githubFork/roundcubemail.git

			@@ -214,7 +214,7 @@
			else if ($folder['id']==$CONFIG['junk_mbox'])
			$class_name = 'junk';

			$js_name = rep_specialchars_output($folder['id'], 'js');
			$js_name = htmlspecialchars(rep_specialchars_output($folder['id'], 'js'));
			$out .= sprintf('<li id="rcmbx%s" class="mailbox %s %s%s%s"><a href="%s&_mbox=%s"'.
			' onclick="return %s.command(\'list\',\'%s\')"'.
			' onmouseover="return %s.focus_mailbox(\'%s\')"' .
			@@ -271,7 +271,7 @@
			}

			$out .= sprintf('<option value="%s">%s%s</option>'."\n",
			$folder['id'],
			htmlspecialchars($folder['id']),
			str_repeat(' ', $nestLevel*4),
			rep_specialchars_output($foldername, 'html', 'all'));

			@@ -611,7 +611,7 @@

			function rcmail_quota_display($attrib)
			{
			global $IMAP, $OUTPUT, $JS_OBJECT_NAME;
			global $IMAP, $OUTPUT, $JS_OBJECT_NAME, $COMM_PATH;

			if (!$attrib['id'])
			$attrib['id'] = 'rcmquotadisplay';
			@@ -620,11 +620,28 @@

			// allow the following attributes to be added to the <span> tag
			$attrib_str = create_attrib_string($attrib, array('style', 'class', 'id'));


			if (!$IMAP->get_capability('QUOTA'))
			$quota_text = rcube_label('unknown');
			else if (!($quota_text = $IMAP->get_quota()))
			else if ($quota = $IMAP->get_quota())
			{
			$quota_text = sprintf("%s / %s (%.0f%%)",
			show_bytes($quota["used"] * 1024),
			show_bytes($quota["total"] * 1024),
			$quota["percent"]);

			// show quota as image (by Brett Patterson)
			if ($attrib['display'] == 'image' && function_exists('imagegif'))
			{
			$quota_text = sprintf('<img src="%s&_action=quotaimg&u=%s&q=%d" alt="%s" width="102" height="15" />',
			$COMM_PATH,
			$quota['used'], $quota['total'],
			$quota_text);
			}
			}
			else
			$quota_text = rcube_label('unlimited');


			$out = '<span' . $attrib_str . '>';
			$out .= $quota_text;
			@@ -671,20 +688,23 @@
			// text/html
			if ($part->ctype_secondary=='html')
			{
			// remove charset specification in HTML message
			$body = preg_replace('/charset=[a-z0-9\-]+/i', '', $body);

			if (!$safe) // remove remote images and scripts
			{
			$remote_patterns = array('/(src\|background)=(["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)(\2\|\s\|>)/Ui',
			// '/(src\|background)=(["\']?)([\.\/]+[^"\'\s]+)(\2\|\s\|>)/Ui',
			$remote_patterns = array('/<img\s+(.*)src=(["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)(\2\|\s\|>)/Ui',
			'/(src\|background)=(["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)(\2\|\s\|>)/Ui',
			'/(<base.href=["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)([^<]>)/i',
			'/(<link.href=["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)([^<]>)/i',
			'/url\s*$["\']?([hftps]{3,5}:\/{2}[^"\'\s]+)["\']?$/i',
			'/url\s*$["\']?([\.\/]+[^"\'\s]+)["\']?$/i',
			'/<script.+<\/script>/Umis');

			$remote_replaces = array('', // '\\1=\\2#\\4',
			// '\\1=\\2#\\4',
			$remote_replaces = array('<img \\1src=\\2./program/blank.gif\\4',
			'',
			'', // '\\1#\\3',
			'',
			'',
			'none',
			'none',
			'');
			@@ -715,7 +735,7 @@
			// make links and email-addresses clickable
			$convert_patterns = $convert_replaces = $replace_strings = array();

