githubFork/roundcubemail.git

parent: fd660ac0 | patch | commit | ignore whitespace

Added more XSS protection (Bug #1308236) and some visual enhancements

thomascube

2005-11-02 6a35c82a3ca43546198361aefdea94b04ecb5457

Added more XSS protection (Bug #1308236) and some visual enhancements

6 files modified

	program/js/app.js	17 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/mail/func.inc	49 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/mail/sendmail.inc	11 ●●●●● patch \| view \| raw \| blame \| history
	skins/default/mail.css	31 ●●●●● patch \| view \| raw \| blame \| history
	skins/default/templates/compose.html	2 ●●●●● patch \| view \| raw \| blame \| history
	skins/default/templates/message.html	12 ●●●●● patch \| view \| raw \| blame \| history

 program/js/app.js

@@ -2046,18 +2046,17 @@
    if (this.gui_objects.mailboxlist)
      {
      var item, reg, text_obj;
      var s_current = this.env.mailbox.toLowerCase().replace(this.mbox_expression, '');
      var s_mbox = String(mbox).toLowerCase().replace(this.mbox_expression, '');
      var s_current = this.env.mailbox.toLowerCase().replace(this.mbox_expression, '');
      var nodes = this.gui_objects.mailboxlist.getElementsByTagName('LI');
      
      for (var n=0; n<nodes.length; n++)
        {
        item = nodes[n];
        if (item.className && item.className.indexOf('mailbox '+s_mbox+' ')>=0)
          this.set_classname(item, 'selected', true);
        else if (item.className && item.className.indexOf('mailbox '+s_current)>=0)
          this.set_classname(item, 'selected', false);          
        }
      var current_li = document.getElementById('rcmbx'+s_current);
      var mbox_li = document.getElementById('rcmbx'+s_mbox);
      
      if (current_li)
        this.set_classname(current_li, 'selected', false);
      if (mbox_li)
        this.set_classname(mbox_li, 'selected', true);
      }
    
    this.env.mailbox = mbox;

 program/steps/mail/func.inc

@@ -41,6 +41,13 @@
  }


// set default sort col/order to session
if (!isset($_SESSION['sort_col']))
  $_SESSION['sort_col'] = $CONFIG['message_sort_col'];
if (!isset($_SESSION['sort_order']))
  $_SESSION['sort_order'] = $CONFIG['message_sort_order'];
  

// define url for getting message parts
if (strlen($_GET['_uid']))
  $GET_URL = sprintf('%s&_action=get&_mbox=%s&_uid=%d', $COMM_PATH, $IMAP->get_mailbox_name(), $_GET['_uid']);
@@ -147,7 +154,7 @@
// return html for a structured list <ul> for the mailbox tree
function rcmail_render_folder_tree_html(&$arrFolders, &$special, &$mbox, $maxlength, $nestLevel=0)
  {
  global $JS_OBJECT_NAME, $IMAP;
  global $JS_OBJECT_NAME, $IMAP, $CONFIG;

  $idx = 0;
  $out = '';
@@ -170,9 +177,23 @@
    // add unread message count display
    if ($unread_count = $IMAP->messagecount($folder['id'], 'UNSEEN', ($folder['id']==$mbox)))
      $foldername .= sprintf(' (%d)', $unread_count);
      
    // make folder name safe for ids and class names
    $folder_css = $class_name = preg_replace('/[^a-z0-9\-_]/', '', $folder_lc);

    $out .= sprintf('<li class="mailbox %s %s%s%s"><a href="#%s" onclick="return %s.command(\'list\',\'%s\')" onmouseup="return %s.mbox_mouse_up(\'%s\')">%s</a>'."\n",
                    preg_replace('/[^a-z0-9\-_]/', '', $folder_lc),
    // set special class for Sent, Drafts, Trash and Junk
    if ($folder['id']==$CONFIG['sent_mbox'])
      $class_name = 'sent';
    else if ($folder['id']==$CONFIG['drafts_mbox'])
      $class_name = 'drafts';
    else if ($folder['id']==$CONFIG['trash_mbox'])
      $class_name = 'trash';
    else if ($folder['id']==$CONFIG['junk_mbox'])
      $class_name = 'junk';

