githubFork/roundcubemail.git

			@@ -39,40 +39,12 @@
			// check client
			$BROWSER = rcube_browser();

			// load config file
			include_once('config/main.inc.php');
			$CONFIG = is_array($rcmail_config) ? $rcmail_config : array();

			// load host-specific configuration
			rcmail_load_host_config($CONFIG);

			$CONFIG['skin_path'] = $CONFIG['skin_path'] ? unslashify($CONFIG['skin_path']) : 'skins/default';

			// load db conf
			include_once('config/db.inc.php');
			$CONFIG = array_merge($CONFIG, $rcmail_config);

			if (empty($CONFIG['log_dir']))
			$CONFIG['log_dir'] = $INSTALL_PATH.'logs';
			else
			$CONFIG['log_dir'] = unslashify($CONFIG['log_dir']);

			// set PHP error logging according to config
			if ($CONFIG['debug_level'] & 1)
			{
			ini_set('log_errors', 1);
			ini_set('error_log', $CONFIG['log_dir'].'/errors');
			}
			if ($CONFIG['debug_level'] & 4)
			ini_set('display_errors', 1);
			else
			ini_set('display_errors', 0);

			// load configuration
			$CONFIG = rcmail_load_config();

			// set session garbage collecting time according to session_lifetime
			if (!empty($CONFIG['session_lifetime']))
			ini_set('session.gc_maxlifetime', ($CONFIG['session_lifetime']+2)*60);

			ini_set('session.gc_maxlifetime', ($CONFIG['session_lifetime']) * 120);

			// prepare DB connection
			require_once('include/rcube_'.(empty($CONFIG['db_backend']) ? 'db' : $CONFIG['db_backend']).'.inc');
			@@ -80,7 +52,7 @@
			$DB = new rcube_db($CONFIG['db_dsnw'], $CONFIG['db_dsnr'], $CONFIG['db_persistent']);
			$DB->sqlite_initials = $INSTALL_PATH.'SQL/sqlite.initial.sql';
			$DB->db_connect('w');


			// we can use the database for storing session data
			if (!$DB->is_error())
			include_once('include/session.inc');
			@@ -129,6 +101,44 @@
			}


			// load roundcube configuration into global var
			function rcmail_load_config()
			{
			global $INSTALL_PATH;

			// load config file
			include_once('config/main.inc.php');
			$conf = is_array($rcmail_config) ? $rcmail_config : array();

			// load host-specific configuration
			rcmail_load_host_config($conf);

			$conf['skin_path'] = $conf['skin_path'] ? unslashify($conf['skin_path']) : 'skins/default';

			// load db conf
			include_once('config/db.inc.php');
			$conf = array_merge($conf, $rcmail_config);

			if (empty($conf['log_dir']))
			$conf['log_dir'] = $INSTALL_PATH.'logs';
			else
			$conf['log_dir'] = unslashify($conf['log_dir']);

			// set PHP error logging according to config
			if ($conf['debug_level'] & 1)
			{
			ini_set('log_errors', 1);
			ini_set('error_log', $conf['log_dir'].'/errors');
			}
			if ($conf['debug_level'] & 4)
			ini_set('display_errors', 1);
			else
			ini_set('display_errors', 0);

			return $conf;
			}


			// load a host-specific config file if configured
			function rcmail_load_host_config(&$config)
			{
			@@ -169,15 +179,24 @@
			function rcmail_authenticate_session()
			{
			$now = mktime();
			$valid = ($_COOKIE['sessauth'] == rcmail_auth_hash(session_id(), $_SESSION['auth_time']));
			$valid = ($_COOKIE['sessauth'] == rcmail_auth_hash(session_id(), $_SESSION['auth_time']) \|\|
			$_COOKIE['sessauth'] == rcmail_auth_hash(session_id(), $_SESSION['last_auth']));

