githubFork/roundcubemail.git

			@@ -1,6 +1,6 @@
			<?php

			/*
			/**
			+-----------------------------------------------------------------------+
			\| program/include/rcmail.php \|
			\| \|
			@@ -60,16 +60,18 @@
			const ERROR_INVALID_REQUEST = 1;
			const ERROR_INVALID_HOST = 2;
			const ERROR_COOKIES_DISABLED = 3;
			const ERROR_RATE_LIMIT = 4;


			/**
			* This implements the 'singleton' design pattern
			*
			* @param string Environment name to run (e.g. live, dev, test)
			* @param integer $mode Ignored rcube::get_instance() argument
			* @param string $env Environment name to run (e.g. live, dev, test)
			*
			* @return rcmail The one and only instance
			*/
			static function get_instance($env = '')
			static function get_instance($mode = 0, $env = '')
			{
			if (!self::$instance \|\| !is_a(self::$instance, 'rcmail')) {
			self::$instance = new rcmail($env);
			@@ -92,6 +94,11 @@
			if (($basename = basename($_SERVER['SCRIPT_FILENAME'])) && $basename != 'index.php') {
			$this->filename = $basename;
			}

			// load all configured plugins
			$plugins = (array) $this->config->get('plugins', array());
			$required_plugins = array('filesystem_attachments', 'jqueryui');
			$this->plugins->load_plugins($plugins, $required_plugins);

			// start session
			$this->session_init();
			@@ -124,10 +131,8 @@
			$GLOBALS['OUTPUT'] = $this->load_gui(!empty($_REQUEST['_framed']));
			}

			// load plugins
			// run init method on all the plugins
			$this->plugins->init($this, $this->task);
			$this->plugins->load_plugins((array)$this->config->get('plugins', array()),
			array('filesystem_attachments', 'jqueryui'));
			}

			/**
			@@ -174,9 +179,11 @@
			// set localization
			setlocale(LC_ALL, $lang . '.utf8', $lang . '.UTF-8', 'en_US.utf8', 'en_US.UTF-8');

			// workaround for http://bugs.php.net/bug.php?id=18556
			if (PHP_VERSION_ID < 50500 && in_array($lang, array('tr_TR', 'ku', 'az_AZ'))) {
			setlocale(LC_CTYPE, 'en_US.utf8', 'en_US.UTF-8');
			// Workaround for http://bugs.php.net/bug.php?id=18556
			// Also strtoupper/strtolower and other methods are locale-aware
			// for these locales it is problematic (#1490519)
			if (in_array($lang, array('tr_TR', 'ku', 'az_AZ'))) {
			setlocale(LC_CTYPE, 'en_US.utf8', 'en_US.UTF-8', 'C');
			}
			}

			@@ -487,7 +494,7 @@
			*
			* @return boolean True on success, False on failure
			*/
			function login($username, $pass, $host = null, $cookiecheck = false)
			function login($username, $password, $host = null, $cookiecheck = false)
			{
			$this->login_error = null;

			@@ -500,10 +507,22 @@
			return false;
			}

			$username_filter = $this->config->get('login_username_filter');
			$username_maxlen = $this->config->get('login_username_maxlen', 1024);
			$password_maxlen = $this->config->get('login_password_maxlen', 1024);
			$default_host = $this->config->get('default_host');
			$default_port = $this->config->get('default_port');
			$username_domain = $this->config->get('username_domain');
			$login_lc = $this->config->get('login_lc', 2);

			// check input for security (#1490500)
			if (($username_maxlen && strlen($username) > $username_maxlen)
			\|\| ($username_filter && !preg_match($username_filter, $username))
			\|\| ($password_maxlen && strlen($password) > $password_maxlen)
			) {
			$this->login_error = self::ERROR_INVALID_REQUEST;
			return false;
			}

			// host is validated in rcmail::autoselect_host(), so here
			// we'll only handle unset host (if possible)
			@@ -584,12 +603,24 @@
			// user already registered -> overwrite username
			if ($user = rcube_user::query($username, $host)) {
			$username = $user->data['username'];

			// Brute-force prevention
			if ($user->is_locked()) {
			$this->login_error = self::ERROR_RATE_LIMIT;
			return false;
			}
			}

			$storage = $this->get_storage();

			// try to log in
			if (!$storage->connect($host, $username, $pass, $port, $ssl)) {
			if (!$storage->connect($host, $username, $password, $port, $ssl)) {
			if ($user) {
			$user->failed_login();
			}

			// Wait a second to slow down brute-force attacks (#1490549)
			sleep(1);
			return false;
			}

