githubFork/roundcubemail.git

			@@ -68,6 +68,7 @@
			$this->set_env('task', $task);
			$this->set_env('x_frame_options', $this->config->get('x_frame_options', 'sameorigin'));
			$this->set_env('standard_windows', (bool) $this->config->get('standard_windows'));
			$this->set_env('locale', $_SESSION['language']);

			// add cookie info
			$this->set_env('cookie_domain', ini_get('session.cookie_domain'));
			@@ -185,6 +186,8 @@
			}
			$valid = !$skin;
			}

			$skin_path = rtrim($skin_path, '/');

			$this->config->set('skin_path', $skin_path);
			$this->base_path = $skin_path;
			@@ -418,28 +421,23 @@
			*/
			public function write($template = '')
			{
			// unlock interface after iframe load
			$unlock = preg_replace('/[^a-z0-9]/i', '', $_REQUEST['_unlock']);
			if ($this->framed) {
			array_unshift($this->js_commands, array('iframe_loaded', $unlock));
			}
			else if ($unlock) {
			array_unshift($this->js_commands, array('hide_message', $unlock));
			}

			if (!empty($this->script_files)) {
			$this->set_env('request_token', $this->app->get_request_token());
			}

			// write all env variables to client
			if ($commands = $this->get_js_commands()) {
			if ($this->framed) {
			$prefix = "if (window.parent) {\n";
			$suffix = " }";
			}
			$commands = $this->get_js_commands($framed);

			$this->add_script($prefix . $commands . $suffix, 'head_top');
			// if all js commands go to parent window we can ignore all
			// script files and skip rcube_webmail initialization (#1489792)
			if ($framed) {
			$this->scripts = array();
			$this->script_files = array();
			$this->header = '';
			$this->footer = '';
			}

			// write all javascript commands
			$this->add_script($commands, 'head_top');

			// send clickjacking protection headers
			$iframe = $this->framed \|\| $this->env['framed'];
			@@ -464,6 +462,8 @@
			{
			$plugin = false;
			$realname = $name;
			$plugin_skin_paths = array();

			$this->template_name = $realname;

			$temp = explode('.', $name, 2);
			@@ -473,7 +473,6 @@
			$skin_dir = $plugin . '/skins/' . $this->config->get('skin');

			// apply skin search escalation list to plugin directory
			$plugin_skin_paths = array();
			foreach ($this->skin_paths as $skin_path) {
			$plugin_skin_paths[] = $this->app->plugins->url . $plugin . '/' . $skin_path;
			}
			@@ -484,7 +483,7 @@
			$plugin_skin_paths[] = $this->app->plugins->url . $skin_dir;
			}

			// add plugin skin paths to search list
			// prepend plugin skin paths to search list
			$this->skin_paths = array_merge($plugin_skin_paths, $this->skin_paths);
			}

			@@ -527,6 +526,8 @@
			'file' => __FILE__,
			'message' => 'Error loading template for '.$realname
			), true, $write);

			$this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));
			return false;
			}

			@@ -551,6 +552,9 @@
			$output = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $output);
			$this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer);

			// remove plugin skin paths from current context
			$this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));

			if (!$write) {
			return $output;
			}
			@@ -567,19 +571,33 @@
			*
			* @return string $out
			*/
			protected function get_js_commands()
			protected function get_js_commands(&$framed = null)
			{
			$out = '';
			$out = '';
			$parent_commands = 0;
			$top_commands = array();

			// these should be always on top,
			// e.g. hide_message() below depends on env.framed
			if (!$this->framed && !empty($this->js_env)) {
			$out .= self::JS_OBJECT_NAME . '.set_env('.self::json_serialize($this->js_env).");\n";
			$top_commands[] = array('set_env', $this->js_env);
			}

			if (!empty($this->js_labels)) {
			$this->command('add_label', $this->js_labels);
			$top_commands[] = array('add_label', $this->js_labels);
			}

			foreach ($this->js_commands as $i => $args) {
			// unlock interface after iframe load
			$unlock = preg_replace('/[^a-z0-9]/i', '', $_REQUEST['_unlock']);
			if ($this->framed) {
			$top_commands[] = array('iframe_loaded', $unlock);
			}
			else if ($unlock) {
			$top_commands[] = array('hide_message', $unlock);
			}

			$commands = array_merge($top_commands, $this->js_commands);

			foreach ($commands as $i => $args) {
			$method = array_shift($args);
			$parent = $this->framed \|\| preg_match('/^parent\./', $method);

			@@ -587,12 +605,26 @@
			$args[$i] = self::json_serialize($arg);
			}

			$out .= sprintf(
			"%s.%s(%s);\n",
			($parent ? 'if (window.parent && parent.'.self::JS_OBJECT_NAME.') parent.' : '') . self::JS_OBJECT_NAME,
			preg_replace('/^parent\./', '', $method),
			implode(',', $args)
			);
			if ($parent) {
			$parent_commands++;
			$method = preg_replace('/^parent\./', '', $method);
			$parent_prefix = 'if (window.parent && parent.' . self::JS_OBJECT_NAME . ') parent.';
			$method = $parent_prefix . self::JS_OBJECT_NAME . '.' . $method;
			}
			else {
			$method = self::JS_OBJECT_NAME . '.' . $method;
			}