			// renew auth cookie every 5 minutes (only for GET requests)
			if (!$valid \|\| ($_SERVER['REQUEST_METHOD']!='POST' && $now-$_SESSION['auth_time'] > 300))
			{
			$_SESSION['last_auth'] = $_SESSION['auth_time'];
			$_SESSION['auth_time'] = $now;
			setcookie('sessauth', rcmail_auth_hash(session_id(), $now));
			}


			if (!$valid)
			write_log('timeouts',
			"REQUEST: " . var_export($_REQUEST, true) .
			"\nEXPECTED: " . rcmail_auth_hash(session_id(), $_SESSION['auth_time']) .
			"\nOR LAST: " . rcmail_auth_hash(session_id(), $_SESSION['last_auth']) .
			"\nSESSION: " . var_export($_SESSION, true));

			return $valid;
			}

			@@ -346,18 +365,22 @@

			// add common javascripts
			$javascript = "var $JS_OBJECT_NAME = new rcube_webmail();\n";
			$javascript .= "$JS_OBJECT_NAME.set_env('comm_path', '$COMM_PATH');\n";
			$javascript .= sprintf("%s.set_env('comm_path', '%s');\n", $JS_OBJECT_NAME, str_replace('&', '&', $COMM_PATH));

			if (isset($CONFIG['javascript_config'] )){
			foreach ($CONFIG['javascript_config'] as $js_config_var){
			$javascript .= "$JS_OBJECT_NAME.set_env('$js_config_var', '" . $CONFIG[$js_config_var] . "');\n";
			}
			}


			// don't wait for page onload. Call init at the bottom of the page (delayed)
			$javascript_foot = "if (window.call_init)\n call_init('$JS_OBJECT_NAME');";

			if (!empty($GLOBALS['_framed']))
			$javascript .= "$JS_OBJECT_NAME.set_env('framed', true);\n";

			$OUTPUT->add_script($javascript);
			$OUTPUT->add_script($javascript, 'head');
			$OUTPUT->add_script($javascript_foot, 'foot');
			$OUTPUT->include_script('common.js');
			$OUTPUT->include_script('app.js');
			$OUTPUT->scripts_path = 'program/js/';
			@@ -387,6 +410,34 @@
			$MBSTRING = $s_mbstring_loaded = FALSE;

			$OUTPUT->set_charset(rcube_language_prop($lang, 'charset'));
			}


			// auto-select IMAP host based on the posted login information
			function rcmail_autoselect_host()
			{
			global $CONFIG;

			$host = isset($_POST['_host']) ? get_input_value('_host', RCUBE_INPUT_POST) : $CONFIG['default_host'];
			if (is_array($host))
			{
			list($user, $domain) = explode('@', get_input_value('_user', RCUBE_INPUT_POST));
			if (!empty($domain))
			{
			foreach ($host as $imap_host => $mail_domains)
			if (is_array($mail_domains) && in_array($domain, $mail_domains))
			{
			$host = $imap_host;
			break;
			}
			}

			// take the first entry if $host is still an array
			if (is_array($host))
			$host = array_shift($host);
			}

			return $host;
			}


			@@ -527,21 +578,28 @@
			$user_name = $user!=$user_email ? $user : '';

			// try to resolve the e-mail address from the virtuser table
			if (!empty($CONFIG['virtuser_query']))
			{
			$sql_result = $DB->query(preg_replace('/%u/', $user, $CONFIG['virtuser_query']));
			if ($sql_arr = $DB->fetch_array($sql_result))
			$user_email = $sql_arr[0];
			if (!empty($CONFIG['virtuser_query']) &&
			($sql_result = $DB->query(preg_replace('/%u/', $user, $CONFIG['virtuser_query']))) &&
			($DB->num_rows()>0))
			while ($sql_arr = $DB->fetch_array($sql_result))
			{
			$DB->query("INSERT INTO ".get_table_name('identities')."
			(user_id, del, standard, name, email)
			VALUES (?, 0, 1, ?, ?)",
			$user_id,
			$user_name,
			preg_replace('/^@/', $user . '@', $sql_arr[0]));
			}
			else
			{
			// also create new identity records
			$DB->query("INSERT INTO ".get_table_name('identities')."
			(user_id, del, standard, name, email)
			VALUES (?, 0, 1, ?, ?)",
			$user_id,
			$user_name,
			$user_email);
			}

			// also create new identity records
			$DB->query("INSERT INTO ".get_table_name('identities')."
			(user_id, del, standard, name, email)
			VALUES (?, 0, 1, ?, ?)",
			$user_id,
			$user_name,
			$user_email);


			// get existing mailboxes
			$a_mailboxes = $IMAP->list_mailboxes();
			@@ -800,19 +858,25 @@
			}


