githubFork/roundcubemail.git

			@@ -78,11 +78,12 @@
			// set current mailbox and some other vars in client environment
			$OUTPUT->set_env('mailbox', $mbox_name);
			$OUTPUT->set_env('pagesize', $RCMAIL->storage->get_pagesize());
			$OUTPUT->set_env('current_page', max(1, $_SESSION['page']));
			$OUTPUT->set_env('delimiter', $delimiter);
			$OUTPUT->set_env('threading', $threading);
			$OUTPUT->set_env('threads', $threading \|\| $RCMAIL->storage->get_capability('THREAD'));
			$OUTPUT->set_env('reply_all_mode', (int) $RCMAIL->config->get('reply_all_mode'));
			$OUTPUT->set_env('preview_pane_mark_read', $RCMAIL->config->get('preview_pane_mark_read', 0));
			$OUTPUT->set_env('preview_pane_mark_read', (int) $RCMAIL->config->get('preview_pane_mark_read'));

			if ($RCMAIL->storage->get_capability('QUOTA')) {
			$OUTPUT->set_env('quota', true);
			@@ -163,9 +164,11 @@
			$mbox = strlen($_SESSION['mbox']) ? $_SESSION['mbox'] : 'INBOX';
			}

			if ($RCMAIL->action == 'list') {
			// we handle 'page' argument on 'list' and 'getunread' to prevent from
			// race condition and unintentional page overwrite in session
			if ($RCMAIL->action == 'list' \|\| $RCMAIL->action == 'getunread') {
			if (!($page = intval($_GET['_page']))) {
			$page = $_SESSION['page'] ? $_SESSION['page'] : 1;
			$page = $_SESSION['page'] ?: 1;
			}

			$_SESSION['page'] = $page;
			@@ -176,7 +179,7 @@

			// set default sort col/order to session
			if (!isset($_SESSION['sort_col'])) {
			$_SESSION['sort_col'] = $message_sort_col ? $message_sort_col : '';
			$_SESSION['sort_col'] = $message_sort_col ?: '';
			}
			if (!isset($_SESSION['sort_order'])) {
			$_SESSION['sort_order'] = strtoupper($message_sort_order) == 'ASC' ? 'ASC' : 'DESC';
			@@ -951,6 +954,13 @@
			break;

			case 'style':
			// Crazy big styles may freeze the browser (#1490539)
			// remove content with more than 5k lines
			if (substr_count($content, "\n") > 5000) {
			$out = '';
			break;
			}

			// decode all escaped entities and reduce to ascii strings
			$stripped = preg_replace('/[^a-zA-Z\(:;]/', '', rcube_utils::xss_entity_decode($content));

			@@ -979,10 +989,12 @@
			static $sa_attrib;

			// keep header table attrib
			if (is_array($attrib) && !$sa_attrib && !$attrib['valueof'])
			if (is_array($attrib) && !$sa_attrib && !$attrib['valueof']) {
			$sa_attrib = $attrib;
			else if (!is_array($attrib) && is_array($sa_attrib))
			}
			else if (!is_array($attrib) && is_array($sa_attrib)) {
			$attrib = $sa_attrib;
			}

			if (!isset($MESSAGE)) {
			return false;
			@@ -1030,10 +1042,12 @@
			}
			else if ($hkey == 'priority') {
			if ($value) {
			$header_value = html::span('prio' . $value, rcmail_localized_priority($value));
			$header_value = html::span('prio' . $value, rcube::Q(rcmail_localized_priority($value)));
			$ishtml = true;
			}
			else
			else {
			continue;
			}
			}
			else if ($hkey == 'replyto') {
			if ($headers['replyto'] != $headers['from']) {
			@@ -1041,8 +1055,9 @@
			$attrib['addicon'], $headers['charset'], $header_title);
			$ishtml = true;
			}
			else
			else {
			continue;
			}
			}
			else if ($hkey == 'mail-reply-to') {
			if ($headers['mail-replyto'] != $headers['reply-to']
			@@ -1052,8 +1067,9 @@
			$attrib['addicon'], $headers['charset'], $header_title);
			$ishtml = true;
			}
			else
			else {
			continue;
			}
			}
			else if ($hkey == 'sender') {
			if ($headers['sender'] != $headers['from']) {
			@@ -1061,8 +1077,9 @@
			$attrib['addicon'], $headers['charset'], $header_title);
			$ishtml = true;
			}
			else
			else {
			continue;
			}
			}
			else if ($hkey == 'mail-followup-to') {
			$header_value = rcmail_address_string($value, $attrib['max'], true,
			@@ -1099,14 +1116,15 @@