			@@ -635,7 +666,7 @@
			$_SESSION['storage_host'] = $host;
			$_SESSION['storage_port'] = $port;
			$_SESSION['storage_ssl'] = $ssl;
			$_SESSION['password'] = $this->encrypt($pass);
			$_SESSION['password'] = $this->encrypt($password);
			$_SESSION['login_time'] = time();

			if (isset($_REQUEST['_timezone']) && $_REQUEST['_timezone'] != '_default_') {
			@@ -804,7 +835,7 @@

			// remove old token from the path
			$base_path = rtrim($base_path, '/');
			$base_path = preg_replace('/\/[a-f0-9]{' . strlen($token) . '}$/', '', $base_path);
			$base_path = preg_replace('/\/[a-zA-Z0-9]{' . strlen($token) . '}$/', '', $base_path);

			// this need to be full url to make redirects work
			$absolute = true;
			@@ -1061,6 +1092,12 @@

			// failed login
			if ($failed_login) {
			// don't fill the log with complete input, which could
			// have been prepared by a hacker
			if (strlen($user) > 256) {
			$user = substr($user, 0, 256) . '...';
			}

			$message = sprintf('Failed login for %s from %s in session %s (error: %d)',
			$user, rcube_utils::remote_ip(), session_id(), $error_code);
			}
			@@ -1584,7 +1621,7 @@
			// skip folders in which it isn't possible to create subfolders
			if (!empty($opts['skip_noinferiors'])) {
			$attrs = $this->storage->folder_attributes($folder['id']);
			if ($attrs && in_array('\\Noinferiors', $attrs)) {
			if ($attrs && in_array_nocase('\\Noinferiors', $attrs)) {
			continue;
			}
			}
			@@ -1791,8 +1828,9 @@
			* @param string $fallback Fallback message label
			* @param array $fallback_args Fallback message label arguments
			* @param string $suffix Message label suffix
			* @param array $params Additional parameters (type, prefix)
			*/
			public function display_server_error($fallback = null, $fallback_args = null, $suffix = '')
			public function display_server_error($fallback = null, $fallback_args = null, $suffix = '', $params = array())
			{
			$err_code = $this->storage->get_error_code();
			$res_code = $this->storage->get_response_code();
			@@ -1813,13 +1851,13 @@
			$error = 'errornoperm';
			}
			// try to detect full mailbox problem and display appropriate message
			// there can be e.g. "Quota exceeded" or "quotum would exceed"
			else if (stripos($err_str, 'quot') !== false && stripos($err_str, 'exceed') !== false) {
			// there can be e.g. "Quota exceeded" / "quotum would exceed" / "Over quota"
			else if (stripos($err_str, 'quot') !== false && preg_match('/exceed\|over/i', $err_str)) {
			$error = 'erroroverquota';
			}
			else {
			$error = 'servererrormsg';
			$args = array('msg' => $err_str);
			$args = array('msg' => rcube::Q($err_str));
			}
			}
			else if ($err_code < 0) {
			@@ -1828,13 +1866,21 @@
			else if ($fallback) {
			$error = $fallback;
			$args = $fallback_args;
			$params['prefix'] = false;
			}

			if ($error) {
			if ($suffix && $this->text_exists($error . $suffix)) {
			$error .= $suffix;
			}
			$this->output->show_message($error, 'error', $args);

			$msg = $this->gettext(array('name' => $error, 'vars' => $args));

			if ($params['prefix'] && $fallback) {
			$msg = $this->gettext(array('name' => $fallback, 'vars' => $fallback_args)) . ' ' . $msg;
			}

			$this->output->show_message($msg, $params['type'] ?: 'error');
			}
			}

			@@ -1845,7 +1891,24 @@
			*/
			public function html_editor($mode = '')
			{
			$hook = $this->plugins->exec_hook('html_editor', array('mode' => $mode));
			$spellcheck = intval($this->config->get('enable_spellcheck'));
			$spelldict = intval($this->config->get('spellcheck_dictionary'));
			$disabled_plugins = array();
			$disabled_buttons = array();
			$extra_plugins = array();
			$extra_buttons = array();

			if (!$spellcheck) {
			$disabled_plugins[] = 'spellchecker';
			}

			$hook = $this->plugins->exec_hook('html_editor', array(
			'mode' => $mode,
			'disabled_plugins' => $disabled_plugins,
			'disabled_buttons' => $disabled_buttons,
			'extra_plugins' => $extra_plugins,
			'extra_buttons' => $extra_buttons,
			));

			if ($hook['abort']) {
			return;
			@@ -1872,8 +1935,12 @@
			'mode' => $mode,
			'lang' => $lang,
			'skin_path' => $this->output->get_skin_path(),
			'spellcheck' => intval($this->config->get('enable_spellcheck')),
			'spelldict' => intval($this->config->get('spellcheck_dictionary'))
			'spellcheck' => $spellcheck, // deprecated
			'spelldict' => $spelldict,
			'disabled_plugins' => $hook['disabled_plugins'],
			'disabled_buttons' => $hook['disabled_buttons'],
			'extra_plugins' => $hook['extra_plugins'],
			'extra_buttons' => $hook['extra_buttons'],
			);

