githubFork/roundcubemail.git

			@@ -67,11 +67,12 @@
			//$this->framed = $framed;
			$this->set_env('task', $task);
			$this->set_env('x_frame_options', $this->config->get('x_frame_options', 'sameorigin'));
			$this->set_env('standard_windows', (bool) $this->config->get('standard_windows'));

			// add cookie info
			$this->set_env('cookie_domain', ini_get('session.cookie_domain'));
			$this->set_env('cookie_path', ini_get('session.cookie_path'));
			$this->set_env('cookie_secure', ini_get('session.cookie_secure'));
			$this->set_env('cookie_secure', filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN));

			// load the correct skin (in case user-defined)
			$skin = $this->config->get('skin');
			@@ -105,7 +106,6 @@
			));
			}


			/**
			* Set environment variable
			*
			@@ -120,7 +120,6 @@
			$this->js_env[$name] = $value;
			}
			}


			/**
			* Getter for the current page title
			@@ -145,17 +144,17 @@
			return $title;
			}


			/**
			* Set skin
			*/
			public function set_skin($skin)
			{
			$valid = false;
			$path = RCUBE_INSTALL_PATH . 'skins/';

			if (!empty($skin) && is_dir('skins/'.$skin) && is_readable('skins/'.$skin)) {
			$skin_path = 'skins/'.$skin;
			$valid = true;
			if (!empty($skin) && is_dir($path . $skin) && is_readable($path . $skin)) {
			$skin_path = 'skins/' . $skin;
			$valid = true;
			}
			else {
			$skin_path = $this->config->get('skin_path');
			@@ -183,12 +182,15 @@
			$this->skin_paths[] = $skin_path;

			// read meta file and check for dependecies
			$meta = @json_decode(@file_get_contents($skin_path.'/meta.json'), true);
			if ($meta['extends'] && is_dir('skins/' . $meta['extends'])) {
			$this->load_skin('skins/' . $meta['extends']);
			$meta = @file_get_contents(RCUBE_INSTALL_PATH . $skin_path . '/meta.json');
			$meta = @json_decode($meta, true);
			if ($meta['extends']) {
			$path = RCUBE_INSTALL_PATH . 'skins/';
			if (is_dir($path . $meta['extends']) && is_readable($path . $meta['extends'])) {
			$this->load_skin('skins/' . $meta['extends']);
			}
			}
			}


			/**
			* Check if a specific template exists
			@@ -198,16 +200,17 @@
			*/
			public function template_exists($name)
			{
			$found = false;
			foreach ($this->skin_paths as $skin_path) {
			$filename = $skin_path . '/templates/' . $name . '.html';
			$found = (is_file($filename) && is_readable($filename)) \|\| ($this->deprecated_templates[$name] && $this->template_exists($this->deprecated_templates[$name]));
			if ($found)
			break;
			$filename = RCUBE_INSTALL_PATH . $skin_path . '/templates/' . $name . '.html';
			if ((is_file($filename) && is_readable($filename))
			\|\| ($this->deprecated_templates[$name] && $this->template_exists($this->deprecated_templates[$name]))
			) {
			return true;
			}
			}
			return $found;
			}

			return false;
			}

			/**
			* Find the given file in the current skin path stack
			@@ -233,7 +236,6 @@
			return false;
			}


			/**
			* Register a GUI object to the client script
			*
			@@ -245,7 +247,6 @@
			{
			$this->add_script(self::JS_OBJECT_NAME.".gui_object('$obj', '$id');");
			}


			/**
			* Call a client method
			@@ -262,7 +263,6 @@
			$this->js_commands[] = $cmd;
			}


			/**
			* Add a localized label to the client environment
			*/
			@@ -276,7 +276,6 @@
			$this->js_labels[$name] = $this->app->gettext($name);
			}
			}


			/**
			* Invoke display_message command
			@@ -304,7 +303,6 @@
			}
			}


			/**
			* Delete all stored env variables and commands
			*
			@@ -327,7 +325,6 @@
			$this->body = '';
			}


			/**
			* Redirect to a certain url
			*
			@@ -342,7 +339,6 @@
			header('Location: ' . $location);
			exit;
			}


			/**
			* Send the request output to the client.
			@@ -376,7 +372,6 @@
			exit;
			}
			}


			/**
			* Process template and write to stdOut
			@@ -412,7 +407,6 @@
			// call super method
			$this->_write($template, $this->config->get('skin_path'));
			}


			/**
			* Parse a specific skin template and deliver to stdout (or return)
			@@ -538,7 +532,6 @@
			}
			}


			/**
			* Return executable javascript code for all registered commands
			*
			@@ -570,7 +563,6 @@
			return $out;
			}


			/**
			* Make URLs starting with a slash point to skin directory
			*
			@@ -589,7 +581,6 @@
			else
			return $str;
			}