    $out .= sprintf('<li id="rcmbx%s" class="mailbox %s %s%s%s"><a href="./#%s" onclick="return %s.command(\'list\',\'%s\')" onmouseup="return %s.mbox_mouse_up(\'%s\')">%s</a>',
                    $folder_css,
                    $class_name,
                    $zebra_class,
                    $unread_count ? ' unread' : '',
                    $folder['id']==$mbox ? ' selected' : '',
@@ -184,7 +205,7 @@
                    rep_specialchars_output($foldername, 'html', 'all'));

    if (!empty($folder['folders']))
      $out .= '<ul>' . rcmail_render_folder_tree_html($folder['folders'], $special, $mbox, $maxlength, $nestLevel+1) . "</ul>\n";
      $out .= "\n<ul>\n" . rcmail_render_folder_tree_html($folder['folders'], $special, $mbox, $maxlength, $nestLevel+1) . "</ul>\n";

    $out .= "</li>\n";
    $idx++;
@@ -239,8 +260,8 @@
  $image_tag = '<img src="%s%s" alt="%s" border="0" />';

  // check to see if we have some settings for sorting
  $sort_col   = isset($_SESSION['sort_col'])   ? $_SESSION['sort_col']   : $CONFIG['message_sort_col'];
  $sort_order = isset($_SESSION['sort_order']) ? $_SESSION['sort_order'] : $CONFIG['message_sort_order'];
  $sort_col   = $_SESSION['sort_col'];
  $sort_order = $_SESSION['sort_order'];

  // get message headers
  $a_headers = $IMAP->list_headers('', '', $sort_col, $sort_order);
@@ -982,13 +1003,18 @@


  // remove SCRIPT tags
  while (($pos = strpos($body_lc, '<script')) && ($pos2 = strpos($body_lc, '</script>', $pos)))
  foreach (array('script', 'applet', 'object', 'embed', 'iframe') as $tag)
    {
    $pos2 += 8;
    $body = substr($body, 0, $pos) . substr($body, $pos2, strlen($body)-$pos2);
    $body_lc = strtolower($body);
    while (($pos = strpos($body_lc, '<'.$tag)) && ($pos2 = strpos($body_lc, '</'.$tag.'>', $pos)))
      {
      $pos2 += 8;
      $body = substr($body, 0, $pos) . substr($body, $pos2, strlen($body)-$pos2);
      $body_lc = strtolower($body);
      }
    }
  

  // replace event handlers on any object
  $body = preg_replace('/\s(on[a-z]+)=/im', ' __removed=', $body);  

  // resolve <base href>
  $base_reg = '/(<base.*href=["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)([^<]*>)/i';
@@ -999,7 +1025,6 @@
    $body = preg_replace('/(url\s*\()(["\']?)([\.\/]+[^"\'\)\s]+)(\2)\)/Uie', "'\\1\''.make_absolute_url('\\3', '$base_url').'\')'", $body);
    $body = preg_replace($base_reg, '', $body);
    }


  // add comments arround html and other tags
  $out = preg_replace(array('/(<\/?html[^>]*>)/i',

 program/steps/mail/sendmail.inc

@@ -65,10 +65,11 @@
/****** check submission and compose message ********/


$mailto_regexp = '/,\s*$/';
$mailto_regexp = array('/,\s*[\r\n]+/', '/[\r\n]+/', '/,\s*$/m');
$mailto_replace = array(' ', ', ', '');

// trip ending ', ' from 
$mailto = preg_replace($mailto_regexp, '', $_POST['_to']);
// repalce new lines and strip ending ', '
$mailto = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_to']));

// decode address strings
$to_address_arr = $IMAP->decode_address_list($mailto);
@@ -90,10 +91,10 @@

// additional recipients
if ($_POST['_cc'])
  $headers['Cc'] = preg_replace($mailto_regexp, '', $_POST['_cc']);
  $headers['Cc'] = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_cc']));

if ($_POST['_bcc'])
  $headers['Bcc'] = preg_replace($mailto_regexp, '', $_POST['_bcc']);
  $headers['Bcc'] = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_bcc']));
  
if (strlen($identity_arr['bcc']))
  $headers['Bcc'] = ($headers['Bcc'] ? $headers['Bcc'].', ' : '') . $identity_arr['bcc'];

