githubFork/roundcubemail.git

			@@ -59,6 +59,7 @@

			//$this->framed = $framed;
			$this->set_env('task', $task);
			$this->set_env('request_token', $this->app->get_request_token());

			// load the correct skin (in case user-defined)
			$this->set_skin($this->config['skin']);
			@@ -288,7 +289,7 @@
			{
			if ($templ != 'iframe') {
			// prevent from endless loops
			if ($this->app->plugins->is_processing('render_page')) {
			if ($exit != 'recur' && $this->app->plugins->is_processing('render_page')) {
			raise_error(array('code' => 505, 'type' => 'php', 'message' => 'Recursion alert: ignoring output->send()'), true, false);
			return;
			}
			@@ -325,6 +326,10 @@
			$js = $this->framed ? "if(window.parent) {\n" : '';
			$js .= $this->get_js_commands() . ($this->framed ? ' }' : '');
			$this->add_script($js, 'head_top');

			// make sure all <form> tags have a valid request token
			$template = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $template);
			$this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer);

			// call super method
			parent::write($template, $this->config['skin_path']);
			@@ -450,7 +455,16 @@
			{
			$GLOBALS['__version'] = Q(RCMAIL_VERSION);
			$GLOBALS['__comm_path'] = Q($this->app->comm_path);
			return preg_replace('/\$(__[a-z0-9_\-]+)/e', '$GLOBALS["\\1"]', $input);
			return preg_replace_callback('/\$(__[a-z0-9_\-]+)/',
			array($this, 'globals_callback'), $input);
			}

			/**
			* Callback funtion for preg_replace_callback() in parse_with_globals()
			*/
			private function globals_callback($matches)
			{
			return $GLOBALS[$matches[1]];
			}

			/**
			@@ -514,7 +528,24 @@
			*/
			private function check_condition($condition)
			{
			return eval("return (".$this->parse_expression($condition).");");
			return eval("return (".$this->parse_expression($condition).");");
			}


			/**
			*
			*/
			private function alter_form_tag($matches)
			{
			$out = $matches[0];
			$attrib = parse_attrib_string($matches[1]);

			if (strtolower($attrib['method']) == 'post') {
			$hidden = new html_hiddenfield(array('name' => '_token', 'value' => $this->app->get_request_token()));
			$out .= "\n" . $hidden->show();
			}

			return $out;
			}


			@@ -789,8 +820,8 @@
			}

			// set title to alt attribute for IE browsers
			if ($this->browser->ie && $attrib['title'] && !$attrib['alt']) {
			$attrib['alt'] = $attrib['title'];
			if ($this->browser->ie && !$attrib['title'] && $attrib['alt']) {
			$attrib['title'] = $attrib['alt'];
			}

			// add empty alt attribute for XHTML compatibility
			@@ -818,9 +849,9 @@
			else if (in_array($attrib['command'], $a_static_commands)) {
			$attrib['href'] = rcmail_url($attrib['command']);
			}
			else if ($attrib['command'] == 'permaurl' && !empty($this->env['permaurl'])) {
			$attrib['href'] = $this->env['permaurl'];
			}
			else if ($attrib['command'] == 'permaurl' && !empty($this->env['permaurl'])) {
			$attrib['href'] = $this->env['permaurl'];
			}
			}

			// overwrite attributes
			@@ -835,35 +866,6 @@
			$attrib['prop']
			);
			}
			if ($command && $attrib['imageover']) {
			$attrib['onmouseover'] = sprintf(
			"return %s.button_over('%s','%s')",
			JS_OBJECT_NAME,
			$command,
			$attrib['id']
			);
			$attrib['onmouseout'] = sprintf(
			"return %s.button_out('%s','%s')",
			JS_OBJECT_NAME,
			$command,
			$attrib['id']
			);
			}

			if ($command && $attrib['imagesel']) {
			$attrib['onmousedown'] = sprintf(
			"return %s.button_sel('%s','%s')",
			JS_OBJECT_NAME,
			$command,
			$attrib['id']
			);
			$attrib['onmouseup'] = sprintf(
			"return %s.button_out('%s','%s')",
			JS_OBJECT_NAME,
			$command,
			$attrib['id']
			);
			}

