githubFork/roundcubemail.git

			@@ -190,13 +190,6 @@
			setcookie('sessauth', rcmail_auth_hash(session_id(), $now));
			}

			if (!$valid)
			write_log('timeouts',
			"REQUEST: " . var_export($_REQUEST, true) .
			"\nEXPECTED: " . rcmail_auth_hash(session_id(), $_SESSION['auth_time']) .
			"\nOR LAST: " . rcmail_auth_hash(session_id(), $_SESSION['last_auth']) .
			"\nSESSION: " . var_export($_SESSION, true));

			return $valid;
			}

			@@ -400,7 +393,7 @@
			// set localization charset based on the given language
			function rcmail_set_locale($lang)
			{
			global $OUTPUT, $MBSTRING;
			global $OUTPUT, $CHARSET, $MBSTRING;
			static $s_mbstring_loaded = NULL;

			// settings for mbstring module (by Tadashi Jokagi)
			@@ -408,6 +401,9 @@
			$MBSTRING = $s_mbstring_loaded = extension_loaded("mbstring");
			else
			$MBSTRING = $s_mbstring_loaded = FALSE;

			if ($MBSTRING)
			mb_internal_encoding($CHARSET);

			$OUTPUT->set_charset(rcube_language_prop($lang, 'charset'));
			}
			@@ -449,6 +445,26 @@

			if (!$host)
			$host = $CONFIG['default_host'];

			// Validate that selected host is in the list of configured hosts
			if (is_array($CONFIG['default_host']))
			{
			$allowed = FALSE;
			foreach ($CONFIG['default_host'] as $key => $host_allowed)
			{
			if (!is_numeric($key))
			$host_allowed = $key;
			if ($host == $host_allowed)
			{
			$allowed = TRUE;
			break;
			}
			}
			if (!$allowed)
			return FALSE;
			}
			else if (!empty($CONFIG['default_host']) && $host != $CONFIG['default_host'])
			return FALSE;

			// parse $host URL
			$a_host = parse_url($host);
			@@ -536,6 +552,7 @@
			$_SESSION['username'] = $user;
			$_SESSION['user_lang'] = $sess_user_lang;
			$_SESSION['password'] = encrypt_passwd($pass);
			$_SESSION['login_time'] = mktime();

			// force reloading complete list of subscribed mailboxes
			rcmail_set_imap_prop();
			@@ -563,10 +580,10 @@
			$DB->query("INSERT INTO ".get_table_name('users')."
			(created, last_login, username, mail_host, alias, language)
			VALUES (".$DB->now().", ".$DB->now().", ?, ?, ?, ?)",
			$user,
			$host,
			$user_email,
			$_SESSION['user_lang']);
			strip_newlines($user),
			strip_newlines($host),
			strip_newlines($user_email),
			$_SESSION['user_lang']);

			if ($user_id = $DB->insert_id(get_sequence_name('users')))
			{
			@@ -578,7 +595,7 @@
			$user_name = $user!=$user_email ? $user : '';

			// try to resolve the e-mail address from the virtuser table
			if (!empty($CONFIG['virtuser_query']) &&
			if (!empty($CONFIG['virtuser_query']) &&
			($sql_result = $DB->query(preg_replace('/%u/', $user, $CONFIG['virtuser_query']))) &&
			($DB->num_rows()>0))
			while ($sql_arr = $DB->fetch_array($sql_result))
			@@ -587,7 +604,7 @@
			(user_id, del, standard, name, email)
			VALUES (?, 0, 1, ?, ?)",
			$user_id,
			$user_name,
			strip_newlines($user_name),
			preg_replace('/^@/', $user . '@', $sql_arr[0]));
			}
			else
			@@ -597,8 +614,8 @@
			(user_id, del, standard, name, email)
			VALUES (?, 0, 1, ?, ?)",
			$user_id,
			$user_name,
			$user_email);
			strip_newlines($user_name),
			strip_newlines($user_email));
			}

			// get existing mailboxes
			@@ -1009,7 +1026,7 @@
			$str = strip_tags($str);

			// avoid douple quotation of &
			$out = preg_replace('/&([a-z]{2,5});/', '&\\1;', strtr($str, $encode_arr));
			$out = preg_replace('/&([a-z]{2,5}\|#[0-9]{2,4});/', '&\\1;', strtr($str, $encode_arr));

			return $newlines ? nl2br($out) : $out;
			}
			@@ -1065,9 +1082,9 @@
			* Quote a given string. Alias function for rep_specialchars_output
			* @see rep_specialchars_output
			*/
			function JQ($str, $mode='strict', $newlines=TRUE)
			function JQ($str)
			{
			return rep_specialchars_output($str, 'js', $mode, $newlines);
			return rep_specialchars_output($str, 'js');
			}


			@@ -1121,6 +1138,14 @@
			function strip_quotes($str)
			{
			return preg_replace('/[\'"]/', '', $str);
			}

			/**
			* Remove new lines characters from given string
			*/
			function strip_newlines($str)
			{
			return preg_replace('/[\r\n]/', '', $str);
			}


			@@ -1666,12 +1691,12 @@
			function parse_attrib_string($str)
			{
			$attrib = array();
			preg_match_all('/\s*([-_a-z]+)=["]([^"]+)["]?/i', stripslashes($str), $regs, PREG_SET_ORDER);
			preg_match_all('/\s*([-_a-z]+)=(["\'])([^"]+)\2/Ui', stripslashes($str), $regs, PREG_SET_ORDER);

			// convert attributes to an associative array (name => value)
			if ($regs)
			foreach ($regs as $attr)
			$attrib[strtolower($attr[1])] = $attr[2];
			$attrib[strtolower($attr[1])] = $attr[3];

			return $attrib;
			}
			@@ -1709,9 +1734,9 @@
			$week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']);

			// define date format depending on current time
			if ($CONFIG['prettydate'] && !$format && $timestamp > $today_limit)
			return sprintf('%s %s', rcube_label('today'), date('H:i', $timestamp));
			else if ($CONFIG['prettydate'] && !$format && $timestamp > $week_limit)
			if ($CONFIG['prettydate'] && !$format && $timestamp > $today_limit && $timestamp < $now)
			return sprintf('%s %s', rcube_label('today'), date($CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i', $timestamp));
			else if ($CONFIG['prettydate'] && !$format && $timestamp > $week_limit && $timestamp < $now)
			$format = $CONFIG['date_short'] ? $CONFIG['date_short'] : 'D H:i';
			else if (!$format)
			$format = $CONFIG['date_long'] ? $CONFIG['date_long'] : 'd.m.Y H:i';
			@@ -1829,7 +1854,7 @@
			$labels['pass'] = rcube_label('password');
			$labels['host'] = rcube_label('server');

			$input_user = new textfield(array('name' => '_user', 'id' => 'rcmloginuser', 'size' => 30));
			$input_user = new textfield(array('name' => '_user', 'id' => 'rcmloginuser', 'size' => 30, 'autocomplete' => 'off'));
			$input_pass = new passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'size' => 30));
			$input_action = new hiddenfield(array('name' => '_action', 'value' => 'login'));