 skins/default/mail.css

@@ -75,7 +75,7 @@
  position: absolute;
  top: 60px;
  right: 40px;
  width: 250px;
  width: 200px;
  height: 20px;
  text-align: right;
}
@@ -412,9 +412,14 @@
  top: 85px;
  left: 200px;
  right: 40px;
  bottom: 40px;
  border: 1px solid #cccccc;
  background-color: #FFFFFF;
  overflow: auto;
  /* css hack for IE */
  margin-bottom: 10px;
  width: expression(document.body.clientWidth-240);
  /* margin-bottom: 10px; */
  width: expression((parseInt(document.documentElement.clientWidth)-240)+'px');
  height: expression((parseInt(document.documentElement.clientHeight)-125)+'px');
}

table.headers-table
@@ -433,10 +438,11 @@

table.headers-table td.header-title
{
  width: 70px;  
  width: 80px;
  color: #666666;
  font-weight: bold;
  text-align: right;
  white-space: nowrap;
  padding-right: 4px;
}

@@ -481,18 +487,15 @@
#messagebody
{
  min-height: 300px;
  margin-top: 10px;
  margin-bottom: 10px;
  padding-top: 10px;
  padding-bottom: 10px;
  background-color: #FFFFFF;
  border: 1px solid #cccccc;
  border-top: none;
}

div.message-part
{
  padding: 8px;
  padding-top: 10px;
  border-top: 1px solid #cccccc;
  overflow: hidden;
}

@@ -513,8 +516,8 @@
  display: none;
  height: 20px;
  min-height: 20px;
  margin: 8px 8px 0px 8px;
  padding: 10px 10px 6px 46px;  
  margin-top: 8px;
}

#remote-objects-message a
@@ -544,12 +547,12 @@
  top: 90px;
  left: 200px;
  right: 40px;
  bottom: 20px;
  bottom: 40px;
  padding: 0px;
  margin: 0px;
  /* css hack for IE */
  width: expression(document.documentElement.clientWidth-240);
  /* height: expression((parseInt(document.documentElement.clientHeight)-130)+'px'); */
  height: expression((parseInt(document.documentElement.clientHeight)-130)+'px');
}

/*
@@ -635,10 +638,10 @@
#compose-body
{
  margin-top: 10px;
  width: 100% !important;
  width: 99% !important;
  width: 95%;
  height: 95%;
  min-height: 400px;
  min-height: 300px;
  font-size: 9pt;
  font-family: "Courier New", Courier, monospace;
}

 skins/default/templates/compose.html

@@ -87,7 +87,7 @@

</tr><tr>

<td style="width:100%; height:100%;">
<td style="width:100%; height:100%; vertical-align:top;">
<roundcube:object name="composeBody" id="compose-body" form="form" cols="80" rows="20" warp="virtual" />
</td>


 skins/default/templates/message.html

@@ -10,6 +10,12 @@
<roundcube:include file="/includes/taskbar.html" />
<roundcube:include file="/includes/header.html" />

<div id="messagecountbar">
<roundcube:button command="previousmessage" imageAct="/images/buttons/previous_act.png" imagePas="/images/buttons/previous_pas.png" width="11" height="11" title="previousmessages" />
&nbsp;<roundcube:object name="messageCountDisplay" />&nbsp;
<roundcube:button command="nextmessage" imageAct="/images/buttons/next_act.png" imagePas="/images/buttons/next_pas.png" width="11" height="11" title="nextmessages" />
</div>

<div id="messagetoolbar">
<roundcube:button command="list" image="/images/buttons/back_act.png" width="32" height="32" title="backtolist" />
<roundcube:button command="reply" imageAct="/images/buttons/reply_act.png" imagePas="/images/buttons/reply_pas.png" width="32" height="32" title="replytomessage" />
@@ -18,12 +24,6 @@
<roundcube:button command="print" imageAct="/images/buttons/print_act.png" imagePas="/images/buttons/print_pas.png" width="32" height="32" title="printmessage" />
<roundcube:button command="viewsource" imageAct="/images/buttons/source_act.png" imagePas="/images/buttons/source_pas.png" width="32" height="32" title="viewsource" />
<roundcube:object name="mailboxlist" type="select" noSelection="moveto" maxlength="25" onchange="rcmail.command('moveto', this.options[this.selectedIndex].value)" class="mboxlist" />
</div>