			$out = '';

			@@ -872,19 +874,18 @@
			$attrib_str = html::attrib_string(
			$attrib,
			array(
			'style', 'class', 'id', 'width',
			'height', 'border', 'hspace',
			'vspace', 'align', 'alt', 'tabindex'
			'style', 'class', 'id', 'width', 'height', 'border', 'hspace',
			'vspace', 'align', 'alt', 'tabindex', 'title'
			)
			);
			$btn_content = sprintf('<img src="%s"%s />', $this->abs_url($attrib['image']), $attrib_str);
			if ($attrib['label']) {
			$btn_content .= ' '.$attrib['label'];
			}
			$link_attrib = array('href', 'onclick', 'onmouseover', 'onmouseout', 'onmousedown', 'onmouseup', 'title', 'target');
			$link_attrib = array('href', 'onclick', 'onmouseover', 'onmouseout', 'onmousedown', 'onmouseup', 'target');
			}
			else if ($attrib['type']=='link') {
			$btn_content = $attrib['label'] ? $attrib['label'] : $attrib['command'];
			$btn_content = isset($attrib['content']) ? $attrib['content'] : ($attrib['label'] ? $attrib['label'] : $attrib['command']);
			$link_attrib = array('href', 'onclick', 'title', 'id', 'class', 'style', 'tabindex', 'target');
			}
			else if ($attrib['type']=='input') {
			@@ -897,8 +898,7 @@
			$attrib_str = html::attrib_string(
			$attrib,
			array(
			'type', 'value', 'onclick',
			'id', 'class', 'style', 'tabindex'
			'type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex'
			)
			);
			$out = sprintf('<input%s disabled="disabled" />', $attrib_str);
			@@ -947,7 +947,7 @@
			* @param string Form content
			* @return string HTML code for the form
			*/
			public function request_form($attrib, $content)
			public function request_form($attrib, $content = '')
			{
			$hidden = new html_hiddenfield();
			if ($attrib['task']) {
			@@ -956,10 +956,6 @@
			if ($attrib['action']) {
			$hidden->add(array('name' => '_action', 'value' => $attrib['action']));
			}

			// generate request token
			$request_key = $attrib['request'] ? $attrib['request'] : $attrib['action'];
			$hidden->add(array('name' => '_token', 'value' => $this->app->get_request_token($request_key)));

			unset($attrib['task'], $attrib['request']);
			$attrib['action'] = './';
			@@ -1018,8 +1014,8 @@
			if (empty($url) && !preg_match('/_(task\|action)=logout/', $_SERVER['QUERY_STRING']))
			$url = $_SERVER['QUERY_STRING'];

			$input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser', 'size' => 30) + $attrib);
			$input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'size' => 30) + $attrib);
			$input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser') + $attrib);
			$input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd') + $attrib);
			$input_action = new html_hiddenfield(array('name' => '_action', 'value' => 'login'));
			$input_tzone = new html_hiddenfield(array('name' => '_timezone', 'id' => 'rcmlogintz', 'value' => '_default_'));
			$input_url = new html_hiddenfield(array('name' => '_url', 'id' => 'rcmloginurl', 'value' => $url));
			@@ -1039,7 +1035,7 @@
			}
			}
			else if (empty($default_host)) {
			$input_host = new html_inputfield(array('name' => '_host', 'id' => 'rcmloginhost', 'size' => 30));
			$input_host = new html_inputfield(array('name' => '_host', 'id' => 'rcmloginhost') + $attrib);
			}

			$form_name = !empty($attrib['form']) ? $attrib['form'] : 'form';