From 0fa54df638a0b0f514d1bfba3cefb93e38991a35 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 1 Dec 2012 20:02:34 +0100
Subject: enriched.inc -> rcube_enriched

---
 tests/Framework/Enriched.php | 74 ++++++++++++++++++++++++++++++++++++++++++++
 tests/phpunit.xml            |  1 +
 2 files changed, 75 insertions(+)
 create mode 100644 tests/Framework/Enriched.php

(limited to 'tests')

diff --git a/tests/Framework/Enriched.php b/tests/Framework/Enriched.php
new file mode 100644
index 000000000..26bbc3b4e
--- /dev/null
+++ b/tests/Framework/Enriched.php
@@ -0,0 +1,74 @@
+<?php
+
+/**
+ * Test class to test rcube_enriched class
+ *
+ * @package Tests
+ */
+class Framework_Enriched extends PHPUnit_Framework_TestCase
+{
+
+    /**
+     * Class constructor
+     */
+    function test_class()
+    {
+        $object = new rcube_enriched();
+
+        $this->assertInstanceOf('rcube_enriched', $object, "Class constructor");
+    }
+
+    /**
+     * Test to_html()
+     */
+    function test_to_html()
+    {
+        $enriched = '<bold><italic>the-text</italic></bold>';
+        $expected = '<b><i>the-text</i></b>';
+        $result   = rcube_enriched::to_html($enriched);
+
+        $this->assertSame($expected, $result);
+    }
+
+    /**
+     * Data for test_formatting()
+     */
+    function data_formatting()
+    {
+        return array(
+            array('<bold>', '<b>'),
+            array('</bold>', '</b>'),
+            array('<italic>', '<i>'),
+            array('</italic>', '</i>'),
+            array('<fixed>', '<tt>'),
+            array('</fixed>', '</tt>'),
+            array('<smaller>', '<font size=-1>'),
+            array('</smaller>', '</font>'),
+            array('<bigger>', '<font size=+1>'),
+            array('</bigger>', '</font>'),
+            array('<underline>', '<span style="text-decoration: underline">'),
+            array('</underline>', '</span>'),
+            array('<flushleft>', '<span style="text-align: left">'),
+            array('</flushleft>', '</span>'),
+            array('<flushright>', '<span style="text-align: right">'),
+            array('</flushright>', '</span>'),
+            array('<flushboth>', '<span style="text-align: justified">'),
+            array('</flushboth>', '</span>'),
+            array('<indent>', '<span style="padding-left: 20px">'),
+            array('</indent>', '</span>'),
+            array('<indentright>', '<span style="padding-right: 20px">'),
+            array('</indentright>', '</span>'),
+        );
+    }
+
+    /**
+     * Test formatting conversion
+     * @dataProvider data_formatting
+     */
+    function test_formatting($enriched, $expected)
+    {
+        $result = rcube_enriched::to_html($enriched);
+
+        $this->assertSame($expected, $result);
+    }
+}
diff --git a/tests/phpunit.xml b/tests/phpunit.xml
index 36ab6d714..c9e229e97 100644
--- a/tests/phpunit.xml
+++ b/tests/phpunit.xml
@@ -10,6 +10,7 @@
             <file>Framework/Charset.php</file>
             <file>Framework/ContentFilter.php</file>
             <file>Framework/Csv2vcard.php</file>
+            <file>Framework/Enriched.php</file>
             <file>Framework/Html.php</file>
             <file>Framework/Imap.php</file>
             <file>Framework/ImapGeneric.php</file>
-- 
cgit v1.2.3


From 74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 4 Dec 2012 09:17:08 +0100
Subject: - Fix XSS vulnerability in vbscript: and data:text links handling
 (#1488850)

---
 CHANGELOG               |  1 +
 program/lib/washtml.php |  2 +-
 tests/MailFunc.php      | 14 ++++++++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)

(limited to 'tests')

diff --git a/CHANGELOG b/CHANGELOG
index a47c95dcf..af7d29c04 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix XSS vulnerability in vbscript: and data:text links handling (#1488850)
 - Fix broken message/part bodies when FETCH response contains more untagged lines (#1488836)
 - Fix empty email on identities list after identity update (#1488834)
 - Add new identities_level: (4) one identity with possibility to edit only signature
diff --git a/program/lib/washtml.php b/program/lib/washtml.php
index 0d4ffdb4b..d13d66404 100644
--- a/program/lib/washtml.php
+++ b/program/lib/washtml.php
@@ -214,7 +214,7 @@ class washtml
       $key = strtolower($key);
       $value = $node->getAttribute($key);
       if (isset($this->_html_attribs[$key]) ||
-         ($key == 'href' && !preg_match('!^javascript!i', $value)
+         ($key == 'href' && !preg_match('!^(javascript|vbscript|data:text)!i', $value)
            && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value))
       ) {
         $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
diff --git a/tests/MailFunc.php b/tests/MailFunc.php
index 967277c2a..4d4250c22 100644
--- a/tests/MailFunc.php
+++ b/tests/MailFunc.php
@@ -96,6 +96,20 @@ class MailFunc extends PHPUnit_Framework_TestCase
         $this->assertNotRegExp('/font-style:italic/', $washed, "Allow valid styles");
     }
 
+    /**
+     * Test the elimination of some XSS vulnerabilities
+     */
+    function test_html_xss3()
+    {
+        // #1488850
+        $html = '<p><a href="data:text/html,&lt;script&gt;alert(document.cookie)&lt;/script&gt;">Firefox</a>'
+            .'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>';
+        $washed = rcmail_wash_html($html, array('safe' => true), array());
+
+        $this->assertNotRegExp('/data:text/', $washed, "Remove data:text/html links");
+        $this->assertNotRegExp('/vbscript:/', $washed, "Remove vbscript: links");
+    }
+
     /**
      * Test washtml class on non-unicode characters (#1487813)
      */
-- 
cgit v1.2.3


From a079269166d120bcbcb33d34f4b1c8f60d102e32 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 20 Dec 2012 08:53:48 +0100
Subject: Fix version comparisons with -stable suffix (#1488876)

---
 CHANGELOG                           |  1 +
 bin/installto.sh                    |  2 +-
 bin/update.sh                       |  4 ++--
 installer/rcube_install.php         |  6 +++---
 program/lib/Roundcube/bootstrap.php | 16 ++++++++++++++++
 tests/Framework/Bootstrap.php       |  8 ++++++++
 6 files changed, 31 insertions(+), 6 deletions(-)

(limited to 'tests')

diff --git a/CHANGELOG b/CHANGELOG
index c4e63aaeb..02e20455c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix version comparisons with -stable suffix (#1488876)
 - Add unsupported alternative parts to attachments list (#1488870)
 - Add Compose button on message view page (#1488747)
 - Display 'Sender' header in message preview
diff --git a/bin/installto.sh b/bin/installto.sh
index de96bf004..e6cf79d7d 100755
--- a/bin/installto.sh
+++ b/bin/installto.sh
@@ -35,7 +35,7 @@ if (!preg_match('/define\(.RCMAIL_VERSION.,\s*.([0-9.]+[a-z-]*)/', $iniset, $m))
 
 $oldversion = $m[1];
 
-if (version_compare($oldversion, RCMAIL_VERSION, '>='))
+if (version_compare(version_parse($oldversion), version_parse(RCMAIL_VERSION), '>='))
   die("Installation at target location is up-to-date!\n");
 
 echo "Upgrading from $oldversion. Do you want to continue? (y/N)\n";
diff --git a/bin/update.sh b/bin/update.sh
index 59aa596dd..2015aa904 100755
--- a/bin/update.sh
+++ b/bin/update.sh
@@ -34,7 +34,7 @@ if (!$opts['version']) {
     $opts['version'] = $input;
 }
 
-if ($opts['version'] && version_compare($opts['version'], RCMAIL_VERSION, '>'))
+if ($opts['version'] && version_compare(version_parse($opts['version']), version_parse(RCMAIL_VERSION), '>'))
   die("Nothing to be done here. Bye!\n");
 
 
@@ -169,7 +169,7 @@ if ($RCI->configured) {
   }
   
   // index contacts for fulltext searching
-  if (version_compare($opts['version'], '0.6', '<')) {
+  if (version_compare(version_parse($opts['version']), '0.6.0', '<')) {
     system(INSTALL_PATH . 'bin/indexcontacts.sh');
   }
   
diff --git a/installer/rcube_install.php b/installer/rcube_install.php
index dfd63562d..530be3ebe 100644
--- a/installer/rcube_install.php
+++ b/installer/rcube_install.php
@@ -633,8 +633,8 @@ class rcube_install
    */
   function update_db($DB, $version)
   {
-    $version = strtolower($version);
-    $engine = isset($this->db_map[$DB->db_provider]) ? $this->db_map[$DB->db_provider] : $DB->db_provider;
+    $version = version_parse(strtolower($version));
+    $engine  = isset($this->db_map[$DB->db_provider]) ? $this->db_map[$DB->db_provider] : $DB->db_provider;
 
     // read schema file from /SQL/*
     $fname = INSTALL_PATH . "SQL/$engine.update.sql";
@@ -643,7 +643,7 @@ class rcube_install
       foreach ($lines as $line) {
         $is_comment = preg_match('/^--/', $line);
         if (!$from && $is_comment && preg_match('/from version\s([0-9.]+[a-z-]*)/', $line, $m)) {
-          $v = strtolower($m[1]);
+          $v = version_parse(strtolower($m[1]));
           if ($v == $version || version_compare($version, $v, '<='))
             $from = true;
         }
diff --git a/program/lib/Roundcube/bootstrap.php b/program/lib/Roundcube/bootstrap.php
index 18c07ddab..530a7f855 100644
--- a/program/lib/Roundcube/bootstrap.php
+++ b/program/lib/Roundcube/bootstrap.php
@@ -357,6 +357,22 @@ function format_email($email)
 }
 
 
+/**
+ * Fix version number so it can be used correctly in version_compare()
+ *
+ * @param string $version Version number string
+ *
+ * @param return Version number string
+ */
+function version_parse($version)
+{
+    return str_replace(
+        array('-stable', '-git'),
+        array('.0', '.99'),
+        $version);
+}
+
+
 /**
  * mbstring replacement functions
  */
diff --git a/tests/Framework/Bootstrap.php b/tests/Framework/Bootstrap.php
index d18fd371b..904be7e3b 100644
--- a/tests/Framework/Bootstrap.php
+++ b/tests/Framework/Bootstrap.php
@@ -207,4 +207,12 @@ class Framework_Bootstrap extends PHPUnit_Framework_TestCase
         $this->assertFalse($result, "Invalid ASCII (UTF-8 character [2])");
     }
 
+    /**
+     * bootstrap.php: version_parse()
+     */
+    function test_version_parse()
+    {
+        $this->assertEquals('0.9.0', version_parse('0.9-stable'));
+        $this->assertEquals('0.9.99', version_parse('0.9-git'));
+    }
 }
-- 
cgit v1.2.3


From 0931a97c5fc7231df99fdf4cdeebb525392886ed Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sun, 23 Dec 2012 15:09:56 +0100
Subject: Fix handling of parentheses in URLs

---
 program/lib/Roundcube/rcube_string_replacer.php | 27 ++++++++++++++++++++++++-
 tests/Framework/StringReplacer.php              |  6 ++++++
 2 files changed, 32 insertions(+), 1 deletion(-)

(limited to 'tests')

diff --git a/program/lib/Roundcube/rcube_string_replacer.php b/program/lib/Roundcube/rcube_string_replacer.php
index 0fe982b26..6b289886b 100644
--- a/program/lib/Roundcube/rcube_string_replacer.php
+++ b/program/lib/Roundcube/rcube_string_replacer.php
@@ -36,7 +36,7 @@ class rcube_string_replacer
         // Support unicode/punycode in top-level domain part
         $utf_domain = '[^?&@"\'\\/()\s\r\t\n]+\\.?([^\\x00-\\x2f\\x3b-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-zA-Z0-9]{2,})';
         $url1       = '.:;,';
-        $url2       = 'a-zA-Z0-9%=#$@+?!&\\/_~\\[\\]{}\*-';
+        $url2       = 'a-zA-Z0-9%=#$@+?!&\\/_~\\[\\]\\(\\){}\*-';
 
         $this->link_pattern = "/([\w]+:\/\/|\W[Ww][Ww][Ww]\.|^[Ww][Ww][Ww]\.)($utf_domain([$url1]?[$url2]+)*)/";
         $this->mailto_pattern = "/("
@@ -161,6 +161,9 @@ class rcube_string_replacer
         // "http://example.com/?a[b]=c". However we need to handle
         // properly situation when a bracket is placed at the end
         // of the link e.g. "[http://example.com]"
+        // Yes, this is not perfect handles correctly only paired characters
+        // but it should work for common cases
+
         if (preg_match('/(\\[|\\])/', $url)) {
             $in = false;
             for ($i=0, $len=strlen($url); $i<$len; $i++) {
@@ -182,6 +185,28 @@ class rcube_string_replacer
             }
         }
 
+        // Do the same for parentheses
+        if (preg_match('/(\\(|\\))/', $url)) {
+            $in = false;
+            for ($i=0, $len=strlen($url); $i<$len; $i++) {
+                if ($url[$i] == '(') {
+                    if ($in)
+                        break;
+                    $in = true;
+                }
+                else if ($url[$i] == ')') {
+                    if (!$in)
+                        break;
+                    $in = false;
+                }
+            }
+
+            if ($i < $len) {
+                $suffix = substr($url, $i);
+                $url    = substr($url, 0, $i);
+            }
+        }
+
         return $suffix;
     }
 }
diff --git a/tests/Framework/StringReplacer.php b/tests/Framework/StringReplacer.php
index a76ba00ee..60399cf6b 100644
--- a/tests/Framework/StringReplacer.php
+++ b/tests/Framework/StringReplacer.php
@@ -29,6 +29,12 @@ class Framework_StringReplacer extends PHPUnit_Framework_TestCase
             array('Start http://localhost/?foo End', 'Start <a href="http://localhost/?foo" target="_blank">http://localhost/?foo</a> End'),
             array('www.domain.tld', '<a href="http://www.domain.tld" target="_blank">www.domain.tld</a>'),
             array('WWW.DOMAIN.TLD', '<a href="http://WWW.DOMAIN.TLD" target="_blank">WWW.DOMAIN.TLD</a>'),
+            array('[http://link.com]', '[<a href="http://link.com" target="_blank">http://link.com</a>]'),
+            array('http://link.com?a[]=1', '<a href="http://link.com?a[]=1" target="_blank">http://link.com?a[]=1</a>'),
+            array('http://link.com?a[]', '<a href="http://link.com?a[]" target="_blank">http://link.com?a[]</a>'),
+            array('(http://link.com)', '(<a href="http://link.com" target="_blank">http://link.com</a>)'),
+            array('http://link.com?a(b)c', '<a href="http://link.com?a(b)c" target="_blank">http://link.com?a(b)c</a>'),
+            array('http://link.com?(link)', '<a href="http://link.com?(link)" target="_blank">http://link.com?(link)</a>'),
         );
     }
 
