githubFork/roundcubemail.git

			@@ -53,25 +53,26 @@
			$OUTPUT->set_env('search_text', $_SESSION['last_text_search']);
			}


			// set current mailbox in client environment
			$OUTPUT->set_env('mailbox', $IMAP->get_mailbox_name());
			$OUTPUT->set_env('quota', $IMAP->get_capability('quota'));
			$OUTPUT->set_env('delimiter', $IMAP->get_hierarchy_delimiter());

			if ($CONFIG['trash_mbox'])
			$OUTPUT->set_env('trash_mailbox', $CONFIG['trash_mbox']);
			if ($CONFIG['drafts_mbox'])
			$OUTPUT->set_env('drafts_mailbox', $CONFIG['drafts_mbox']);
			if ($CONFIG['junk_mbox'])
			$OUTPUT->set_env('junk_mailbox', $CONFIG['junk_mbox']);

			if (!$OUTPUT->ajax_call)
			rcube_add_label('checkingmail', 'deletemessage', 'movemessagetotrash', 'movingmessage');

			// set page title
			// set main env variables, labels and page title
			if (empty($RCMAIL->action) \|\| $RCMAIL->action == 'list')
			{
			// set current mailbox in client environment
			$OUTPUT->set_env('mailbox', $IMAP->get_mailbox_name());
			$OUTPUT->set_env('quota', $IMAP->get_capability('quota'));
			$OUTPUT->set_env('delimiter', $IMAP->get_hierarchy_delimiter());

			if ($CONFIG['trash_mbox'])
			$OUTPUT->set_env('trash_mailbox', $CONFIG['trash_mbox']);
			if ($CONFIG['drafts_mbox'])
			$OUTPUT->set_env('drafts_mailbox', $CONFIG['drafts_mbox']);
			if ($CONFIG['junk_mbox'])
			$OUTPUT->set_env('junk_mailbox', $CONFIG['junk_mbox']);

			if (!$OUTPUT->ajax_call)
			rcube_add_label('checkingmail', 'deletemessage', 'movemessagetotrash', 'movingmessage');

			$OUTPUT->set_pagetitle(rcmail_localize_foldername($IMAP->get_mailbox_name()));
			}


			/**
			@@ -206,16 +207,25 @@
			$js_row_arr['unread'] = true;
			if ($header->answered)
			$js_row_arr['replied'] = true;
			if ($header->forwarded)
			$js_row_arr['forwarded'] = true;
			if ($header->flagged)
			$js_row_arr['flagged'] = true;

			// set message icon
			if ($attrib['deletedicon'] && $header->deleted)
			$message_icon = $attrib['deletedicon'];
			else if ($attrib['repliedicon'] && $header->answered)
			{
			if ($attrib['forwardedrepliedicon'] && $header->forwarded)
			$message_icon = $attrib['forwardedrepliedicon'];
			else
			$message_icon = $attrib['repliedicon'];
			}
			else if ($attrib['forwardedicon'] && $header->forwarded)
			$message_icon = $attrib['forwardedicon'];
			else if ($attrib['unreadicon'] && !$header->seen)
			$message_icon = $attrib['unreadicon'];
			else if ($attrib['repliedicon'] && $header->answered)
			$message_icon = $attrib['repliedicon'];
			else if ($attrib['messageicon'])
			$message_icon = $attrib['messageicon'];

