githubFork/roundcubemail.git

			@@ -206,16 +206,25 @@
			$js_row_arr['unread'] = true;
			if ($header->answered)
			$js_row_arr['replied'] = true;
			if ($header->forwarded)
			$js_row_arr['forwarded'] = true;
			if ($header->flagged)
			$js_row_arr['flagged'] = true;

			// set message icon
			if ($attrib['deletedicon'] && $header->deleted)
			$message_icon = $attrib['deletedicon'];
			else if ($attrib['repliedicon'] && $header->answered)
			{
			if ($attrib['forwardedrepliedicon'] && $header->forwarded)
			$message_icon = $attrib['forwardedrepliedicon'];
			else
			$message_icon = $attrib['repliedicon'];
			}
			else if ($attrib['forwardedicon'] && $header->forwarded)
			$message_icon = $attrib['forwardedicon'];
			else if ($attrib['unreadicon'] && !$header->seen)
			$message_icon = $attrib['unreadicon'];
			else if ($attrib['repliedicon'] && $header->answered)
			$message_icon = $attrib['repliedicon'];
			else if ($attrib['messageicon'])
			$message_icon = $attrib['messageicon'];

			@@ -296,6 +305,10 @@
			$OUTPUT->set_env('unreadicon', $skin_path . $attrib['unreadicon']);
			if ($attrib['repliedicon'])
			$OUTPUT->set_env('repliedicon', $skin_path . $attrib['repliedicon']);
			if ($attrib['forwardedicon'])
			$OUTPUT->set_env('forwardedicon', $skin_path . $attrib['forwardedicon']);
			if ($attrib['forwardedrepliedicon'])
			$OUTPUT->set_env('forwardedrepliedicon', $skin_path . $attrib['forwardedrepliedicon']);
			if ($attrib['attachmenticon'])
			$OUTPUT->set_env('attachmenticon', $skin_path . $attrib['attachmenticon']);
			if ($attrib['flaggedicon'])
			@@ -367,6 +380,7 @@
			$a_msg_flags['deleted'] = $header->deleted ? 1 : 0;
			$a_msg_flags['unread'] = $header->seen ? 0 : 1;
			$a_msg_flags['replied'] = $header->answered ? 1 : 0;
			$a_msg_flags['forwarded'] = $header->forwarded ? 1 : 0;
			$a_msg_flags['flagged'] = $header->flagged ? 1 : 0;

			$OUTPUT->command('add_message_row',
			@@ -446,7 +460,7 @@
			$attrib_str = create_attrib_string($attrib, array('style', 'class', 'id', 'display'));

			$out = '<span' . $attrib_str . '>';
			$out .= rcmail_quota_content();
			$out .= rcmail_quota_content(NULL, $attrib);
			$out .= '</span>';
			return $out;
			}
			@@ -455,7 +469,7 @@
			/**
			*
			*/
			function rcmail_quota_content($quota=NULL)
			function rcmail_quota_content($quota=NULL, $attrib=NULL)
			{
			global $IMAP, $COMM_PATH, $RCMAIL;

			@@ -481,14 +495,23 @@
			// show quota as image (by Brett Patterson)
			if ($display == 'image' && function_exists('imagegif'))
			{
			$attrib = array('width' => 100, 'height' => 14);
			if (!$attrib['width'])
			$attrib['width'] = isset($_SESSION['quota_width']) ? $_SESSION['quota_width'] : 100;
			else
			$_SESSION['quota_width'] = $attrib['width'];

			if (!$attrib['height'])
			$attrib['height'] = isset($_SESSION['quota_height']) ? $_SESSION['quota_height'] : 14;
			else
			$_SESSION['quota_height'] = $attrib['height'];