			$this->output->add_label('selectimage', 'addimage', 'selectmedia', 'addmedia');
			@@ -1881,43 +1948,6 @@
			$this->output->include_css('program/js/tinymce/roundcube/browser.css');
			$this->output->include_script('tinymce/tinymce.min.js');
			$this->output->include_script('editor.js');
			}

			/**
			* Replaces TinyMCE's emoticon images with plain-text representation
			*
			* @param string $html HTML content
			*
			* @return string HTML content
			*/
			public static function replace_emoticons($html)
			{
			$emoticons = array(
			'8-)' => 'smiley-cool',
			':-#' => 'smiley-foot-in-mouth',
			':-*' => 'smiley-kiss',
			':-X' => 'smiley-sealed',
			':-P' => 'smiley-tongue-out',
			':-@' => 'smiley-yell',
			":'(" => 'smiley-cry',
			':-(' => 'smiley-frown',
			':-D' => 'smiley-laughing',
			':-)' => 'smiley-smile',
			':-S' => 'smiley-undecided',
			':-$' => 'smiley-embarassed',
			'O:-)' => 'smiley-innocent',
			':-\|' => 'smiley-money-mouth',
			':-O' => 'smiley-surprised',
			';-)' => 'smiley-wink',
			);

			foreach ($emoticons as $idx => $file) {
			// <img title="Cry" src="http://.../program/js/tinymce/plugins/emoticons/img/smiley-cry.gif" border="0" alt="Cry" />
			$search[] = '/<img title="[a-z ]+" src="https?:\/\/[a-z0-9_.\/-]+\/tinymce\/plugins\/emoticons\/img\/'.$file.'.gif"[^>]+\/>/i';
			$replace[] = $idx;
			}

			return preg_replace($search, $replace, $html);
			}

			/**
			@@ -2062,16 +2092,15 @@
			if (!empty($_GET['_thumbnail'])) {
			$temp_dir = $this->config->get('temp_dir');
			$thumbnail_size = 80;
			list(,$ext) = explode('/', $file['mimetype']);
			$mimetype = $file['mimetype'];
			$file_ident = $file['id'] . ':' . $file['mimetype'] . ':' . $file['size'];
			$cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $this->user->ID . ':' . $thumbnail_size);
			$cache_file = $cache_basename . '.' . $ext;
			$cache_file = $cache_basename . '.thumb';

			// render thumbnail image if not done yet
			if (!is_file($cache_file)) {
			if (!$file['path']) {
			$orig_name = $filename = $cache_basename . '.orig.' . $ext;
			$orig_name = $filename = $cache_basename . '.tmp';
			file_put_contents($orig_name, $file['data']);
			}
			else {
			@@ -2239,8 +2268,8 @@
			// message UID (or comma-separated list of IDs) is provided in
			// the form of <ID>-<MBOX>[,<ID>-<MBOX>]*

			$_uid = $uids ?: rcube_utils::get_input_value('_uid', RCUBE_INPUT_GPC);
			$_mbox = $mbox ?: (string)rcube_utils::get_input_value('_mbox', RCUBE_INPUT_GPC);
			$_uid = $uids ?: rcube_utils::get_input_value('_uid', rcube_utils::INPUT_GPC);
			$_mbox = $mbox ?: (string) rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_GPC);

			// already a hash array
			if (is_array($_uid) && !isset($_uid[0])) {
			@@ -2307,24 +2336,37 @@
			return file_get_contents($name, false);
			}


			/************************************************************************
			******* Deprecated methods (to be removed) *******
			***********************************************************************/

			public static function setcookie($name, $value, $exp = 0)
			/**
			* Converts HTML content into plain text
			*
			* @param string $html HTML content
			* @param array $options Conversion parameters (width, links, charset)
			*
			* @return string Plain text
			*/
			public function html2text($html, $options = array())
			{
			rcube_utils::setcookie($name, $value, $exp);
			}
			$default_options = array(
			'links' => true,
			'width' => 75,
			'body' => $html,
			'charset' => RCUBE_CHARSET,
			);

			public function imap_connect()
			{
			return $this->storage_connect();
			}
			$options = array_merge($default_options, (array) $options);

			public function imap_init()
			{
			return $this->storage_init();
			// Plugins may want to modify HTML in another/additional way
			$options = $this->plugins->exec_hook('html2text', $options);

			// Convert to text
			if (!$options['abort']) {
			$converter = new rcube_html2text($options['body'],
			false, $options['links'], $options['width'], $options['charset']);

			$options['body'] = rtrim($converter->get_text());
			}

			return $options['body'];
			}

			/**