githubFork/roundcubemail.git

			@@ -22,11 +22,11 @@
			// setup some global vars used by mail steps
			$SENT_MBOX = $RCMAIL->config->get('sent_mbox');
			$DRAFTS_MBOX = $RCMAIL->config->get('drafts_mbox');
			$SEARCH_MODS_DEFAULT = array('*' => array('subject'=>1, 'from'=>1), $SENT_MBOX => array('subject'=>1, 'to'=>1), $DRAFTS_MBOX => array('subject'=>1, 'to'=>1));

			// Simplified for IDN in Unicode
			//$EMAIL_ADDRESS_PATTERN = '([a-z0-9][a-z0-9\-\.\+\_]@[a-z0-9][a-z0-9\-\.]\\.[a-z]{2,5})';
			$EMAIL_ADDRESS_PATTERN = '([a-z0-9][a-z0-9\-\.\+\_]@[^&@"\'.][^@&"\']\\.[a-z]{2,5})';
			$SEARCH_MODS_DEFAULT = array(
			'*' => array('subject'=>1, 'from'=>1),
			$SENT_MBOX => array('subject'=>1, 'to'=>1),
			$DRAFTS_MBOX => array('subject'=>1, 'to'=>1)
			);

			// actions that do not require imap connection here
			$NOIMAP_ACTIONS = array('addcontact', 'autocomplete', 'upload', 'display-attachment', 'remove-attachment', 'get');
			@@ -56,9 +56,9 @@

			// set default sort col/order to session
			if (!isset($_SESSION['sort_col']))
			$_SESSION['sort_col'] = $CONFIG['message_sort_col'];
			$_SESSION['sort_col'] = !empty($CONFIG['message_sort_col']) ? $CONFIG['message_sort_col'] : '';
			if (!isset($_SESSION['sort_order']))
			$_SESSION['sort_order'] = $CONFIG['message_sort_order'];
			$_SESSION['sort_order'] = strtoupper($CONFIG['message_sort_order']) == 'ASC' ? 'ASC' : 'DESC';

			// set threads mode
			$a_threading = $RCMAIL->config->get('message_threading', array());
			@@ -106,6 +106,7 @@
			$OUTPUT->set_env('delimiter', $IMAP->get_hierarchy_delimiter());
			$OUTPUT->set_env('threading', (bool) $IMAP->threading);
			$OUTPUT->set_env('threads', $IMAP->threading \|\| $IMAP->get_capability('THREAD'));
			$OUTPUT->set_env('preview_pane_mark_read', $RCMAIL->config->get('preview_pane_mark_read', 0));

			if ($CONFIG['flag_for_deletion'])
			$OUTPUT->set_env('flag_for_deletion', true);
			@@ -115,9 +116,8 @@
			$OUTPUT->set_env('skip_deleted', true);
			if ($CONFIG['display_next'])
			$OUTPUT->set_env('display_next', true);

			$OUTPUT->set_env('preview_pane_mark_read', $RCMAIL->config->get('preview_pane_mark_read', 0));

			if ($CONFIG['forward_attachment'])
			$OUTPUT->set_env('forward_attachment', true);
			if ($CONFIG['trash_mbox'])
			$OUTPUT->set_env('trash_mailbox', $CONFIG['trash_mbox']);
			if ($CONFIG['drafts_mbox'])
			@@ -130,7 +130,7 @@
			'movingmessage', 'copyingmessage', 'deletingmessage', 'markingmessage',
			'copy', 'move', 'quota');

			$OUTPUT->set_pagetitle(rcmail_localize_foldername($mbox_name));
			$OUTPUT->set_pagetitle(rcmail_localize_foldername($IMAP->mod_mailbox($mbox_name)));
			}