			// single header value is requested
			if (!empty($attrib['valueof'])) {
			return rcube::Q($plugin['output'][$attrib['valueof']]['value'], ($attrib['valueof'] == 'subject' ? 'strict' : 'show'));
			$row = $plugin['output'][$attrib['valueof']];
			return $row['html'] ? $row['value'] : rcube::Q($row['value']);
			}

			// compose html table
			$table = new html_table(array('cols' => 2));

			foreach ($plugin['output'] as $hkey => $row) {
			$val = $row['html'] ? $row['value'] : rcube::Q($row['value'], ($hkey == 'subject' ? 'strict' : 'show'));
			$val = $row['html'] ? $row['value'] : rcube::Q($row['value']);

			$table->add(array('class' => 'header-title'), rcube::Q($row['title']));
			$table->add(array('class' => 'header '.$hkey), $val);
			@@ -1222,15 +1240,6 @@

			// fetch part body
			$body = $MESSAGE->get_part_body($part->mime_id, true);

			// extract headers from message/rfc822 parts
			if ($part->mimetype == 'message/rfc822') {
			$msgpart = rcube_mime::parse_message($body);
			if (!empty($msgpart->headers)) {
			$part = $msgpart;
			$out .= html::div('message-partheaders', rcmail_message_headers(sizeof($header_attrib) ? $header_attrib : null, $part->headers));
			}
			}

			// message is cached but not exists (#1485443), or other error
			if ($body === false) {
			@@ -1624,7 +1633,7 @@
			$content = rcube::Q($name ? sprintf('%s <%s>', $name, $mailto) : $mailto);
			}
			else {
			$content = rcube::Q($name ? $name : $mailto);
			$content = rcube::Q($name ?: $mailto);
			$attrs['title'] = $mailto;
			}

			@@ -1632,7 +1641,7 @@
			}
			else {
			$address = html::span(array('title' => $mailto, 'class' => "rcmContactAddress"),
			rcube::Q($name ? $name : $mailto));
			rcube::Q($name ?: $mailto));
			}

			if ($addicon && $_SESSION['writeable_abook']) {
			@@ -2199,3 +2208,93 @@

			return $jsresult;
			}

			function rcmail_save_attachment($message, $pid, $compose_id, $params = array())
			{
			global $COMPOSE;

			$rcmail = rcmail::get_instance();
			$storage = $rcmail->get_storage();

			if ($pid) {
			// attachment requested
			$part = $message->mime_parts[$pid];
			$size = $part->size;
			$mimetype = $part->ctype_primary . '/' . $part->ctype_secondary;
			$filename = $params['filename'] ?: rcmail_attachment_name($part);
			}
			else {
			// the whole message requested
			$size = $message->size;
			$mimetype = 'message/rfc822';
			$filename = $params['filename'] ?: 'message_rfc822.eml';
			}

			// don't load too big attachments into memory
			if (!rcube_utils::mem_check($size)) {
			$temp_dir = unslashify($rcmail->config->get('temp_dir'));
			$path = tempnam($temp_dir, 'rcmAttmnt');

			if ($fp = fopen($path, 'w')) {
			if ($pid) {
			// part body
			$message->get_part_body($pid, false, 0, $fp);
			}
			else {
			// complete message
			$storage->get_raw_body($message->uid, $fp);
			}

			fclose($fp);
			}
			else {
			return false;
			}
			}
			else if ($pid) {
			// part body
			$data = $message->get_part_body($pid);
			}
			else {
			// complete message
			$data = $storage->get_raw_body($message->uid);
			}

			$attachment = array(
			'group' => $compose_id,
			'name' => $filename,
			'mimetype' => $mimetype,
			'content_id' => $part ? $part->content_id : null,
			'data' => $data,
			'path' => $path,
			'size' => $path ? filesize($path) : strlen($data),
			'charset' => $part ? $part->charset : null,
			);

			$attachment = $rcmail->plugins->exec_hook('attachment_save', $attachment);

			if ($attachment['status']) {
			unset($attachment['data'], $attachment['status'], $attachment['content_id'], $attachment['abort']);

			// rcube_session::append() replaces current session data with the old values
			// (in rcube_session::reload()). This is a problem in 'compose' action, because before
			// the first append() use we set some important data in the session.
			// It also overwrites attachments list. Fixing reload() is not so simple if possible
			// as we don't really know what has been added and what removed in meantime.
			// So, for now we'll do not use append() on 'compose' action (#1490608).

			if ($rcmail->action == 'compose') {
			$COMPOSE['attachments'][$attachment['id']] = $attachment;
			}
			else {
			$rcmail->session->append('compose_data_' . $compose_id . '.attachments', $attachment['id'], $attachment);
			}

			return $attachment;
			}
			else if ($path) {
			@unlink($path);
			}

			return false;
			}