';
			@@ -1076,8 +1273,21 @@

			$command = $attrib['command'];

			if ($attrib['task'])
			$command = $attrib['task'] . '.' . $command;
			if ($attrib['task']) {
			$element = $command = $attrib['task'] . '.' . $command;
			}
			else {
			$element = ($this->env['task'] ? $this->env['task'] . '.' : '') . $command;
			}

			if ($disabled_actions === null) {
			$disabled_actions = (array) $this->config->get('disabled_actions');
			}

			// remove buttons for disabled actions
			if (in_array($element, $disabled_actions)) {
			return '';
			}

			if (!$attrib['image']) {
			$attrib['image'] = $attrib['imagepas'] ? $attrib['imagepas'] : $attrib['imageact'];
			@@ -1095,6 +1305,17 @@
			}
			if ($attrib['alt']) {
			$attrib['alt'] = html::quote($this->app->gettext($attrib['alt'], $attrib['domain']));
			}

			// set accessibility attributes
			if (!$attrib['role']) {
			$attrib['role'] = 'button';
			}
			if (!empty($attrib['class']) && !empty($attrib['classact']) \|\| !empty($attrib['imagepas']) && !empty($attrib['imageact'])) {
			if (array_key_exists('tabindex', $attrib))
			$attrib['data-tabindex'] = $attrib['tabindex'];
			$attrib['tabindex'] = '-1'; // disable button by default
			$attrib['aria-disabled'] = 'true';
			}

			// set title to alt attribute for IE browsers
			@@ -1172,7 +1393,7 @@
			}
			else if ($attrib['type'] == 'link') {
			$btn_content = isset($attrib['content']) ? $attrib['content'] : ($attrib['label'] ? $attrib['label'] : $attrib['command']);
			$link_attrib = array('href', 'onclick', 'title', 'id', 'class', 'style', 'tabindex', 'target');
			$link_attrib = array_merge(html::$common_attrib, array('href', 'onclick', 'tabindex', 'target'));
			if ($attrib['innerclass'])
			$btn_content = html::span($attrib['innerclass'], $btn_content);
			}
			@@ -1199,9 +1420,13 @@
			$out = html::tag($attrib['wrapper'], null, $out);
			}

			if ($menuitem) {
			$class = $attrib['menuitem-class'] ? ' class="' . $attrib['menuitem-class'] . '"' : '';
			$out = '<li role="menuitem"' . $class . '>' . $out . '</li>';
			}

			return $out;
			}


			/**
			* Link an external script file
			@@ -1211,28 +1436,18 @@
			*/
			public function include_script($file, $position='head')
			{
			static $sa_files = array();

			if (!preg_match('\|^https?://\|i', $file) && $file[0] != '/') {
			$file = $this->scripts_path . $file;
			if ($fs = @filemtime($file)) {
			$file .= '?s=' . $fs;
			}
			$file = $this->file_mod($this->scripts_path . $file);
			}

			if (in_array($file, $sa_files)) {
			return;
			}

			$sa_files[] = $file;

			if (!is_array($this->script_files[$position])) {
			$this->script_files[$position] = array();
			}

			$this->script_files[$position][] = $file;
			if (!in_array($file, $this->script_files[$position])) {
			$this->script_files[$position][] = $file;
			}
			}


			/**
			* Add inline javascript code
			@@ -1250,7 +1465,6 @@
			}
			}


			/**
			* Link an external css file
			*
			@@ -1261,7 +1475,6 @@
			$this->css_files[] = $file;
			}


			/**
			* Add HTML code to the page header
			*
			@@ -1271,7 +1484,6 @@
			{
			$this->header .= "\n" . $str;
			}


			/**
			* Add HTML code to the page footer
			@@ -1284,7 +1496,6 @@
			$this->footer .= "\n" . $str;
			}


			/**
			* Process template and write to stdOut
			*
			@@ -1293,11 +1504,25 @@
			*/
			public function _write($templ = '', $base_path = '')
			{
			$output = empty($templ) ? $this->default_template : trim($templ);
			$output = trim($templ);

			if (empty($output)) {
			$output = html::doctype('html5') . "\n" . $this->default_template;
			$is_empty = true;
			}

			// set default page title
			if (empty($this->pagetitle)) {
			$this->pagetitle = 'Roundcube Mail';
			}

			// declare page language
			if (!empty($_SESSION['language'])) {
			$lang = substr($_SESSION['language'], 0, 2);
			$output = preg_replace('/<html/', '<html lang="' . html::quote($lang) . '"', $output, 1);
			if (!headers_sent()) {
			header('Content-Language: ' . $lang);
			}
			}

			// replace specialchars in content
			@@ -1384,8 +1609,8 @@
			}

			// add css files in head, before scripts, for speed up with parallel downloads
			if (!empty($this->css_files) &&
			(($pos = stripos($output, '<script ')) \|\| ($pos = stripos($output, '</head>')))
			if (!empty($this->css_files) && !$is_empty
			&& (($pos = stripos($output, '<script ')) \|\| ($pos = stripos($output, '</head>')))
			) {
			$css = '';
			foreach ($this->css_files as $file) {
			@@ -1396,6 +1621,10 @@
			}

