githubFork/roundcubemail.git

			@@ -68,6 +68,7 @@
			$this->set_env('task', $task);
			$this->set_env('x_frame_options', $this->config->get('x_frame_options', 'sameorigin'));
			$this->set_env('standard_windows', (bool) $this->config->get('standard_windows'));
			$this->set_env('locale', $_SESSION['language']);

			// add cookie info
			$this->set_env('cookie_domain', ini_get('session.cookie_domain'));
			@@ -418,28 +419,21 @@
			*/
			public function write($template = '')
			{
			// unlock interface after iframe load
			$unlock = preg_replace('/[^a-z0-9]/i', '', $_REQUEST['_unlock']);
			if ($this->framed) {
			array_unshift($this->js_commands, array('iframe_loaded', $unlock));
			}
			else if ($unlock) {
			array_unshift($this->js_commands, array('hide_message', $unlock));
			}

			if (!empty($this->script_files)) {
			$this->set_env('request_token', $this->app->get_request_token());
			}

			// write all env variables to client
			if ($commands = $this->get_js_commands()) {
			if ($this->framed) {
			$prefix = "if (window.parent) {\n";
			$suffix = " }";
			}
			$commands = $this->get_js_commands($framed);

			$this->add_script($prefix . $commands . $suffix, 'head_top');
			// if all js commands go to parent window we can ignore all
			// script files and skip rcube_webmail initialization (#1489792)
			if ($framed) {
			$this->scripts = array();
			$this->script_files = array();
			}

			// write all javascript commands
			$this->add_script($commands, 'head_top');

			// send clickjacking protection headers
			$iframe = $this->framed \|\| $this->env['framed'];
			@@ -567,19 +561,33 @@
			*
			* @return string $out
			*/
			protected function get_js_commands()
			protected function get_js_commands(&$framed = null)
			{
			$out = '';
			$out = '';
			$parent_commands = 0;
			$top_commands = array();

			// these should be always on top,
			// e.g. hide_message() below depends on env.framed
			if (!$this->framed && !empty($this->js_env)) {
			$out .= self::JS_OBJECT_NAME . '.set_env('.self::json_serialize($this->js_env).");\n";
			$top_commands[] = array('set_env', $this->js_env);
			}

			if (!empty($this->js_labels)) {
			$this->command('add_label', $this->js_labels);
			$top_commands[] = array('add_label', $this->js_labels);
			}

			foreach ($this->js_commands as $i => $args) {
			// unlock interface after iframe load
			$unlock = preg_replace('/[^a-z0-9]/i', '', $_REQUEST['_unlock']);
			if ($this->framed) {
			$top_commands[] = array('iframe_loaded', $unlock);
			}
			else if ($unlock) {
			$top_commands[] = array('hide_message', $unlock);
			}

			$commands = array_merge($top_commands, $this->js_commands);

			foreach ($commands as $i => $args) {
			$method = array_shift($args);
			$parent = $this->framed \|\| preg_match('/^parent\./', $method);

			@@ -587,12 +595,26 @@
			$args[$i] = self::json_serialize($arg);
			}

			$out .= sprintf(
			"%s.%s(%s);\n",
			($parent ? 'if (window.parent && parent.'.self::JS_OBJECT_NAME.') parent.' : '') . self::JS_OBJECT_NAME,
			preg_replace('/^parent\./', '', $method),
			implode(',', $args)
			);
			if ($parent) {
			$parent_commands++;
			$method = preg_replace('/^parent\./', '', $method);
			$parent_prefix = 'if (window.parent && parent.' . self::JS_OBJECT_NAME . ') parent.';
			$method = $parent_prefix . self::JS_OBJECT_NAME . '.' . $method;
			}
			else {
			$method = self::JS_OBJECT_NAME . '.' . $method;
			}

			$out .= sprintf("%s(%s);\n", $method, implode(',', $args));
			}

			$framed = $parent_prefix && $parent_commands == count($commands);

			// make the output more compact if all commands go to parent window
			if ($framed) {
			$out = "if (window.parent && parent." . self::JS_OBJECT_NAME . ") {\n"
			. str_replace($parent_prefix, "\tparent.", $out)
			. "}\n";
			}

			return $out;
			@@ -875,6 +897,14 @@
			return '';
			}

			// localize title and summary attributes
			if ($command != 'button' && !empty($attrib['title']) && $this->app->text_exists($attrib['title'])) {
			$attrib['title'] = $this->app->gettext($attrib['title']);
			}
			if ($command != 'button' && !empty($attrib['summary']) && $this->app->text_exists($attrib['summary'])) {
			$attrib['summary'] = $this->app->gettext($attrib['summary']);
			}

			// execute command
			switch ($command) {
			// return a button
			@@ -1147,6 +1177,17 @@
			$attrib['alt'] = html::quote($this->app->gettext($attrib['alt'], $attrib['domain']));
			}

			// set accessibility attributes
			if (!$attrib['role']) {
			$attrib['role'] = 'button';
			}
			if (!empty($attrib['class']) && !empty($attrib['classact']) \|\| !empty($attrib['imagepas']) && !empty($attrib['imageact'])) {
			if (array_key_exists('tabindex', $attrib))
			$attrib['data-tabindex'] = $attrib['tabindex'];
			$attrib['tabindex'] = '-1'; // disable button by default
			$attrib['aria-disabled'] = 'true';
			}

			// set title to alt attribute for IE browsers
			if ($this->browser->ie && !$attrib['title'] && $attrib['alt']) {
			$attrib['title'] = $attrib['alt'];
			@@ -1331,7 +1372,7 @@
			$output = trim($templ);

			if (empty($output)) {
			$output = $this->default_template;
			$output = html::doctype('html5') . "\n" . $this->default_template;
			$is_empty = true;
			}

			@@ -1340,6 +1381,15 @@
			$this->pagetitle = 'Roundcube Mail';
			}

			// declare page language
			if (!empty($_SESSION['language'])) {
			$lang = substr($_SESSION['language'], 0, 2);
			$output = preg_replace('/<html/', '<html lang="' . html::quote($lang) . '"', $output, 1);
			if (!headers_sent()) {
			header('Content-Language: ' . $lang);
			}
			}

			// replace specialchars in content
			$page_title = html::quote($this->pagetitle);
			$page_header = '';