<div id="messagecountbar">
<roundcube:button command="previousmessage" imageAct="/images/buttons/previous_act.png" imagePas="/images/buttons/previous_pas.png" width="11" height="11" title="previousmessages" />
&nbsp;<roundcube:object name="messageCountDisplay" />&nbsp;
<roundcube:button command="nextmessage" imageAct="/images/buttons/next_act.png" imagePas="/images/buttons/next_pas.png" width="11" height="11" title="nextmessages" />
</div>

<div id="mailboxlist-header"><roundcube:label name="mailboxlist" /></div>

			@@ -2046,18 +2046,17 @@
			if (this.gui_objects.mailboxlist)
			{
			var item, reg, text_obj;
			var s_current = this.env.mailbox.toLowerCase().replace(this.mbox_expression, '');
			var s_mbox = String(mbox).toLowerCase().replace(this.mbox_expression, '');
			var s_current = this.env.mailbox.toLowerCase().replace(this.mbox_expression, '');
			var nodes = this.gui_objects.mailboxlist.getElementsByTagName('LI');

			for (var n=0; n<nodes.length; n++)
			{
			item = nodes[n];
			if (item.className && item.className.indexOf('mailbox '+s_mbox+' ')>=0)
			this.set_classname(item, 'selected', true);
			else if (item.className && item.className.indexOf('mailbox '+s_current)>=0)
			this.set_classname(item, 'selected', false);
			}
			var current_li = document.getElementById('rcmbx'+s_current);
			var mbox_li = document.getElementById('rcmbx'+s_mbox);

			if (current_li)
			this.set_classname(current_li, 'selected', false);
			if (mbox_li)
			this.set_classname(mbox_li, 'selected', true);
			}

			this.env.mailbox = mbox;

			@@ -41,6 +41,13 @@
			}


			// set default sort col/order to session
			if (!isset($_SESSION['sort_col']))
			$_SESSION['sort_col'] = $CONFIG['message_sort_col'];
			if (!isset($_SESSION['sort_order']))
			$_SESSION['sort_order'] = $CONFIG['message_sort_order'];


			// define url for getting message parts
			if (strlen($_GET['_uid']))
			$GET_URL = sprintf('%s&_action=get&_mbox=%s&_uid=%d', $COMM_PATH, $IMAP->get_mailbox_name(), $_GET['_uid']);
			@@ -147,7 +154,7 @@
			// return html for a structured list <ul> for the mailbox tree
			function rcmail_render_folder_tree_html(&$arrFolders, &$special, &$mbox, $maxlength, $nestLevel=0)
			{
			global $JS_OBJECT_NAME, $IMAP;
			global $JS_OBJECT_NAME, $IMAP, $CONFIG;

			$idx = 0;
			$out = '';
			@@ -170,9 +177,23 @@
			// add unread message count display
			if ($unread_count = $IMAP->messagecount($folder['id'], 'UNSEEN', ($folder['id']==$mbox)))
			$foldername .= sprintf(' (%d)', $unread_count);

			// make folder name safe for ids and class names
			$folder_css = $class_name = preg_replace('/[^a-z0-9\-_]/', '', $folder_lc);

			$out .= sprintf('<li class="mailbox %s %s%s%s"><a href="#%s" onclick="return %s.command(\'list\',\'%s\')" onmouseup="return %s.mbox_mouse_up(\'%s\')">%s</a>'."\n",
			preg_replace('/[^a-z0-9\-_]/', '', $folder_lc),
			// set special class for Sent, Drafts, Trash and Junk
			if ($folder['id']==$CONFIG['sent_mbox'])
			$class_name = 'sent';
			else if ($folder['id']==$CONFIG['drafts_mbox'])
			$class_name = 'drafts';
			else if ($folder['id']==$CONFIG['trash_mbox'])
			$class_name = 'trash';
			else if ($folder['id']==$CONFIG['junk_mbox'])
			$class_name = 'junk';

			$out .= sprintf('<li id="rcmbx%s" class="mailbox %s %s%s%s"><a href="./#%s" onclick="return %s.command(\'list\',\'%s\')" onmouseup="return %s.mbox_mouse_up(\'%s\')">%s</a>',
			$folder_css,
			$class_name,
			$zebra_class,
			$unread_count ? ' unread' : '',
			$folder['id']==$mbox ? ' selected' : '',
			@@ -184,7 +205,7 @@
			rep_specialchars_output($foldername, 'html', 'all'));

			if (!empty($folder['folders']))
			$out .= '<ul>' . rcmail_render_folder_tree_html($folder['folders'], $special, $mbox, $maxlength, $nestLevel+1) . "</ul>\n";
			$out .= "\n<ul>\n" . rcmail_render_folder_tree_html($folder['folders'], $special, $mbox, $maxlength, $nestLevel+1) . "</ul>\n";