-- 
cgit v1.2.3


From 7ac94421bf85eb04c00c5ed05390e1ea0c6bcb0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 25 Dec 2012 18:06:17 +0100
Subject: Move washtml class into Roundcube Framework (rcube_washtml), add some
 improvements

---
 program/include/bc.php                  |   4 +
 program/lib/Roundcube/rcube_washtml.php | 451 ++++++++++++++++++++++++++++++++
 program/lib/washtml.php                 | 330 -----------------------
 program/steps/mail/func.inc             |  68 +----
 tests/Framework/Washtml.php             |  28 ++
 tests/MailFunc.php                      |   2 +-
 tests/phpunit.xml                       |   1 +
 7 files changed, 486 insertions(+), 398 deletions(-)
 create mode 100644 program/lib/Roundcube/rcube_washtml.php
 delete mode 100644 program/lib/washtml.php
 create mode 100644 tests/Framework/Washtml.php

(limited to 'tests')

diff --git a/program/include/bc.php b/program/include/bc.php
index dc4d54fd7..05d15b9e3 100644
--- a/program/include/bc.php
+++ b/program/include/bc.php
@@ -408,3 +408,7 @@ function enriched_to_html($data)
 class rcube_html_page extends rcmail_html_page
 {
 }
+
+class washtml extends rcube_washtml
+{
+}
diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php
new file mode 100644
index 000000000..715c46047
--- /dev/null
+++ b/program/lib/Roundcube/rcube_washtml.php
@@ -0,0 +1,451 @@
+<?php
+
+/**
+ +-----------------------------------------------------------------------+
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2008-2012, The Roundcube Dev Team                       |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
+ |                                                                       |
+ | PURPOSE:                                                              |
+ |   Utility class providing HTML sanityzer (based on Washtml class)     |
+ +-----------------------------------------------------------------------+
+ | Author: Thomas Bruederli <roundcube@gmail.com>                        |
+ | Author: Aleksander Machniak <alec@alec.pl>                            |
+ | Author: Frederic Motte <fmotte@ubixis.com>                            |
+ +-----------------------------------------------------------------------+
+ */
+
+/**
+ *                Washtml, a HTML sanityzer.
+ *
+ * Copyright (c) 2007 Frederic Motte <fmotte@ubixis.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * OVERVIEW:
+ *
+ * Wahstml take an untrusted HTML and return a safe html string.
+ *
+ * SYNOPSIS:
+ *
+ * $washer = new washtml($config);
+ * $washer->wash($html);
+ * It return a sanityzed string of the $html parameter without html and head tags.
+ * $html is a string containing the html code to wash.
+ * $config is an array containing options:
+ *   $config['allow_remote'] is a boolean to allow link to remote images.
+ *   $config['blocked_src'] string with image-src to be used for blocked remote images
+ *   $config['show_washed'] is a boolean to include washed out attributes as x-washed
+ *   $config['cid_map'] is an array where cid urls index urls to replace them.
+ *   $config['charset'] is a string containing the charset of the HTML document if it is not defined in it.
+ * $washer->extlinks is a reference to a boolean that is set to true if remote images were removed. (FE: show remote images link)
+ *
+ * INTERNALS:
+ *
+ * Only tags and attributes in the static lists $html_elements and $html_attributes
+ * are kept, inline styles are also filtered: all style identifiers matching
+ * /[a-z\-]/i are allowed. Values matching colors, sizes, /[a-z\-]/i and safe
+ * urls if allowed and cid urls if mapped are kept.
+ *
+ * Roundcube Changes:
+ * - added $block_elements
+ * - changed $ignore_elements behaviour
+ * - added RFC2397 support
+ * - base URL support
+ * - invalid HTML comments removal before parsing
+ * - "fixing" unitless CSS values for XHTML output
+ * - base url resolving
+ */
+
+/**
+ * Utility class providing HTML sanityzer
+ *
+ * @package    Framework
+ * @subpackage Utils
+ */
+class rcube_washtml
+{
+    /* Allowed HTML elements (default) */
+    static $html_elements = array('a', 'abbr', 'acronym', 'address', 'area', 'b',
+        'basefont', 'bdo', 'big', 'blockquote', 'br', 'caption', 'center',
+        'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dir', 'div', 'dl',
+        'dt', 'em', 'fieldset', 'font', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i',
+        'ins', 'label', 'legend', 'li', 'map', 'menu', 'nobr', 'ol', 'p', 'pre', 'q',
+        's', 'samp', 'small', 'span', 'strike', 'strong', 'sub', 'sup', 'table',
+        'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'u', 'ul', 'var', 'wbr', 'img',
+        // form elements
+        'button', 'input', 'textarea', 'select', 'option', 'optgroup'
+    );
+
+    /* Ignore these HTML tags and their content */
+    static $ignore_elements = array('script', 'applet', 'embed', 'object', 'style');
+
+    /* Allowed HTML attributes */
+    static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height',
+        'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing',
+        'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight',
+        'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border',
+        'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace',
+        'cellborder', 'size', 'lang', 'dir', 'usemap', 'shape', 'media',
+        // attributes of form elements
+        'type', 'rows', 'cols', 'disabled', 'readonly', 'checked', 'multiple', 'value'
+    );
+
+    /* Block elements which could be empty but cannot be returned in short form (<tag />) */
+    static $block_elements = array('div', 'p', 'pre', 'blockquote', 'a', 'font', 'center',
+        'table', 'ul', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'ol', 'dl', 'strong',
+        'i', 'b', 'u', 'span',
+    );
+
+    /* State for linked objects in HTML */
+    public $extlinks = false;
+
+    /* Current settings */
+    private $config = array();
+
+    /* Registered callback functions for tags */
+    private $handlers = array();
+
+    /* Allowed HTML elements */
+    private $_html_elements = array();
+
+    /* Ignore these HTML tags but process their content */
+    private $_ignore_elements = array();
+
+    /* Block elements which could be empty but cannot be returned in short form (<tag />) */
+    private $_block_elements = array();
+
+    /* Allowed HTML attributes */
+    private $_html_attribs = array();
+
+
+    /**
+     * Class constructor
+     */
+    public function __construct($p = array())
+    {
+        $this->_html_elements   = array_flip((array)$p['html_elements']) + array_flip(self::$html_elements) ;
+        $this->_html_attribs    = array_flip((array)$p['html_attribs']) + array_flip(self::$html_attribs);
+        $this->_ignore_elements = array_flip((array)$p['ignore_elements']) + array_flip(self::$ignore_elements);
+        $this->_block_elements  = array_flip((array)$p['block_elements']) + array_flip(self::$block_elements);
+
+        unset($p['html_elements'], $p['html_attribs'], $p['ignore_elements'], $p['block_elements']);
+
+        $this->config = $p + array('show_washed' => true, 'allow_remote' => false, 'cid_map' => array());
+    }
+
+    /**
+     * Register a callback function for a certain tag
+     */
+    public function add_callback($tagName, $callback)
+    {
+        $this->handlers[$tagName] = $callback;
+    }
+
+    /**
+     * Check CSS style
+     */
+    private function wash_style($style)
+    {
+        $s = '';
+
+        foreach (explode(';', $style) as $declaration) {
+            if (preg_match('/^\s*([a-z\-]+)\s*:\s*(.*)\s*$/i', $declaration, $match)) {
+                $cssid = $match[1];
+                $str   = $match[2];
+                $value = '';
+
+                while (sizeof($str) > 0 &&
+                    preg_match('/^(url\(\s*[\'"]?([^\'"\)]*)[\'"]?\s*\)'./*1,2*/
+                        '|rgb\(\s*[0-9]+\s*,\s*[0-9]+\s*,\s*[0-9]+\s*\)'.
+                        '|-?[0-9.]+\s*(em|ex|px|cm|mm|in|pt|pc|deg|rad|grad|ms|s|hz|khz|%)?'.
+                        '|#[0-9a-f]{3,6}'.
+                        '|[a-z0-9", -]+'.
+                        ')\s*/i', $str, $match)
+                ) {
+                    if ($match[2]) {
+                        if (($src = $this->config['cid_map'][$match[2]])
+                            || ($src = $this->config['cid_map'][$this->config['base_url'].$match[2]])
+                        ) {
+                            $value .= ' url('.htmlspecialchars($src, ENT_QUOTES) . ')';
+                        }
+                        else if (preg_match('!^(https?:)?//[a-z0-9/._+-]+$!i', $match[2], $url)) {
+                            if ($this->config['allow_remote']) {
+                                $value .= ' url('.htmlspecialchars($url[0], ENT_QUOTES).')';
+                            }
+                            else {
+                                $this->extlinks = true;
+                            }
+                        }
+                        else if (preg_match('/^data:.+/i', $match[2])) { // RFC2397
+                            $value .= ' url('.htmlspecialchars($match[2], ENT_QUOTES).')';
+                        }
+                    }
+                    else {
+                        // whitelist ?
+                        $value .= ' ' . $match[0];
+
+                        // #1488535: Fix size units, so width:800 would be changed to width:800px
+                        if (preg_match('/(left|right|top|bottom|width|height)/i', $cssid)
+                            && preg_match('/^[0-9]+$/', $match[0])
+                        ) {
+                            $value .= 'px';
+                        }
+                    }
+
+                    $str = substr($str, strlen($match[0]));
+                }
+
+                if (isset($value[0])) {
+                    $s .= ($s?' ':'') . $cssid . ':' . $value . ';';
+                }
+            }
+        }
+
+        return $s;
+    }
+
+    /**
+     * Take a node and return allowed attributes and check values
+     */
+    private function wash_attribs($node)
+    {
+        $t = '';
+        $washed = '';
+
+        foreach ($node->attributes as $key => $plop) {
+            $key   = strtolower($key);
+            $value = $node->getAttribute($key);
+
+            if (isset($this->_html_attribs[$key]) ||
+                ($key == 'href' && !preg_match('!^(javascript|vbscript|data:text)!i', $value)
+                    && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value))
+            ) {
+                $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
+            }
+            else if ($key == 'style' && ($style = $this->wash_style($value))) {
+                $quot = strpos($style, '"') !== false ? "'" : '"';
+                $t .= ' style=' . $quot . $style . $quot;
+            }
+            else if ($key == 'background' || ($key == 'src' && strtolower($node->tagName) == 'img')) { //check tagName anyway
+                if (($src = $this->config['cid_map'][$value])
+                    || ($src = $this->config['cid_map'][$this->config['base_url'].$value])
+                ) {
+                    $t .= ' ' . $key . '="' . htmlspecialchars($src, ENT_QUOTES) . '"';
+                }
+                else if (preg_match('/^(http|https|ftp):.+/i', $value)) {
+                    if ($this->config['allow_remote']) {
+                        $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
+                    }
+                    else {
+                        $this->extlinks = true;
+                        if ($this->config['blocked_src']) {
+                            $t .= ' ' . $key . '="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"';
+                        }
+                    }
+                }
+                else if (preg_match('/^data:.+/i', $value)) { // RFC2397
+                    $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
+                }
+            }
+            else {
+                $washed .= ($washed ? ' ' : '') . $key;
+            }
+        }
+
+        return $t . ($washed && $this->config['show_washed'] ? ' x-washed="'.$washed.'"' : '');
+    }
+
+    /**
+     * The main loop that recurse on a node tree.
+     * It output only allowed tags with allowed attributes
+     * and allowed inline styles
+     */
+    private function dumpHtml($node)
+    {
+        if (!$node->hasChildNodes()) {
+            return '';
+        }
+
+        $node = $node->firstChild;
+        $dump = '';
+
+        do {
+            switch($node->nodeType) {
+            case XML_ELEMENT_NODE: //Check element
+                $tagName = strtolower($node->tagName);
+                if ($callback = $this->handlers[$tagName]) {
+                    $dump .= call_user_func($callback, $tagName,
+                        $this->wash_attribs($node), $this->dumpHtml($node), $this);
+                }
+                else if (isset($this->_html_elements[$tagName])) {
+                    $content = $this->dumpHtml($node);
+                    $dump .= '<' . $tagName . $this->wash_attribs($node) .
+                        ($content != '' || isset($this->_block_elements[$tagName]) ? ">$content</$tagName>" : ' />');
+                }
+                else if (isset($this->_ignore_elements[$tagName])) {
+                    $dump .= '<!-- ' . htmlspecialchars($tagName, ENT_QUOTES) . ' not allowed -->';
+                }
+                else {
+                    $dump .= '<!-- ' . htmlspecialchars($tagName, ENT_QUOTES) . ' ignored -->';
+                    $dump .= $this->dumpHtml($node); // ignore tags not its content
+                }
+                break;
+
+            case XML_CDATA_SECTION_NODE:
+                $dump .= $node->nodeValue;
+                break;
+
+            case XML_TEXT_NODE:
+                $dump .= htmlspecialchars($node->nodeValue);
+                break;
+
+            case XML_HTML_DOCUMENT_NODE:
+                $dump .= $this->dumpHtml($node);
+                break;
+
+            case XML_DOCUMENT_TYPE_NODE:
+                break;
+
+            default:
+                $dump . '<!-- node type ' . $node->nodeType . ' -->';
+            }
+        } while($node = $node->nextSibling);
+
+        return $dump;
+    }
+
+    /**
+     * Main function, give it untrusted HTML, tell it if you allow loading
+     * remote images and give it a map to convert "cid:" urls.
+     */
+    public function wash($html)
+    {
+        // Charset seems to be ignored (probably if defined in the HTML document)
+        $node = new DOMDocument('1.0', $this->config['charset']);
+        $this->extlinks = false;
+
+        $html = $this->cleanup($html);
+
+        // Find base URL for images
+        if (preg_match('/<base\s+href=[\'"]*([^\'"]+)/is', $html, $matches)) {
+            $this->config['base_url'] = $matches[1];
+        }
+        else {
+            $this->config['base_url'] = '';
+        }
+
+        @$node->loadHTML($html);
+        return $this->dumpHtml($node);
+    }
+
+    /**
+     * Getter for config parameters
+     */
+    public function get_config($prop)
+    {
+        return $this->config[$prop];
+    }
+
+    /**
