githubFork/roundcubemail.git

			@@ -78,11 +78,12 @@
			// set current mailbox and some other vars in client environment
			$OUTPUT->set_env('mailbox', $mbox_name);
			$OUTPUT->set_env('pagesize', $RCMAIL->storage->get_pagesize());
			$OUTPUT->set_env('current_page', max(1, $_SESSION['page']));
			$OUTPUT->set_env('delimiter', $delimiter);
			$OUTPUT->set_env('threading', $threading);
			$OUTPUT->set_env('threads', $threading \|\| $RCMAIL->storage->get_capability('THREAD'));
			$OUTPUT->set_env('reply_all_mode', (int) $RCMAIL->config->get('reply_all_mode'));
			$OUTPUT->set_env('preview_pane_mark_read', $RCMAIL->config->get('preview_pane_mark_read', 0));
			$OUTPUT->set_env('preview_pane_mark_read', (int) $RCMAIL->config->get('preview_pane_mark_read'));

			if ($RCMAIL->storage->get_capability('QUOTA')) {
			$OUTPUT->set_env('quota', true);
			@@ -163,9 +164,11 @@
			$mbox = strlen($_SESSION['mbox']) ? $_SESSION['mbox'] : 'INBOX';
			}

			if ($RCMAIL->action == 'list') {
			// we handle 'page' argument on 'list' and 'getunread' to prevent from
			// race condition and unintentional page overwrite in session
			if ($RCMAIL->action == 'list' \|\| $RCMAIL->action == 'getunread') {
			if (!($page = intval($_GET['_page']))) {
			$page = $_SESSION['page'] ? $_SESSION['page'] : 1;
			$page = $_SESSION['page'] ?: 1;
			}

			$_SESSION['page'] = $page;
			@@ -176,7 +179,7 @@

			// set default sort col/order to session
			if (!isset($_SESSION['sort_col'])) {
			$_SESSION['sort_col'] = $message_sort_col ? $message_sort_col : '';
			$_SESSION['sort_col'] = $message_sort_col ?: '';
			}
			if (!isset($_SESSION['sort_order'])) {
			$_SESSION['sort_order'] = strtoupper($message_sort_order) == 'ASC' ? 'ASC' : 'DESC';
			@@ -328,8 +331,9 @@
			$OUTPUT->add_label('from', 'to');

			// add id to message list table if not specified
			if (!strlen($attrib['id']))
			if (!strlen($attrib['id'])) {
			$attrib['id'] = 'rcubemessagelist';
			}

			// define list of cols to be displayed based on parameter or config
			if (empty($attrib['columns'])) {
			@@ -528,11 +532,7 @@
			if (!empty($header->list_cols) && is_array($header->list_cols))
			$a_msg_cols = array_merge($a_msg_cols, $header->list_cols);

			$OUTPUT->command('add_message_row',
			$header->uid,
			$a_msg_cols,
			$a_msg_flags,
			$insert_top);
			$OUTPUT->command('add_message_row', $header->uid, $a_msg_cols, $a_msg_flags, $insert_top);
			}

			if ($RCMAIL->storage->get_threading()) {
			@@ -652,8 +652,9 @@
			{
			global $OUTPUT;

			if (empty($attrib['id']))
			if (empty($attrib['id'])) {
			$attrib['id'] = 'rcmailcontentwindow';
			}

			return $OUTPUT->frame($attrib, true);
			}
			@@ -662,8 +663,9 @@
			{
			global $RCMAIL;

			if (!$attrib['id'])
			if (!$attrib['id']) {
			$attrib['id'] = 'rcmcountdisplay';
			}

			$RCMAIL->output->add_gui_object('countdisplay', $attrib['id']);

