githubFork/roundcubemail.git

			@@ -51,7 +51,11 @@
			$_SESSION['sort_col'] = $CONFIG['message_sort_col'];
			if (!isset($_SESSION['sort_order']))
			$_SESSION['sort_order'] = $CONFIG['message_sort_order'];


			// set message set for search result
			if (!empty($_GET['_search']) && isset($_SESSION['search'][$_GET['_search']]))
			$IMAP->set_search_set($_SESSION['search'][$_GET['_search']]);


			// define url for getting message parts
			if (strlen($_GET['_uid']))
			@@ -79,6 +83,7 @@

			// add some labels to client
			rcube_add_label('purgefolderconfirm');
			rcube_add_label('deletemessagesconfirm');

			// $mboxlist_start = rcube_timer();

			@@ -192,7 +197,7 @@
			{
			$fname = abbrevate_string($foldername, $maxlength);
			if ($fname != $foldername)
			$title = ' title="'.rep_specialchars_output($foldername, 'html', 'all').'"';
			$title = ' title="'.Q($foldername).'"';
			$foldername = $fname;
			}
			}
			@@ -214,7 +219,7 @@
			else if ($folder['id']==$CONFIG['junk_mbox'])
			$class_name = 'junk';

			$js_name = htmlspecialchars(rep_specialchars_output($folder['id'], 'js'));
			$js_name = htmlspecialchars(JQ($folder['id']));
			$out .= sprintf('<li id="rcmbx%s" class="mailbox %s %s%s%s"><a href="%s&_mbox=%s"'.
			' onclick="return %s.command(\'list\',\'%s\')"'.
			' onmouseover="return %s.focus_mailbox(\'%s\')"' .
			@@ -236,7 +241,7 @@
			$JS_OBJECT_NAME,
			$js_name,
			$title,
			rep_specialchars_output($foldername, 'html', 'all'));
			Q($foldername));

			if (!empty($folder['folders']))
			$out .= "\n<ul>\n" . rcmail_render_folder_tree_html($folder['folders'], $special, $mbox_name, $maxlength, $nestLevel+1) . "</ul>\n";
			@@ -273,7 +278,7 @@
			$out .= sprintf('<option value="%s">%s%s</option>'."\n",
			htmlspecialchars($folder['id']),
			str_repeat(' ', $nestLevel*4),
			rep_specialchars_output($foldername, 'html', 'all'));
			Q($foldername));

			if (!empty($folder['folders']))
			$out .= rcmail_render_folder_tree_select($folder['folders'], $special, $mbox_name, $maxlength, $nestLevel+1);
			@@ -339,7 +344,7 @@
			foreach ($a_show_cols as $col)
			{
			// get column name
			$col_name = rep_specialchars_output(rcube_label($col));
			$col_name = Q(rcube_label($col));

			// make sort links
			$sort = '';
			@@ -393,10 +398,9 @@
			// no messages in this mailbox
			if (!sizeof($a_headers))
			{
			$out .= rep_specialchars_output(
			sprintf('<tr><td colspan="%d">%s</td></tr>',
			sizeof($a_show_cols)+2,
			rcube_label('nomessagesfound')));
			$out .= sprintf('<tr><td colspan="%d">%s</td></tr>',
			sizeof($a_show_cols)+2,
			Q(rcube_label('nomessagesfound')));
			}


			@@ -442,10 +446,10 @@
			foreach ($a_show_cols as $col)
			{
			if ($col=='from' \|\| $col=='to')
			$cont = rep_specialchars_output(rcmail_address_string($header->$col, 3, $attrib['addicon']));
			$cont = Q(rcmail_address_string($header->$col, 3, $attrib['addicon']), 'show');
			else if ($col=='subject')
			{
			$cont = rep_specialchars_output($IMAP->decode_header($header->$col), 'html', 'all');
			$cont = Q($IMAP->decode_header($header->$col));
			// firefox/mozilla temporary workaround to pad subject with content so that whitespace in rows responds to drag+drop
			$cont .= '<img src="./program/blank.gif" height="5" width="1000" alt="" />';
			}
			@@ -454,9 +458,9 @@
			else if ($col=='date')
			$cont = format_date($header->date); //date('m.d.Y G:i:s', strtotime($header->date));
			else
			$cont = rep_specialchars_output($header->$col, 'html', 'all');
			$cont = Q($header->$col);

			$out .= '<td class="'.$col.'">' . $cont . "</td>\n";
			$out .= '<td class="'.$col.'">' . $cont . "</td>\n";
			}

			$out .= sprintf("<td class=\"icon\">%s</td>\n", $attach_icon ? sprintf($image_tag, $skin_path, $attach_icon, '') : '');
			@@ -512,8 +516,8 @@
			$a_show_cols = is_array($CONFIG['list_cols']) ? $CONFIG['list_cols'] : array('subject');

