1 files changed, 54 insertions, 24 deletions

diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php
index 88af550ed..29a86b9f7 100644
--- a/program/include/rcmail_output_html.php
+++ b/program/include/rcmail_output_html.php
@@ -67,6 +67,7 @@ class rcmail_output_html extends rcmail_output
         //$this->framed = $framed;
         $this->set_env('task', $task);
         $this->set_env('x_frame_options', $this->config->get('x_frame_options', 'sameorigin'));
+        $this->set_env('standard_windows', (bool) $this->config->get('standard_windows'));
 
         // add cookie info
         $this->set_env('cookie_domain', ini_get('session.cookie_domain'));
@@ -80,6 +81,8 @@ class rcmail_output_html extends rcmail_output
 
         if (!empty($_REQUEST['_extwin']))
           $this->set_env('extwin', 1);
+        if ($this->framed || !empty($_REQUEST['_framed']))
+          $this->set_env('framed', 1);
 
         // add common javascripts
         $this->add_script('var '.self::JS_OBJECT_NAME.' = new rcube_webmail();', 'head_top');
@@ -305,13 +308,19 @@ class rcmail_output_html extends rcmail_output
 
     /**
      * Delete all stored env variables and commands
+     *
+     * @param bool $all Reset all env variables (including internal)
      */
-    public function reset()
+    public function reset($all = false)
     {
+        $env = $all ? null : array_intersect_key($this->env, array('extwin'=>1, 'framed'=>1));
+
         parent::reset();
-        $this->js_env = array();
-        $this->js_labels = array();
-        $this->js_commands = array();
+
+        // let some env variables survive
+        $this->env = $this->js_env = $env;
+        $this->js_labels    = array();
+        $this->js_commands  = array();
         $this->script_files = array();
         $this->scripts      = array();
         $this->header       = '';
@@ -356,7 +365,7 @@ class rcmail_output_html extends rcmail_output
             $this->parse($templ, false);
         }
         else {
-            $this->framed = $templ == 'iframe' ? true : $this->framed;
+            $this->framed = true;
             $this->write();
         }
 
@@ -390,9 +399,11 @@ class rcmail_output_html extends rcmail_output
           $this->set_env('request_token', $this->app->get_request_token());
 
         // write all env variables to client
-        $js = $this->framed ? "if(window.parent) {\n" : '';
-        $js .= $this->get_js_commands() . ($this->framed ? ' }' : '');
-        $this->add_script($js, 'head_top');
+        if ($commands = $this->get_js_commands()) {
+            $js = $this->framed ? "if (window.parent) {\n" : '';
+            $js .= $commands . ($this->framed ? ' }' : '');
+            $this->add_script($js, 'head_top');
+        }
 
         // send clickjacking protection headers
         $iframe = $this->framed || !empty($_REQUEST['_framed']);
@@ -645,7 +656,7 @@ class rcmail_output_html extends rcmail_output
     protected function file_callback($matches)
     {
         $file = $matches[3];
-        $file[0] = preg_replace('!^/this/!', '/', $file[0]);
+        $file = preg_replace('!^/this/!', '/', $file);
 
         // correct absolute paths
         if ($file[0] == '/') {
@@ -668,7 +679,7 @@ class rcmail_output_html extends rcmail_output
      *
      * @param  string $input
      * @return string
-     * @uses   rcube_output_html::parse_xml()
+     * @uses   rcmail_output_html::parse_xml()
      * @since  0.1-rc1
      */
     public function just_parse($input)
@@ -721,14 +732,13 @@ class rcmail_output_html extends rcmail_output
     /**
      * Determines if a given condition is met
      *
-     * @todo   Get rid off eval() once I understand what this does.
      * @todo   Extend this to allow real conditions, not just "set"
      * @param  string Condition statement
      * @return boolean True if condition is met, False if not
      */
     protected function check_condition($condition)
     {
-        return eval("return (".$this->parse_expression($condition).");");
+        return $this->eval_expression($condition);
     }
 
 
@@ -750,14 +760,15 @@ class rcmail_output_html extends rcmail_output
 
 
     /**
-     * Parses expression and replaces variables
+     * Parse & evaluate a given expression and return its result.
      *
-     * @param  string Expression statement
-     * @return string Expression value
+     * @param string Expression statement
+     *
+     * @return mixed Expression result
      */
-    protected function parse_expression($expression)
+    protected function eval_expression ($expression)
     {
-        return preg_replace(
+        $expression = preg_replace(
             array(
                 '/session:([a-z0-9_]+)/i',
                 '/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i',
@@ -769,14 +780,29 @@ class rcmail_output_html extends rcmail_output
             ),
             array(
                 "\$_SESSION['\\1']",
-                "\$this->app->config->get('\\1',rcube_utils::get_boolean('\\3'))",
-                "\$this->env['\\1']",
+                "\$app->config->get('\\1',rcube_utils::get_boolean('\\3'))",
+                "\$env['\\1']",
                 "rcube_utils::get_input_value('\\1', rcube_utils::INPUT_GPC)",
                 "\$_COOKIE['\\1']",
-                "\$this->browser->{'\\1'}",
+                "\$browser->{'\\1'}",
                 $this->template_name,
             ),
-            $expression);
+            $expression
+        );
+
+        $fn = create_function('$app,$browser,$env', "return ($expression);");
+        if (!$fn) {
+            rcube::raise_error(array(
+                'code' => 505,
+                'type' => 'php',
+                'file' => __FILE__,
+                'line' => __LINE__,
+                'message' => "Expression parse error on: ($expression)"), true, false);
+
+            return null;
+        }
+
+        return $fn($this->app, $this->browser, $this->env);
     }
 
 
@@ -829,7 +855,7 @@ class rcmail_output_html extends rcmail_output
             // show a label
             case 'label':
                 if ($attrib['expression'])
-                    $attrib['name'] = eval("return " . $this->parse_expression($attrib['expression']) .";");
+                    $attrib['name'] = $this->eval_expression($attrib['expression']);
 
                 if ($attrib['name'] || $attrib['command']) {
                     // @FIXME: 'noshow' is useless, remove?
@@ -863,6 +889,7 @@ class rcmail_output_html extends rcmail_output
             // include a file
             case 'include':
                 $old_base_path = $this->base_path;
+                if (!empty($attrib['skin_path'])) $attrib['skinpath'] = $attrib['skin_path'];
                 if ($path = $this->get_skin_file($attrib['file'], $skin_path, $attrib['skinpath'])) {
                     $this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path);  // set base_path to core skin directory (not plugin's skin)
                     $path = realpath($path);
@@ -960,8 +987,7 @@ class rcmail_output_html extends rcmail_output
 
             // return code for a specified eval expression
             case 'exp':
-                $value = $this->parse_expression($attrib['expression']);
-                return eval("return html::quote($value);");
+                return html::quote($this->eval_expression($attrib['expression']));
 
             // return variable
             case 'var':
@@ -1169,6 +1195,10 @@ class rcmail_output_html extends rcmail_output
             $out = sprintf('<a%s>%s</a>', $attrib_str, $btn_content);
         }
 
+        if ($attrib['wrapper']) {
+            $out = html::tag($attrib['wrapper'], null, $out);
+        }
+
         return $out;
     }