+     * Clean HTML input
+     */
+    private function cleanup($html)
+    {
+        // special replacements (not properly handled by washtml class)
+        $html_search = array(
+            '/(<\/nobr>)(\s+)(<nobr>)/i',       // space(s) between <NOBR>
+            '/<title[^>]*>[^<]*<\/title>/i',    // PHP bug #32547 workaround: remove title tag
+            '/^(\0\0\xFE\xFF|\xFF\xFE\0\0|\xFE\xFF|\xFF\xFE|\xEF\xBB\xBF)/',    // byte-order mark (only outlook?)
+            '/<html\s[^>]+>/i',                 // washtml/DOMDocument cannot handle xml namespaces
+        );
+
+        $html_replace = array(
+            '\\1'.' &nbsp; '.'\\3',
+            '',
+            '',
+            '<html>',
+        );
+        $html = preg_replace($html_search, $html_replace, trim($html));
+
+        // PCRE errors handling (#1486856), should we use something like for every preg_* use?
+        if ($html === null && ($preg_error = preg_last_error()) != PREG_NO_ERROR) {
+            $errstr = "Could not clean up HTML message! PCRE Error: $preg_error.";
+
+            if ($preg_error == PREG_BACKTRACK_LIMIT_ERROR) {
+                $errstr .= " Consider raising pcre.backtrack_limit!";
+            }
+            if ($preg_error == PREG_RECURSION_LIMIT_ERROR) {
+                $errstr .= " Consider raising pcre.recursion_limit!";
+            }
+
+            rcube::raise_error(array('code' => 620, 'type' => 'php',
+                'line' => __LINE__, 'file' => __FILE__,
+                'message' => $errstr), true, false);
+            return '';
+        }
+
+        // fix (unknown/malformed) HTML tags before "wash"
+        $html = preg_replace_callback('/(<[\/]*)([^\s>]+)/', array($this, 'html_tag_callback'), $html);
+
+        // Remove invalid HTML comments (#1487759)
+        // Don't remove valid conditional comments
+        $html = preg_replace('/<!--[^->[\n]*>/', '', $html);
+
+        // turn relative into absolute urls
+        $html = self::resolve_base($html);
+
+        return $html;
+    }
+
+    /**
+     * Callback function for HTML tags fixing
+     */
+    public static function html_tag_callback($matches)
+    {
+        $tagname = $matches[2];
+        $tagname = preg_replace(array(
+            '/:.*$/',               // Microsoft's Smart Tags <st1:xxxx>
+            '/[^a-z0-9_\[\]\!-]/i', // forbidden characters
+        ), '', $tagname);
+
+        return $matches[1] . $tagname;
+    }
+
+    /**
+     * Convert all relative URLs according to a <base> in HTML
+     */
+    public static function resolve_base($body)
+    {
+        // check for <base href=...>
+        if (preg_match('!(<base.*href=["\']?)([hftps]{3,5}://[a-z0-9/.%-]+)!i', $body, $regs)) {
+            $replacer = new rcube_base_replacer($regs[2]);
+            $body     = $replacer->replace($body);
+        }
+
+        return $body;
+    }
+}
+
diff --git a/program/lib/washtml.php b/program/lib/washtml.php
deleted file mode 100644
index d13d66404..000000000
--- a/program/lib/washtml.php
+++ /dev/null
@@ -1,330 +0,0 @@
-<?php
-/*                Washtml, a HTML sanityzer.
- *
- * Copyright (c) 2007 Frederic Motte <fmotte@ubixis.com>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* Please send me your comments about this code if you have some, thanks, Fred. */
-
-/* OVERVIEW:
- *
- * Wahstml take an untrusted HTML and return a safe html string.
- *
- * SYNOPSIS:
- *
- * $washer = new washtml($config);
- * $washer->wash($html);
- * It return a sanityzed string of the $html parameter without html and head tags.
- * $html is a string containing the html code to wash.
- * $config is an array containing options:
- *   $config['allow_remote'] is a boolean to allow link to remote images.
- *   $config['blocked_src'] string with image-src to be used for blocked remote images
- *   $config['show_washed'] is a boolean to include washed out attributes as x-washed
- *   $config['cid_map'] is an array where cid urls index urls to replace them.
- *   $config['charset'] is a string containing the charset of the HTML document if it is not defined in it.
- * $washer->extlinks is a reference to a boolean that is set to true if remote images were removed. (FE: show remote images link)
- *
- * INTERNALS:
- *
- * Only tags and attributes in the static lists $html_elements and $html_attributes
- * are kept, inline styles are also filtered: all style identifiers matching
- * /[a-z\-]/i are allowed. Values matching colors, sizes, /[a-z\-]/i and safe
- * urls if allowed and cid urls if mapped are kept.
- *
- * BUGS: It MUST be safe !
- *  - Check regexp
- *  - urlencode URLs instead of htmlspecials
- *  - Check is a 3 bytes utf8 first char can eat '">'
- *  - Update PCRE: CVE-2007-1659 - CVE-2007-1660 - CVE-2007-1661 - CVE-2007-1662 
- *                 CVE-2007-4766 - CVE-2007-4767 - CVE-2007-4768  
- *    http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00177.html 
- *  - ...
- *
- * MISSING:
- *  - relative links, can be implemented by prefixing an absolute path, ask me
- *    if you need it...
- *  - ...
- *
- * Dont be a fool:
- *  - Dont alter data on a GET: '<img src="http://yourhost/mail?action=delete&uid=3267" />'
- *  - ...
- *
- * Roundcube Changes:
- * - added $block_elements
- * - changed $ignore_elements behaviour
- * - added RFC2397 support
- * - base URL support
- * - invalid HTML comments removal before parsing
- * - "fixing" unitless CSS values for XHTML output
- */
-
-class washtml
-{
-  /* Allowed HTML elements (default) */
-  static $html_elements = array('a', 'abbr', 'acronym', 'address', 'area', 'b',
-    'basefont', 'bdo', 'big', 'blockquote', 'br', 'caption', 'center',
-    'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dir', 'div', 'dl',
-    'dt', 'em', 'fieldset', 'font', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i',
-    'ins', 'label', 'legend', 'li', 'map', 'menu', 'nobr', 'ol', 'p', 'pre', 'q',
-    's', 'samp', 'small', 'span', 'strike', 'strong', 'sub', 'sup', 'table',
-    'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'u', 'ul', 'var', 'wbr', 'img',
-    // form elements
-    'button', 'input', 'textarea', 'select', 'option', 'optgroup'
-  );
-
-  /* Ignore these HTML tags and their content */
-  static $ignore_elements = array('script', 'applet', 'embed', 'object', 'style');
-
-  /* Allowed HTML attributes */
-  static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height',
-    'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing',
-    'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight',
-    'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border',
-    'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace',
-    'cellborder', 'size', 'lang', 'dir', 'usemap', 'shape', 'media',
-    // attributes of form elements
-    'type', 'rows', 'cols', 'disabled', 'readonly', 'checked', 'multiple', 'value'
-  );
-
-  /* Block elements which could be empty but cannot be returned in short form (<tag />) */
-  static $block_elements = array('div', 'p', 'pre', 'blockquote', 'a', 'font', 'center',
-    'table', 'ul', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'ol', 'dl', 'strong', 'i', 'b', 'u', 'span');
-
-  /* State for linked objects in HTML */
-  public $extlinks = false;
-
-  /* Current settings */
-  private $config = array();
-
-  /* Registered callback functions for tags */
-  private $handlers = array();
-
-  /* Allowed HTML elements */
-  private $_html_elements = array();
-
-  /* Ignore these HTML tags but process their content */
-  private $_ignore_elements = array();
-
-  /* Block elements which could be empty but cannot be returned in short form (<tag />) */
-  private $_block_elements = array();
-
-  /* Allowed HTML attributes */
-  private $_html_attribs = array();
-
-
-  /* Constructor */
-  public function __construct($p = array())
-  {
-    $this->_html_elements = array_flip((array)$p['html_elements']) + array_flip(self::$html_elements) ;
-    $this->_html_attribs = array_flip((array)$p['html_attribs']) + array_flip(self::$html_attribs);
-    $this->_ignore_elements = array_flip((array)$p['ignore_elements']) + array_flip(self::$ignore_elements);
-    $this->_block_elements = array_flip((array)$p['block_elements']) + array_flip(self::$block_elements);
-    unset($p['html_elements'], $p['html_attribs'], $p['ignore_elements'], $p['block_elements']);
-    $this->config = $p + array('show_washed'=>true, 'allow_remote'=>false, 'cid_map'=>array());
-  }
-
-  /* Register a callback function for a certain tag */
-  public function add_callback($tagName, $callback)
-  {
-    $this->handlers[$tagName] = $callback;
-  }
-
-  /* Check CSS style */
-  private function wash_style($style)
-  {
-    $s = '';
-
-    foreach (explode(';', $style) as $declaration) {
-      if (preg_match('/^\s*([a-z\-]+)\s*:\s*(.*)\s*$/i', $declaration, $match)) {
-        $cssid = $match[1];
-        $str   = $match[2];
-        $value = '';
-
-        while (sizeof($str) > 0 &&
-          preg_match('/^(url\(\s*[\'"]?([^\'"\)]*)[\'"]?\s*\)'./*1,2*/
-                 '|rgb\(\s*[0-9]+\s*,\s*[0-9]+\s*,\s*[0-9]+\s*\)'.
-                 '|-?[0-9.]+\s*(em|ex|px|cm|mm|in|pt|pc|deg|rad|grad|ms|s|hz|khz|%)?'.
-                 '|#[0-9a-f]{3,6}'.
-                 '|[a-z0-9", -]+'.
-                 ')\s*/i', $str, $match)
-        ) {
-          if ($match[2]) {
-            if (($src = $this->config['cid_map'][$match[2]])
-                || ($src = $this->config['cid_map'][$this->config['base_url'].$match[2]])) {
-              $value .= ' url('.htmlspecialchars($src, ENT_QUOTES) . ')';
-            }
-            else if (preg_match('!^(https?:)?//[a-z0-9/._+-]+$!i', $match[2], $url)) {
-              if ($this->config['allow_remote'])
-                $value .= ' url('.htmlspecialchars($url[0], ENT_QUOTES).')';
-              else
-                $this->extlinks = true;
-            }
-            else if (preg_match('/^data:.+/i', $match[2])) { // RFC2397
-              $value .= ' url('.htmlspecialchars($match[2], ENT_QUOTES).')';
-            }
-          }
-          else { //whitelist ?
-            $value .= ' ' . $match[0];
-
-            // #1488535: Fix size units, so width:800 would be changed to width:800px
-            if (preg_match('/(left|right|top|bottom|width|height)/i', $cssid) && preg_match('/^[0-9]+$/', $match[0])) {
-              $value .= 'px';
-            }
-          }
-
-          $str = substr($str, strlen($match[0]));
-        }
-
-        if (isset($value[0])) {
-          $s .= ($s?' ':'') . $cssid . ':' . $value . ';';
-        }
-      }
-    }
-    return $s;
-  }
-
-  /* Take a node and return allowed attributes and check values */
-  private function wash_attribs($node)
-  {
-    $t = '';
-    $washed;
-
-    foreach ($node->attributes as $key => $plop) {
-      $key = strtolower($key);
-      $value = $node->getAttribute($key);
-      if (isset($this->_html_attribs[$key]) ||
-         ($key == 'href' && !preg_match('!^(javascript|vbscript|data:text)!i', $value)
-           && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value))
-      ) {
-        $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
-      }
-      else if ($key == 'style' && ($style = $this->wash_style($value))) {
-        $quot = strpos($style, '"') !== false ? "'" : '"';
-        $t .= ' style=' . $quot . $style . $quot;
-      }
-      else if ($key == 'background' || ($key == 'src' && strtolower($node->tagName) == 'img')) { //check tagName anyway
-        if (($src = $this->config['cid_map'][$value])
-            || ($src = $this->config['cid_map'][$this->config['base_url'].$value])) {
-          $t .= ' ' . $key . '="' . htmlspecialchars($src, ENT_QUOTES) . '"';
-        }
-        else if (preg_match('/^(http|https|ftp):.+/i', $value)) {
-          if ($this->config['allow_remote'])
-            $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
-          else {
-            $this->extlinks = true;
-            if ($this->config['blocked_src'])
-              $t .= ' ' . $key . '="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"';
-          }
-        }
-        else if (preg_match('/^data:.+/i', $value)) { // RFC2397
-          $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
-        }
-      }
-      else
-        $washed .= ($washed?' ':'') . $key;
-    }
-    return $t . ($washed && $this->config['show_washed']?' x-washed="'.$washed.'"':'');
-  }
-
-  /* The main loop that recurse on a node tree.
-   * It output only allowed tags with allowed attributes
-   * and allowed inline styles */
-  private function dumpHtml($node)
-  {
-    if(!$node->hasChildNodes())
-      return '';
-
-    $node = $node->firstChild;
-    $dump = '';
-
-    do {
-      switch($node->nodeType) {
-      case XML_ELEMENT_NODE: //Check element
-        $tagName = strtolower($node->tagName);
-        if ($callback = $this->handlers[$tagName]) {
-          $dump .= call_user_func($callback, $tagName, $this->wash_attribs($node), $this->dumpHtml($node), $this);
-        }
-        else if (isset($this->_html_elements[$tagName])) {
-          $content = $this->dumpHtml($node);
-          $dump .= '<' . $tagName . $this->wash_attribs($node) .
-            ($content != '' || isset($this->_block_elements[$tagName]) ? ">$content</$tagName>" : ' />');
-        }
-        else if (isset($this->_ignore_elements[$tagName])) {
-          $dump .= '<!-- ' . htmlspecialchars($tagName, ENT_QUOTES) . ' not allowed -->';
-        }
-        else {
-          $dump .= '<!-- ' . htmlspecialchars($tagName, ENT_QUOTES) . ' ignored -->';
-          $dump .= $this->dumpHtml($node); // ignore tags not its content
-        }
-        break;
-      case XML_CDATA_SECTION_NODE:
-        $dump .= $node->nodeValue;
-        break;
-      case XML_TEXT_NODE:
-        $dump .= htmlspecialchars($node->nodeValue);
-        break;
-      case XML_HTML_DOCUMENT_NODE:
-        $dump .= $this->dumpHtml($node);
-        break;
-      case XML_DOCUMENT_TYPE_NODE:
-        break;
-      default:
-        $dump . '<!-- node type ' . $node->nodeType . ' -->';
-      }
-    } while($node = $node->nextSibling);
-
-    return $dump;
-  }
-
-  /* Main function, give it untrusted HTML, tell it if you allow loading
-   * remote images and give it a map to convert "cid:" urls. */
-  public function wash($html)
-  {
-    // Charset seems to be ignored (probably if defined in the HTML document)
-    $node = new DOMDocument('1.0', $this->config['charset']);
-    $this->extlinks = false;
-
-    // Find base URL for images
-    if (preg_match('/<base\s+href=[\'"]*([^\'"]+)/is', $html, $matches))
-      $this->config['base_url'] = $matches[1];
-    else
-      $this->config['base_url'] = '';
-
-    // Remove invalid HTML comments (#1487759)
-    // Don't remove valid conditional comments
-    $html = preg_replace('/<!--[^->[\n]*>/', '', $html);
-
-    @$node->loadHTML($html);
-    return $this->dumpHtml($node);
-  }
-
-  /**
-   * Getter for config parameters
-   */
-  public function get_config($prop)
-  {
-      return $this->config[$prop];
-  }
-
-}
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 70493766b..90f54cf1b 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -628,39 +628,6 @@ function rcmail_wash_html($html, $p, $cid_replaces)
 