			// show 'to' instead of from in sent messages
			if (strtolower($IMAP->get_mailbox_name())=='sent' && ($f = array_search('from', $a_show_cols))
			&& !array_search('to', $a_show_cols))
			if (($IMAP->get_mailbox_name()==$CONFIG['sent_mbox'] \|\| $IMAP->get_mailbox_name()==$CONFIG['drafts_mbox'])
			&& ($f = array_search('from', $a_show_cols)) && !array_search('to', $a_show_cols))
			$a_show_cols[$f] = 'to';

			$commands .= sprintf("this.set_message_coltypes(%s);\n", array2js($a_show_cols));
			@@ -529,15 +533,15 @@
			foreach ($a_show_cols as $col)
			{
			if ($col=='from' \|\| $col=='to')
			$cont = rep_specialchars_output(rcmail_address_string($header->$col, 3), 'html');
			$cont = Q(rcmail_address_string($header->$col, 3), 'show');
			else if ($col=='subject')
			$cont = rep_specialchars_output($IMAP->decode_header($header->$col), 'html', 'all');
			$cont = Q($IMAP->decode_header($header->$col));
			else if ($col=='size')
			$cont = show_bytes($header->$col);
			else if ($col=='date')
			$cont = format_date($header->date); //date('m.d.Y G:i:s', strtotime($header->date));
			else
			$cont = rep_specialchars_output($header->$col, 'html', 'all');
			$cont = Q($header->$col);

			$a_msg_cols[$col] = $cont;
			}
			@@ -556,6 +560,27 @@
			return $commands;
			}


			// return an HTML iframe for loading mail content
			function rcmail_messagecontent_frame($attrib)
			{
			global $OUTPUT, $JS_OBJECT_NAME;

			if (empty($attrib['id']))
			$attrib['id'] = 'rcmailcontentwindow';

			// allow the following attributes to be added to the <iframe> tag
			$attrib_str = create_attrib_string($attrib, array('id', 'class', 'style', 'src', 'width', 'height', 'frameborder'));
			$framename = $attrib['id'];

			$out = sprintf('<iframe name="%s"%s></iframe>'."\n",
			$framename,
			$attrib_str);

			$OUTPUT->add_script("$JS_OBJECT_NAME.set_env('contentframe', '$framename');");

			return $out;
			}

			// return code for search function
			function rcmail_search_form($attrib)
			@@ -612,7 +637,7 @@

			function rcmail_quota_display($attrib)
			{
			global $IMAP, $OUTPUT, $JS_OBJECT_NAME, $COMM_PATH;
			global $OUTPUT, $JS_OBJECT_NAME, $COMM_PATH;

			if (!$attrib['id'])
			$attrib['id'] = 'rcmquotadisplay';
			@@ -621,6 +646,17 @@

			// allow the following attributes to be added to the <span> tag
			$attrib_str = create_attrib_string($attrib, array('style', 'class', 'id'));

			$out = '<span' . $attrib_str . '>';
			$out .= rcmail_quota_content($attrib['display']);
			$out .= '</span>';
			return $out;
			}


			function rcmail_quota_content($display)
			{
			global $IMAP, $COMM_PATH;

			if (!$IMAP->get_capability('QUOTA'))
			$quota_text = rcube_label('unknown');
			@@ -632,9 +668,9 @@
			$quota["percent"]);

			// show quota as image (by Brett Patterson)
			if ($attrib['display'] == 'image' && function_exists('imagegif'))
			if ($display == 'image' && function_exists('imagegif'))
			{
			$attrib += array('width' => 100, 'height' => 14);
			$attrib = array('width' => 100, 'height' => 14);
			$quota_text = sprintf('<img src="%s&_action=quotaimg&u=%s&q=%d&w=%d&h=%d" width="%d" height="%d" alt="%s" title="%s / %s" />',
			$COMM_PATH,
			$quota['used'], $quota['total'],
			@@ -647,12 +683,8 @@
			}
			else
			$quota_text = rcube_label('unlimited');


			$out = '<span' . $attrib_str . '>';
			$out .= $quota_text;
			$out .= '</span>';
			return $out;
			return $quota_text;
			}


			@@ -681,7 +713,7 @@
			'to' => min($max, $start_msg + $IMAP->page_size - 1),
			'count' => $max)));

			return rep_specialchars_output($out);
			return Q($out);
			}


			@@ -707,7 +739,7 @@
			'/url\s*$["\']?([\.\/]+[^"\'\s]+)["\']?$/i',
			'/<script.+<\/script>/Umis');