			@@ -250,9 +260,9 @@
			{
			$action = $mbox==$CONFIG['drafts_mbox'] ? 'compose' : 'show';
			$uid_param = $mbox==$CONFIG['drafts_mbox'] ? '_draft_uid' : '_uid';
			$cont = Q($IMAP->decode_header($header->$col));
			if (empty($cont)) $cont = Q(rcube_label('nosubject'));
			$cont = sprintf('<a href="%s" onclick="return rcube_event.cancel(event)">%s</a>', Q(rcmail_url($action, array($uid_param=>$header->uid, '_mbox'=>$mbox))), $cont);
			$cont = abbreviate_string(trim($IMAP->decode_header($header->$col)), 160);
			if (empty($cont)) $cont = rcube_label('nosubject');
			$cont = sprintf('<a href="%s" onclick="return rcube_event.cancel(event)">%s</a>', Q(rcmail_url($action, array($uid_param=>$header->uid, '_mbox'=>$mbox))), Q($cont));
			}
			else if ($col=='flag')
			$cont = $flagged_icon ? sprintf($image_tag, $skin_path, $flagged_icon, '') : '';
			@@ -296,6 +306,10 @@
			$OUTPUT->set_env('unreadicon', $skin_path . $attrib['unreadicon']);
			if ($attrib['repliedicon'])
			$OUTPUT->set_env('repliedicon', $skin_path . $attrib['repliedicon']);
			if ($attrib['forwardedicon'])
			$OUTPUT->set_env('forwardedicon', $skin_path . $attrib['forwardedicon']);
			if ($attrib['forwardedrepliedicon'])
			$OUTPUT->set_env('forwardedrepliedicon', $skin_path . $attrib['forwardedrepliedicon']);
			if ($attrib['attachmenticon'])
			$OUTPUT->set_env('attachmenticon', $skin_path . $attrib['attachmenticon']);
			if ($attrib['flaggedicon'])
			@@ -350,9 +364,9 @@
			{
			$action = $mbox==$CONFIG['drafts_mbox'] ? 'compose' : 'show';
			$uid_param = $mbox==$CONFIG['drafts_mbox'] ? '_draft_uid' : '_uid';
			$cont = Q($IMAP->decode_header($header->$col));
			if (!$cont) $cont = Q(rcube_label('nosubject'));
			$cont = sprintf('<a href="%s" onclick="return rcube_event.cancel(event)">%s</a>', Q(rcmail_url($action, array($uid_param=>$header->uid, '_mbox'=>$mbox))), $cont);
			$cont = abbreviate_string(trim($IMAP->decode_header($header->$col)), 160);
			if (!$cont) $cont = rcube_label('nosubject');
			$cont = sprintf('<a href="%s" onclick="return rcube_event.cancel(event)">%s</a>', Q(rcmail_url($action, array($uid_param=>$header->uid, '_mbox'=>$mbox))), Q($cont));
			}
			else if ($col=='size')
			$cont = show_bytes($header->$col);
			@@ -367,6 +381,7 @@
			$a_msg_flags['deleted'] = $header->deleted ? 1 : 0;
			$a_msg_flags['unread'] = $header->seen ? 0 : 1;
			$a_msg_flags['replied'] = $header->answered ? 1 : 0;
			$a_msg_flags['forwarded'] = $header->forwarded ? 1 : 0;
			$a_msg_flags['flagged'] = $header->flagged ? 1 : 0;

			$OUTPUT->command('add_message_row',
			@@ -389,18 +404,12 @@
			if (empty($attrib['id']))
			$attrib['id'] = 'rcmailcontentwindow';

			// allow the following attributes to be added to the <iframe> tag
			$attrib_str = create_attrib_string($attrib, array('id', 'class', 'style', 'src', 'width', 'height', 'frameborder'));
			$framename = $attrib['id'];
			$attrib['name'] = $attrib['id'];

			$out = sprintf('<iframe name="%s"%s></iframe>'."\n",
			$framename,
			$attrib_str);

			$OUTPUT->set_env('contentframe', $framename);
			$OUTPUT->set_env('contentframe', $attrib['id']);
			$OUTPUT->set_env('blankpage', $attrib['src'] ? $OUTPUT->abs_url($attrib['src']) : 'program/blank.gif');

			return $out;
			return html::iframe($attrib);
			}


			@@ -416,14 +425,7 @@

			$OUTPUT->add_gui_object('countdisplay', $attrib['id']);

			// allow the following attributes to be added to the <span> tag
			$attrib_str = create_attrib_string($attrib, array('style', 'class', 'id'));


			$out = '<span' . $attrib_str . '>';
			$out .= rcmail_get_messagecount_text();
			$out .= '</span>';
			return $out;
			return html::span($attrib, rcmail_get_messagecount_text());
			}


			@@ -442,20 +444,14 @@

			$OUTPUT->add_gui_object('quotadisplay', $attrib['id']);