			$url_chars = 'a-z0-9_\-\+\*\$\/&%=@#:';
			$url_chars = 'a-z0-9_\-\+\*\$\/&%=@#:;';
			$url_chars_within = '\?\.~,!';

			$convert_patterns[] = "/([\w]+):\/\/([a-z0-9\-\.]+[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/ie";
			@@ -726,39 +746,44 @@

			$convert_patterns[] = '/([a-z0-9][a-z0-9\-\.\+\_]@[a-z0-9]([a-z0-9\-][.]?)[a-z0-9]\\.[a-z]{2,5})/ie';
			$convert_replaces[] = "rcmail_str_replacement('<a href=\"mailto:\\1\" onclick=\"return $JS_OBJECT_NAME.command(\'compose\',\'\\1\',this)\">\\1</a>', \$replace_strings)";

			if ($part->ctype_parameters['format'] != 'flowed')
			$body = wordwrap(trim($body), 80);

			$body = wordwrap(trim($body), 80);
			$body = preg_replace($convert_patterns, $convert_replaces, $body);

			// split body into single lines
			$a_lines = preg_split('/\r?\n/', $body);
			$quote_level = 0;

			// colorize quoted parts
			for($n=0; $n<sizeof($a_lines); $n++)
			{
			$line = $a_lines[$n];
			$quotation = '';
			$q = 0;

			if (preg_match('/^(>+\s*)/', $line, $regs))
			{
			$q = strlen(preg_replace('/\s/', '', $regs[1]));
			$line = substr($line, strlen($regs[1]));

			if ($line{2}=='>')
			$color = 'red';
			else if ($line{1}=='>')
			$color = 'green';
			else if ($line{0}=='>')
			$color = 'blue';
			else
			$color = FALSE;
			if ($q > $quote_level)
			$quotation = str_repeat('<blockquote>', $q - $quote_level);
			else if ($q < $quote_level)
			$quotation = str_repeat("</blockquote>", $quote_level - $q);
			}
			else if ($quote_level > 0)
			$quotation = str_repeat("</blockquote>", $quote_level);

			$line = rep_specialchars_output($line, 'html', 'replace', FALSE);

			if ($color)
			$a_lines[$n] = sprintf('<font color="%s">%s</font>', $color, $line);
			else
			$a_lines[$n] = $line;
			$quote_level = $q;
			$a_lines[$n] = $quotation . rep_specialchars_output($line, 'html', 'replace', FALSE);
			}

			// insert the links for urls and mailtos
			$body = preg_replace("/##string_replacement\{([0-9]+)\}##/e", "\$replace_strings[\\1]", join("\n", $a_lines));

			return "<pre>\n".$body."\n</pre>";
			return "<div class=\"pre\">".$body."\n</div>";
			}
			}

			@@ -939,7 +964,7 @@
			$a_replaces = array();

			foreach ($sa_inline_objects as $inline_object)
			$a_replaces['cid:'.$inline_object->content_id] = sprintf($get_url, $inline_object->mime_id);
			$a_replaces['cid:'.$inline_object->content_id] = htmlspecialchars(sprintf($get_url, $inline_object->mime_id));

			// add replace array to each content part
			// (will be applied later when part body is available)
			@@ -1084,8 +1109,8 @@
			foreach ($MESSAGE['attachments'] as $attach_prop)
			{
			if (strpos($attach_prop->mimetype, 'image/')===0)
			$out .= sprintf("\n<hr />\n<p align=\"center\"><img src=\"%s&_part=%s\" alt=\"%s\" title=\"%s\" /></p>\n",
			$GET_URL, $attach_prop->mime_id,
			$out .= sprintf("\n<hr />\n<p align=\"center\"><img src=\"%s&_part=%s\" alt=\"%s\" title=\"%s\" /></p>\n",
			htmlspecialchars($GET_URL), $attach_prop->mime_id,
			$attach_prop->filename,
			$attach_prop->filename);
			}
			@@ -1113,15 +1138,12 @@
			// find STYLE tags
			while (($pos = strpos($body_lc, '<style', $last_style_pos)) && ($pos2 = strpos($body_lc, '</style>', $pos)))
			{
			$pos2 += 8;
			$body_pre = substr($body, 0, $pos);
			$styles = substr($body, $pos, $pos2-$pos);
			$body_post = substr($body, $pos2, strlen($body)-$pos2);