			$remote_replaces = array('<img \\1src=\\2./program/blank.gif\\4',
			$remote_replaces = array('<img \\1src=\\2./program/blocked.gif\\4',
			'',
			'',
			'',
			@@ -728,13 +760,13 @@
			$body = preg_replace($remote_patterns, $remote_replaces, $body);
			}

			return rep_specialchars_output($body, 'html', '', FALSE);
			return Q($body, 'show', FALSE);
			}

			// text/enriched
			if ($part->ctype_secondary=='enriched')
			{
			return rep_specialchars_output(enriched_to_html($body), 'html');
			return Q(enriched_to_html($body), 'show');
			}
			else
			{
			@@ -783,7 +815,7 @@
			$quotation = str_repeat("</blockquote>", $quote_level);

			$quote_level = $q;
			$a_lines[$n] = $quotation . rep_specialchars_output($line, 'html', 'replace', FALSE);
			$a_lines[$n] = $quotation . Q($line, 'replace', FALSE);
			}

			// insert the links for urls and mailtos
			@@ -941,7 +973,7 @@
			else if ($mail_part->disposition=='attachment' \|\| $mail_part->disposition=='inline' \|\| $mail_part->headers['content-id'] \|\|
			(empty($mail_part->disposition) && ($mail_part->d_parameters['filename'] \|\| $mail_part->ctype_parameters['name'])))
			{
			// skip apple ressource files
			// skip apple resource forks
			if ($message_ctype_secondary=='appledouble' && $secondary_type=='applefile')
			continue;

			@@ -963,7 +995,6 @@
			}
			}


			// if this was a related part try to resolve references
			if ($message_ctype_secondary=='related' && sizeof($sa_inline_objects))
			{
			@@ -979,6 +1010,18 @@
			if ($a_return_parts[$i]->type=='content')
			$a_return_parts[$i]->replaces = $a_replaces;
			}
			}
			}

			// message is single part non-text
			else
			{
			if (($fname = $structure->d_parameters['filename']) \|\|
			($fname = $structure->ctype_parameters['name']) \|\|
			($fname = $structure->headers['content-description']))
			{
			$structure->filename = rcube_imap::decode_mime_string($fname);
			$a_attachments[] = $structure;
			}
			}

			@@ -1025,12 +1068,12 @@
			if ($hkey=='date' && !empty($headers[$hkey]))
			$header_value = format_date(strtotime($headers[$hkey]));
			else if (in_array($hkey, array('from', 'to', 'cc', 'bcc', 'reply-to')))
			$header_value = rep_specialchars_output(rcmail_address_string($headers[$hkey], NULL, $attrib['addicon']));
			$header_value = Q(rcmail_address_string($headers[$hkey], NULL, $attrib['addicon']), 'show');
			else
			$header_value = rep_specialchars_output($IMAP->decode_header($headers[$hkey]), '', 'all');
			$header_value = Q($IMAP->decode_header($headers[$hkey]));

			$out .= "\n<tr>\n";
			$out .= '<td class="header-title">'.rep_specialchars_output(rcube_label($hkey)).": </td>\n";
			$out .= '<td class="header-title">'.Q(rcube_label($hkey)).": </td>\n";
			$out .= '<td class="'.$hkey.'" width="90%">'.$header_value."</td>\n</tr>";
			$header_count++;
			}
			@@ -1083,7 +1126,7 @@
			else if ($part->type=='content')
			{
			if (empty($part->ctype_parameters) \|\| empty($part->ctype_parameters['charset']))
			$$part->ctype_parameters['charset'] = $MESSAGE['headers']->charset;
			$part->ctype_parameters['charset'] = $MESSAGE['headers']->charset;

			// fetch part if not available
			if (!isset($part->body))
			@@ -1149,7 +1192,8 @@
			// replace all css definitions with #container [def]
			$styles = rcmail_mod_css_styles(substr($body, $pos, $pos2-$pos), $container_id);

			$body = substr($body, 0, $pos) . $styles . substr($body, $pos2);
			$body = substr($body, 0, $pos) . $styles . substr($body, $pos2);
			$body_lc = strtolower($body);
			$last_style_pos = $pos2;
			}

			@@ -1159,14 +1203,19 @@
			{
			while (($pos = strpos($body_lc, '<'.$tag)) && ($pos2 = strpos($body_lc, '</'.$tag.'>', $pos)))
			{
			$pos2 += 8;
			$pos2 += strlen('</'.$tag.'>');
			$body = substr($body, 0, $pos) . substr($body, $pos2, strlen($body)-$pos2);
			$body_lc = strtolower($body);
			}
			}

