githubFork/roundcubemail.git

			@@ -143,39 +143,7 @@
			*/
			public static function check_ip($ip)
			{
			// IPv6, but there's no build-in IPv6 support
			if (strpos($ip, ':') !== false && !defined('AF_INET6')) {
			$parts = explode(':', $ip);
			$count = count($parts);

			if ($count > 8 \|\| $count < 2) {
			return false;
			}

			foreach ($parts as $idx => $part) {
			$length = strlen($part);
			if (!$length) {
			// there can be only one ::
			if ($found_empty) {
			return false;
			}
			$found_empty = true;
			}
			// last part can be an IPv4 address
			else if ($idx == $count - 1) {
			if (!preg_match('/^[0-9a-f]{1,4}$/i', $part)) {
			return @inet_pton($part) !== false;
			}
			}
			else if (!preg_match('/^[0-9a-f]{1,4}$/i', $part)) {
			return false;
			}
			}

			return true;
			}

			return @inet_pton($ip) !== false;
			return filter_var($ip, FILTER_VALIDATE_IP) !== false;
			}

			/**
			@@ -185,8 +153,9 @@
			*/
			public static function check_referer()
			{
			$uri = parse_url($_SERVER['REQUEST_URI']);
			$uri = parse_url($_SERVER['REQUEST_URI']);
			$referer = parse_url(self::request_header('Referer'));

			return $referer['host'] == self::request_header('Host') && $referer['path'] == $uri['path'];
			}

			@@ -195,7 +164,7 @@
			*
			* @param string Input string
			* @param string Encoding type: text\|html\|xml\|js\|url
			* @param string Replace mode for tags: show\|replace\|remove
			* @param string Replace mode for tags: show\|remove\|strict
			* @param boolean Convert newlines
			*
			* @return string The quoted string
			@@ -203,8 +172,8 @@
			public static function rep_specialchars_output($str, $enctype = '', $mode = '', $newlines = true)
			{
			static $html_encode_arr = false;
			static $js_rep_table = false;
			static $xml_rep_table = false;
			static $js_rep_table = false;
			static $xml_rep_table = false;

			if (!is_string($str)) {
			$str = strval($str);
			@@ -219,8 +188,11 @@

			$encode_arr = $html_encode_arr;

			// don't replace quotes and html tags
			if ($mode == 'show' \|\| $mode == '') {
			if ($mode == 'remove') {
			$str = strip_tags($str);
			}
			else if ($mode != 'strict') {
			// don't replace quotes and html tags
			$ltpos = strpos($str, '<');
			if ($ltpos !== false && strpos($str, '>', $ltpos) !== false) {
			unset($encode_arr['"']);
			@@ -228,9 +200,6 @@
			unset($encode_arr['>']);
			unset($encode_arr['&']);
			}
			}
			else if ($mode == 'remove') {
			$str = strip_tags($str);
			}

			$out = strtr($str, $encode_arr);
			@@ -253,8 +222,8 @@
			$js_rep_table["'"] = "\\'";
			$js_rep_table["\\"] = "\\\\";
			// Unicode line and paragraph separators (#1486310)
			$js_rep_table[chr(hexdec(E2)).chr(hexdec(80)).chr(hexdec(A8))] = ' ';
			$js_rep_table[chr(hexdec(E2)).chr(hexdec(80)).chr(hexdec(A9))] = ' ';
			$js_rep_table[chr(hexdec('E2')).chr(hexdec('80')).chr(hexdec('A8'))] = ' ';
			$js_rep_table[chr(hexdec('E2')).chr(hexdec('80')).chr(hexdec('A9'))] = ' ';
			}

			// encode for javascript use
			@@ -264,7 +233,7 @@

			// encode for plaintext
			if ($enctype == 'text') {
			return str_replace("\r\n", "\n", $mode=='remove' ? strip_tags($str) : $str);
			return str_replace("\r\n", "\n", $mode == 'remove' ? strip_tags($str) : $str);
			}

			if ($enctype == 'url') {
			@@ -1121,25 +1090,31 @@
			}

			/**
			* Generate a ramdom string
			* Generate a random string
			*
			* @param int $length String length
			* @param bool $raw Return RAW data instead of hex
			* @param bool $raw Return RAW data instead of ascii
			*
			* @return string The generated random string
			*/
			public static function random_bytes($length, $raw = false)
			{
			$rlen = $raw ? $length : ceil($length / 2);
			$random = openssl_random_pseudo_bytes($rlen);
			// Use PHP7 true random generator
			if (function_exists('random_bytes')) {
			$random = @random_bytes($length);
			}

			if (!$random) {
			$random = openssl_random_pseudo_bytes($length);
			}

			if ($raw) {
			return $random;
			}

			$random = bin2hex($random);
			$random = self::bin2ascii($random);

			// if the length wasn't even...
			// truncate to the specified size...
			if ($length < strlen($random)) {
			$random = substr($random, 0, $length);
			}
			@@ -1148,6 +1123,50 @@
			}

			/**
			* Convert binary data into readable form (containing a-zA-Z0-9 characters)
			*
			* @param string $input Binary input
			*
			* @return string Readable output
			*/
			public static function bin2ascii($input)
			{
			// Above method returns "hexits".
			// Based on bin_to_readable() function in ext/session/session.c.
			// Note: removed ",-" characters from hextab
			$hextab = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
			$nbits = 6; // can be 4, 5 or 6
			$length = strlen($input);
			$result = '';
			$char = 0;
			$i = 0;
			$have = 0;
			$mask = (1 << $nbits) - 1;

			while (true) {
			if ($have < $nbits) {
			if ($i < $length) {
			$char \|= ord($input[$i++]) << $have;
			$have += 8;
			}
			else if (!$have) {
			break;
			}
			else {
			$have = $nbits;
			}
			}

			// consume nbits
			$result .= $hextab[$char & $mask];
			$char >>= $nbits;
			$have -= $nbits;
			}

			return $result;
			}

			/**
			* Format current date according to specified format.
			* This method supports microseconds (u).
			*