githubFork/roundcubemail.git

			@@ -2,9 +2,9 @@
			/*
			+-----------------------------------------------------------------------+
			\| RoundCube Webmail IMAP Client \|
			\| Version 0.1-20070809 \|
			\| Version 0.1-20080328 \|
			\| \|
			\| Copyright (C) 2005-2007, RoundCube Dev. - Switzerland \|
			\| Copyright (C) 2005-2008, RoundCube Dev. - Switzerland \|
			\| Licensed under the GNU GPL \|
			\| \|
			\| Redistribution and use in source and binary forms, with or without \|
			@@ -41,7 +41,7 @@
			*/

			// application constants
			define('RCMAIL_VERSION', '0.1-20070809');
			define('RCMAIL_VERSION', '0.1-trunk');
			define('RCMAIL_CHARSET', 'UTF-8');
			define('JS_OBJECT_NAME', 'rcmail');

			@@ -103,8 +103,12 @@
			if ($_action != 'get' && $_action != 'viewsource')
			{
			// use gzip compression if supported
			if (function_exists('ob_gzhandler') && ini_get('zlib.output_compression'))
			if (function_exists('ob_gzhandler')
			&& !ini_get('zlib.output_compression')
			&& ini_get('output_handler') != 'ob_gzhandler')
			{
			ob_start('ob_gzhandler');
			}
			else
			ob_start();
			}
			@@ -156,7 +160,7 @@
			$OUTPUT->show_message("cookiesdisabled", 'warning');
			}
			else if ($_SESSION['temp'] && !empty($_POST['_user']) && isset($_POST['_pass']) &&
			rcmail_login(get_input_value('_user', RCUBE_INPUT_POST),
			rcmail_login(trim(get_input_value('_user', RCUBE_INPUT_POST), ' '),
			get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'), $host))
			{
			// create new session ID
			@@ -172,8 +176,8 @@
			}
			else
			{
			$OUTPUT->show_message("loginfailed", 'warning');
			$_SESSION['user_id'] = '';
			$OUTPUT->show_message($IMAP->error_code == -1 ? 'imaperror' : 'loginfailed', 'warning');
			rcmail_kill_session();
			}
			}

			@@ -196,13 +200,13 @@


			// log in to imap server
			if (!empty($_SESSION['user_id']) && $_task=='mail')
			if (!empty($USER->ID) && $_task=='mail')
			{
			$conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']);
			if (!$conn)
			{
			$OUTPUT->show_message('imaperror', 'error');
			$_SESSION['user_id'] = '';
			$OUTPUT->show_message($IMAP->error_code == -1 ? 'imaperror' : 'sessionerror', 'error');
			rcmail_kill_session();
			}
			else
			rcmail_set_imap_prop();
			@@ -210,7 +214,7 @@


			// not logged in -> set task to 'login
			if (empty($_SESSION['user_id']))
			if (empty($USER->ID))
			{
			if ($OUTPUT->ajax_call)
			$OUTPUT->remote_response("setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);");
			@@ -238,8 +242,19 @@


			// not logged in -> show login page
			if (!$_SESSION['user_id'])
			if (empty($USER->ID))
			{
			// check if installer is still active
			if ($CONFIG['enable_installer'] && is_readable('./installer/index.php'))
			$OUTPUT->add_footer('
			<div style="background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em">
			<h2 style="margin-top:0.2em">Installer script is still accessible</h2>
			<p>The install script of your RoundCube installation is still stored in its default location!</p>
			<p>Please <b>remove</b> the whole <tt>installer</tt> folder from the RoundCube directory because
			these files may expose sensitive configuration data like server passwords and encryption keys
			to the public. Make sure you cannot access the <a href="./installer/">installer script</a> from your browser.</p>
			</div>');

			$OUTPUT->task = 'login';
			$OUTPUT->send('login');
			exit;
			@@ -274,13 +289,16 @@
			if ($_action=='viewsource')
			include('program/steps/mail/viewsource.inc');

			if ($_action=='sendmdn')
			include('program/steps/mail/sendmdn.inc');

			if ($_action=='send')
			include('program/steps/mail/sendmail.inc');

			if ($_action=='upload')
			include('program/steps/mail/upload.inc');

			if ($_action=='compose' \|\| $_action=='remove-attachment')
			if ($_action=='compose' \|\| $_action=='remove-attachment' \|\| $_action=='display-attachment')
			include('program/steps/mail/compose.inc');

			if ($_action=='addcontact')