   $p += array('safe' => false, 'inline_html' => true);
 
-  // special replacements (not properly handled by washtml class)
-  $html_search = array(
-    '/(<\/nobr>)(\s+)(<nobr>)/i',	// space(s) between <NOBR>
-    '/<title[^>]*>[^<]*<\/title>/i',	// PHP bug #32547 workaround: remove title tag
-    '/^(\0\0\xFE\xFF|\xFF\xFE\0\0|\xFE\xFF|\xFF\xFE|\xEF\xBB\xBF)/',	// byte-order mark (only outlook?)
-    '/<html\s[^>]+>/i',			// washtml/DOMDocument cannot handle xml namespaces
-  );
-  $html_replace = array(
-    '\\1'.' &nbsp; '.'\\3',
-    '',
-    '',
-    '<html>',
-  );
-  $html = preg_replace($html_search, $html_replace, trim($html));
-
-  // PCRE errors handling (#1486856), should we use something like for every preg_* use?
-  if ($html === null && ($preg_error = preg_last_error()) != PREG_NO_ERROR) {
-    $errstr = "Could not clean up HTML message! PCRE Error: $preg_error.";
-
-    if ($preg_error == PREG_BACKTRACK_LIMIT_ERROR)
-      $errstr .= " Consider raising pcre.backtrack_limit!";
-    if ($preg_error == PREG_RECURSION_LIMIT_ERROR)
-      $errstr .= " Consider raising pcre.recursion_limit!";
-
-    raise_error(array('code' => 620, 'type' => 'php',
-        'line' => __LINE__, 'file' => __FILE__,
-        'message' => $errstr), true, false);
-    return '';
-  }
-
-  // fix (unknown/malformed) HTML tags before "wash"
-  $html = preg_replace_callback('/(<[\/]*)([^\s>]+)/', 'rcmail_html_tag_callback', $html);
-
   // charset was converted to UTF-8 in rcube_storage::get_message_part(),
   // change/add charset specification in HTML accordingly,
   // washtml cannot work without that
@@ -674,9 +641,6 @@ function rcmail_wash_html($html, $p, $cid_replaces)
     $html = '<head>' . $meta . '</head>' . $html;
   }
 
-  // turn relative into absolute urls
-  $html = rcmail_resolve_base($html);
-
   // clean HTML with washhtml by Frederic Motte
   $wash_opts = array(
     'show_washed' => false,
@@ -702,7 +666,7 @@ function rcmail_wash_html($html, $p, $cid_replaces)
     $wash_opts['html_attribs'] = $p['html_attribs'];
 
   // initialize HTML washer
-  $washer = new washtml($wash_opts);
+  $washer = new rcube_washtml($wash_opts);
 
   if (!$p['skip_washer_form_callback'])
     $washer->add_callback('form', 'rcmail_washtml_callback');
@@ -920,22 +884,6 @@ function rcmail_washtml_callback($tagname, $attrib, $content, $washtml)
 }
 
 
-/**
- * Callback function for HTML tags fixing
- */
-function rcmail_html_tag_callback($matches)
-{
-  $tagname = $matches[2];
-
-  $tagname = preg_replace(array(
-    '/:.*$/',			// Microsoft's Smart Tags <st1:xxxx>
-    '/[^a-z0-9_\[\]\!-]/i',	// forbidden characters
-    ), '', $tagname);
-
-  return $matches[1].$tagname;
-}
-
-
 /**
  * return table with message headers
  */
@@ -1319,20 +1267,6 @@ function rcmail_part_image_type($part)
   }
 }
 
-/**
- * Convert all relative URLs according to a <base> in HTML
- */
-function rcmail_resolve_base($body)
-{
-  // check for <base href=...>
-  if (preg_match('!(<base.*href=["\']?)([hftps]{3,5}://[a-z0-9/.%-]+)!i', $body, $regs)) {
-    $replacer = new rcube_base_replacer($regs[2]);
-    $body     = $replacer->replace($body);
-  }
-
-  return $body;
-}
-
 
 /**
  * modify a HTML message that it can be displayed inside a HTML page
diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php
new file mode 100644
index 000000000..088ac4a8c
--- /dev/null
+++ b/tests/Framework/Washtml.php
@@ -0,0 +1,28 @@
+<?php
+
+/**
+ * Test class to test rcube_washtml class
+ *
+ * @package Tests
+ */
+class Framework_Washtml extends PHPUnit_Framework_TestCase
+{
+
+    /**
+     * Test the elimination of some XSS vulnerabilities
+     */
+    function test_html_xss3()
+    {
+        // #1488850
+        $html = '<p><a href="data:text/html,&lt;script&gt;alert(document.cookie)&lt;/script&gt;">Firefox</a>'
+            .'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>';
+
+        $washer = new rcube_washtml;
+
+        $washed = $washer->wash($html);
+
+        $this->assertNotRegExp('/data:text/', $washed, "Remove data:text/html links");
+        $this->assertNotRegExp('/vbscript:/', $washed, "Remove vbscript: links");
+    }
+
+}
diff --git a/tests/MailFunc.php b/tests/MailFunc.php
index 4d4250c22..38c0bac30 100644
--- a/tests/MailFunc.php
+++ b/tests/MailFunc.php
@@ -173,7 +173,7 @@ class MailFunc extends PHPUnit_Framework_TestCase
     function test_resolve_base()
     {
         $html = file_get_contents(TESTS_DIR . 'src/htmlbase.txt');
-        $html = rcmail_resolve_base($html);
+        $html = rcube_washtml::resolve_base($html);
 
         $this->assertRegExp('|src="http://alec\.pl/dir/img1\.gif"|', $html, "URI base resolving [1]");
         $this->assertRegExp('|src="http://alec\.pl/dir/img2\.gif"|', $html, "URI base resolving [2]");
diff --git a/tests/phpunit.xml b/tests/phpunit.xml
index c9e229e97..627b4120d 100644
--- a/tests/phpunit.xml
+++ b/tests/phpunit.xml
@@ -28,6 +28,7 @@
             <file>Framework/User.php</file>
             <file>Framework/Utils.php</file>
             <file>Framework/VCard.php</file>
+            <file>Framework/Washtml.php</file>
             <file>HtmlToText.php</file>
             <file>MailFunc.php</file>
         </testsuite>
-- 
cgit v1.2.3


From 66afd70b756a0637da3537e96f6bf6ce0a2c46e9 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Wed, 26 Dec 2012 12:14:34 +0100
Subject: Framework'ize html2text class

---
 program/include/bc.php                       |   4 +
 program/lib/Roundcube/rcube_html2text.php    | 691 ++++++++++++++++++++++++
 program/lib/Roundcube/rcube_message.php      |   2 +-
 program/lib/Roundcube/rcube_spellchecker.php |   2 +-
 program/lib/html2text.php                    | 755 ---------------------------
 program/steps/mail/compose.inc               |   4 +-
 program/steps/mail/func.inc                  |   2 +-
 program/steps/mail/sendmail.inc              |   2 +-
 program/steps/utils/html2text.inc            |   4 +-
 tests/Framework/Html2text.php                |  59 +++
 tests/HtmlToText.php                         |  59 ---
 tests/phpunit.xml                            |   2 +-
 12 files changed, 762 insertions(+), 824 deletions(-)
 create mode 100644 program/lib/Roundcube/rcube_html2text.php
 delete mode 100644 program/lib/html2text.php
 create mode 100644 tests/Framework/Html2text.php
 delete mode 100644 tests/HtmlToText.php

(limited to 'tests')