			$out .= sprintf("%s(%s);\n", $method, implode(',', $args));
			}

			$framed = $parent_prefix && $parent_commands == count($commands);

			// make the output more compact if all commands go to parent window
			if ($framed) {
			$out = "if (window.parent && parent." . self::JS_OBJECT_NAME . ") {\n"
			. str_replace($parent_prefix, "\tparent.", $out)
			. "}\n";
			}

			return $out;
			@@ -875,6 +907,14 @@
			return '';
			}

			// localize title and summary attributes
			if ($command != 'button' && !empty($attrib['title']) && $this->app->text_exists($attrib['title'])) {
			$attrib['title'] = $this->app->gettext($attrib['title']);
			}
			if ($command != 'button' && !empty($attrib['summary']) && $this->app->text_exists($attrib['summary'])) {
			$attrib['summary'] = $this->app->gettext($attrib['summary']);
			}

			// execute command
			switch ($command) {
			// return a button
			@@ -895,16 +935,16 @@
			$attrib['name'] = $this->eval_expression($attrib['expression']);

			if ($attrib['name'] \|\| $attrib['command']) {
			// @FIXME: 'noshow' is useless, remove?
			if ($attrib['noshow']) {
			return '';
			}

			$vars = $attrib + array('product' => $this->config->get('product_name'));
			unset($vars['name'], $vars['command']);

			$label = $this->app->gettext($attrib + array('vars' => $vars));
			$quoting = !empty($attrib['quoting']) ? strtolower($attrib['quoting']) : (rcube_utils::get_boolean((string)$attrib['html']) ? 'no' : '');

			// 'noshow' can be used in skins to define new labels
			if ($attrib['noshow']) {
			return '';
			}

			switch ($quoting) {
			case 'no':
			@@ -1107,7 +1147,8 @@
			*/
			public function button($attrib)
			{
			static $s_button_count = 100;
			static $s_button_count = 100;
			static $disabled_actions = null;

			// these commands can be called directly via url
			$a_static_commands = array('compose', 'list', 'preferences', 'folders', 'identities');
			@@ -1116,9 +1157,14 @@
			return '';
			}


			// try to find out the button type
			if ($attrib['type']) {
			$attrib['type'] = strtolower($attrib['type']);
			if ($pos = strpos($attrib['type'], '-menuitem')) {
			$attrib['type'] = substr($attrib['type'], 0, -9);
			$menuitem = true;
			}
			}
			else {
			$attrib['type'] = ($attrib['image'] \|\| $attrib['imagepas'] \|\| $attrib['imageact']) ? 'image' : 'link';
			@@ -1126,8 +1172,21 @@

			$command = $attrib['command'];

			if ($attrib['task'])
			$command = $attrib['task'] . '.' . $command;
			if ($attrib['task']) {
			$element = $command = $attrib['task'] . '.' . $command;
			}
			else {
			$element = ($this->env['task'] ? $this->env['task'] . '.' : '') . $command;
			}

			if ($disabled_actions === null) {
			$disabled_actions = (array) $this->config->get('disabled_actions');
			}

			// remove buttons for disabled actions
			if (in_array($element, $disabled_actions)) {
			return '';
			}

			if (!$attrib['image']) {
			$attrib['image'] = $attrib['imagepas'] ? $attrib['imagepas'] : $attrib['imageact'];
			@@ -1145,6 +1204,17 @@
			}
			if ($attrib['alt']) {
			$attrib['alt'] = html::quote($this->app->gettext($attrib['alt'], $attrib['domain']));
			}

			// set accessibility attributes
			if (!$attrib['role']) {
			$attrib['role'] = 'button';
			}
			if (!empty($attrib['class']) && !empty($attrib['classact']) \|\| !empty($attrib['imagepas']) && !empty($attrib['imageact'])) {
			if (array_key_exists('tabindex', $attrib))
			$attrib['data-tabindex'] = $attrib['tabindex'];
			$attrib['tabindex'] = '-1'; // disable button by default
			$attrib['aria-disabled'] = 'true';
			}

			// set title to alt attribute for IE browsers
			@@ -1249,6 +1319,11 @@
			$out = html::tag($attrib['wrapper'], null, $out);
			}

			if ($menuitem) {
			$class = $attrib['menuitem-class'] ? ' class="' . $attrib['menuitem-class'] . '"' : '';
			$out = '<li role="menuitem"' . $class . '>' . $out . '</li>';
			}

			return $out;
			}

			@@ -1331,7 +1406,7 @@
			$output = trim($templ);

			if (empty($output)) {
			$output = $this->default_template;
			$output = html::doctype('html5') . "\n" . $this->default_template;
			$is_empty = true;
			}

			@@ -1340,6 +1415,15 @@
			$this->pagetitle = 'Roundcube Mail';
			}

			// declare page language
			if (!empty($_SESSION['language'])) {
			$lang = substr($_SESSION['language'], 0, 2);
			$output = preg_replace('/<html/', '<html lang="' . html::quote($lang) . '"', $output, 1);
			if (!headers_sent()) {
			header('Content-Language: ' . $lang);
			}
			}

			// replace specialchars in content
			$page_title = html::quote($this->pagetitle);
			$page_header = '';