			/**
			* Show error page and terminate script execution
			@@ -625,7 +616,6 @@
			array($this, 'globals_callback'), $input);
			}


			/**
			* Callback funtion for preg_replace_callback() in parse_with_globals()
			*/
			@@ -633,7 +623,6 @@
			{
			return $GLOBALS[$matches[1]];
			}


			/**
			* Correct absolute paths in images and other tags
			@@ -646,7 +635,6 @@
			array($this, 'file_callback'), $output);
			}


			/**
			* Callback function for preg_replace_callback in write()
			*
			@@ -655,7 +643,7 @@
			protected function file_callback($matches)
			{
			$file = $matches[3];
			$file[0] = preg_replace('!^/this/!', '/', $file[0]);
			$file = preg_replace('!^/this/!', '/', $file);

			// correct absolute paths
			if ($file[0] == '/') {
			@@ -672,7 +660,6 @@
			return $matches[1] . '=' . $matches[2] . $file . $matches[4];
			}


			/**
			* Public wrapper to dipp into template parsing.
			*
			@@ -688,7 +675,6 @@

			return $input;
			}


			/**
			* Parse for conditional tags
			@@ -727,11 +713,9 @@
			return $input;
			}


			/**
			* Determines if a given condition is met
			*
			* @todo Get rid off eval() once I understand what this does.
			* @todo Extend this to allow real conditions, not just "set"
			* @param string Condition statement
			* @return boolean True if condition is met, False if not
			@@ -740,7 +724,6 @@
			{
			return $this->eval_expression($condition);
			}


			/**
			* Inserts hidden field with CSRF-prevention-token into POST forms
			@@ -758,16 +741,16 @@
			return $out;
			}


			/**
			* Parses expression and replaces variables
			* Parse & evaluate a given expression and return its result.
			*
			* @param string Expression statement
			* @return string Expression value
			* @param string Expression statement
			*
			* @return mixed Expression result
			*/
			protected function parse_expression($expression)
			protected function eval_expression ($expression)
			{
			return preg_replace(
			$expression = preg_replace(
			array(
			'/session:([a-z0-9_]+)/i',
			'/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i',
			@@ -779,47 +762,30 @@
			),
			array(
			"\$_SESSION['\\1']",
			"\$this->app->config->get('\\1',rcube_utils::get_boolean('\\3'))",
			"\$this->env['\\1']",
			"\$app->config->get('\\1',rcube_utils::get_boolean('\\3'))",
			"\$env['\\1']",
			"rcube_utils::get_input_value('\\1', rcube_utils::INPUT_GPC)",
			"\$_COOKIE['\\1']",
			"\$this->browser->{'\\1'}",
			"\$browser->{'\\1'}",
			$this->template_name,
			),
			$expression);
			}
			$expression
			);

			protected function eval_expression ($expression) {
			return preg_replace_callback(
			array(
			'/session:([a-z0-9_]+)/i',
			'/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i',
			'/env:([a-z0-9_]+)/i',
			'/request:([a-z0-9_]+)/i',
			'/cookie:([a-z0-9_]+)/i',
			'/browser:([a-z0-9_]+)/i',
			'/template:name/i',
			),
			function($match) {
			if(preg_match('/session:([a-z0-9_]+)/i', $match, $matches)) {
			return $_SESSION[$matches[1]];
			} else if(preg_match('/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i', $match, $matches)) {
			return $this->app->config->get($matches[1],rcube_utils::get_boolean($matches[3]));
			} else if(preg_match('/env:([a-z0-9_]+)/i', $match, $matches)) {
			return $this->env[$matches[1]];
			} else if(preg_match('/request:([a-z0-9_]+)/i', $match, $matches)) {
			return rcube_utils::get_input_value($matches[1], rcube_utils::INPUT_GPC);
			} else if(preg_match('/cookie:([a-z0-9_]+)/i', $match, $matches)) {
			return $_COOKIE[$matches[1]];
			} else if(preg_match('/browser:([a-z0-9_]+)/i', $match, $matches)) {
			return $this->browser->{$matches[1]};
			} else if(preg_match('/template:name/i', $match, $matches)) {
			return $this->template_name;
			}
			},
			$expression);
			}
			$fn = create_function('$app,$browser,$env', "return ($expression);");
			if (!$fn) {
			rcube::raise_error(array(
			'code' => 505,
			'type' => 'php',
			'file' => __FILE__,
			'line' => __LINE__,
			'message' => "Expression parse error on: ($expression)"), true, false);

			return null;
			}

			return $fn($this->app, $this->browser, $this->env);
			}

			/**
			* Search for special tags in input and replace them
			@@ -834,7 +800,6 @@
			{
			return preg_replace_callback('/<roundcube:([-_a-z]+)\s+((?:[^>]\|\\\\>)+)(?<!\\\\)>/Ui', array($this, 'xml_command'), $input);
			}