			@@ -682,19 +684,21 @@

			$page_size = $RCMAIL->storage->get_pagesize();
			$start_msg = ($page-1) * $page_size + 1;
			$max = $count;

			if ($count !== null)
			$max = $count;
			else if ($RCMAIL->action)
			$max = $RCMAIL->storage->count(NULL, $RCMAIL->storage->get_threading() ? 'THREADS' : 'ALL');
			if ($max === null && $RCMAIL->action) {
			$max = $RCMAIL->storage->count(null, $RCMAIL->storage->get_threading() ? 'THREADS' : 'ALL');
			}

			if ($max == 0)
			if (!$max) {
			$out = $RCMAIL->storage->get_search_set() ? $RCMAIL->gettext('nomessages') : $RCMAIL->gettext('mailboxempty');
			else
			}
			else {
			$out = $RCMAIL->gettext(array('name' => $RCMAIL->storage->get_threading() ? 'threadsfromto' : 'messagesfromto',
			'vars' => array('from' => $start_msg,
			'to' => min($max, $start_msg + $page_size - 1),
			'count' => $max)));
			}

			return rcube::Q($out);
			}
			@@ -703,8 +707,9 @@
			{
			global $RCMAIL;

			if (!$attrib['id'])
			if (!$attrib['id']) {
			$attrib['id'] = 'rcmmailboxname';
			}

			$RCMAIL->output->add_gui_object('mailboxname', $attrib['id']);

			@@ -722,15 +727,16 @@
			global $RCMAIL;

			$old_unseen = rcmail_get_unseen_count($mbox_name);
			$unseen = $count;

			if ($count === null)
			if ($unseen === null) {
			$unseen = $RCMAIL->storage->count($mbox_name, 'UNSEEN', $force);
			else
			$unseen = $count;
			}

			if ($unseen != $old_unseen \|\| ($mbox_name == 'INBOX'))
			if ($unseen != $old_unseen \|\| ($mbox_name == 'INBOX')) {
			$RCMAIL->output->command('set_unread_count', $mbox_name, $unseen,
			($mbox_name == 'INBOX'), $unseen && $mark ? $mark : '');
			}

			rcmail_set_unseen_count($mbox_name, $unseen);

			@@ -951,15 +957,24 @@
			break;

			case 'style':
			// Crazy big styles may freeze the browser (#1490539)
			// remove content with more than 5k lines
			if (substr_count($content, "\n") > 5000) {
			$out = '';
			break;
			}

			// decode all escaped entities and reduce to ascii strings
			$stripped = preg_replace('/[^a-zA-Z\(:;]/', '', rcube_utils::xss_entity_decode($content));

			// now check for evil strings like expression, behavior or url()
			if (!preg_match('/expression\|behavior\|javascript:\|import[^a]/i', $stripped)) {
			if (!$washtml->get_config('allow_remote') && stripos($stripped, 'url('))
			if (!$washtml->get_config('allow_remote') && stripos($stripped, 'url(')) {
			$washtml->extlinks = true;
			else
			}
			else {
			$out = html::tag('style', array('type' => 'text/css'), $content);
			}
			break;
			}

			@@ -979,10 +994,12 @@
			static $sa_attrib;

			// keep header table attrib
			if (is_array($attrib) && !$sa_attrib && !$attrib['valueof'])
			if (is_array($attrib) && !$sa_attrib && !$attrib['valueof']) {
			$sa_attrib = $attrib;
			else if (!is_array($attrib) && is_array($sa_attrib))
			}
			else if (!is_array($attrib) && is_array($sa_attrib)) {
			$attrib = $sa_attrib;
			}

			if (!isset($MESSAGE)) {
			return false;
			@@ -1008,8 +1025,6 @@
			$output_headers = array();

			foreach ($standard_headers as $hkey) {
			$ishtml = false;

			if ($headers[$hkey])
			$value = $headers[$hkey];
			else if ($headers['others'][$hkey])
			@@ -1020,6 +1035,7 @@
			if (in_array($hkey, $exclude_headers))
			continue;