			// replace event handlers on any object
			$body = preg_replace('/\s(on[a-z]+)=/im', ' __removed=', $body);
			while ($body != $prev_body)
			{
			$prev_body = $body;
			$body = preg_replace('/(<[^!][^>]*\s)(on[^=>]+)=([^>]+>)/im', '$1__removed=$3', $body);
			$body = preg_replace('/(<[^!][^>]\shref=["\']?)(javascript:)([^>]?>)/im', '$1null:$3', $body);
			}

			// resolve <base href>
			$base_reg = '/(<base.href=["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)([^<]>)/i';
			@@ -1202,12 +1251,13 @@
			// parse link attributes and set correct target
			function rcmail_alter_html_link($in)
			{
			$in = preg_replace('/=([^("\|\s)]+)(\s\|$)/', '="\1"', $in);
			$attrib = parse_attrib_string($in);

			if (stristr((string)$attrib['href'], 'mailto:'))
			$attrib['onclick'] = sprintf("return %s.command('compose','%s',this)",
			$GLOBALS['JS_OBJECT_NAME'],
			substr($attrib['href'], 7));
			JQ(substr($attrib['href'], 7)));
			else if (!empty($attrib['href']) && $attrib['href']{0}!='#')
			$attrib['target'] = '_blank';

			@@ -1229,13 +1279,13 @@
			$source = substr($source, 0, $pos+1) . "<<str_replacement[$key]>>" . substr($source, $pos2, strlen($source)-$pos2);
			$last_pos = $pos+2;
			}

			$styles = preg_replace('/(^\s\|,\s)([a-z0-9\._][a-z0-9\.\-_]*)/im', "\\1#$container_id \\2", $source);
			$styles = preg_replace('/<<str_replacement\[([0-9]+)\]>>/e', "\$a_css_values[\\1]", $styles);

			// replace body definition because we also stripped off the <body> tag
			$styles = preg_replace("/$container_id\s+body/i", "$container_id div.rcmBody", $styles);


			// remove html commends and add #container to each tag selector.
			// also replace body definition because we also stripped off the <body> tag
			$styles = preg_replace(array('/(^\s<!--)\|(-->\s$)/', '/(^\s\|,\s\|\}\s)([a-z0-9\._][a-z0-9\.\-_])/im', '/<<str_replacement\[([0-9]+)\]>>/e', "/$container_id\s+body/i"),
			array('', "\\1#$container_id \\2", "\$a_css_values[\\1]", "$container_id div.rcmBody"),
			$source);

			return $styles;
			}

			@@ -1343,7 +1393,7 @@
			{
			$j++;
			if ($PRINT_MODE)
			$out .= sprintf('%s <%s>', rep_specialchars_output($part['name']), $part['mailto']);
			$out .= sprintf('%s <%s>', Q($part['name']), $part['mailto']);
			else if (preg_match($EMAIL_ADDRESS_PATTERN, $part['mailto']))
			{
			$out .= sprintf('<a href="mailto:%s" onclick="return %s.command(\'compose\',\'%s\',this)" class="rcmContactAddress" title="%s">%s</a>',
			@@ -1351,7 +1401,7 @@
			$JS_OBJECT_NAME,
			$part['mailto'],
			$part['mailto'],
			rep_specialchars_output($part['name']));
			Q($part['name']));

			if ($addicon)
			$out .= sprintf(' <a href="#add" onclick="return %s.command(\'add-contact\',\'%s\',this)" title="%s"><img src="%s%s" alt="add" border="0" /></a>',
			@@ -1364,7 +1414,7 @@
			else
			{
			if ($part['name'])
			$out .= rep_specialchars_output($part['name']);
			$out .= Q($part['name']);
			if ($part['mailto'])
			$out .= (strlen($out) ? ' ' : '') . sprintf('<%s>', $part['mailto']);
			}
			@@ -1401,15 +1451,15 @@
			if ($filename)
			{
			$out .= sprintf('<tr><td class="title">%s</td><td>%s</td><td>[<a href="./?%s">%s</a>]</tr>'."\n",
			rcube_label('filename'),
			rep_specialchars_output(rcube_imap::decode_mime_string($filename)),
			Q(rcube_label('filename')),
			Q(rcube_imap::decode_mime_string($filename)),
			str_replace('_frame=', '_download=', $_SERVER['QUERY_STRING']),
			rcube_label('download'));
			Q(rcube_label('download')));
			}

			if ($filesize)
			$out .= sprintf('<tr><td class="title">%s</td><td>%s</td></tr>'."\n",
			rcube_label('filesize'),
			Q(rcube_label('filesize')),
			show_bytes($filesize));

			$out .= "\n</table>";
			@@ -1450,4 +1500,4 @@
			}


			?>
			?>