githubFork/roundcubemail.git

			@@ -379,6 +379,8 @@
			// make sort links
			if (in_array($col, $a_sort_cols))
			$col_name = html::a(array('href'=>"./#sort", 'onclick' => 'return '.JS_OBJECT_NAME.".command('sort','".$col."',this)", 'title' => rcube_label('sortby')), $col_name);
			else if ($col_name[0] != '<')
			$col_name = '<span class="' . $col .'">' . $col_name . '</span>';

			$sort_class = $col == $sort_col ? " sorted$sort_order" : '';
			$class_name = $col.$sort_class;
			@@ -834,8 +836,8 @@
			$stripped = preg_replace('/[^a-zA-Z\(:;]/', '', rcmail_xss_entity_decode($content));

			// now check for evil strings like expression, behavior or url()
			if (!preg_match('/expression\|behavior/i', $stripped)) {
			if (!$washtml->get_config('allow_remote') && preg_match('/url\(\|import[^a]/i', $stripped))
			if (!preg_match('/expression\|behavior\|javascript:\|import[^a]/i', $stripped)) {
			if (!$washtml->get_config('allow_remote') && stripos($stripped, 'url('))
			$washtml->extlinks = true;
			else
			$out = html::tag('style', array('type' => 'text/css'), $content);
			@@ -890,6 +892,7 @@
			// show these headers
			$standard_headers = array('subject', 'from', 'to', 'cc', 'bcc', 'replyto',
			'mail-reply-to', 'mail-followup-to', 'date');
			$exclude_headers = $attrib['exclude'] ? explode(',', $attrib['exclude']) : array();
			$output_headers = array();

			foreach ($standard_headers as $hkey) {
			@@ -898,6 +901,9 @@
			else if ($headers['others'][$hkey])
			$value = $headers['others'][$hkey];
			else
			continue;

			if (in_array($hkey, $exclude_headers))
			continue;

			if ($hkey == 'date') {
			@@ -937,7 +943,11 @@
			}

			$plugin = $RCMAIL->plugins->exec_hook('message_headers_output',
			array('output' => $output_headers, 'headers' => $MESSAGE->headers));
			array('output' => $output_headers, 'headers' => $MESSAGE->headers, 'exclude' => $exclude_headers));

			// single header value is requested
			if (!empty($attrib['valueof']))
			return Q($plugin['output'][$attrib['valueof']]['value'], ($hkey == 'subject' ? 'strict' : 'show'));

			// compose html table
			$table = new html_table(array('cols' => 2));
			@@ -1062,6 +1072,11 @@
			// list images after mail body
			if ($CONFIG['inline_images'] && !empty($MESSAGE->attachments)) {
			foreach ($MESSAGE->attachments as $attach_prop) {
			// skip inline images
			if ($attach_prop->content_id && $attach_prop->disposition == 'inline') {
			continue;
			}

			// Content-Type: image/*...
			if (preg_match('/^image\//i', $attach_prop->mimetype) \|\|
			// ...or known file extension: many clients are using application/octet-stream
			@@ -1296,6 +1311,7 @@
			'href' => "#add",
			'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, urlencode($string)),
			'title' => rcube_label('addtoaddressbook'),
			'class' => 'rcmaddcontact',
			),
			html::img(array(
			'src' => $CONFIG['skin_path'] . $addicon,
			@@ -1390,7 +1406,7 @@
			}


			function rcmail_message_part_controls()
			function rcmail_message_part_controls($attrib)
			{
			global $MESSAGE;

			@@ -1403,13 +1419,13 @@

			if (!empty($part->filename)) {
			$table->add('title', Q(rcube_label('filename')));
			$table->add(null, Q($part->filename));
			$table->add(null, '[' . html::a('?'.str_replace('_frame=', '_download=', $_SERVER['QUERY_STRING']), Q(rcube_label('download'))) . ']');
			$table->add('header', Q($part->filename));
			$table->add('download-link', html::a(array('href' => './?'.str_replace('_frame=', '_download=', $_SERVER['QUERY_STRING'])), Q(rcube_label('download'))));
			}

			if (!empty($part->size)) {
			$table->add('title', Q(rcube_label('filesize')));
			$table->add(null, Q(show_bytes($part->size)));
			$table->add('header', Q(show_bytes($part->size)));
			}

			return $table->show($attrib);