			// allow the following attributes to be added to the <span> tag
			$attrib_str = create_attrib_string($attrib, array('style', 'class', 'id', 'display'));

			$out = '<span' . $attrib_str . '>';
			$out .= rcmail_quota_content();
			$out .= '</span>';
			return $out;
			return html::span($attrib, rcmail_quota_content(NULL, $attrib));
			}


			/**
			*
			*/
			function rcmail_quota_content($quota=NULL)
			function rcmail_quota_content($quota=NULL, $attrib=NULL)
			{
			global $IMAP, $COMM_PATH, $RCMAIL;

			@@ -481,14 +477,23 @@
			// show quota as image (by Brett Patterson)
			if ($display == 'image' && function_exists('imagegif'))
			{
			$attrib = array('width' => 100, 'height' => 14);
			if (!$attrib['width'])
			$attrib['width'] = isset($_SESSION['quota_width']) ? $_SESSION['quota_width'] : 100;
			else
			$_SESSION['quota_width'] = $attrib['width'];

			if (!$attrib['height'])
			$attrib['height'] = isset($_SESSION['quota_height']) ? $_SESSION['quota_height'] : 14;
			else
			$_SESSION['quota_height'] = $attrib['height'];

			$quota_text = sprintf('<img src="./bin/quotaimg.php?u=%s&q=%d&w=%d&h=%d" width="%d" height="%d" alt="%s" title="%s / %s" />',
			$quota['used'], $quota['total'],
			$attrib['width'], $attrib['height'],
			$attrib['width'], $attrib['height'],
			$quota_text,
			show_bytes($quota["used"] * 1024),
			show_bytes($quota["total"] * 1024));
			show_bytes($quota['used'] * 1024),
			show_bytes($quota['total'] * 1024));
			}
			}
			else
			@@ -574,19 +579,34 @@
			}
			// text/html
			else if ($part->ctype_secondary == 'html') {
			$html = $part->body;

			// special replacements (not properly handled by washtml class)
			$html_search = array(
			'/(<\/nobr>)(\s+)(<nobr>)/i', // space(s) between <NOBR>
			'/(<[\/]*st1:[^>]+>)/i', // Microsoft's Smart Tags <ST1>
			'/<title>.*<\/title>/i', // PHP bug #32547 workaround: remove title tag
			'/<html[^>]*>/im', // malformed html: remove html tags (#1485139)
			'/<\/html>/i', // malformed html: remove html tags (#1485139)
			);
			$html_replace = array(
			'\\1'.'   '.'\\3',
			'',
			'',
			'',
			'',
			);
			$html = preg_replace($html_search, $html_replace, $html);

			// charset was converted to UTF-8 in rcube_imap::get_message_part() -> change charset specification in HTML accordingly
			$html = $part->body;
			if (preg_match('/(\s+content=[\'"]\w+\/\w+;\s*charset)=([a-z0-9-_]+)/i', $html))
			$html = preg_replace('/(\s+content=[\'"]\w+\/\w+;\s*charset)=([a-z0-9-_]+)/i', '\\1='.RCMAIL_CHARSET, $html);
			else {
			// add <head> for malformed messages, washtml cannot work without that
			if (!preg_match('/<head>(.*)<\\/head>/Uims', $html))
			$html = '<head></head>' . $html;
			// add head for malformed messages, washtml cannot work without that
			if (!preg_match('/<head[^>]>(.)<\/head>/Uims', $html))
			$html = '<head></head>'. $html;
			$html = substr_replace($html, '<meta http-equiv="Content-Type" content="text/html; charset='.RCMAIL_CHARSET.'" />', intval(stripos($html, '</head>')), 0);
			}

			// PHP bug #32547 workaround: remove title tag
			$html = preg_replace('/<title>.*<\/title>/', '', $html);

			// clean HTML with washhtml by Frederic Motte
			$wash_opts = array(
			@@ -602,15 +622,13 @@
			$wash_opts['html_elements'] = array('html','head','title','body');
			}

			/* CSS styles need to be sanitized!
			if ($p['safe']) {
			$wash_opts['html_elements'][] = 'style';
			$wash_opts['html_attribs'] = array('type');
			}
			*/