			@@ -273,7 +273,7 @@
			if (in_array($col, array('from', 'to', 'cc', 'replyto')))
			$cont = Q(rcmail_address_string($header->$col, 3), 'show');
			else if ($col=='subject') {
			$cont = abbreviate_string(trim($IMAP->decode_header($header->$col)), 160);
			$cont = trim($IMAP->decode_header($header->$col));
			if (!$cont) $cont = rcube_label('nosubject');
			$cont = Q($cont);
			}
			@@ -575,7 +575,7 @@
			'',
			'<html>',
			);
			$html = preg_replace($html_search, $html_replace, $html);
			$html = preg_replace($html_search, $html_replace, trim($html));

			// PCRE errors handling (#1486856), should we use something like for every preg_* use?
			if ($html === null && ($preg_error = preg_last_error()) != PREG_NO_ERROR) {
			@@ -607,6 +607,7 @@
			$html = '<head></head>'. $html;
			$html = substr_replace($html, '<meta http-equiv="Content-Type" content="text/html; charset='.RCMAIL_CHARSET.'" />', intval(stripos($html, '<head>')+6), 0);
			}

			// turn relative into absolute urls
			$html = rcmail_resolve_base($html);

			@@ -665,7 +666,8 @@

			// trigger plugin hook
			$data = $RCMAIL->plugins->exec_hook('message_part_before',
			array('type' => $part->ctype_secondary, 'body' => $part->body) + $p + array('safe' => false, 'plain' => false, 'inline_html' => true));
			array('type' => $part->ctype_secondary, 'body' => $part->body, 'id' => $part->mime_id)
			+ $p + array('safe' => false, 'plain' => false, 'inline_html' => true));

			// convert html to text/plain
			if ($data['type'] == 'html' && $data['plain']) {
			@@ -681,7 +683,7 @@
			// text/enriched
			else if ($data['type'] == 'enriched') {
			$part->ctype_secondary = 'html';
			require_once('lib/enriched.inc');
			require_once(INSTALL_PATH . 'program/lib/enriched.inc');
			$body = Q(enriched_to_html($data['body']), 'show');
			}
			else {
			@@ -698,7 +700,8 @@
			$body = rcmail_plain_body($body, $part->ctype_parameters['format'] == 'flowed');

			// allow post-processing of the message body
			$data = $RCMAIL->plugins->exec_hook('message_part_after', array('type' => $part->ctype_secondary, 'body' => $body) + $data);
			$data = $RCMAIL->plugins->exec_hook('message_part_after',
			array('type' => $part->ctype_secondary, 'body' => $body, 'id' => $part->mime_id) + $data);

			return $data['type'] == 'html' ? $data['body'] : html::tag('pre', array(), $data['body']);
			}
			@@ -724,71 +727,74 @@
			$body = preg_replace_callback($replacer->mailto_pattern, array($replacer, 'mailto_callback'), $body);

			// split body into single lines
			$a_lines = preg_split('/\r?\n/', $body);
			$body = preg_split('/\r?\n/', $body);
			$quote_level = 0;
			$last = -1;

			// find/mark quoted lines...
			for ($n=0, $cnt=count($a_lines); $n < $cnt; $n++) {
			if ($a_lines[$n][0] == '>' && preg_match('/^(>+\s*)+/', $a_lines[$n], $regs)) {
			for ($n=0, $cnt=count($body); $n < $cnt; $n++) {
			if ($body[$n][0] == '>' && preg_match('/^(>+\s*)+/', $body[$n], $regs)) {
			$q = strlen(preg_replace('/\s/', '', $regs[0]));
			$a_lines[$n] = substr($a_lines[$n], strlen($regs[0]));
			$body[$n] = substr($body[$n], strlen($regs[0]));