			/**
			* Callback function for parsing an xml command tag
			@@ -870,7 +835,7 @@
			// show a label
			case 'label':
			if ($attrib['expression'])
			$attrib['name'] = eval("return " . $this->parse_expression($attrib['expression']) .";");
			$attrib['name'] = $this->eval_expression($attrib['expression']);

			if ($attrib['name'] \|\| $attrib['command']) {
			// @FIXME: 'noshow' is useless, remove?
			@@ -959,8 +924,21 @@
			}
			else if ($object == 'logo') {
			$attrib += array('alt' => $this->xml_command(array('', 'object', 'name="productname"')));
			if ($logo = $this->config->get('skin_logo'))
			$attrib['src'] = $logo;

			if ($logo = $this->config->get('skin_logo')) {
			if (is_array($logo)) {
			if ($template_logo = $logo[$this->template_name]) {
			$attrib['src'] = $template_logo;
			}
			elseif ($template_logo = $logo['*']) {
			$attrib['src'] = $template_logo;
			}
			}
			else {
			$attrib['src'] = $logo;
			}
			}

			$content = html::img($attrib);
			}
			else if ($object == 'productname') {
			@@ -1002,8 +980,7 @@

			// return code for a specified eval expression
			case 'exp':
			$value = $this->parse_expression($attrib['expression']);
			return html::quote( $this->eval_expression($attrib['expression']) );
			return html::quote($this->eval_expression($attrib['expression']));

			// return variable
			case 'var':
			@@ -1040,11 +1017,12 @@
			}

			return html::quote($value);
			break;

			case 'form':
			return $this->form_tag($attrib);
			}
			return '';
			}


			/**
			* Include a specific file and return it's contents
			@@ -1061,7 +1039,6 @@

			return $out;
			}


			/**
			* Create and register a button
			@@ -1218,7 +1195,6 @@
			return $out;
			}


			/**
			* Link an external script file
			*
			@@ -1249,7 +1225,6 @@
			$this->script_files[$position][] = $file;
			}


			/**
			* Add inline javascript code
			*
			@@ -1266,7 +1241,6 @@
			}
			}


			/**
			* Link an external css file
			*
			@@ -1276,7 +1250,6 @@
			{
			$this->css_files[] = $file;
			}


			/**
			* Add HTML code to the page header
			@@ -1288,7 +1261,6 @@
			$this->header .= "\n" . $str;
			}


			/**
			* Add HTML code to the page footer
			* To be added right befor </body>
			@@ -1299,7 +1271,6 @@
			{
			$this->footer .= "\n" . $str;
			}


			/**
			* Process template and write to stdOut
			@@ -1425,7 +1396,6 @@
			}
			}


			/**
			* Returns iframe object, registers some related env variables
			*
			@@ -1456,7 +1426,6 @@

			/* *********** common functions delivering gui objects ************ */


			/**
			* Create a form tag with the necessary hidden fields
			*
			@@ -1478,11 +1447,10 @@
			$attrib['noclose'] = true;

			return html::tag('form',
			$attrib + array('action' => "./", 'method' => "get"),
			$attrib + array('action' => $this->app->comm_path, 'method' => "get"),
			$hidden . $content,
			array('id','class','style','name','method','action','enctype','onsubmit'));
			}


			/**
			* Build a form tag with a unique request token
			@@ -1513,7 +1481,6 @@
			else
			return $this->form_tag($attrib, $hidden->show() . $content);
			}


			/**
			* GUI object 'username'
			@@ -1546,7 +1513,6 @@
			return rcube_utils::idn_to_utf8($username);
			}


			/**
			* GUI object 'loginform'
			* Returns code for the webmail login form
			@@ -1578,9 +1544,9 @@
			$input_action = new html_hiddenfield(array('name' => '_action', 'value' => 'login'));
			$input_tzone = new html_hiddenfield(array('name' => '_timezone', 'id' => 'rcmlogintz', 'value' => '_default_'));
			$input_url = new html_hiddenfield(array('name' => '_url', 'id' => 'rcmloginurl', 'value' => $url));
			$input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser')
			$input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser', 'required' => 'required')
			+ $attrib + $user_attrib);
			$input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd')
			$input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'required' => 'required')
			+ $attrib + $pass_attrib);
			$input_host = null;

			@@ -1646,7 +1612,6 @@
			return $out;
			}


			/**
			* GUI object 'preloader'
			* Loads javascript code for images preloading
			@@ -1668,7 +1633,6 @@
			img.src = images[i];
			}', 'docready');
			}


			/**
			* GUI object 'searchform'
			@@ -1708,7 +1672,6 @@
			return $out;
			}


			/**
			* Builder for GUI object 'message'
			*
			@@ -1725,7 +1688,6 @@

			return html::div($attrib, '');
			}


			/**
			* GUI object 'charsetselector'