			$pos = strpos($body_lc, '>', $pos)+1;

			// replace all css definitions with #container [def]
			$styles = rcmail_mod_css_styles($styles, $container_id);

			$body = $body_pre . $styles . $body_post;
			$styles = rcmail_mod_css_styles(substr($body, $pos, $pos2-$pos), $container_id);

			$body = substr($body, 0, $pos) . $styles . substr($body, $pos2);
			$last_style_pos = $pos2;
			}

			@@ -1247,94 +1269,6 @@
			}


			// get source code of a specific message and cache it
			// deprecated
			function rcmail_message_source($uid)
			{
			global $IMAP, $DB, $CONFIG;

			// get message ID if uid is given
			$cache_key = $IMAP->mailbox.'.msg';
			$cached = $IMAP->get_cached_message($cache_key, $uid, FALSE);

			// message is cached in database
			if ($cached && !empty($cached->body))
			return $cached->body;

			if (!$cached)
			$headers = $IMAP->get_headers($uid);
			else
			$headers = &$cached;

			// create unique identifier based on message_id
			if (!empty($headers->messageID))
			$message_id = md5($headers->messageID);
			else
			$message_id = md5($headers->uid.'@'.$_SESSION['imap_host']);

			$temp_dir = $CONFIG['temp_dir'].(!eregi('\/$', $CONFIG['temp_dir']) ? '/' : '');
			$cache_dir = $temp_dir.$_SESSION['client_id'];
			$cache_path = $cache_dir.'/'.$message_id;

			// message is cached in temp dir
			if ($CONFIG['enable_caching'] && is_dir($cache_dir) && is_file($cache_path))
			{
			if ($fp = fopen($cache_path, 'r'))
			{
			$msg_source = fread($fp, filesize($cache_path));
			fclose($fp);
			return $msg_source;
			}
			}


			// get message from server
			$msg_source = $IMAP->get_raw_body($uid);

			// return message source without caching
			if (!$CONFIG['enable_caching'])
			return $msg_source;


			// let's cache the message body within the database
			if ($cached && ($CONFIG['db_max_length'] -300) > $headers->size)
			{
			$DB->query("UPDATE ".get_table_name('messages')."
			SET body=?
			WHERE user_id=?
			AND cache_key=?
			AND uid=?",
			$msg_source,
			$_SESSION['user_id'],
			$cache_key,
			$uid);

			return $msg_source;
			}


			// create dir for caching
			if (!is_dir($cache_dir))
			$dir = mkdir($cache_dir);
			else
			$dir = true;

			// attempt to write a file with the message body
			if ($dir && ($fp = fopen($cache_path, 'w')))
			{
			fwrite($fp, $msg_source);
			fclose($fp);
			}
			else
			{
			raise_error(array('code' => 403, 'type' => 'php', 'line' => __LINE__, 'file' => __FILE__,
			'message' => "Failed to write to temp dir"), TRUE, FALSE);
			}

			return $msg_source;
			}


			// decode address string and re-format it as HTML links
			function rcmail_address_string($input, $max=NULL, $addicon=NULL)
			{
			@@ -1412,7 +1346,7 @@
			{
			$out .= sprintf('<tr><td class="title">%s</td><td>%s</td><td>[<a href="./?%s">%s</a>]</tr>'."\n",
			rcube_label('filename'),
			rep_specialchars_output($filename),
			rep_specialchars_output(rcube_imap::decode_mime_string($filename)),
			str_replace('_frame=', '_download=', $_SERVER['QUERY_STRING']),
			rcube_label('download'));
			}