			$ishtml = false;
			$header_title = $RCMAIL->gettext(preg_replace('/(^mail-\|-)/', '', $hkey));

			if ($hkey == 'date') {
			@@ -1030,10 +1046,12 @@
			}
			else if ($hkey == 'priority') {
			if ($value) {
			$header_value = html::span('prio' . $value, rcmail_localized_priority($value));
			$header_value = html::span('prio' . $value, rcube::Q(rcmail_localized_priority($value)));
			$ishtml = true;
			}
			else
			else {
			continue;
			}
			}
			else if ($hkey == 'replyto') {
			if ($headers['replyto'] != $headers['from']) {
			@@ -1041,19 +1059,21 @@
			$attrib['addicon'], $headers['charset'], $header_title);
			$ishtml = true;
			}
			else
			else {
			continue;
			}
			}
			else if ($hkey == 'mail-reply-to') {
			if ($headers['mail-replyto'] != $headers['reply-to']
			&& $headers['reply-to'] != $headers['from']
			if ($headers['mail-replyto'] != $headers['replyto']
			&& $headers['replyto'] != $headers['from']
			) {
			$header_value = rcmail_address_string($value, $attrib['max'], true,
			$attrib['addicon'], $headers['charset'], $header_title);
			$ishtml = true;
			}
			else
			else {
			continue;
			}
			}
			else if ($hkey == 'sender') {
			if ($headers['sender'] != $headers['from']) {
			@@ -1061,8 +1081,9 @@
			$attrib['addicon'], $headers['charset'], $header_title);
			$ishtml = true;
			}
			else
			else {
			continue;
			}
			}
			else if ($hkey == 'mail-followup-to') {
			$header_value = rcmail_address_string($value, $attrib['max'], true,
			@@ -1074,8 +1095,9 @@
			$attrib['addicon'], $headers['charset'], $header_title);
			$ishtml = true;
			}
			else if ($hkey == 'subject' && empty($value))
			else if ($hkey == 'subject' && empty($value)) {
			$header_value = $RCMAIL->gettext('nosubject');
			}
			else {
			$value = is_array($value) ? implode(' ', $value) : $value;
			$header_value = trim(rcube_mime::decode_header($value, $headers['charset']));
			@@ -1099,14 +1121,15 @@

			// single header value is requested
			if (!empty($attrib['valueof'])) {
			return rcube::Q($plugin['output'][$attrib['valueof']]['value'], ($attrib['valueof'] == 'subject' ? 'strict' : 'show'));
			$row = $plugin['output'][$attrib['valueof']];
			return $row['html'] ? $row['value'] : rcube::Q($row['value']);
			}

			// compose html table
			$table = new html_table(array('cols' => 2));

			foreach ($plugin['output'] as $hkey => $row) {
			$val = $row['html'] ? $row['value'] : rcube::Q($row['value'], ($hkey == 'subject' ? 'strict' : 'show'));
			$val = $row['html'] ? $row['value'] : rcube::Q($row['value']);

			$table->add(array('class' => 'header-title'), rcube::Q($row['title']));
			$table->add(array('class' => 'header '.$hkey), $val);
			@@ -1222,15 +1245,6 @@

			// fetch part body
			$body = $MESSAGE->get_part_body($part->mime_id, true);

			// extract headers from message/rfc822 parts
			if ($part->mimetype == 'message/rfc822') {
			$msgpart = rcube_mime::parse_message($body);
			if (!empty($msgpart->headers)) {
			$part = $msgpart;
			$out .= html::div('message-partheaders', rcmail_message_headers(sizeof($header_attrib) ? $header_attrib : null, $part->headers));
			}
			}

			// message is cached but not exists (#1485443), or other error
			if ($body === false) {
			@@ -1624,7 +1638,7 @@
			$content = rcube::Q($name ? sprintf('%s <%s>', $name, $mailto) : $mailto);
			}
			else {
			$content = rcube::Q($name ? $name : $mailto);
			$content = rcube::Q($name ?: $mailto);
			$attrs['title'] = $mailto;
			}