			$out .= "</li>\n";
			$idx++;
			@@ -239,8 +260,8 @@
			$image_tag = '<img src="%s%s" alt="%s" border="0" />';

			// check to see if we have some settings for sorting
			$sort_col = isset($_SESSION['sort_col']) ? $_SESSION['sort_col'] : $CONFIG['message_sort_col'];
			$sort_order = isset($_SESSION['sort_order']) ? $_SESSION['sort_order'] : $CONFIG['message_sort_order'];
			$sort_col = $_SESSION['sort_col'];
			$sort_order = $_SESSION['sort_order'];

			// get message headers
			$a_headers = $IMAP->list_headers('', '', $sort_col, $sort_order);
			@@ -982,13 +1003,18 @@


			// remove SCRIPT tags
			while (($pos = strpos($body_lc, '<script')) && ($pos2 = strpos($body_lc, '</script>', $pos)))
			foreach (array('script', 'applet', 'object', 'embed', 'iframe') as $tag)
			{
			$pos2 += 8;
			$body = substr($body, 0, $pos) . substr($body, $pos2, strlen($body)-$pos2);
			$body_lc = strtolower($body);
			while (($pos = strpos($body_lc, '<'.$tag)) && ($pos2 = strpos($body_lc, '</'.$tag.'>', $pos)))
			{
			$pos2 += 8;
			$body = substr($body, 0, $pos) . substr($body, $pos2, strlen($body)-$pos2);
			$body_lc = strtolower($body);
			}
			}


			// replace event handlers on any object
			$body = preg_replace('/\s(on[a-z]+)=/im', ' __removed=', $body);

			// resolve <base href>
			$base_reg = '/(<base.href=["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)([^<]>)/i';
			@@ -999,7 +1025,6 @@
			$body = preg_replace('/(url\s*\()(["\']?)([\.\/]+[^"\'\)\s]+)(\2)\)/Uie', "'\\1\''.make_absolute_url('\\3', '$base_url').'\')'", $body);
			$body = preg_replace($base_reg, '', $body);
			}


			// add comments arround html and other tags
			$out = preg_replace(array('/(<\/?html[^>]*>)/i',

			@@ -65,10 +65,11 @@
			/**** check submission and compose message ******/


			$mailto_regexp = '/,\s*$/';
			$mailto_regexp = array('/,\s[\r\n]+/', '/[\r\n]+/', '/,\s$/m');
			$mailto_replace = array(' ', ', ', '');

			// trip ending ', ' from
			$mailto = preg_replace($mailto_regexp, '', $_POST['_to']);
			// repalce new lines and strip ending ', '
			$mailto = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_to']));

			// decode address strings
			$to_address_arr = $IMAP->decode_address_list($mailto);
			@@ -90,10 +91,10 @@

			// additional recipients
			if ($_POST['_cc'])
			$headers['Cc'] = preg_replace($mailto_regexp, '', $_POST['_cc']);
			$headers['Cc'] = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_cc']));

			if ($_POST['_bcc'])
			$headers['Bcc'] = preg_replace($mailto_regexp, '', $_POST['_bcc']);
			$headers['Bcc'] = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_bcc']));

			if (strlen($identity_arr['bcc']))
			$headers['Bcc'] = ($headers['Bcc'] ? $headers['Bcc'].', ' : '') . $identity_arr['bcc'];

			@@ -75,7 +75,7 @@
			position: absolute;
			top: 60px;
			right: 40px;
			width: 250px;
			width: 200px;
			height: 20px;
			text-align: right;
			}
			@@ -412,9 +412,14 @@
			top: 85px;
			left: 200px;
			right: 40px;
			bottom: 40px;
			border: 1px solid #cccccc;
			background-color: #FFFFFF;
			overflow: auto;
			/* css hack for IE */
			margin-bottom: 10px;
			width: expression(document.body.clientWidth-240);
			/* margin-bottom: 10px; */
			width: expression((parseInt(document.documentElement.clientWidth)-240)+'px');
			height: expression((parseInt(document.documentElement.clientHeight)-125)+'px');
			}

			table.headers-table
			@@ -433,10 +438,11 @@

			table.headers-table td.header-title
			{
			width: 70px;
			width: 80px;
			color: #666666;
			font-weight: bold;
			text-align: right;
			white-space: nowrap;
			padding-right: 4px;
			}