diff --git a/program/include/bc.php b/program/include/bc.php
index 05d15b9e3..3d9d46289 100644
--- a/program/include/bc.php
+++ b/program/include/bc.php
@@ -412,3 +412,7 @@ class rcube_html_page extends rcmail_html_page
 class washtml extends rcube_washtml
 {
 }
+
+class html2text extends rcube_html2text
+{
+}
diff --git a/program/lib/Roundcube/rcube_html2text.php b/program/lib/Roundcube/rcube_html2text.php
new file mode 100644
index 000000000..0b172ebfa
--- /dev/null
+++ b/program/lib/Roundcube/rcube_html2text.php
@@ -0,0 +1,691 @@
+<?php
+
+/**
+ +-----------------------------------------------------------------------+
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2008-2012, The Roundcube Dev Team                       |
+ | Copyright (c) 2005-2007, Jon Abernathy <jon@chuggnutt.com>            |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
+ |                                                                       |
+ | PURPOSE:                                                              |
+ |   Converts HTML to formatted plain text (based on html2text class)    |
+ +-----------------------------------------------------------------------+
+ | Author: Thomas Bruederli <roundcube@gmail.com>                        |
+ | Author: Aleksander Machniak <alec@alec.pl>                            |
+ | Author: Jon Abernathy <jon@chuggnutt.com>                             |
+ +-----------------------------------------------------------------------+
+ */
+
+/**
+ *  Takes HTML and converts it to formatted, plain text.
+ *
+ *  Thanks to Alexander Krug (http://www.krugar.de/) to pointing out and
+ *  correcting an error in the regexp search array. Fixed 7/30/03.
+ *
+ *  Updated set_html() function's file reading mechanism, 9/25/03.
+ *
+ *  Thanks to Joss Sanglier (http://www.dancingbear.co.uk/) for adding
+ *  several more HTML entity codes to the $search and $replace arrays.
+ *  Updated 11/7/03.
+ *
+ *  Thanks to Darius Kasperavicius (http://www.dar.dar.lt/) for
+ *  suggesting the addition of $allowed_tags and its supporting function
+ *  (which I slightly modified). Updated 3/12/04.
+ *
+ *  Thanks to Justin Dearing for pointing out that a replacement for the
+ *  <TH> tag was missing, and suggesting an appropriate fix.
+ *  Updated 8/25/04.
+ *
+ *  Thanks to Mathieu Collas (http://www.myefarm.com/) for finding a
+ *  display/formatting bug in the _build_link_list() function: email
+ *  readers would show the left bracket and number ("[1") as part of the
+ *  rendered email address.
+ *  Updated 12/16/04.
+ *
+ *  Thanks to Wojciech Bajon (http://histeria.pl/) for submitting code
+ *  to handle relative links, which I hadn't considered. I modified his
+ *  code a bit to handle normal HTTP links and MAILTO links. Also for
+ *  suggesting three additional HTML entity codes to search for.
+ *  Updated 03/02/05.
+ *
+ *  Thanks to Jacob Chandler for pointing out another link condition
+ *  for the _build_link_list() function: "https".
+ *  Updated 04/06/05.
+ *
+ *  Thanks to Marc Bertrand (http://www.dresdensky.com/) for
+ *  suggesting a revision to the word wrapping functionality; if you
+ *  specify a $width of 0 or less, word wrapping will be ignored.
+ *  Updated 11/02/06.
+ *
+ *  *** Big housecleaning updates below:
+ *
+ *  Thanks to Colin Brown (http://www.sparkdriver.co.uk/) for
+ *  suggesting the fix to handle </li> and blank lines (whitespace).
+ *  Christian Basedau (http://www.movetheweb.de/) also suggested the
+ *  blank lines fix.
+ *
+ *  Special thanks to Marcus Bointon (http://www.synchromedia.co.uk/),
+ *  Christian Basedau, Norbert Laposa (http://ln5.co.uk/),
+ *  Bas van de Weijer, and Marijn van Butselaar
+ *  for pointing out my glaring error in the <th> handling. Marcus also
+ *  supplied a host of fixes.
+ *
+ *  Thanks to Jeffrey Silverman (http://www.newtnotes.com/) for pointing
+ *  out that extra spaces should be compressed--a problem addressed with
+ *  Marcus Bointon's fixes but that I had not yet incorporated.
+ *
+ *  Thanks to Daniel Schledermann (http://www.typoconsult.dk/) for
+ *  suggesting a valuable fix with <a> tag handling.
+ *
+ *  Thanks to Wojciech Bajon (again!) for suggesting fixes and additions,
+ *  including the <a> tag handling that Daniel Schledermann pointed
+ *  out but that I had not yet incorporated. I haven't (yet)
+ *  incorporated all of Wojciech's changes, though I may at some
+ *  future time.
+ *
+ *  *** End of the housecleaning updates. Updated 08/08/07.
+ */
+
+/**
+ * Converts HTML to formatted plain text
+ *
+ * @package    Framework
+ * @subpackage Utils
+ */
+class rcube_html2text
+{
+    /**
+     * Contains the HTML content to convert.
+     *
+     * @var string $html
+     */
+    protected $html;
+
+    /**
+     * Contains the converted, formatted text.
+     *
+     * @var string $text
+     */
+    protected $text;
+
+    /**
+     * Maximum width of the formatted text, in columns.
+     *
+     * Set this value to 0 (or less) to ignore word wrapping
+     * and not constrain text to a fixed-width column.
+     *
+     * @var integer $width
+     */
+    protected $width = 70;
+
+    /**
+     * Target character encoding for output text
+     *
+     * @var string $charset
+     */
+    protected $charset = 'UTF-8';
+
+    /**
+     * List of preg* regular expression patterns to search for,
+     * used in conjunction with $replace.
+     *
+     * @var array $search
+     * @see $replace
+     */
+    protected $search = array(
+        "/\r/",                                  // Non-legal carriage return
+        "/[\n\t]+/",                             // Newlines and tabs
+        '/<head[^>]*>.*?<\/head>/i',             // <head>
+        '/<script[^>]*>.*?<\/script>/i',         // <script>s -- which strip_tags supposedly has problems with
+        '/<style[^>]*>.*?<\/style>/i',           // <style>s -- which strip_tags supposedly has problems with
+        '/<p[^>]*>/i',                           // <P>
+        '/<br[^>]*>/i',                          // <br>
+        '/<i[^>]*>(.*?)<\/i>/i',                 // <i>
+        '/<em[^>]*>(.*?)<\/em>/i',               // <em>
+        '/(<ul[^>]*>|<\/ul>)/i',                 // <ul> and </ul>
+        '/(<ol[^>]*>|<\/ol>)/i',                 // <ol> and </ol>
+        '/<li[^>]*>(.*?)<\/li>/i',               // <li> and </li>
+        '/<li[^>]*>/i',                          // <li>
+        '/<hr[^>]*>/i',                          // <hr>
+        '/<div[^>]*>/i',                         // <div>
+        '/(<table[^>]*>|<\/table>)/i',           // <table> and </table>
+        '/(<tr[^>]*>|<\/tr>)/i',                 // <tr> and </tr>
+        '/<td[^>]*>(.*?)<\/td>/i',               // <td> and </td>
+    );
+
+    /**
+     * List of pattern replacements corresponding to patterns searched.
+     *
+     * @var array $replace
+     * @see $search
+     */
+    protected $replace = array(
+        '',                                     // Non-legal carriage return
+        ' ',                                    // Newlines and tabs
+        '',                                     // <head>
+        '',                                     // <script>s -- which strip_tags supposedly has problems with
+        '',                                     // <style>s -- which strip_tags supposedly has problems with
+        "\n\n",                                 // <P>
+        "\n",                                   // <br>
+        '_\\1_',                                // <i>
+        '_\\1_',                                // <em>
+        "\n\n",                                 // <ul> and </ul>
+        "\n\n",                                 // <ol> and </ol>
+        "\t* \\1\n",                            // <li> and </li>
+        "\n\t* ",                               // <li>
+        "\n-------------------------\n",        // <hr>
+        "<div>\n",                              // <div>
+        "\n\n",                                 // <table> and </table>
+        "\n",                                   // <tr> and </tr>
+        "\t\t\\1\n",                            // <td> and </td>
+    );
+
+    /**
+     * List of preg* regular expression patterns to search for,
+     * used in conjunction with $ent_replace.
+     *
+     * @var array $ent_search
+     * @see $ent_replace
+     */
+    protected $ent_search = array(
+        '/&(nbsp|#160);/i',                      // Non-breaking space
+        '/&(quot|rdquo|ldquo|#8220|#8221|#147|#148);/i',
+                                         // Double quotes
+        '/&(apos|rsquo|lsquo|#8216|#8217);/i',   // Single quotes
+        '/&gt;/i',                               // Greater-than
+        '/&lt;/i',                               // Less-than
+        '/&(copy|#169);/i',                      // Copyright
+        '/&(trade|#8482|#153);/i',               // Trademark
+        '/&(reg|#174);/i',                       // Registered
+        '/&(mdash|#151|#8212);/i',               // mdash
+        '/&(ndash|minus|#8211|#8722);/i',        // ndash
+        '/&(bull|#149|#8226);/i',                // Bullet
+        '/&(pound|#163);/i',                     // Pound sign
+        '/&(euro|#8364);/i',                     // Euro sign
+        '/&(amp|#38);/i',                        // Ampersand: see _converter()
+        '/[ ]{2,}/',                             // Runs of spaces, post-handling
+    );
+
+    /**
+     * List of pattern replacements corresponding to patterns searched.
+     *
+     * @var array $ent_replace
+     * @see $ent_search
+     */
+    protected $ent_replace = array(
+        ' ',                                    // Non-breaking space
+        '"',                                    // Double quotes
+        "'",                                    // Single quotes
+        '>',
+        '<',
+        '(c)',
+        '(tm)',
+        '(R)',
+        '--',
+        '-',
+        '*',
+        '£',
+        'EUR',                                  // Euro sign. � ?
+        '|+|amp|+|',                            // Ampersand: see _converter()
+        ' ',                                    // Runs of spaces, post-handling
+    );
+
+    /**
+     * List of preg* regular expression patterns to search for
+     * and replace using callback function.
+     *
+     * @var array $callback_search
+     */
+    protected $callback_search = array(
+        '/<(a) [^>]*href=("|\')([^"\']+)\2[^>]*>(.*?)<\/a>/i', // <a href="">
+        '/<(h)[123456]( [^>]*)?>(.*?)<\/h[123456]>/i',         // h1 - h6
+        '/<(b)( [^>]*)?>(.*?)<\/b>/i',                         // <b>
+        '/<(strong)( [^>]*)?>(.*?)<\/strong>/i',               // <strong>
+        '/<(th)( [^>]*)?>(.*?)<\/th>/i',                       // <th> and </th>
+    );
+
+   /**
+    * List of preg* regular expression patterns to search for in PRE body,
+    * used in conjunction with $pre_replace.
+    *
+    * @var array $pre_search
+    * @see $pre_replace
+    */
+    protected $pre_search = array(
+        "/\n/",
+        "/\t/",
+        '/ /',
+        '/<pre[^>]*>/',
+        '/<\/pre>/'
+    );
+
+    /**
+     * List of pattern replacements corresponding to patterns searched for PRE body.
+     *
+     * @var array $pre_replace
+     * @see $pre_search
+     */
+    protected $pre_replace = array(
+        '<br>',
+        '&nbsp;&nbsp;&nbsp;&nbsp;',
+        '&nbsp;',
+        '',
+        ''
+    );
+
+    /**
+     * Contains a list of HTML tags to allow in the resulting text.
+     *
+     * @var string $allowed_tags
+     * @see set_allowed_tags()
+     */
+    protected $allowed_tags = '';
+
+    /**
+     * Contains the base URL that relative links should resolve to.
+     *
+     * @var string $url
+     */
+    protected $url;
+
+    /**
+     * Indicates whether content in the $html variable has been converted yet.
+     *
+     * @var boolean $_converted
+     * @see $html, $text
+     */
+    protected $_converted = false;
+
+    /**
+     * Contains URL addresses from links to be rendered in plain text.
+     *
+     * @var array $_link_list
+     * @see _build_link_list()
+     */
+    protected $_link_list = array();
+
+    /**
+     * Boolean flag, true if a table of link URLs should be listed after the text.
+     *
+     * @var boolean $_do_links
+     * @see __construct()
+     */
+    protected $_do_links = true;
+
+    /**
+     * Constructor.
+     *
+     * If the HTML source string (or file) is supplied, the class
+     * will instantiate with that source propagated, all that has
+     * to be done it to call get_text().
+     *
+     * @param string $source HTML content
+     * @param boolean $from_file Indicates $source is a file to pull content from
+     * @param boolean $do_links Indicate whether a table of link URLs is desired
+     * @param integer $width Maximum width of the formatted text, 0 for no limit
+     */
+    function __construct($source = '', $from_file = false, $do_links = true, $width = 75, $charset = 'UTF-8')
+    {
+        if (!empty($source)) {
+            $this->set_html($source, $from_file);
+        }
+
+        $this->set_base_url();
+
+        $this->_do_links = $do_links;
+        $this->width     = $width;
+        $this->charset   = $charset;
+    }
+
+    /**
+     * Loads source HTML into memory, either from $source string or a file.
+     *
+     * @param string $source HTML content
+     * @param boolean $from_file Indicates $source is a file to pull content from
+     */
+    function set_html($source, $from_file = false)
+    {
+        if ($from_file && file_exists($source)) {
+            $this->html = file_get_contents($source);
+        }
+        else {
+            $this->html = $source;
+        }
+
+        $this->_converted = false;
+    }
+
+    /**
+     * Returns the text, converted from HTML.
+     *
+     * @return string Plain text
+     */
+    function get_text()
+    {
+        if (!$this->_converted) {
+            $this->_convert();
+        }
+
+        return $this->text;
+    }
+
+    /**
+     * Prints the text, converted from HTML.
+     */
+    function print_text()
+    {
+        print $this->get_text();
+    }
+
+    /**
+     * Sets the allowed HTML tags to pass through to the resulting text.
+     *
+     * Tags should be in the form "<p>", with no corresponding closing tag.
+     */
+    function set_allowed_tags($allowed_tags = '')
+    {
+        if (!empty($allowed_tags)) {
+            $this->allowed_tags = $allowed_tags;
+        }
+    }
+
+    /**
+     * Sets a base URL to handle relative links.
+     */
+    function set_base_url($url = '')
+    {
+        if (empty($url)) {
+            if (!empty($_SERVER['HTTP_HOST'])) {
+                $this->url = 'http://' . $_SERVER['HTTP_HOST'];
+            }
+            else {
+                $this->url = '';
+            }
+        }
+        else {
+            // Strip any trailing slashes for consistency (relative
+            // URLs may already start with a slash like "/file.html")
+            if (substr($url, -1) == '/') {
+                $url = substr($url, 0, -1);
+            }
+            $this->url = $url;
+        }
+    }
+
+    /**
+     * Workhorse function that does actual conversion (calls _converter() method).
+     */
+    protected function _convert()
+    {
+        // Variables used for building the link list
+        $this->_link_list = array();
+
+        $text = trim(stripslashes($this->html));
+
+        // Convert HTML to TXT
+        $this->_converter($text);
+
+        // Add link list
+        if (!empty($this->_link_list)) {
+            $text .= "\n\nLinks:\n------\n";
+            foreach ($this->_link_list as $idx => $url) {
+                $text .= '[' . ($idx+1) . '] ' . $url . "\n";
+            }
+        }
+
+        $this->text       = $text;
+        $this->_converted = true;
+    }
+
+    /**
+     * Workhorse function that does actual conversion.
+     *
+     * First performs custom tag replacement specified by $search and
+     * $replace arrays. Then strips any remaining HTML tags, reduces whitespace
+     * and newlines to a readable format, and word wraps the text to
+     * $width characters.
+     *
+     * @param string Reference to HTML content string
+     */
+    protected function _converter(&$text)
+    {
+        // Convert <BLOCKQUOTE> (before PRE!)
+        $this->_convert_blockquotes($text);
+
+        // Convert <PRE>
+        $this->_convert_pre($text);
+
+        // Run our defined tags search-and-replace
+        $text = preg_replace($this->search, $this->replace, $text);
+
+        // Run our defined tags search-and-replace with callback
+        $text = preg_replace_callback($this->callback_search, array($this, 'tags_preg_callback'), $text);
+
+        // Strip any other HTML tags
+        $text = strip_tags($text, $this->allowed_tags);
+
+        // Run our defined entities/characters search-and-replace
+        $text = preg_replace($this->ent_search, $this->ent_replace, $text);
+
+        // Replace known html entities
+        $text = html_entity_decode($text, ENT_QUOTES, $this->charset);
+
+        // Remove unknown/unhandled entities (this cannot be done in search-and-replace block)
+        $text = preg_replace('/&([a-zA-Z0-9]{2,6}|#[0-9]{2,4});/', '', $text);
+
+        // Convert "|+|amp|+|" into "&", need to be done after handling of unknown entities
+        // This properly handles situation of "&amp;quot;" in input string
+        $text = str_replace('|+|amp|+|', '&', $text);
+
+        // Bring down number of empty lines to 2 max
+        $text = preg_replace("/\n\s+\n/", "\n\n", $text);
+        $text = preg_replace("/[\n]{3,}/", "\n\n", $text);
+
+        // remove leading empty lines (can be produced by eg. P tag on the beginning)
+        $text = ltrim($text, "\n");
+
+        // Wrap the text to a readable format
+        // for PHP versions >= 4.0.2. Default width is 75
+        // If width is 0 or less, don't wrap the text.
+        if ( $this->width > 0 ) {
+            $text = wordwrap($text, $this->width);
+        }
+    }
+
+    /**
+     * Helper function called by preg_replace() on link replacement.
+     *
+     * Maintains an internal list of links to be displayed at the end of the
+     * text, with numeric indices to the original point in the text they
+     * appeared. Also makes an effort at identifying and handling absolute
+     * and relative links.
+     *
+     * @param string $link URL of the link
+     * @param string $display Part of the text to associate number with
+     */
+    protected function _build_link_list( $link, $display )
+    {
+        if (!$this->_do_links || empty($link)) {
+            return $display;
+        }
+
+        // Ignored link types
+        if (preg_match('!^(javascript:|mailto:|#)!i', $link)) {
+            return $display;
+        }
+
+        if (preg_match('!^([a-z][a-z0-9.+-]+:)!i', $link)) {
+            $url = $link;
+        }
+        else {
+            $url = $this->url;
+            if (substr($link, 0, 1) != '/') {
+                $url .= '/';
+            }
+            $url .= "$link";
+        }
+
+        if (($index = array_search($url, $this->_link_list)) === false) {
+            $index = count($this->_link_list);
+            $this->_link_list[] = $url;
+        }
+
+        return $display . ' [' . ($index+1) . ']';
+    }
+
+    /**
+     * Helper function for PRE body conversion.
+     *
+     * @param string HTML content
+     */
+    protected function _convert_pre(&$text)
+    {
+        // get the content of PRE element
+        while (preg_match('/<pre[^>]*>(.*)<\/pre>/ismU', $text, $matches)) {
+            $this->pre_content = $matches[1];
+
+            // Run our defined tags search-and-replace with callback
+            $this->pre_content = preg_replace_callback($this->callback_search,
+                array($this, 'tags_preg_callback'), $this->pre_content);
+
+            // convert the content
+            $this->pre_content = sprintf('<div><br>%s<br></div>',
+                preg_replace($this->pre_search, $this->pre_replace, $this->pre_content));
+
+            // replace the content (use callback because content can contain $0 variable)
+            $text = preg_replace_callback('/<pre[^>]*>.*<\/pre>/ismU',
+                array($this, 'pre_preg_callback'), $text, 1);
+
+            // free memory
+            $this->pre_content = '';
+        }
+    }
+
+    /**
+     * Helper function for BLOCKQUOTE body conversion.
+     *
+     * @param string HTML content
+     */
+    protected function _convert_blockquotes(&$text)
+    {
+        if (preg_match_all('/<\/*blockquote[^>]*>/i', $text, $matches, PREG_OFFSET_CAPTURE)) {
+            $level = 0;
+            $diff = 0;
+            foreach ($matches[0] as $m) {
+                if ($m[0][0] == '<' && $m[0][1] == '/') {
+                    $level--;
+                    if ($level < 0) {
+                        $level = 0; // malformed HTML: go to next blockquote
+                    }
+                    else if ($level > 0) {
+                        // skip inner blockquote
+                    }
+                    else {
+                        $end  = $m[1];
+                        $len  = $end - $taglen - $start;
+                        // Get blockquote content
+                        $body = substr($text, $start + $taglen - $diff, $len);
+
+                        // Set text width
+                        $p_width = $this->width;
+                        if ($this->width > 0) $this->width -= 2;
+                        // Convert blockquote content
+                        $body = trim($body);
+                        $this->_converter($body);
+                        // Add citation markers and create PRE block
+                        $body = preg_replace('/((^|\n)>*)/', '\\1> ', trim($body));
+                        $body = '<pre>' . htmlspecialchars($body) . '</pre>';
+                        // Re-set text width
+                        $this->width = $p_width;
+                        // Replace content
+                        $text = substr($text, 0, $start - $diff)
+                            . $body . substr($text, $end + strlen($m[0]) - $diff);
+
+                        $diff = $len + $taglen + strlen($m[0]) - strlen($body);
+                        unset($body);
+                    }
+                }
+                else {
+                    if ($level == 0) {
+                        $start = $m[1];
+                        $taglen = strlen($m[0]);
+                    }
+                    $level ++;
+                }
+            }
+        }
+    }
+
+    /**
+     * Callback function for preg_replace_callback use.
+     *
+     * @param  array PREG matches
+     * @return string
+     */
+    public function tags_preg_callback($matches)
+    {
+        switch (strtolower($matches[1])) {
+        case 'b':
+        case 'strong':
+            return $this->_toupper($matches[3]);
+        case 'th':
+            return $this->_toupper("\t\t". $matches[3] ."\n");
+        case 'h':
+            return $this->_toupper("\n\n". $matches[3] ."\n\n");
+        case 'a':
+            // Remove spaces in URL (#1487805)
+            $url = str_replace(' ', '', $matches[3]);
+            return $this->_build_link_list($url, $matches[4]);
+        }
+    }
+
+    /**
+     * Callback function for preg_replace_callback use in PRE content handler.
+     *
+     * @param array PREG matches
+     * @return string
+     */
+    public function pre_preg_callback($matches)
+    {
+        return $this->pre_content;
+    }
+
+    /**
+     * Strtoupper function with HTML tags and entities handling.
+     *
+     * @param string $str Text to convert
+     * @return string Converted text
+     */
+    private function _toupper($str)
+    {
+        // string can containg HTML tags
+        $chunks = preg_split('/(<[^>]*>)/', $str, null, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
+
+        // convert toupper only the text between HTML tags
+        foreach ($chunks as $idx => $chunk) {
+            if ($chunk[0] != '<') {
+                $chunks[$idx] = $this->_strtoupper($chunk);
+            }
+        }
+
+        return implode($chunks);
+    }
+
+    /**
+     * Strtoupper multibyte wrapper function with HTML entities handling.
+     *
+     * @param string $str Text to convert
+     * @return string Converted text
+     */
+    private function _strtoupper($str)
+    {
+        $str = html_entity_decode($str, ENT_COMPAT, $this->charset);
+        $str = mb_strtoupper($str);
+        $str = htmlspecialchars($str, ENT_COMPAT, $this->charset);
+
+        return $str;
+    }
+}
diff --git a/program/lib/Roundcube/rcube_message.php b/program/lib/Roundcube/rcube_message.php
index c45dbfcd0..9fea8382a 100644
--- a/program/lib/Roundcube/rcube_message.php
+++ b/program/lib/Roundcube/rcube_message.php
@@ -272,7 +272,7 @@ class rcube_message
                 $out = $this->get_part_content($mime_id);
 