			if ($q > $quote_level)
			$a_lines[$n] = $replacer->get_replacement($replacer->add(
			str_repeat('<blockquote>', $q - $quote_level))) . $a_lines[$n];
			else if ($q < $quote_level)
			$a_lines[$n] = $replacer->get_replacement($replacer->add(
			str_repeat('</blockquote>', $quote_level - $q))) . $a_lines[$n];
			if ($q > $quote_level) {
			$body[$n] = $replacer->get_replacement($replacer->add(
			str_repeat('<blockquote>', $q - $quote_level))) . $body[$n];
			}
			else if ($q < $quote_level) {
			$body[$n] = $replacer->get_replacement($replacer->add(
			str_repeat('</blockquote>', $quote_level - $q))) . $body[$n];
			}
			else if ($flowed) {
			// previous line is flowed
			if (isset($a_lines[$last]) && $a_lines[$n]
			&& $a_lines[$last][strlen($a_lines[$last])-1] == ' ') {
			if (isset($body[$last]) && $body[$n]
			&& $body[$last][strlen($body[$last])-1] == ' ') {
			// merge lines
			$a_lines[$last] .= $a_lines[$n];
			unset($a_lines[$n]);
			$body[$last] .= $body[$n];
			unset($body[$n]);
			}
			else
			else {
			$last = $n;
			}
			}
			}
			else {
			$q = 0;
			if ($flowed) {
			// sig separator - line is fixed
			if ($a_lines[$n] == '-- ') {
			$last = $n;
			if ($body[$n] == '-- ') {
			$last = $last_sig = $n;
			}
			else {
			// remove space-stuffing
			if ($a_lines[$n][0] == ' ')
			$a_lines[$n] = substr($a_lines[$n], 1);
			if ($body[$n][0] == ' ')
			$body[$n] = substr($body[$n], 1);

			// previous line is flowed?
			if (isset($a_lines[$last]) && $a_lines[$n]
			&& $a_lines[$last] != '-- '
			&& $a_lines[$last][strlen($a_lines[$last])-1] == ' '
			if (isset($body[$last]) && $body[$n]
			&& $last != $last_sig
			&& $body[$last][strlen($body[$last])-1] == ' '
			) {
			$a_lines[$last] .= $a_lines[$n];
			unset($a_lines[$n]);
			$body[$last] .= $body[$n];
			unset($body[$n]);
			}
			else {
			$last = $n;
			}
			}
			if ($quote_level > 0)
			$a_lines[$last] = $replacer->get_replacement($replacer->add(
			str_repeat('</blockquote>', $quote_level))) . $a_lines[$last];
			$body[$last] = $replacer->get_replacement($replacer->add(
			str_repeat('</blockquote>', $quote_level))) . $body[$last];
			}
			else if ($quote_level > 0)
			$a_lines[$n] = $replacer->get_replacement($replacer->add(
			str_repeat('</blockquote>', $quote_level))) . $a_lines[$n];
			$body[$n] = $replacer->get_replacement($replacer->add(
			str_repeat('</blockquote>', $quote_level))) . $body[$n];
			}

			$quote_level = $q;
			}

			$body = join("\n", $a_lines);
			$body = join("\n", $body);

			// quote plain text (don't use Q() here, to display entities "as is")
			$table = get_html_translation_table(HTML_SPECIALCHARS);
			@@ -827,10 +833,10 @@

			case 'style':
			// decode all escaped entities and reduce to ascii strings
			$stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entity_decode($content));
			$stripped = preg_replace('/[^a-zA-Z\(:;]/', '', rcmail_xss_entity_decode($content));

			// now check for evil strings like expression, behavior or url()
			if (!preg_match('/expression\|behavior\|url\(\|import/', $stripped)) {
			if (!preg_match('/expression\|behavior\|url\(\|import[^a]/', $stripped)) {
			$out = html::tag('style', array('type' => 'text/css'), $content);
			break;
			}
			@@ -940,16 +946,25 @@
			$table->add(array('class' => 'header '.$hkey), Q($row['value'], ($hkey == 'subject' ? 'strict' : 'show')));
			}

			// all headers division
			$table->add(array('colspan' => 2, 'class' => "more-headers show-headers", 'onclick' => "return ".JS_OBJECT_NAME.".command('load-headers','',this)"), '');
			$table->add_row(array('id' => "all-headers"));
			$table->add(array('colspan' => 2, 'class' => "all"), html::div(array('id' => 'headers-source'), ''));

			return $table->show($attrib);
			}


			/**
			* return block to show full message headers
			*/
			function rcmail_message_full_headers($attrib, $headers=NULL)
			{
			global $OUTPUT;