			$washer = new washtml($wash_opts);
			$washer->add_callback('form', 'rcmail_washtml_callback');

			if ($p['safe']) { // allow CSS styles, will be sanitized by rcmail_washtml_callback()
			$washer->add_callback('style', 'rcmail_washtml_callback');
			}

			$body = $washer->wash($html);
			$REMOTE_OBJECTS = $washer->extlinks;

			@@ -698,6 +716,16 @@
			$out = html::div('form', $content);
			break;

			case 'style':
			// decode all escaped entities and reduce to ascii strings
			$stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($content));

			// now check for evil strings like expression, behavior or url()
			if (!preg_match('/expression\|behavior\|url\(\|import/', $stripped)) {
			$out = html::tag('style', array('type' => 'text/css'), $content);
			break;
			}

			default:
			$out = '';
			}
			@@ -728,10 +756,6 @@
			if (!$headers)
			$headers = is_object($MESSAGE->headers) ? get_object_vars($MESSAGE->headers) : $MESSAGE->headers;

			// add empty subject if none exsists
			if (empty($headers['subject']))
			$headers['subject'] = rcube_label('nosubject');

			$header_count = 0;

			// allow the following attributes to be added to the <table> tag
			@@ -762,8 +786,10 @@
			}
			else if (in_array($hkey, array('from', 'to', 'cc', 'bcc')))
			$header_value = Q(rcmail_address_string($headers[$hkey], null, true, $attrib['addicon']), 'show');
			else if ($hkey == 'subject' && empty($headers[$hkey]))
			$header_value = Q(rcube_label('nosubject'));
			else
			$header_value = Q($IMAP->decode_header($headers[$hkey]));
			$header_value = Q(trim($IMAP->decode_header($headers[$hkey])));

			$out .= "\n<tr>\n";
			$out .= '<td class="header-title">'.Q(rcube_label($hkey)).": </td>\n";
			@@ -931,23 +957,26 @@
			* parse link attributes and set correct target
			*/
			function rcmail_alter_html_link($tag, $attrs, $container_id)
			{
			{
			$attrib = parse_attrib_string($attrs);
			$end = '>';

			if ($tag == 'link' && preg_match('/^https?:\/\//i', $attrib['href']))
			if ($tag == 'link' && preg_match('/^https?:\/\//i', $attrib['href'])) {
			$attrib['href'] = "./bin/modcss.php?u=" . urlencode($attrib['href']) . "&c=" . urlencode($container_id);

			else if (stristr((string)$attrib['href'], 'mailto:'))
			$end = ' />';
			}
			else if (stristr((string)$attrib['href'], 'mailto:')) {
			$attrib['onclick'] = sprintf(
			"return %s.command('compose','%s',this)",
			JS_OBJECT_NAME,
			JQ(substr($attrib['href'], 7)));

			else if (!empty($attrib['href']) && $attrib['href']{0}!='#')
			$attrib['target'] = '_blank';

			return "<$tag" . create_attrib_string($attrib, array('href','name','target','onclick','id','class','style','title','rel','type','media')) . ' />';
			}
			else if (!empty($attrib['href']) && $attrib['href'][0] != '#') {
			$attrib['target'] = '_blank';
			}

			return "<$tag" . html::attrib_string($attrib, array('href','name','target','onclick','id','class','style','title','rel','type','media')) . $end;
			}


			/**
			@@ -1097,12 +1126,9 @@
			$part = $MESSAGE->mime_parts[asciiwords(get_input_value('_part', RCUBE_INPUT_GPC))];
			$ctype_primary = strtolower($part->ctype_primary);

			$attrib['src'] = Q('./?'.str_replace('_frame=', ($ctype_primary=='text' ? '_show=' : '_preload='), $_SERVER['QUERY_STRING']));
			$attrib['src'] = './?' . str_replace('_frame=', ($ctype_primary=='text' ? '_show=' : '_preload='), $_SERVER['QUERY_STRING']);

			$attrib_str = create_attrib_string($attrib, array('id', 'class', 'style', 'src', 'width', 'height'));
			$out = '<iframe '. $attrib_str . "></iframe>";

			return $out;
			return html::iframe($attrib);
			}