githubFork/roundcubemail.git

			@@ -59,6 +59,7 @@

			//$this->framed = $framed;
			$this->set_env('task', $task);
			$this->set_env('request_token', $this->app->get_request_token());

			// load the correct skin (in case user-defined)
			$this->set_skin($this->config['skin']);
			@@ -72,7 +73,7 @@
			$this->add_script($javascript, 'head_top');
			$this->add_script($javascript_foot, 'foot');
			$this->scripts_path = 'program/js/';
			$this->include_script('jquery-1.3.min.js');
			$this->include_script('jquery-1.4.min.js');
			$this->include_script('common.js');
			$this->include_script('app.js');

			@@ -287,6 +288,13 @@
			public function send($templ = null, $exit = true)
			{
			if ($templ != 'iframe') {
			// prevent from endless loops
			if ($exit != 'recur' && $this->app->plugins->is_processing('render_page')) {
			raise_error(array('code' => 505, 'type' => 'php',
			'file' => __FILE__, 'line' => __LINE__,
			'message' => 'Recursion alert: ignoring output->send()'), true, false);
			return;
			}
			$this->parse($templ, false);
			}
			else {
			@@ -294,11 +302,11 @@
			$this->write();
			}

			// set output asap
			ob_flush();
			flush();
			// set output asap
			ob_flush();
			flush();

			if ($exit) {
			if ($exit) {
			exit;
			}
			}
			@@ -320,6 +328,10 @@
			$js = $this->framed ? "if(window.parent) {\n" : '';
			$js .= $this->get_js_commands() . ($this->framed ? ' }' : '');
			$this->add_script($js, 'head_top');

			// make sure all <form> tags have a valid request token
			$template = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $template);
			$this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer);

			// call super method
			parent::write($template, $this->config['skin_path']);
			@@ -445,7 +457,16 @@
			{
			$GLOBALS['__version'] = Q(RCMAIL_VERSION);
			$GLOBALS['__comm_path'] = Q($this->app->comm_path);
			return preg_replace('/\$(__[a-z0-9_\-]+)/e', '$GLOBALS["\\1"]', $input);
			return preg_replace_callback('/\$(__[a-z0-9_\-]+)/',
			array($this, 'globals_callback'), $input);
			}

			/**
			* Callback funtion for preg_replace_callback() in parse_with_globals()
			*/
			private function globals_callback($matches)
			{
			return $GLOBALS[$matches[1]];
			}

			/**
			@@ -509,7 +530,24 @@
			*/
			private function check_condition($condition)
			{
			return eval("return (".$this->parse_expression($condition).");");
			return eval("return (".$this->parse_expression($condition).");");
			}


			/**
			*
			*/
			private function alter_form_tag($matches)
			{
			$out = $matches[0];
			$attrib = parse_attrib_string($matches[1]);

			if (strtolower($attrib['method']) == 'post') {
			$hidden = new html_hiddenfield(array('name' => '_token', 'value' => $this->app->get_request_token()));
			$out .= "\n" . $hidden->show();
			}

			return $out;
			}


			@@ -517,7 +555,7 @@
			* Parses expression and replaces variables
			*
			* @param string Expression statement
			* @return string Expression statement
			* @return string Expression value
			*/
			private function parse_expression($expression)
			{
			@@ -784,8 +822,8 @@
			}

			// set title to alt attribute for IE browsers
			if ($this->browser->ie && $attrib['title'] && !$attrib['alt']) {
			$attrib['alt'] = $attrib['title'];
			if ($this->browser->ie && !$attrib['title'] && $attrib['alt']) {
			$attrib['title'] = $attrib['alt'];
			}

			// add empty alt attribute for XHTML compatibility
			@@ -813,9 +851,9 @@
			else if (in_array($attrib['command'], $a_static_commands)) {
			$attrib['href'] = rcmail_url($attrib['command']);
			}
			else if ($attrib['command'] == 'permaurl' && !empty($this->env['permaurl'])) {
			$attrib['href'] = $this->env['permaurl'];
			}
			else if ($attrib['command'] == 'permaurl' && !empty($this->env['permaurl'])) {
			$attrib['href'] = $this->env['permaurl'];
			}
			}

			// overwrite attributes
			@@ -830,35 +868,6 @@
			$attrib['prop']
			);
			}
			if ($command && $attrib['imageover']) {
			$attrib['onmouseover'] = sprintf(
			"return %s.button_over('%s','%s')",
			JS_OBJECT_NAME,
			$command,
			$attrib['id']
			);
			$attrib['onmouseout'] = sprintf(
			"return %s.button_out('%s','%s')",
			JS_OBJECT_NAME,
			$command,
			$attrib['id']
			);
			}

			if ($command && $attrib['imagesel']) {
			$attrib['onmousedown'] = sprintf(
			"return %s.button_sel('%s','%s')",
			JS_OBJECT_NAME,
			$command,
			$attrib['id']
			);
			$attrib['onmouseup'] = sprintf(
			"return %s.button_out('%s','%s')",
			JS_OBJECT_NAME,
			$command,
			$attrib['id']
			);
			}