			$html = html::div(array('class' => "more-headers show-headers", 'onclick' => "return ".JS_OBJECT_NAME.".command('load-headers','',this)"), '');
			$html .= html::div(array('id' => "all-headers", 'class' => "all", 'style' => 'display:none'), html::div(array('id' => 'headers-source'), ''));

			$OUTPUT->add_gui_object('all_headers_row', 'all-headers');
			$OUTPUT->add_gui_object('all_headers_box', 'headers-source');

			return $table->show($attrib);
			}
			return html::div($attrib, $html);
			}


			/**
			@@ -1072,8 +1087,8 @@
			$replacer = new rcube_base_replacer($regs[2]);

			// replace all relative paths
			$body = preg_replace_callback('/(src\|background\|href)=(["\']?)([\.\/]+[^"\'\s]+)(\2\|\s\|>)/Ui', array($replacer, 'callback'), $body);
			$body = preg_replace_callback('/(url\s*$)(["\']?)([\.\/]+[^"\'$\s]+)(\2)\)/Ui', array($replacer, 'callback'), $body);
			$body = preg_replace_callback('/(src\|background\|href)=(["\']?)([^"\'\s]+)(\2\|\s\|>)/Ui', array($replacer, 'callback'), $body);
			$body = preg_replace_callback('/(url\s*$)(["\']?)([^"\'$\s]+)(\2)\)/Ui', array($replacer, 'callback'), $body);
			}

			return $body;
			@@ -1183,23 +1198,30 @@
			*/
			function rcmail_alter_html_link($matches)
			{
			global $EMAIL_ADDRESS_PATTERN;
			global $RCMAIL;

			// Support unicode/punycode in top-level domain part
			$EMAIL_PATTERN = '([a-z0-9][a-z0-9\-\.\+\_]@[^&@"\'.][^@&"\']\\.([^\\x00-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}\|xn--[a-z0-9]{2,}))';

			$tag = $matches[1];
			$attrib = parse_attrib_string($matches[2]);
			$end = '>';

			// Remove non-printable characters in URL (#1487805)
			$attrib['href'] = preg_replace('/[\x00-\x1F]/', '', $attrib['href']);

			if ($tag == 'link' && preg_match('/^https?:\/\//i', $attrib['href'])) {
			$attrib['href'] = "?_task=utils&_action=modcss&u=" . urlencode($attrib['href'])
			. "&c=" . urlencode($GLOBALS['rcmail_html_container_id']);
			$tempurl = 'tmp-' . md5($attrib['href']) . '.css';
			$_SESSION['modcssurls'][$tempurl] = $attrib['href'];
			$attrib['href'] = $RCMAIL->url(array('task' => 'utils', 'action' => 'modcss', 'u' => $tempurl, 'c' => $GLOBALS['rcmail_html_container_id']));
			$end = ' />';
			}
			else if (preg_match('/^mailto:'.$EMAIL_ADDRESS_PATTERN.'(\?[^"\'>]+)?/i', $attrib['href'], $mailto)) {
			else if (preg_match('/^mailto:'.$EMAIL_PATTERN.'(\?[^"\'>]+)?/i', $attrib['href'], $mailto)) {
			$attrib['href'] = $mailto[0];
			$attrib['onclick'] = sprintf(
			"return %s.command('compose','%s',this)",
			JS_OBJECT_NAME,
			JQ($mailto[1].$mailto[2]));
			JQ($mailto[1].$mailto[3]));
			}
			else if (!empty($attrib['href']) && $attrib['href'][0] != '#') {
			$attrib['target'] = '_blank';
			@@ -1215,7 +1237,6 @@
			function rcmail_address_string($input, $max=null, $linked=false, $addicon=null)
			{
			global $IMAP, $RCMAIL, $PRINT_MODE, $CONFIG;
			static $got_writable_abook = null;