			@@ -1632,7 +1646,7 @@
			}
			else {
			$address = html::span(array('title' => $mailto, 'class' => "rcmContactAddress"),
			rcube::Q($name ? $name : $mailto));
			rcube::Q($name ?: $mailto));
			}

			if ($addicon && $_SESSION['writeable_abook']) {
			@@ -1713,9 +1727,9 @@
			function rcmail_wrap_and_quote($text, $length = 72)
			{
			// Rebuild the message body with a maximum of $max chars, while keeping quoted message.
			$max = max(75, $length + 8);
			$max = max(75, $length + 8);
			$lines = preg_split('/\r?\n/', trim($text));
			$out = '';
			$out = '';

			foreach ($lines as $line) {
			// don't wrap already quoted lines
			@@ -1726,10 +1740,7 @@
			$newline = '';

			foreach (explode("\n", rcube_mime::wordwrap($line, $length - 2)) as $l) {
			if (strlen($l))
			$newline .= '> ' . $l . "\n";
			else
			$newline .= ">\n";
			$newline .= strlen($l) ? "> $l\n" : ">\n";
			}

			$line = rtrim($newline);
			@@ -1749,7 +1760,7 @@
			{
			$parts = array();
			foreach ($p as $key => $val) {
			$encode = $key == 'folder' \|\| strpos($val, ';') !== false;
			$encode = $key == 'folder' \|\| strpos($val, ';') !== false;
			$parts[] = $key . '=' . ($encode ? 'B::' . base64_encode($val) : $val);
			}

			@@ -2199,3 +2210,93 @@

			return $jsresult;
			}

			function rcmail_save_attachment($message, $pid, $compose_id, $params = array())
			{
			global $COMPOSE;

			$rcmail = rcmail::get_instance();
			$storage = $rcmail->get_storage();

			if ($pid) {
			// attachment requested
			$part = $message->mime_parts[$pid];
			$size = $part->size;
			$mimetype = $part->ctype_primary . '/' . $part->ctype_secondary;
			$filename = $params['filename'] ?: rcmail_attachment_name($part);
			}
			else {
			// the whole message requested
			$size = $message->size;
			$mimetype = 'message/rfc822';
			$filename = $params['filename'] ?: 'message_rfc822.eml';
			}

			// don't load too big attachments into memory
			if (!rcube_utils::mem_check($size)) {
			$temp_dir = unslashify($rcmail->config->get('temp_dir'));
			$path = tempnam($temp_dir, 'rcmAttmnt');

			if ($fp = fopen($path, 'w')) {
			if ($pid) {
			// part body
			$message->get_part_body($pid, false, 0, $fp);
			}
			else {
			// complete message
			$storage->get_raw_body($message->uid, $fp);
			}

			fclose($fp);
			}
			else {
			return false;
			}
			}
			else if ($pid) {
			// part body
			$data = $message->get_part_body($pid);
			}
			else {
			// complete message
			$data = $storage->get_raw_body($message->uid);
			}

			$attachment = array(
			'group' => $compose_id,
			'name' => $filename,
			'mimetype' => $mimetype,
			'content_id' => $part ? $part->content_id : null,
			'data' => $data,
			'path' => $path,
			'size' => $path ? filesize($path) : strlen($data),
			'charset' => $part ? $part->charset : null,
			);

			$attachment = $rcmail->plugins->exec_hook('attachment_save', $attachment);

			if ($attachment['status']) {
			unset($attachment['data'], $attachment['status'], $attachment['content_id'], $attachment['abort']);

			// rcube_session::append() replaces current session data with the old values
			// (in rcube_session::reload()). This is a problem in 'compose' action, because before
			// the first append() use we set some important data in the session.
			// It also overwrites attachments list. Fixing reload() is not so simple if possible
			// as we don't really know what has been added and what removed in meantime.
			// So, for now we'll do not use append() on 'compose' action (#1490608).

			if ($rcmail->action == 'compose') {
			$COMPOSE['attachments'][$attachment['id']] = $attachment;
			}
			else {
			$rcmail->session->append('compose_data_' . $compose_id . '.attachments', $attachment['id'], $attachment);
			}

			return $attachment;
			}
			else if ($path) {
			@unlink($path);
			}

			return false;
			}