			@@ -481,18 +487,15 @@
			#messagebody
			{
			min-height: 300px;
			margin-top: 10px;
			margin-bottom: 10px;
			padding-top: 10px;
			padding-bottom: 10px;
			background-color: #FFFFFF;
			border: 1px solid #cccccc;
			border-top: none;
			}

			div.message-part
			{
			padding: 8px;
			padding-top: 10px;
			border-top: 1px solid #cccccc;
			overflow: hidden;
			}

			@@ -513,8 +516,8 @@
			display: none;
			height: 20px;
			min-height: 20px;
			margin: 8px 8px 0px 8px;
			padding: 10px 10px 6px 46px;
			margin-top: 8px;
			}

			#remote-objects-message a
			@@ -544,12 +547,12 @@
			top: 90px;
			left: 200px;
			right: 40px;
			bottom: 20px;
			bottom: 40px;
			padding: 0px;
			margin: 0px;
			/* css hack for IE */
			width: expression(document.documentElement.clientWidth-240);
			/* height: expression((parseInt(document.documentElement.clientHeight)-130)+'px'); */
			height: expression((parseInt(document.documentElement.clientHeight)-130)+'px');
			}

			/*
			@@ -635,10 +638,10 @@
			#compose-body
			{
			margin-top: 10px;
			width: 100% !important;
			width: 99% !important;
			width: 95%;
			height: 95%;
			min-height: 400px;
			min-height: 300px;
			font-size: 9pt;
			font-family: "Courier New", Courier, monospace;
			}

			@@ -87,7 +87,7 @@

			</tr><tr>

			<td style="width:100%; height:100%;">
			<td style="width:100%; height:100%; vertical-align:top;">
			<roundcube:object name="composeBody" id="compose-body" form="form" cols="80" rows="20" warp="virtual" />
			</td>

			@@ -10,6 +10,12 @@
			<roundcube:include file="/includes/taskbar.html" />
			<roundcube:include file="/includes/header.html" />

			<div id="messagecountbar">
			<roundcube:button command="previousmessage" imageAct="/images/buttons/previous_act.png" imagePas="/images/buttons/previous_pas.png" width="11" height="11" title="previousmessages" />
			<roundcube:object name="messageCountDisplay" />
			<roundcube:button command="nextmessage" imageAct="/images/buttons/next_act.png" imagePas="/images/buttons/next_pas.png" width="11" height="11" title="nextmessages" />
			</div>

			<div id="messagetoolbar">
			<roundcube:button command="list" image="/images/buttons/back_act.png" width="32" height="32" title="backtolist" />
			<roundcube:button command="reply" imageAct="/images/buttons/reply_act.png" imagePas="/images/buttons/reply_pas.png" width="32" height="32" title="replytomessage" />
			@@ -18,12 +24,6 @@
			<roundcube:button command="print" imageAct="/images/buttons/print_act.png" imagePas="/images/buttons/print_pas.png" width="32" height="32" title="printmessage" />
			<roundcube:button command="viewsource" imageAct="/images/buttons/source_act.png" imagePas="/images/buttons/source_pas.png" width="32" height="32" title="viewsource" />
			<roundcube:object name="mailboxlist" type="select" noSelection="moveto" maxlength="25" onchange="rcmail.command('moveto', this.options[this.selectedIndex].value)" class="mboxlist" />
			</div>

			<div id="messagecountbar">
			<roundcube:button command="previousmessage" imageAct="/images/buttons/previous_act.png" imagePas="/images/buttons/previous_pas.png" width="11" height="11" title="previousmessages" />
			<roundcube:object name="messageCountDisplay" />
			<roundcube:button command="nextmessage" imageAct="/images/buttons/next_act.png" imagePas="/images/buttons/next_pas.png" width="11" height="11" title="nextmessages" />
			</div>

			<div id="mailboxlist-header"><roundcube:label name="mailboxlist" /></div>