			$quota_text = sprintf('<img src="./bin/quotaimg.php?u=%s&q=%d&w=%d&h=%d" width="%d" height="%d" alt="%s" title="%s / %s" />',
			$quota['used'], $quota['total'],
			$attrib['width'], $attrib['height'],
			$attrib['width'], $attrib['height'],
			$quota_text,
			show_bytes($quota["used"] * 1024),
			show_bytes($quota["total"] * 1024));
			show_bytes($quota['used'] * 1024),
			show_bytes($quota['total'] * 1024));
			}
			}
			else
			@@ -574,19 +597,34 @@
			}
			// text/html
			else if ($part->ctype_secondary == 'html') {
			$html = $part->body;

			// special replacements (not properly handled by washtml class)
			$html_search = array(
			'/(<\/nobr>)(\s+)(<nobr>)/i', // space(s) between <NOBR>
			'/(<[\/]*st1:[^>]+>)/i', // Microsoft's Smart Tags <ST1>
			'/<title>.*<\/title>/i', // PHP bug #32547 workaround: remove title tag
			'/<html[^>]*>/im', // malformed html: remove html tags (#1485139)
			'/<\/html>/i', // malformed html: remove html tags (#1485139)
			);
			$html_replace = array(
			'\\1'.'   '.'\\3',
			'',
			'',
			'',
			'',
			);
			$html = preg_replace($html_search, $html_replace, $html);

			// charset was converted to UTF-8 in rcube_imap::get_message_part() -> change charset specification in HTML accordingly
			$html = $part->body;
			if (preg_match('/(\s+content=[\'"]\w+\/\w+;\s*charset)=([a-z0-9-_]+)/i', $html))
			$html = preg_replace('/(\s+content=[\'"]\w+\/\w+;\s*charset)=([a-z0-9-_]+)/i', '\\1='.RCMAIL_CHARSET, $html);
			else {
			// add <head> for malformed messages, washtml cannot work without that
			if (!preg_match('/<head>(.*)<\\/head>/Uims', $html))
			$html = '<head></head>' . $html;
			// add head for malformed messages, washtml cannot work without that
			if (!preg_match('/<head[^>]>(.)<\/head>/Uims', $html))
			$html = '<head></head>'. $html;
			$html = substr_replace($html, '<meta http-equiv="Content-Type" content="text/html; charset='.RCMAIL_CHARSET.'" />', intval(stripos($html, '</head>')), 0);
			}

			// PHP bug #32547 workaround: remove title tag
			$html = preg_replace('/<title>.*<\/title>/', '', $html);

			// clean HTML with washhtml by Frederic Motte
			$wash_opts = array(
			@@ -602,15 +640,13 @@
			$wash_opts['html_elements'] = array('html','head','title','body');
			}

			/* CSS styles need to be sanitized!
			if ($p['safe']) {
			$wash_opts['html_elements'][] = 'style';
			$wash_opts['html_attribs'] = array('type');
			}
			*/

			$washer = new washtml($wash_opts);
			$washer->add_callback('form', 'rcmail_washtml_callback');

			if ($p['safe']) { // allow CSS styles, will be sanitized by rcmail_washtml_callback()
			$washer->add_callback('style', 'rcmail_washtml_callback');
			}

			$body = $washer->wash($html);
			$REMOTE_OBJECTS = $washer->extlinks;

			@@ -642,9 +678,6 @@
			$convert_patterns[] = '/([a-z0-9][a-z0-9\-\.\+\_]@[a-z0-9]([a-z0-9\-][.]?)[a-z0-9]\\.[a-z]{2,5})/ie';
			$convert_replaces[] = "rcmail_str_replacement('<a href=\"mailto:\\1\" onclick=\"return ".JS_OBJECT_NAME.".command(\'compose\',\'\\1\',this)\">\\1</a>', \$replace_strings)";

			// if ($part->ctype_parameters['format'] != 'flowed')
			// $body = wordwrap(trim($body), 80);

			// search for patterns like links and e-mail addresses
			$body = preg_replace($convert_patterns, $convert_replaces, $body);

			@@ -701,6 +734,16 @@
			$out = html::div('form', $content);
			break;

			case 'style':
			// decode all escaped entities and reduce to ascii strings
			$stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($content));