			$out = '';

			@@ -867,19 +876,18 @@
			$attrib_str = html::attrib_string(
			$attrib,
			array(
			'style', 'class', 'id', 'width',
			'height', 'border', 'hspace',
			'vspace', 'align', 'alt', 'tabindex'
			'style', 'class', 'id', 'width', 'height', 'border', 'hspace',
			'vspace', 'align', 'alt', 'tabindex', 'title'
			)
			);
			$btn_content = sprintf('<img src="%s"%s />', $this->abs_url($attrib['image']), $attrib_str);
			if ($attrib['label']) {
			$btn_content .= ' '.$attrib['label'];
			}
			$link_attrib = array('href', 'onclick', 'onmouseover', 'onmouseout', 'onmousedown', 'onmouseup', 'title', 'target');
			$link_attrib = array('href', 'onclick', 'onmouseover', 'onmouseout', 'onmousedown', 'onmouseup', 'target');
			}
			else if ($attrib['type']=='link') {
			$btn_content = $attrib['label'] ? $attrib['label'] : $attrib['command'];
			$btn_content = isset($attrib['content']) ? $attrib['content'] : ($attrib['label'] ? $attrib['label'] : $attrib['command']);
			$link_attrib = array('href', 'onclick', 'title', 'id', 'class', 'style', 'tabindex', 'target');
			}
			else if ($attrib['type']=='input') {
			@@ -892,8 +900,7 @@
			$attrib_str = html::attrib_string(
			$attrib,
			array(
			'type', 'value', 'onclick',
			'id', 'class', 'style', 'tabindex'
			'type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex'
			)
			);
			$out = sprintf('<input%s disabled="disabled" />', $attrib_str);
			@@ -920,7 +927,7 @@
			*/
			public function form_tag($attrib, $content = null)
			{
			if ($this->framed) {
			if ($this->framed \|\| !empty($_REQUEST['_framed'])) {
			$hiddenfield = new html_hiddenfield(array('name' => '_framed', 'value' => '1'));
			$hidden = $hiddenfield->show();
			}
			@@ -930,7 +937,36 @@

			return html::tag('form',
			$attrib + array('action' => "./", 'method' => "get"),
			$hidden . $content);
			$hidden . $content,
			array('id','class','style','name','method','action','enctype','onsubmit'));
			}


			/**
			* Build a form tag with a unique request token
			*
			* @param array Named tag parameters including 'action' and 'task' values which will be put into hidden fields
			* @param string Form content
			* @return string HTML code for the form
			*/
			public function request_form($attrib, $content = '')
			{
			$hidden = new html_hiddenfield();
			if ($attrib['task']) {
			$hidden->add(array('name' => '_task', 'value' => $attrib['task']));
			}
			if ($attrib['action']) {
			$hidden->add(array('name' => '_action', 'value' => $attrib['action']));
			}

			unset($attrib['task'], $attrib['request']);
			$attrib['action'] = './';

			// we already have a <form> tag
			if ($attrib['form'])
			return $hidden->show() . $content;
			else
			return $this->form_tag($attrib, $hidden->show() . $content);
			}


			@@ -950,7 +986,7 @@
			return $username;
			}

			// get e-mail address form default identity
			// get e-mail address from default identity
			if ($sql_arr = $this->app->user->get_identity()) {
			$username = $sql_arr['email'];
			}
			@@ -980,8 +1016,8 @@
			if (empty($url) && !preg_match('/_(task\|action)=logout/', $_SERVER['QUERY_STRING']))
			$url = $_SERVER['QUERY_STRING'];

			$input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser', 'size' => 30) + $attrib);
			$input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'size' => 30) + $attrib);
			$input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser') + $attrib);
			$input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd') + $attrib);
			$input_action = new html_hiddenfield(array('name' => '_action', 'value' => 'login'));
			$input_tzone = new html_hiddenfield(array('name' => '_timezone', 'id' => 'rcmlogintz', 'value' => '_default_'));
			$input_url = new html_hiddenfield(array('name' => '_url', 'id' => 'rcmloginurl', 'value' => $url));
			@@ -1001,7 +1037,7 @@
			}
			}
			else if (empty($default_host)) {
			$input_host = new html_inputfield(array('name' => '_host', 'id' => 'rcmloginhost', 'size' => 30));
			$input_host = new html_inputfield(array('name' => '_host', 'id' => 'rcmloginhost') + $attrib);
			}

			$form_name = !empty($attrib['form']) ? $attrib['form'] : 'form';