1 files changed, 27 insertions, 8 deletions

diff --git a/program/lib/Roundcube/rcube_utils.php b/program/lib/Roundcube/rcube_utils.php
index 1ae782a25..29baa82f3 100644
--- a/program/lib/Roundcube/rcube_utils.php
+++ b/program/lib/Roundcube/rcube_utils.php
@@ -404,7 +404,7 @@ class rcube_utils
         $out = array();
         $src = $mode == self::INPUT_GET ? $_GET : ($mode == self::INPUT_POST ? $_POST : $_REQUEST);
 
-        foreach ($src as $key => $value) {
+        foreach (array_keys($src) as $key) {
             $fname = $key[0] == '_' ? substr($key, 1) : $key;
             if ($ignore && !preg_match('/^(' . $ignore . ')$/', $fname)) {
                 $out[$fname] = self::get_input_value($key, $mode);
@@ -510,17 +510,24 @@ class rcube_utils
      */
     public static function file2class($mimetype, $filename)
     {
+        $mimetype = strtolower($mimetype);
+        $filename = strtolower($filename);
+
         list($primary, $secondary) = explode('/', $mimetype);
 
         $classes = array($primary ? $primary : 'unknown');
+
         if ($secondary) {
             $classes[] = $secondary;
         }
-        if (preg_match('/\.([a-z0-9]+)$/i', $filename, $m)) {
-            $classes[] = $m[1];
+
+        if (preg_match('/\.([a-z0-9]+)$/', $filename, $m)) {
+            if (!in_array($m[1], $classes)) {
+                $classes[] = $m[1];
+            }
         }
 
-        return strtolower(join(" ", $classes));
+        return join(" ", $classes);
     }
 
 
@@ -726,11 +733,23 @@ class rcube_utils
             return mktime(0,0,0, intval($matches[2]), intval($matches[3]), intval($matches[1]));
         }
         else if (is_numeric($date)) {
-            return $date;
+            return (int) $date;
         }
 
-        // support non-standard "GMTXXXX" literal
-        $date = preg_replace('/GMT\s*([+-][0-9]+)/', '\\1', $date);
+        // Clean malformed data
+        $date = preg_replace(
+            array(
+                '/GMT\s*([+-][0-9]+)/',                     // support non-standard "GMTXXXX" literal
+                '/[^a-z0-9\x20\x09:+-]/i',                  // remove any invalid characters
+                '/\s*(Mon|Tue|Wed|Thu|Fri|Sat|Sun)\s*/i',   // remove weekday names
+            ),
+            array(
+                '\\1',
+                '',
+                '',
+            ), $date);
+
+        $date = trim($date);
 
         // if date parsing fails, we have a date in non-rfc format.
         // remove token from the end and try again
@@ -743,7 +762,7 @@ class rcube_utils
             $date = implode(' ', $d);
         }
 
-        return $ts;
+        return (int) $ts;
     }