			$output = $this->parse_with_globals($this->fix_paths($output));

			if ($this->assets_path) {
			$output = $this->fix_assets_paths($output);
			}

			// trigger hook with final HTML content to be sent
			$hook = $this->app->plugins->exec_hook("send_page", array('content' => $output));
			@@ -1408,7 +1637,6 @@
			}
			}
			}


			/**
			* Returns iframe object, registers some related env variables
			@@ -1426,12 +1654,12 @@
			}

			$attrib['name'] = $attrib['id'];
			$attrib['src'] = $attrib['src'] ? $this->abs_url($attrib['src'], true) : 'program/resources/blank.gif';
			$attrib['src'] = $attrib['src'] ? $this->abs_url($attrib['src'], true) : 'program/resources/blank.gif';

			// register as 'contentframe' object
			if ($is_contentframe \|\| $attrib['contentframe']) {
			$this->set_env('contentframe', $attrib['contentframe'] ? $attrib['contentframe'] : $attrib['name']);
			$this->set_env('blankpage', $attrib['src']);
			$this->set_env('blankpage', $this->asset_url($attrib['src']));
			}

			return html::iframe($attrib);
			@@ -1439,7 +1667,6 @@


			/* *********** common functions delivering gui objects ************ */


			/**
			* Create a form tag with the necessary hidden fields
			@@ -1449,7 +1676,7 @@
			*/
			public function form_tag($attrib, $content = null)
			{
			if ($this->framed \|\| !empty($_REQUEST['_framed'])) {
			if ($this->framed \|\| $this->env['framed']) {
			$hiddenfield = new html_hiddenfield(array('name' => '_framed', 'value' => '1'));
			$hidden = $hiddenfield->show();
			}
			@@ -1462,11 +1689,10 @@
			$attrib['noclose'] = true;

			return html::tag('form',
			$attrib + array('action' => "./", 'method' => "get"),
			$attrib + array('action' => $this->app->comm_path, 'method' => "get"),
			$hidden . $content,
			array('id','class','style','name','method','action','enctype','onsubmit'));
			}


			/**
			* Build a form tag with a unique request token
			@@ -1490,14 +1716,13 @@

			// we already have a <form> tag
			if ($attrib['form']) {
			if ($this->framed \|\| !empty($_REQUEST['_framed']))
			if ($this->framed \|\| $this->env['framed'])
			$hidden->add(array('name' => '_framed', 'value' => '1'));
			return $hidden->show() . $content;
			}
			else
			return $this->form_tag($attrib, $hidden->show() . $content);
			}


			/**
			* GUI object 'username'
			@@ -1530,7 +1755,6 @@
			return rcube_utils::idn_to_utf8($username);
			}


			/**
			* GUI object 'loginform'
			* Returns code for the webmail login form
			@@ -1562,9 +1786,9 @@
			$input_action = new html_hiddenfield(array('name' => '_action', 'value' => 'login'));
			$input_tzone = new html_hiddenfield(array('name' => '_timezone', 'id' => 'rcmlogintz', 'value' => '_default_'));
			$input_url = new html_hiddenfield(array('name' => '_url', 'id' => 'rcmloginurl', 'value' => $url));
			$input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser')
			$input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser', 'required' => 'required')
			+ $attrib + $user_attrib);
			$input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd')
			$input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'required' => 'required')
			+ $attrib + $pass_attrib);
			$input_host = null;

			@@ -1619,6 +1843,12 @@
			$out .= $input_host->show();
			}

			if (rcube_utils::get_boolean($attrib['submit'])) {
			$submit = new html_inputfield(array('type' => 'submit', 'id' => 'rcmloginsubmit',
			'class' => 'button mainaction', 'value' => $this->app->gettext('login')));
			$out .= html::p('formbuttons', $submit->show());
			}

			// surround html output with a form tag
			if (empty($attrib['form'])) {
			$out = $this->form_tag(array('name' => $form_name, 'method' => 'post'), $out);
			@@ -1629,7 +1859,6 @@

			return $out;
			}


			/**
			* GUI object 'preloader'
			@@ -1642,9 +1871,11 @@
			{
			$images = preg_split('/[\s\t\n,]+/', $attrib['images'], -1, PREG_SPLIT_NO_EMPTY);
			$images = array_map(array($this, 'abs_url'), $images);
			$images = array_map(array($this, 'asset_url'), $images);

			if (empty($images) \|\| $this->app->task == 'logout')
			if (empty($images) \|\| $_REQUEST['_task'] == 'logout') {
			return;
			}

			$this->add_script('var images = ' . self::json_serialize($images) .';
			for (var i=0; i<images.length; i++) {
			@@ -1652,7 +1883,6 @@
			img.src = images[i];
			}', 'docready');
			}


			/**
			* GUI object 'searchform'
			@@ -1683,15 +1913,14 @@
			// add form tag around text field
			if (empty($attrib['form'])) {
			$out = $this->form_tag(array(
			'name' => "rcmqsearchform",
			'name' => "rcmqsearchform",
			'onsubmit' => self::JS_OBJECT_NAME . ".command('search'); return false",
			'style' => "display:inline"),
			'style' => "display:inline"),
			$out);
			}

			return $out;
			}


			/**
			* Builder for GUI object 'message'
			@@ -1709,7 +1938,6 @@

			return html::div($attrib, '');
			}


			/**
			* GUI object 'charsetselector'