			// now check for evil strings like expression, behavior or url()
			if (!preg_match('/expression\|behavior\|url\(\|import/', $stripped)) {
			$out = html::tag('style', array('type' => 'text/css'), $content);
			break;
			}

			default:
			$out = '';
			}
			@@ -742,21 +785,28 @@
			$out = '<table' . $attrib_str . ">\n";

			// show these headers
			$standard_headers = array('subject', 'from', 'organization', 'to', 'cc', 'bcc', 'reply-to', 'date');

			$standard_headers = array('subject', 'from', 'organization', 'to', 'cc', 'bcc', 'replyto', 'date');

			foreach ($standard_headers as $hkey)
			{
			if (!$headers[$hkey])
			continue;

			if ($hkey=='date' && !empty($headers[$hkey]))
			if ($hkey == 'date')
			{
			if ($PRINT_MODE)
			$header_value = format_date($headers[$hkey], $CONFIG['date_long'] ? $CONFIG['date_long'] : 'x');
			else
			$header_value = format_date($headers[$hkey]);
			}
			else if (in_array($hkey, array('from', 'to', 'cc', 'bcc', 'reply-to')))
			else if ($hkey == 'replyto')
			{
			if ($headers['replyto'] != $headers['from'])
			$header_value = Q(rcmail_address_string($headers['replyto'], null, true, $attrib['addicon']), 'show');
			else
			continue;
			}
			else if (in_array($hkey, array('from', 'to', 'cc', 'bcc')))
			$header_value = Q(rcmail_address_string($headers[$hkey], null, true, $attrib['addicon']), 'show');
			else
			$header_value = Q($IMAP->decode_header($headers[$hkey]));
			@@ -766,6 +816,14 @@
			$out .= '<td class="'.$hkey.'" width="90%">'.$header_value."</td>\n</tr>";
			$header_count++;
			}

			// all headers division
			$out .= "\n".'<tr><td colspan="2" class="more-headers show-headers"
			onclick="return '.JS_OBJECT_NAME.'.command(\'load-headers\', \'\', this)"></td></tr>';
			$out .= "\n".'<tr id="all-headers"><td colspan="2" class="all"><div id="headers-source"></div></td></tr>';

			$OUTPUT->add_gui_object('all_headers_row', 'all-headers');
			$OUTPUT->add_gui_object('all_headers_box', 'headers-source');

			$out .= "\n</table>\n\n";

			@@ -829,8 +887,7 @@
			$ctype_secondary = strtolower($MESSAGE->structure->ctype_secondary);

			// list images after mail body
			if (get_boolean($attrib['showimages'])
			&& $CONFIG['inline_images']
			if ($CONFIG['inline_images']
			&& $ctype_primary == 'multipart'
			&& !empty($MESSAGE->attachments)
			&& !strstr($message_body, '<html'))
			@@ -1007,6 +1064,51 @@
			}


			/**
			* Wrap text to a given number of characters per line
			* but respect the mail quotation of replies messages (>)
			*
			* @param string Text to wrap
			* @param int The line width
			* @return string The wrapped text
			*/
			function rcmail_wrap_quoted($text, $max = 76)
			{
			// Rebuild the message body with a maximum of $max chars, while keeping quoted message.
			$lines = preg_split('/\r?\n/', trim($text));
			$out = '';

			foreach ($lines as $line) {
			if (strlen($line) > $max) {
			if (preg_match('/^([>\s]+)/', $line, $regs)) {
			$length = strlen($regs[0]);
			$prefix = substr($line, 0, $length);

			// Remove '> ' from the line, then wordwrap() the line
			$line = wordwrap(substr($line, $length), $max - $length);

			// Rebuild the line with '> ' at the beginning of each 'subline'
			$newline = '';
			foreach (explode("\n", $line) as $l) {
			$newline .= $prefix . $l . "\n";
			}

			// Remove the righest newline char
			$line = rtrim($newline);
			}
			else {
			$line = wordwrap($line, $max);
			}
			}

			// Append the line
			$out .= $line . "\n";
			}

			return $out;
			}


			function rcmail_message_part_controls()
			{
			global $MESSAGE;