                 // create instance of html2text class
-                $txt = new html2text($out);
+                $txt = new rcube_html2text($out);
                 return $txt->get_text();
             }
         }
diff --git a/program/lib/Roundcube/rcube_spellchecker.php b/program/lib/Roundcube/rcube_spellchecker.php
index e9e1ceb0f..3d4d3a3d6 100644
--- a/program/lib/Roundcube/rcube_spellchecker.php
+++ b/program/lib/Roundcube/rcube_spellchecker.php
@@ -443,7 +443,7 @@ class rcube_spellchecker
 
     private function html2text($text)
     {
-        $h2t = new html2text($text, false, true, 0);
+        $h2t = new rcube_html2text($text, false, true, 0);
         return $h2t->get_text();
     }
 
diff --git a/program/lib/html2text.php b/program/lib/html2text.php
deleted file mode 100644
index 34c719302..000000000
--- a/program/lib/html2text.php
+++ /dev/null
@@ -1,755 +0,0 @@
-<?php
-
-/*************************************************************************
- *                                                                       *
- * class.html2text.inc                                                   *
- *                                                                       *
- *************************************************************************
- *                                                                       *
- * Converts HTML to formatted plain text                                 *
- *                                                                       *
- * Copyright (c) 2005-2007 Jon Abernathy <jon@chuggnutt.com>             *
- * All rights reserved.                                                  *
- *                                                                       *
- * This script is free software; you can redistribute it and/or modify   *
- * it under the terms of the GNU General Public License as published by  *
- * the Free Software Foundation; either version 2 of the License, or     *
- * (at your option) any later version.                                   *
- *                                                                       *
- * The GNU General Public License can be found at                        *
- * http://www.gnu.org/copyleft/gpl.html.                                 *
- *                                                                       *
- * This script is distributed in the hope that it will be useful,        *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the          *
- * GNU General Public License for more details.                          *
- *                                                                       *
- * Author(s): Jon Abernathy <jon@chuggnutt.com>                          *
- *                                                                       *
- * Last modified: 08/08/07                                               *
- *                                                                       *
- *************************************************************************/
-
-
-/**
- *  Takes HTML and converts it to formatted, plain text.
- *
- *  Thanks to Alexander Krug (http://www.krugar.de/) to pointing out and
- *  correcting an error in the regexp search array. Fixed 7/30/03.
- *
- *  Updated set_html() function's file reading mechanism, 9/25/03.
- *
- *  Thanks to Joss Sanglier (http://www.dancingbear.co.uk/) for adding
- *  several more HTML entity codes to the $search and $replace arrays.
- *  Updated 11/7/03.
- *
- *  Thanks to Darius Kasperavicius (http://www.dar.dar.lt/) for
- *  suggesting the addition of $allowed_tags and its supporting function
- *  (which I slightly modified). Updated 3/12/04.
- *
- *  Thanks to Justin Dearing for pointing out that a replacement for the
- *  <TH> tag was missing, and suggesting an appropriate fix.
- *  Updated 8/25/04.
- *
- *  Thanks to Mathieu Collas (http://www.myefarm.com/) for finding a
- *  display/formatting bug in the _build_link_list() function: email
- *  readers would show the left bracket and number ("[1") as part of the
- *  rendered email address.
- *  Updated 12/16/04.
- *
- *  Thanks to Wojciech Bajon (http://histeria.pl/) for submitting code
- *  to handle relative links, which I hadn't considered. I modified his
- *  code a bit to handle normal HTTP links and MAILTO links. Also for
- *  suggesting three additional HTML entity codes to search for.
- *  Updated 03/02/05.
- *
- *  Thanks to Jacob Chandler for pointing out another link condition
- *  for the _build_link_list() function: "https".
- *  Updated 04/06/05.
- *
- *  Thanks to Marc Bertrand (http://www.dresdensky.com/) for
- *  suggesting a revision to the word wrapping functionality; if you
- *  specify a $width of 0 or less, word wrapping will be ignored.
- *  Updated 11/02/06.
- *
- *  *** Big housecleaning updates below:
- *
- *  Thanks to Colin Brown (http://www.sparkdriver.co.uk/) for
- *  suggesting the fix to handle </li> and blank lines (whitespace).
- *  Christian Basedau (http://www.movetheweb.de/) also suggested the
- *  blank lines fix.
- *
- *  Special thanks to Marcus Bointon (http://www.synchromedia.co.uk/),
- *  Christian Basedau, Norbert Laposa (http://ln5.co.uk/),
- *  Bas van de Weijer, and Marijn van Butselaar
- *  for pointing out my glaring error in the <th> handling. Marcus also
- *  supplied a host of fixes.
- *
- *  Thanks to Jeffrey Silverman (http://www.newtnotes.com/) for pointing
- *  out that extra spaces should be compressed--a problem addressed with
- *  Marcus Bointon's fixes but that I had not yet incorporated.
- *
- *  Thanks to Daniel Schledermann (http://www.typoconsult.dk/) for
- *  suggesting a valuable fix with <a> tag handling.
- *
- *  Thanks to Wojciech Bajon (again!) for suggesting fixes and additions,
- *  including the <a> tag handling that Daniel Schledermann pointed
- *  out but that I had not yet incorporated. I haven't (yet)
- *  incorporated all of Wojciech's changes, though I may at some
- *  future time.
- *
- *  *** End of the housecleaning updates. Updated 08/08/07.
- *
- *  @author Jon Abernathy <jon@chuggnutt.com>
- *  @version 1.0.0
- *  @since PHP 4.0.2
- */
-class html2text
-{
-
-    /**
-     *  Contains the HTML content to convert.
-     *
-     *  @var string $html
-     *  @access public
-     */
-    var $html;
-
-    /**
-     *  Contains the converted, formatted text.
-     *
-     *  @var string $text
-     *  @access public
-     */
-    var $text;
-
-    /**
-     *  Maximum width of the formatted text, in columns.
-     *
-     *  Set this value to 0 (or less) to ignore word wrapping
-     *  and not constrain text to a fixed-width column.
-     *
-     *  @var integer $width
-     *  @access public
-     */
-    var $width = 70;
-
-    /**
-     *  Target character encoding for output text
-     *
-     *  @var string $charset
-     *  @access public
-     */
-    var $charset = 'UTF-8';
-
-    /**
-     *  List of preg* regular expression patterns to search for,
-     *  used in conjunction with $replace.
-     *
-     *  @var array $search
-     *  @access public
-     *  @see $replace
-     */
-    var $search = array(
-        "/\r/",                                  // Non-legal carriage return
-        "/[\n\t]+/",                             // Newlines and tabs
-        '/<head[^>]*>.*?<\/head>/i',             // <head>
-        '/<script[^>]*>.*?<\/script>/i',         // <script>s -- which strip_tags supposedly has problems with
-        '/<style[^>]*>.*?<\/style>/i',           // <style>s -- which strip_tags supposedly has problems with
-        '/<p[^>]*>/i',                           // <P>
-        '/<br[^>]*>/i',                          // <br>
-        '/<i[^>]*>(.*?)<\/i>/i',                 // <i>
-        '/<em[^>]*>(.*?)<\/em>/i',               // <em>
-        '/(<ul[^>]*>|<\/ul>)/i',                 // <ul> and </ul>
-        '/(<ol[^>]*>|<\/ol>)/i',                 // <ol> and </ol>
-        '/<li[^>]*>(.*?)<\/li>/i',               // <li> and </li>
-        '/<li[^>]*>/i',                          // <li>
-        '/<hr[^>]*>/i',                          // <hr>
-        '/<div[^>]*>/i',                         // <div>
-        '/(<table[^>]*>|<\/table>)/i',           // <table> and </table>
-        '/(<tr[^>]*>|<\/tr>)/i',                 // <tr> and </tr>
-        '/<td[^>]*>(.*?)<\/td>/i',               // <td> and </td>
-    );
-
-    /**
-     *  List of pattern replacements corresponding to patterns searched.
-     *
-     *  @var array $replace
-     *  @access public
-     *  @see $search
-     */
-    var $replace = array(
-        '',                                     // Non-legal carriage return
-        ' ',                                    // Newlines and tabs
-        '',                                     // <head>
-        '',                                     // <script>s -- which strip_tags supposedly has problems with
-        '',                                     // <style>s -- which strip_tags supposedly has problems with
-        "\n\n",                                 // <P>
-        "\n",                                   // <br>
-        '_\\1_',                                // <i>
-        '_\\1_',                                // <em>
-        "\n\n",                                 // <ul> and </ul>
-        "\n\n",                                 // <ol> and </ol>
-        "\t* \\1\n",                            // <li> and </li>
-        "\n\t* ",                               // <li>
-        "\n-------------------------\n",        // <hr>
-        "<div>\n",                              // <div>
-        "\n\n",                                 // <table> and </table>
-        "\n",                                   // <tr> and </tr>
-        "\t\t\\1\n",                            // <td> and </td>
-    );
-
-    /**
-     *  List of preg* regular expression patterns to search for,
-     *  used in conjunction with $ent_replace.
-     *
-     *  @var array $ent_search
-     *  @access public
-     *  @see $ent_replace
-     */
-    var $ent_search = array(
-        '/&(nbsp|#160);/i',                      // Non-breaking space
-        '/&(quot|rdquo|ldquo|#8220|#8221|#147|#148);/i',
-                                         // Double quotes
-        '/&(apos|rsquo|lsquo|#8216|#8217);/i',   // Single quotes
-        '/&gt;/i',                               // Greater-than
-        '/&lt;/i',                               // Less-than
-        '/&(copy|#169);/i',                      // Copyright
-        '/&(trade|#8482|#153);/i',               // Trademark
-        '/&(reg|#174);/i',                       // Registered
-        '/&(mdash|#151|#8212);/i',               // mdash
-        '/&(ndash|minus|#8211|#8722);/i',        // ndash
-        '/&(bull|#149|#8226);/i',                // Bullet
-        '/&(pound|#163);/i',                     // Pound sign
-        '/&(euro|#8364);/i',                     // Euro sign
-        '/&(amp|#38);/i',                        // Ampersand: see _converter()
-        '/[ ]{2,}/',                             // Runs of spaces, post-handling
-    );
-
-    /**
-     *  List of pattern replacements corresponding to patterns searched.
-     *
-     *  @var array $ent_replace
-     *  @access public
-     *  @see $ent_search
-     */
-    var $ent_replace = array(
-        ' ',                                    // Non-breaking space
-        '"',                                    // Double quotes
-        "'",                                    // Single quotes
-        '>',
-        '<',
-        '(c)',
-        '(tm)',
-        '(R)',
-        '--',
-        '-',
-        '*',
-        '£',
-        'EUR',                                  // Euro sign. � ?
-        '|+|amp|+|',                            // Ampersand: see _converter()
-        ' ',                                    // Runs of spaces, post-handling
-    );
-
-    /**
-     *  List of preg* regular expression patterns to search for
-     *  and replace using callback function.
-     *
-     *  @var array $callback_search
-     *  @access public
-     */
-    var $callback_search = array(
-        '/<(a) [^>]*href=("|\')([^"\']+)\2[^>]*>(.*?)<\/a>/i', // <a href="">
-        '/<(h)[123456]( [^>]*)?>(.*?)<\/h[123456]>/i',         // h1 - h6
-        '/<(b)( [^>]*)?>(.*?)<\/b>/i',                         // <b>
-        '/<(strong)( [^>]*)?>(.*?)<\/strong>/i',               // <strong>
-        '/<(th)( [^>]*)?>(.*?)<\/th>/i',                       // <th> and </th>
-    );
-
-   /**
-    *  List of preg* regular expression patterns to search for in PRE body,
-    *  used in conjunction with $pre_replace.
-    *
-    *  @var array $pre_search
-    *  @access public
-    *  @see $pre_replace
-    */
-    var $pre_search = array(
-        "/\n/",
-        "/\t/",
-        '/ /',
-        '/<pre[^>]*>/',
-        '/<\/pre>/'
-    );
-
-    /**
-     *  List of pattern replacements corresponding to patterns searched for PRE body.
-     *
-     *  @var array $pre_replace
-     *  @access public
-     *  @see $pre_search
-     */
-    var $pre_replace = array(
-        '<br>',
-        '&nbsp;&nbsp;&nbsp;&nbsp;',
-        '&nbsp;',
-        '',
-        ''
-    );
-
-    /**
-     *  Contains a list of HTML tags to allow in the resulting text.
-     *
-     *  @var string $allowed_tags
-     *  @access public
-     *  @see set_allowed_tags()
-     */
-    var $allowed_tags = '';
-
-    /**
-     *  Contains the base URL that relative links should resolve to.
-     *
-     *  @var string $url
-     *  @access public
-     */
-    var $url;
-
-    /**
-     *  Indicates whether content in the $html variable has been converted yet.
-     *
-     *  @var boolean $_converted
-     *  @access private
-     *  @see $html, $text
-     */
-    var $_converted = false;
-
-    /**
-     *  Contains URL addresses from links to be rendered in plain text.
-     *
-     *  @var array $_link_list
-     *  @access private
-     *  @see _build_link_list()
-     */
-    var $_link_list = array();
-
-    /**
-     * Boolean flag, true if a table of link URLs should be listed after the text.
-     *
-     * @var boolean $_do_links
-     * @access private
-     * @see html2text()
-     */
-    var $_do_links = true;
-
-    /**
-     *  Constructor.
-     *