			$a_parts = $IMAP->decode_address_list($input);

			@@ -1226,8 +1247,8 @@
			$j = 0;
			$out = '';

			if ($got_writable_abook === null && $books = $RCMAIL->get_address_sources(true)) {
			$got_writable_abook = true;
			if ($addicon && !isset($_SESSION['writeable_abook'])) {
			$_SESSION['writeable_abook'] = $RCMAIL->get_address_sources(true) ? true : false;
			}

			foreach ($a_parts as $part) {
			@@ -1239,17 +1260,17 @@

			// IDNA ASCII to Unicode
			if ($name == $mailto)
			$name = idn_to_utf8($name);
			$name = rcube_idn_to_utf8($name);
			if ($string == $mailto)
			$string = idn_to_utf8($string);
			$mailto = idn_to_utf8($mailto);
			$string = rcube_idn_to_utf8($string);
			$mailto = rcube_idn_to_utf8($mailto);

			if ($PRINT_MODE) {
			$out .= sprintf('%s <%s>', Q($name), $mailto);
			}
			else if (check_email($part['mailto'], false)) {
			if ($linked) {
			$out .= html::a(array(
			$address = html::a(array(
			'href' => 'mailto:'.$mailto,
			'onclick' => sprintf("return %s.command('compose','%s',this)", JS_OBJECT_NAME, JQ($mailto)),
			'title' => $mailto,
			@@ -1258,12 +1279,12 @@
			Q($name ? $name : $mailto));
			}
			else {
			$out .= html::span(array('title' => $mailto, 'class' => "rcmContactAddress"),
			$address = html::span(array('title' => $mailto, 'class' => "rcmContactAddress"),
			Q($name ? $name : $mailto));
			}

			if ($addicon && $got_writable_abook) {
			$out .= ' ' . html::a(array(
			if ($addicon && $_SESSION['writeable_abook']) {
			$address = html::span(null, $address . html::a(array(
			'href' => "#add",
			'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, urlencode($string)),
			'title' => rcube_label('addtoaddressbook'),
			@@ -1271,8 +1292,9 @@
			html::img(array(
			'src' => $CONFIG['skin_path'] . $addicon,
			'alt' => "Add contact",
			)));
			))));
			}
			$out .= $address;
			}
			else {
			if ($name)
			@@ -1403,14 +1425,14 @@
			/**
			* clear message composing settings
			*/
			function rcmail_compose_cleanup()
			function rcmail_compose_cleanup($id)
			{
			if (!isset($_SESSION['compose']))
			if (!isset($_SESSION['compose_data'][$id]))
			return;

			$rcmail = rcmail::get_instance();
			$rcmail->plugins->exec_hook('attachments_cleanup', array());
			$rcmail->session->remove('compose');
			$rcmail->plugins->exec_hook('attachments_cleanup', array('group' => $id));
			unset($_SESSION['compose_data'][$id]);
			}


			@@ -1749,6 +1771,7 @@
			'quotadisplay' => 'rcmail_quota_display',
			'mailboxname' => 'rcmail_mailbox_name_display',
			'messageheaders' => 'rcmail_message_headers',
			'messagefullheaders' => 'rcmail_message_full_headers',
			'messagebody' => 'rcmail_message_body',
			'messagecontentframe' => 'rcmail_messagecontent_frame',
			'messagepartframe' => 'rcmail_message_part_frame',
			@@ -1757,4 +1780,17 @@
			'searchform' => array($OUTPUT, 'search_form'),
			));


			// register action aliases
			$RCMAIL->register_action_map(array(
			'preview' => 'show.inc',
			'print' => 'show.inc',
			'moveto' => 'move_del.inc',
			'delete' => 'move_del.inc',
			'send' => 'sendmail.inc',
			'expunge' => 'folders.inc',
			'purge' => 'folders.inc',
			'remove-attachment' => 'attachments.inc',
			'display-attachment' => 'attachments.inc',
			'upload' => 'attachments.inc',
			'group-expand' => 'autocomplete.inc',
			));