githubFork/roundcubemail.git

			@@ -198,7 +198,10 @@
			if (!empty($MESSAGE->headers->charset))
			$RCMAIL->storage->set_charset($MESSAGE->headers->charset);

			if ($compose_mode == RCUBE_COMPOSE_REPLY) {
			if (!$MESSAGE->headers) {
			// error
			}
			else if ($compose_mode == RCUBE_COMPOSE_REPLY) {
			$COMPOSE['reply_uid'] = $msg_uid;
			$COMPOSE['reply_msgid'] = $MESSAGE->headers->messageID;
			$COMPOSE['references'] = trim($MESSAGE->headers->references . " " . $MESSAGE->headers->messageID);
			@@ -365,7 +368,12 @@
			$mailto = format_email(rcube_idn_to_utf8($addr_part['mailto']));

			if (!in_array($mailto, $a_recipients)
			&& ($header == 'to' \|\| empty($MESSAGE->compose['from_email']) \|\| $mailto != $MESSAGE->compose['from_email'])
			&& (
			$header == 'to'
			\|\| $compose_mode != RCUBE_COMPOSE_REPLY
			\|\| empty($MESSAGE->compose['from_email'])
			\|\| $mailto != $MESSAGE->compose['from_email']
			)
			) {
			if ($addr_part['name'] && $addr_part['mailto'] != $addr_part['name'])
			$string = format_email_recipient($mailto, $addr_part['name']);
			@@ -924,10 +932,10 @@
			$prefix .= rcube_label('from') . ': ' . $MESSAGE->get_header('from') . "\n";
			$prefix .= rcube_label('to') . ': ' . $MESSAGE->get_header('to') . "\n";

			if ($MESSAGE->headers->cc)
			$prefix .= rcube_label('cc') . ': ' . $MESSAGE->get_header('cc') . "\n";
			if ($MESSAGE->headers->replyto && $MESSAGE->headers->replyto != $MESSAGE->headers->from)
			$prefix .= rcube_label('replyto') . ': ' . $MESSAGE->get_header('replyto') . "\n";
			if ($cc = $MESSAGE->headers->get('cc'))
			$prefix .= rcube_label('cc') . ': ' . $cc . "\n";
			if (($replyto = $MESSAGE->headers->get('reply-to')) && $replyto != $MESSAGE->get_header('from'))
			$prefix .= rcube_label('replyto') . ': ' . $replyto . "\n";

			$prefix .= "\n";
			$body = trim($body, "\r\n");
			@@ -950,15 +958,13 @@
			rcube_label('from'), Q($MESSAGE->get_header('from'), 'replace'),
			rcube_label('to'), Q($MESSAGE->get_header('to'), 'replace'));

			if ($MESSAGE->headers->cc)
			if ($cc = $MESSAGE->headers->get('cc'))
			$prefix .= sprintf("<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>",
			rcube_label('cc'),
			Q($MESSAGE->get_header('cc'), 'replace'));
			rcube_label('cc'), Q($cc, 'replace'));

			if ($MESSAGE->headers->replyto && $MESSAGE->headers->replyto != $MESSAGE->headers->from)
			if (($replyto = $MESSAGE->headers->get('reply-to')) && $replyto != $MESSAGE->get_header('from'))
			$prefix .= sprintf("<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>",
			rcube_label('replyto'),
			Q($MESSAGE->get_header('replyto'), 'replace'));
			rcube_label('replyto'), Q($replyto, 'replace'));

			$prefix .= "</tbody></table><br>";
			}
			@@ -980,10 +986,19 @@
			&& count($MESSAGE->mime_parts) > 0)
			{
			$cid_map = rcmail_write_compose_attachments($MESSAGE, $bodyIsHtml);
			}

			// clean up HTML tags - XSS prevention (#1489251)
			if ($bodyIsHtml) {
			$body = rcmail_wash_html($body, array('safe' => 1), $cid_map);

			// remove comments (produced by washtml)
			$body = preg_replace('/<!--[^>]+-->/', '', $body);

			// replace cid with href in inline images links
			if ($cid_map)
			if (!empty($cid_map)) {
			$body = str_replace(array_keys($cid_map), array_values($cid_map), $body);
			}
			}

			return $body;
			@@ -1325,8 +1340,9 @@
			if (!$attrib['id'])
			$attrib['id'] = 'rcmAttachmentList';

			$out = "\n";
			$out = "\n";
			$jslist = array();
			$button = '';

			if (is_array($COMPOSE['attachments'])) {
			if ($attrib['deleteicon']) {
			@@ -1335,27 +1351,38 @@
			'alt' => rcube_label('delete')
			));
			}
			else
			else if (rcube_utils::get_boolean($attrib['textbuttons'])) {
			$button = Q(rcube_label('delete'));
			}

			foreach ($COMPOSE['attachments'] as $id => $a_prop) {
			if (empty($a_prop))
			continue;

			$out .= html::tag('li', array('id' => 'rcmfile'.$id, 'class' => rcmail_filetype2classname($a_prop['mimetype'], $a_prop['name'])),
			$out .= html::tag('li',
			array(
			'id' => 'rcmfile'.$id,
			'class' => rcmail_filetype2classname($a_prop['mimetype'], $a_prop['name']),
			'onmouseover' => "rcube_webmail.long_subject_title_ex(this, 0)",
			),
			html::a(array(
			'href' => "#delete",
			'title' => rcube_label('delete'),
			'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%s', this)", JS_OBJECT_NAME, $id),
			'class' => 'delete'),
			$button) . Q($a_prop['name']));
			'class' => 'delete'
			),
			$button
			) . Q($a_prop['name'])
			);

			$jslist['rcmfile'.$id] = array('name' => $a_prop['name'], 'complete' => true, 'mimetype' => $a_prop['mimetype']);
			$jslist['rcmfile'.$id] = array('name' => $a_prop['name'], 'complete' => true, 'mimetype' => $a_prop['mimetype']);
			}
			}

			if ($attrib['deleteicon'])
			$COMPOSE['deleteicon'] = $CONFIG['skin_path'] . $attrib['deleteicon'];
			else if (rcube_utils::get_boolean($attrib['textbuttons']))
			$COMPOSE['textbuttons'] = true;
			if ($attrib['cancelicon'])
			$OUTPUT->set_env('cancelicon', $CONFIG['skin_path'] . $attrib['cancelicon']);
			if ($attrib['loadingicon'])
			@@ -1422,17 +1449,17 @@
			rcube_label('normal'),
			rcube_label('high'),
			rcube_label('highest')),
			array(5, 4, 0, 2, 1));
			array('5', '4', '0', '2', '1'));

			if (isset($_POST['_priority']))
			$sel = $_POST['_priority'];
			else if (intval($MESSAGE->headers->priority) != 3)
			$sel = intval($MESSAGE->headers->priority);
			else if (isset($MESSAGE->headers->priority) && intval($MESSAGE->headers->priority) != 3)
			$sel = $MESSAGE->headers->priority;
			else
			$sel = 0;

			$out = $form_start ? "$form_start\n" : '';
			$out .= $selector->show($sel);
			$out .= $selector->show(strval($sel));
			$out .= $form_end ? "\n$form_end" : '';

			return $out;