-     *  If the HTML source string (or file) is supplied, the class
-     *  will instantiate with that source propagated, all that has
-     *  to be done it to call get_text().
-     *
-     *  @param string $source HTML content
-     *  @param boolean $from_file Indicates $source is a file to pull content from
-     *  @param boolean $do_links Indicate whether a table of link URLs is desired
-     *  @param integer $width Maximum width of the formatted text, 0 for no limit
-     *  @access public
-     *  @return void
-     */
-    function html2text( $source = '', $from_file = false, $do_links = true, $width = 75, $charset = 'UTF-8' )
-    {
-        if ( !empty($source) ) {
-            $this->set_html($source, $from_file);
-        }
-
-        $this->set_base_url();
-        $this->_do_links = $do_links;
-        $this->width = $width;
-        $this->charset = $charset;
-    }
-
-    /**
-     *  Loads source HTML into memory, either from $source string or a file.
-     *
-     *  @param string $source HTML content
-     *  @param boolean $from_file Indicates $source is a file to pull content from
-     *  @access public
-     *  @return void
-     */
-    function set_html( $source, $from_file = false )
-    {
-        if ( $from_file && file_exists($source) ) {
-            $this->html = file_get_contents($source);
-        }
-        else
-            $this->html = $source;
-
-        $this->_converted = false;
-    }
-
-    /**
-     *  Returns the text, converted from HTML.
-     *
-     *  @access public
-     *  @return string
-     */
-    function get_text()
-    {
-        if ( !$this->_converted ) {
-            $this->_convert();
-        }
-
-        return $this->text;
-    }
-
-    /**
-     *  Prints the text, converted from HTML.
-     *
-     *  @access public
-     *  @return void
-     */
-    function print_text()
-    {
-        print $this->get_text();
-    }
-
-    /**
-     *  Alias to print_text(), operates identically.
-     *
-     *  @access public
-     *  @return void
-     *  @see print_text()
-     */
-    function p()
-    {
-        print $this->get_text();
-    }
-
-    /**
-     *  Sets the allowed HTML tags to pass through to the resulting text.
-     *
-     *  Tags should be in the form "<p>", with no corresponding closing tag.
-     *
-     *  @access public
-     *  @return void
-     */
-    function set_allowed_tags( $allowed_tags = '' )
-    {
-        if ( !empty($allowed_tags) ) {
-            $this->allowed_tags = $allowed_tags;
-        }
-    }
-
-    /**
-     *  Sets a base URL to handle relative links.
-     *
-     *  @access public
-     *  @return void
-     */
-    function set_base_url( $url = '' )
-    {
-        if ( empty($url) ) {
-            if ( !empty($_SERVER['HTTP_HOST']) ) {
-                $this->url = 'http://' . $_SERVER['HTTP_HOST'];
-            } else {
-                $this->url = '';
-            }
-        } else {
-            // Strip any trailing slashes for consistency (relative
-            // URLs may already start with a slash like "/file.html")
-            if ( substr($url, -1) == '/' ) {
-                $url = substr($url, 0, -1);
-            }
-            $this->url = $url;
-        }
-    }
-
-    /**
-     *  Workhorse function that does actual conversion (calls _converter() method).
-     *
-     *  @access private
-     *  @return void
-     */
-    function _convert()
-    {
-        // Variables used for building the link list
-        $this->_link_list = array();
-
-        $text = trim(stripslashes($this->html));
-
-        // Convert HTML to TXT
-        $this->_converter($text);
-
-        // Add link list
-        if (!empty($this->_link_list)) {
-            $text .= "\n\nLinks:\n------\n";
-            foreach ($this->_link_list as $idx => $url) {
-                $text .= '[' . ($idx+1) . '] ' . $url . "\n";
-            }
-        }
-
-        $this->text = $text;
-
-        $this->_converted = true;
-    }
-
-    /**
-     *  Workhorse function that does actual conversion.
-     *
-     *  First performs custom tag replacement specified by $search and
-     *  $replace arrays. Then strips any remaining HTML tags, reduces whitespace
-     *  and newlines to a readable format, and word wraps the text to
-     *  $width characters.
-     *
-     *  @param string Reference to HTML content string
-     *
-     *  @access private
-     *  @return void
-     */
-    function _converter(&$text)
-    {
-        // Convert <BLOCKQUOTE> (before PRE!)
-        $this->_convert_blockquotes($text);
-
-        // Convert <PRE>
-        $this->_convert_pre($text);
-
-        // Run our defined tags search-and-replace
-        $text = preg_replace($this->search, $this->replace, $text);
-
-        // Run our defined tags search-and-replace with callback
-        $text = preg_replace_callback($this->callback_search, array('html2text', '_preg_callback'), $text);
-
-        // Strip any other HTML tags
-        $text = strip_tags($text, $this->allowed_tags);
-
-        // Run our defined entities/characters search-and-replace
-        $text = preg_replace($this->ent_search, $this->ent_replace, $text);
-
-        // Replace known html entities
-        $text = html_entity_decode($text, ENT_QUOTES, $this->charset);
-
-        // Remove unknown/unhandled entities (this cannot be done in search-and-replace block)
-        $text = preg_replace('/&([a-zA-Z0-9]{2,6}|#[0-9]{2,4});/', '', $text);
-
-        // Convert "|+|amp|+|" into "&", need to be done after handling of unknown entities
-        // This properly handles situation of "&amp;quot;" in input string
-        $text = str_replace('|+|amp|+|', '&', $text);
-
-        // Bring down number of empty lines to 2 max
-        $text = preg_replace("/\n\s+\n/", "\n\n", $text);
-        $text = preg_replace("/[\n]{3,}/", "\n\n", $text);
-
-        // remove leading empty lines (can be produced by eg. P tag on the beginning)
-        $text = ltrim($text, "\n");
-
-        // Wrap the text to a readable format
-        // for PHP versions >= 4.0.2. Default width is 75
-        // If width is 0 or less, don't wrap the text.
-        if ( $this->width > 0 ) {
-            $text = wordwrap($text, $this->width);
-        }
-    }
-
-    /**
-     *  Helper function called by preg_replace() on link replacement.
-     *
-     *  Maintains an internal list of links to be displayed at the end of the
-     *  text, with numeric indices to the original point in the text they
-     *  appeared. Also makes an effort at identifying and handling absolute
-     *  and relative links.
-     *
-     *  @param string $link URL of the link
-     *  @param string $display Part of the text to associate number with
-     *  @access private
-     *  @return string
-     */
-    function _build_link_list( $link, $display )
-    {
-        if (!$this->_do_links || empty($link)) {
-            return $display;
-        }
-
-        // Ignored link types
-        if (preg_match('!^(javascript:|mailto:|#)!i', $link)) {
-            return $display;
-        }
-
-        if (preg_match('!^([a-z][a-z0-9.+-]+:)!i', $link)) {
-            $url = $link;
-        }
-        else {
-            $url = $this->url;
-            if (substr($link, 0, 1) != '/') {
-                $url .= '/';
-            }
-            $url .= "$link";
-        }
-
-        if (($index = array_search($url, $this->_link_list)) === false) {
-            $index = count($this->_link_list);
-            $this->_link_list[] = $url;
-        }
-
-        return $display . ' [' . ($index+1) . ']';
-    }
-
-    /**
-     *  Helper function for PRE body conversion.
-     *
-     *  @param string HTML content
-     *  @access private
-     */
-    function _convert_pre(&$text)
-    {
-        // get the content of PRE element
-        while (preg_match('/<pre[^>]*>(.*)<\/pre>/ismU', $text, $matches)) {
-            $this->pre_content = $matches[1];
-
-            // Run our defined tags search-and-replace with callback
-            $this->pre_content = preg_replace_callback($this->callback_search,
-                array('html2text', '_preg_callback'), $this->pre_content);
-
-            // convert the content
-            $this->pre_content = sprintf('<div><br>%s<br></div>',
-                preg_replace($this->pre_search, $this->pre_replace, $this->pre_content));
-
-            // replace the content (use callback because content can contain $0 variable)
-            $text = preg_replace_callback('/<pre[^>]*>.*<\/pre>/ismU',
-                array('html2text', '_preg_pre_callback'), $text, 1);
-
-            // free memory
-            $this->pre_content = '';
-        }
-    }
-
-    /**
-     *  Helper function for BLOCKQUOTE body conversion.
-     *
-     *  @param string HTML content
-     *  @access private
-     */
-    function _convert_blockquotes(&$text)
-    {
-        if (preg_match_all('/<\/*blockquote[^>]*>/i', $text, $matches, PREG_OFFSET_CAPTURE)) {
-            $level = 0;
-            $diff = 0;
-            foreach ($matches[0] as $m) {
-                if ($m[0][0] == '<' && $m[0][1] == '/') {
-                    $level--;
-                    if ($level < 0) {
-                        $level = 0; // malformed HTML: go to next blockquote
-                    }
-                    else if ($level > 0) {
-                        // skip inner blockquote
-                    }
-                    else {
-                        $end  = $m[1];
-                        $len  = $end - $taglen - $start;
-                        // Get blockquote content
-                        $body = substr($text, $start + $taglen - $diff, $len);
-
-                        // Set text width
-                        $p_width = $this->width;
-                        if ($this->width > 0) $this->width -= 2;
-                        // Convert blockquote content
-                        $body = trim($body);
-                        $this->_converter($body);
-                        // Add citation markers and create PRE block
-                        $body = preg_replace('/((^|\n)>*)/', '\\1> ', trim($body));
-                        $body = '<pre>' . htmlspecialchars($body) . '</pre>';
-                        // Re-set text width
-                        $this->width = $p_width;
-                        // Replace content
-                        $text = substr($text, 0, $start - $diff)
-                            . $body . substr($text, $end + strlen($m[0]) - $diff);
-
-                        $diff = $len + $taglen + strlen($m[0]) - strlen($body);
-                        unset($body);
-                    }
-                }
-                else {
-                    if ($level == 0) {
-                        $start = $m[1];
-                        $taglen = strlen($m[0]);
-                    }
-                    $level ++;
-                }
-            }
-        }
-    }
-
-    /**
-     *  Callback function for preg_replace_callback use.
-     *
-     *  @param  array PREG matches
-     *  @return string
-     */
-    private function _preg_callback($matches)
-    {
-        switch (strtolower($matches[1])) {
-        case 'b':
-        case 'strong':
-            return $this->_toupper($matches[3]);
-        case 'th':
-            return $this->_toupper("\t\t". $matches[3] ."\n");
-        case 'h':
-            return $this->_toupper("\n\n". $matches[3] ."\n\n");
-        case 'a':
-            // Remove spaces in URL (#1487805)
-            $url = str_replace(' ', '', $matches[3]);
-            return $this->_build_link_list($url, $matches[4]);
-        }
-    }
-
-    /**
-     *  Callback function for preg_replace_callback use in PRE content handler.
-     *
-     *  @param  array PREG matches
-     *  @return string
-     */
-    private function _preg_pre_callback($matches)
-    {
-        return $this->pre_content;
-    }
-
-    /**
-     * Strtoupper function with HTML tags and entities handling.
-     *
-     * @param string $str Text to convert
-     * @return string Converted text
-     */
-    private function _toupper($str)
-    {
-        // string can containg HTML tags
-        $chunks = preg_split('/(<[^>]*>)/', $str, null, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
-
-        // convert toupper only the text between HTML tags
-        foreach ($chunks as $idx => $chunk) {
-            if ($chunk[0] != '<') {
-                $chunks[$idx] = $this->_strtoupper($chunk);
-            }
-        }
-
-        return implode($chunks);
-    }
-
-    /**
-     * Strtoupper multibyte wrapper function with HTML entities handling.
-     *
-     * @param string $str Text to convert
-     * @return string Converted text
-     */
-    private function _strtoupper($str)
-    {
-        $str = html_entity_decode($str, ENT_COMPAT, $this->charset);
-
-        if (function_exists('mb_strtoupper'))
-            $str = mb_strtoupper($str);
-        else
-            $str = strtoupper($str);
-
-        $str = htmlspecialchars($str, ENT_COMPAT, $this->charset);
-
-        return $str;
-    }
-}
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index d07cf587f..379e920e5 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -470,7 +470,7 @@ function rcmail_compose_header_from($attrib)
         $text = $html = $sql_arr['signature'];
 
         if ($sql_arr['html_signature']) {
-            $h2t  = new html2text($sql_arr['signature'], false, false);
+            $h2t  = new rcube_html2text($sql_arr['signature'], false, false);
             $text = trim($h2t->get_text());
         }
         else {
@@ -667,7 +667,7 @@ function rcmail_compose_part_body($part, $isHtml = false)
             // use html part if it has been used for message (pre)viewing
             // decrease line length for quoting
             $len = $compose_mode == RCUBE_COMPOSE_REPLY ? $LINE_LENGTH-2 : $LINE_LENGTH;
-            $txt = new html2text($body, false, true, $len);
+            $txt = new rcube_html2text($body, false, true, $len);
             $body = $txt->get_text();
         }
         else if ($part->ctype_secondary == 'enriched') {
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 90f54cf1b..814adb64d 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -704,7 +704,7 @@ function rcmail_print_body($part, $p = array())
 