			// remove temp files of a session
			function rcmail_clear_session_temp($sess_id)
			// remove temp files older than two day
			function rcmail_temp_gc()
			{
			global $CONFIG;
			$tmp = unslashify($CONFIG['temp_dir']);
			$expire = mktime() - 172800; // expire in 48 hours

			$temp_dir = slashify($CONFIG['temp_dir']);
			$cache_dir = $temp_dir.$sess_id;

			if (is_dir($cache_dir))
			if ($dir = opendir($tmp))
			{
			clear_directory($cache_dir);
			rmdir($cache_dir);
			}
			while (($fname = readdir($dir)) !== false)
			{
			if ($fname{0} == '.')
			continue;

			if (filemtime($tmp.'/'.$fname) < $expire)
			@unlink($tmp.'/'.$fname);
			}

			closedir($dir);
			}
			}


			@@ -864,7 +928,7 @@

			// convert string to UTF-8
			if ($from=='UTF-7')
			$str = rcube_charset_convert(UTF7DecodeString($str), 'ISO-8859-1');
			$str = utf7_to_utf8($str);
			else if (($from=='ISO-8859-1') && function_exists('utf8_encode'))
			$str = utf8_encode($str);
			else if ($from!='UTF-8')
			@@ -875,7 +939,7 @@

			// encode string for output
			if ($to=='UTF-7')
			return UTF7EncodeString(rcube_charset_convert($str, 'UTF-8', 'ISO-8859-1'));
			return utf8_to_utf7($str);
			else if ($to=='ISO-8859-1' && function_exists('utf8_decode'))
			return utf8_decode($str);
			else if ($to!='UTF-8')
			@@ -929,8 +993,9 @@
			}
			else if ($mode=='remove')
			$str = strip_tags($str);

			$out = strtr($str, $encode_arr);

			// avoid douple quotation of &
			$out = preg_replace('/&([a-z]{2,5});/', '&\\1;', strtr($str, $encode_arr));

			return $newlines ? nl2br($out) : $out;
			}
			@@ -1026,7 +1091,13 @@
			return $value;
			}


			/**
			* Remove single and double quotes from given string
			*/
			function strip_quotes($str)
			{
			return preg_replace('/[\'"]/', '', $str);
			}


			// ************ template parsing and gui functions ************
			@@ -1071,8 +1142,12 @@


			// parse for specialtags
			$output = parse_rcube_xml($templ);
			$output = parse_rcube_xml(parse_rcube_conditions($templ));

			// add debug console
			if ($CONFIG['debug_level'] & 8)
			$OUTPUT->footer = '<div style="position:absolute;top:5px;left:5px;width:400px;opacity:0.8;z-index:9000;"><form name="debugform"><textarea name="console" rows="15" cols="40" style="width:400px;border:none;font-size:x-small"></textarea></form>';

			$OUTPUT->write(trim(parse_with_globals($output)), $skin_path);

			if ($exit)
			@@ -1090,6 +1165,55 @@
			}


			// parse conditional code
			function parse_rcube_conditions($input)
			{
			if (($matches = preg_split('/<roundcube:(if\|elseif\|else\|endif)\s+([^>]+)>/is', $input, 2, PREG_SPLIT_DELIM_CAPTURE)) && count($matches)==4)
			{
			if (preg_match('/^(else\|endif)$/i', $matches[1]))
			return $matches[0] . parse_rcube_conditions($matches[3]);
			else
			{
			$attrib = parse_attrib_string($matches[2]);
			if (isset($attrib['condition']))
			{
			$condmet = rcube_xml_condition($attrib['condition']);
			$submatches = preg_split('/<roundcube:(elseif\|else\|endif)\s+([^>]+)>/is', $matches[3], 2, PREG_SPLIT_DELIM_CAPTURE);

			if ($condmet)
			$result = $submatches[0] . preg_replace('/.*<roundcube:endif\s+[^>]+>/is', '', $submatches[3]);
			else
			$result = "<roundcube:$submatches[1] $submatches[2]>" . $submatches[3];

			return $matches[0] . parse_rcube_conditions($result);
			}
			else
			{
			raise_error(array('code' => 500, 'type' => 'php', 'line' => __LINE__, 'file' => __FILE__,
			'message' => "Unable to parse conditional tag " . $matches[2]), TRUE, FALSE);
			}
			}
			}

