githubFork/roundcubemail.git

			@@ -1,9 +1,9 @@
			<?php

			/*
			/**
			+-----------------------------------------------------------------------+
			\| This file is part of the Roundcube PHP suite \|
			\| Copyright (C) 2005-2012 The Roundcube Dev Team \|
			\| Copyright (C) 2005-2014 The Roundcube Dev Team \|
			\| \|
			\| Licensed under the GNU General Public License version 3 or \|
			\| any later version with exceptions for skins & plugins. \|
			@@ -31,6 +31,7 @@
			protected $config;
			protected $charset = RCUBE_CHARSET;
			protected $env = array();
			protected $skins = array();


			/**
			@@ -43,19 +44,20 @@
			$this->browser = new rcube_browser();
			}


			/**
			* Magic getter
			*/
			public function __get($var)
			{
			// allow read-only access to $env
			if ($var == 'env')
			return $this->env;
			// allow read-only access to some members
			switch ($var) {
			case 'env': return $this->env;
			case 'skins': return $this->skins;
			case 'charset': return $this->charset;
			}

			return null;
			}


			/**
			* Setter for output charset.
			@@ -68,7 +70,6 @@
			$this->charset = $charset;
			}


			/**
			* Getter for output charset
			*
			@@ -78,7 +79,6 @@
			{
			return $this->charset;
			}


			/**
			* Set environment variable
			@@ -90,7 +90,6 @@
			{
			$this->env[$name] = $value;
			}


			/**
			* Environment variable getter.
			@@ -104,7 +103,6 @@
			return $this->env[$name];
			}


			/**
			* Delete all stored env variables and commands
			*/
			@@ -112,7 +110,6 @@
			{
			$this->env = array();
			}


			/**
			* Invoke display_message command
			@@ -125,7 +122,6 @@
			*/
			abstract function show_message($message, $type = 'notice', $vars = null, $override = true, $timeout = 0);


			/**
			* Redirect to a certain url.
			*
			@@ -134,12 +130,10 @@
			*/
			abstract function redirect($p = array(), $delay = 1);


			/**
			* Send output to the client.
			*/
			abstract function send();


			/**
			* Send HTTP headers to prevent caching a page
			@@ -153,16 +147,13 @@
			header("Expires: ".gmdate("D, d M Y H:i:s")." GMT");
			header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");

			// Request browser to disable DNS prefetching (CVE-2010-0464)
			header("X-DNS-Prefetch-Control: off");

			// We need to set the following headers to make downloads work using IE in HTTPS mode.
			if ($this->browser->ie && rcube_utils::https_check()) {
			header('Pragma: private');
			header("Cache-Control: private, must-revalidate");
			}
			else {
			header("Cache-Control: private, no-cache, must-revalidate, post-check=0, pre-check=0");
			header("Cache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0");
			header("Pragma: no-cache");
			}
			}
			@@ -174,14 +165,37 @@
			*/
			public function future_expire_header($offset = 2600000)
			{
			if (headers_sent())
			if (headers_sent()) {
			return;
			}

			header("Expires: " . gmdate("D, d M Y H:i:s", time()+$offset) . " GMT");
			header("Cache-Control: max-age=$offset");
			header("Pragma: ");
			}

			/**
			* Send browser compatibility/security/etc. headers
			*/
			public function common_headers()
			{
			if (headers_sent()) {
			return;
			}

			// Unlock IE compatibility mode
			if ($this->browser->ie) {
			header('X-UA-Compatible: IE=edge');
			}

			// Request browser to disable DNS prefetching (CVE-2010-0464)
			header("X-DNS-Prefetch-Control: off");

			// send CSRF and clickjacking protection headers
			if ($xframe = $this->app->config->get('x_frame_options', 'sameorigin')) {
			header('X-Frame-Options: ' . $xframe);
			}
			}

			/**
			* Show error page and terminate script execution
			@@ -195,7 +209,6 @@
			fputs(STDERR, "Error $code: $message\n");
			exit(-1);
			}


			/**
			* Create an edit field for inclusion on a form
			@@ -249,7 +262,6 @@
			return $out;
			}


			/**
			* Convert a variable into a javascript object notation
			*
			@@ -265,5 +277,4 @@
			// that's why we have @ here
			return @json_encode($input);
			}

			}