			return $input;
			}


			/**
			* Determines if a given condition is met
			*
			* @return True if condition is valid, False is not
			*/
			function rcube_xml_condition($condition)
			{
			$condition = preg_replace(
			array('/session:([a-z0-9_]+)/i', '/config:([a-z0-9_]+)/i', '/request:([a-z0-9_]+)/ie'),
			array("\$_SESSION['\\1']", "\$GLOBALS['CONFIG']['\\1']", "get_input_value('\\1', RCUBE_INPUT_GPC)"),
			$condition);

			return @eval("return (".$condition.");");
			}


			function parse_rcube_xml($input)
			{
			@@ -1098,12 +1222,19 @@
			}


			/**
			* Convert a xml command tag into real content
			*/
			function rcube_xml_command($command, $str_attrib, $add_attrib=array())
			{
			global $IMAP, $CONFIG, $OUTPUT;

			$command = strtolower($command);
			$attrib = parse_attrib_string($str_attrib) + $add_attrib;

			// empty output if required condition is not met
			if (!empty($attrib['condition']) && !rcube_xml_condition($attrib['condition']))
			return '';

			// execute command
			switch ($command)
			@@ -1168,6 +1299,7 @@
			'composeattachment' => 'rcmail_compose_attachment_field',
			'priorityselector' => 'rcmail_priority_selector',
			'charsetselector' => 'rcmail_charset_selector',
			'editorselector' => 'rcmail_editor_selector',
			'searchform' => 'rcmail_search_form',
			'receiptcheckbox' => 'rcmail_receipt_checkbox',

			@@ -1250,8 +1382,7 @@
			if ($attrib['type'])
			$attrib['type'] = strtolower($attrib['type']);
			else
			$attrib['type'] = ($attrib['image'] \|\| $attrib['imagepas'] \|\| $arg['imageact']) ? 'image' : 'link';

			$attrib['type'] = ($attrib['image'] \|\| $attrib['imagepas'] \|\| $attrib['imageact']) ? 'image' : 'link';

			$command = $attrib['command'];

			@@ -1260,7 +1391,7 @@
			$attrib = $sa_buttons[$attrib['name']];

			// add button to button stack
			else if($attrib['image'] \|\| $arg['imageact'] \|\| $attrib['imagepas'] \|\| $attrib['class'])
			else if($attrib['image'] \|\| $attrib['imageact'] \|\| $attrib['imagepas'] \|\| $attrib['class'])
			{
			if(!$attrib['name'])
			$attrib['name'] = $command;
			@@ -1458,7 +1589,15 @@
			}



			/**
			* Create an edit field for inclusion on a form
			*
			* @param string col field name
			* @param string value field value
			* @param array attrib HTML element attributes for field
			* @param string type HTML element type (default 'text')
			* @return string HTML field definition
			*/
			function rcmail_get_edit_field($col, $value, $attrib, $type='text')
			{
			$fname = '_'.$col;
			@@ -1681,14 +1820,22 @@
			$select_host = new select(array('name' => '_host', 'id' => 'rcmloginhost'));

			foreach ($CONFIG['default_host'] as $key => $value)
			$select_host->add($value, (is_numeric($key) ? $value : $key));
			{
			if (!is_array($value))
			$select_host->add($value, (is_numeric($key) ? $value : $key));
			else
			{
			unset($select_host);
			break;
			}
			}

			$fields['host'] = $select_host->show($_POST['_host']);
			$fields['host'] = isset($select_host) ? $select_host->show($_POST['_host']) : null;
			}
			else if (!strlen($CONFIG['default_host']))
			{
			$input_host = new textfield(array('name' => '_host', 'id' => 'rcmloginhost', 'size' => 30));
			$fields['host'] = $input_host->show($_POST['_host']);
			$input_host = new textfield(array('name' => '_host', 'id' => 'rcmloginhost', 'size' => 30));
			$fields['host'] = $input_host->show($_POST['_host']);
			}

			$form_name = strlen($attrib['form']) ? $attrib['form'] : 'form';
			@@ -1802,6 +1949,9 @@
			function write_log($name, $line)
			{
			global $CONFIG;

			if (!is_string($line))
			$line = var_export($line, true);

			$log_entry = sprintf("[%s]: %s\n",
			date("d-M-Y H:i:s O", mktime()),