   // convert html to text/plain
   if ($data['type'] == 'html' && $data['plain']) {
-    $txt = new html2text($data['body'], false, true);
+    $txt = new rcube_html2text($data['body'], false, true);
     $body = $txt->get_text();
     $part->ctype_secondary = 'plain';
   }
diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc
index 36d850f8f..eb0ba89c6 100644
--- a/program/steps/mail/sendmail.inc
+++ b/program/steps/mail/sendmail.inc
@@ -559,7 +559,7 @@ if ($isHtml) {
   $plugin['body'] = rcmail_replace_emoticons($plugin['body']);
 
   // add a plain text version of the e-mail as an alternative part.
-  $h2t = new html2text($plugin['body'], false, true, 0, $message_charset);
+  $h2t = new rcube_html2text($plugin['body'], false, true, 0, $message_charset);
   $plainTextPart = rc_wordwrap($h2t->get_text(), $LINE_LENGTH, "\r\n", false, $message_charset);
   $plainTextPart = wordwrap($plainTextPart, 998, "\r\n", true);
 
diff --git a/program/steps/utils/html2text.inc b/program/steps/utils/html2text.inc
index e17665fec..c6481b197 100644
--- a/program/steps/utils/html2text.inc
+++ b/program/steps/utils/html2text.inc
@@ -24,10 +24,8 @@ $html = $HTTP_RAW_POST_DATA;
 // Replace emoticon images with its text representation
 $html = rcmail_replace_emoticons($html);
 
-$converter = new html2text($html, false, true, 0);
+$converter = new rcube_html2text($html, false, true, 0);
 
 header('Content-Type: text/plain; charset=UTF-8');
 print rtrim($converter->get_text());
 exit;
-
-
diff --git a/tests/Framework/Html2text.php b/tests/Framework/Html2text.php
new file mode 100644
index 000000000..1d8963878
--- /dev/null
+++ b/tests/Framework/Html2text.php
@@ -0,0 +1,59 @@
+<?php
+
+/**
+ * Test class to test rcube_html2text class
+ *
+ * @package Tests
+ */
+class rc_html2text extends PHPUnit_Framework_TestCase
+{
+
+    function data_html2text()
+    {
+        return array(
+            0 => array(
+                'title' => 'Test entry',
+                'in'    => '',
+                'out'   => '',
+            ),
+            1 => array(
+                'title' => 'Basic HTML entities',
+                'in'    => '&quot;&amp;',
+                'out'   => '"&',
+            ),
+            2 => array(
+                'title' => 'HTML entity string',
+                'in'    => '&amp;quot;',
+                'out'   => '&quot;',
+            ),
+            3 => array(
+                'title' => 'HTML entity in STRONG tag',
+                'in'    => '<strong>&#347;</strong>', // ś
+                'out'   => 'Ś', // upper ś
+            ),
+            4 => array(
+                'title' => 'STRONG tag to upper-case conversion',
+                'in'    => '<strong>ś</strong>',
+                'out'   => 'Ś',
+            ),
+            5 => array(
+                'title' => 'STRONG inside B tag',
+                'in'    => '<b><strong>&#347;</strong></b>',
+                'out'   => 'Ś',
+            ),
+        );
+    }
+
+    /**
+     * @dataProvider data_html2text
+     */
+    function test_html2text($title, $in, $out)
+    {
+        $ht = new rcube_html2text(null, false, false);
+
+        $ht->set_html($in);
+        $res = $ht->get_text();
+
+        $this->assertEquals($out, $res, $title);
+    }
+}
diff --git a/tests/HtmlToText.php b/tests/HtmlToText.php
deleted file mode 100644
index b90c61adf..000000000
--- a/tests/HtmlToText.php
+++ /dev/null
@@ -1,59 +0,0 @@
-<?php
-
-/**
- * Test class to test html2text class
- *
- * @package Tests
- */
-class HtmlToText extends PHPUnit_Framework_TestCase
-{
-
-    function data_html2text()
-    {
-        return array(
-            0 => array(
-                'title' => 'Test entry',
-                'in'    => '',
-                'out'   => '',
-            ),
-            1 => array(
-                'title' => 'Basic HTML entities',
-                'in'    => '&quot;&amp;',
-                'out'   => '"&',
-            ),
-            2 => array(
-                'title' => 'HTML entity string',
-                'in'    => '&amp;quot;',
-                'out'   => '&quot;',
-            ),
-            3 => array(
-                'title' => 'HTML entity in STRONG tag',
-                'in'    => '<strong>&#347;</strong>', // ś
-                'out'   => 'Ś', // upper ś
-            ),
-            4 => array(
-                'title' => 'STRONG tag to upper-case conversion',
-                'in'    => '<strong>ś</strong>',
-                'out'   => 'Ś',
-            ),
-            5 => array(
-                'title' => 'STRONG inside B tag',
-                'in'    => '<b><strong>&#347;</strong></b>',
-                'out'   => 'Ś',
-            ),
-        );
-    }
-
-    /**
-     * @dataProvider data_html2text
-     */
-    function test_html2text($title, $in, $out)
-    {
-        $ht = new html2text(null, false, false);
-
-        $ht->set_html($in);
-        $res = $ht->get_text();
-
-        $this->assertEquals($out, $res, $title);
-    }
-}
diff --git a/tests/phpunit.xml b/tests/phpunit.xml
index 627b4120d..5a858111b 100644
--- a/tests/phpunit.xml
+++ b/tests/phpunit.xml
@@ -12,6 +12,7 @@
             <file>Framework/Csv2vcard.php</file>
             <file>Framework/Enriched.php</file>
             <file>Framework/Html.php</file>
+            <file>Framework/Html2text.php</file>
             <file>Framework/Imap.php</file>
             <file>Framework/ImapGeneric.php</file>
             <file>Framework/Image.php</file>
@@ -29,7 +30,6 @@
             <file>Framework/Utils.php</file>
             <file>Framework/VCard.php</file>
             <file>Framework/Washtml.php</file>
-            <file>HtmlToText.php</file>
             <file>MailFunc.php</file>
         </testsuite>
         <testsuite name="Managesieve Tests">
-- 
cgit v1.2.3


From 2c777be5dd5741579736b4efcd629eee3eb25e20 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 5 Jan 2013 18:19:01 +0100
Subject: Add test for vCard issue (#1488896)

---
 tests/Framework/VCard.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'tests')

diff --git a/tests/Framework/VCard.php b/tests/Framework/VCard.php
index 79d297664..3bc01b186 100644
--- a/tests/Framework/VCard.php
+++ b/tests/Framework/VCard.php
@@ -50,6 +50,19 @@ class Framework_VCard extends PHPUnit_Framework_TestCase
         $this->assertRegExp('/TEL;TYPE=CELL:\+987654321/', $vcf, "Return CELL instead of MOBILE (set)");
     }
 
+    /**
+     * Backslash escaping test (#1488896)
+     */
+    function test_parse_four()
+    {
+        $vcard = "BEGIN:VCARD\nVERSION:3.0\nN:last\\;;first\\\\;middle;;\nFN:test\nEND:VCARD";
+        $vcard = new rcube_vcard($vcard, null);
+
+        $this->assertEquals("last;", $vcard->surname, "Decode backslash character");
+        $this->assertEquals("first\\", $vcard->firstname, "Decode backslash character");
+        $this->assertEquals("middle", $vcard->middlename, "Decode backslash character");
+    }
+
     function test_import()
     {
         $input = file_get_contents($this->_srcpath('apple.vcf'));
-- 
cgit v1.2.3


From 21106b3d1c1dc9dea14f2abc8e6a2d4073b91f65 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 5 Jan 2013 20:16:06 +0100
Subject: Fix handling of escaped separator in vCard file (#1488896)

---
 CHANGELOG                             |  1 +
 program/lib/Roundcube/rcube_vcard.php | 18 ++++++++++++------
 tests/Framework/VCard.php             | 10 ++++++----
 3 files changed, 19 insertions(+), 10 deletions(-)

(limited to 'tests')

diff --git a/CHANGELOG b/CHANGELOG
index 525aac44d..234c10c07 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix handling of escaped separator in vCard file (#1488896)
 - Fix #countcontrols issue in IE<=8 when text is very long (#1488890)
 - Add option to use envelope From address for MDN responses (#1488880)
 - Add possibility to search in message body only (#1488770)
diff --git a/program/lib/Roundcube/rcube_vcard.php b/program/lib/Roundcube/rcube_vcard.php
index e6fa5b248..c2b30af59 100644
--- a/program/lib/Roundcube/rcube_vcard.php
+++ b/program/lib/Roundcube/rcube_vcard.php
@@ -770,15 +770,21 @@ class rcube_vcard
      */
     private static function vcard_unquote($s, $sep = ';')
     {
-        // break string into parts separated by $sep, but leave escaped $sep alone
-        if (count($parts = explode($sep, strtr($s, array("\\$sep" => "\007")))) > 1) {
-            foreach($parts as $s) {
-                $result[] = self::vcard_unquote(strtr($s, array("\007" => "\\$sep")), $sep);
+        // break string into parts separated by $sep
+        if (!empty($sep)) {
+            // Handle properly backslash escaping (#1488896)
+            $rep1 = array("\\\\" => "\010", "\\$sep" => "\007");
+            $rep2 = array("\007" => "\\$sep", "\010" => "\\\\");
+
+            if (count($parts = explode($sep, strtr($s, $rep1))) > 1) {
+                foreach ($parts as $s) {
+                    $result[] = self::vcard_unquote(strtr($s, $rep2));
+                }
+                return $result;
             }
-            return $result;
         }
 
-        return strtr($s, array("\r" => '', '\\\\' => '\\', '\n' => "\n", '\N' => "\n", '\,' => ',', '\;' => ';', '\:' => ':'));
+        return strtr($s, array("\r" => '', '\\\\' => '\\', '\n' => "\n", '\N' => "\n", '\,' => ',', '\;' => ';'));
     }
 
     /**
diff --git a/tests/Framework/VCard.php b/tests/Framework/VCard.php
index 3bc01b186..15aa5d816 100644
--- a/tests/Framework/VCard.php
+++ b/tests/Framework/VCard.php
@@ -55,12 +55,14 @@ class Framework_VCard extends PHPUnit_Framework_TestCase
      */
     function test_parse_four()
     {
-        $vcard = "BEGIN:VCARD\nVERSION:3.0\nN:last\\;;first\\\\;middle;;\nFN:test\nEND:VCARD";
+        $vcard = "BEGIN:VCARD\nVERSION:3.0\nN:last\\;;first\\\\;middle\\\\\\;\\\\;prefix;\nFN:test\nEND:VCARD";
         $vcard = new rcube_vcard($vcard, null);
+        $vcard = $vcard->get_assoc();
 
-        $this->assertEquals("last;", $vcard->surname, "Decode backslash character");
-        $this->assertEquals("first\\", $vcard->firstname, "Decode backslash character");
-        $this->assertEquals("middle", $vcard->middlename, "Decode backslash character");
+        $this->assertEquals("last;", $vcard['surname'], "Decode backslash character");
+        $this->assertEquals("first\\", $vcard['firstname'], "Decode backslash character");
+        $this->assertEquals("middle\\;\\", $vcard['middlename'], "Decode backslash character");
+        $this->assertEquals("prefix", $vcard['prefix'], "Decode backslash character");
     }
 
     function test_import()
-- 
cgit v1.2.3


From a5b8ef99d4e26bdb00e9b74221f107767a084a6e Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sun, 6 Jan 2013 13:10:50 +0100
Subject: Improve charset detection by prioritizing charset according to user
 language (#1485669)

---
 CHANGELOG                               |  1 +
 program/lib/Roundcube/rcube.php         | 16 +++++++
 program/lib/Roundcube/rcube_charset.php | 85 +++++++++++++++++++++------------
 tests/Framework/Charset.php             | 18 +++++++
 4 files changed, 90 insertions(+), 30 deletions(-)

(limited to 'tests')

diff --git a/CHANGELOG b/CHANGELOG
index 234c10c07..dd249885d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Improve charset detection by prioritizing charset according to user language (#1485669)
 - Fix handling of escaped separator in vCard file (#1488896)
 - Fix #countcontrols issue in IE<=8 when text is very long (#1488890)
 - Add option to use envelope From address for MDN responses (#1488880)
diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php
index cde549052..a914ae65a 100644
--- a/program/lib/Roundcube/rcube.php
+++ b/program/lib/Roundcube/rcube.php
@@ -1258,6 +1258,22 @@ class rcube
             return $this->decrypt($_SESSION['password']);
         }
     }
+
+
+    /**
+     * Getter for logged user language code.
+     *
+     * @return string User language code
+     */
+    public function get_user_language()
+    {
+        if (is_object($this->user)) {
+            return $this->user->language;
+        }
+        else if (isset($_SESSION['language'])) {
+            return $_SESSION['language'];
+        }
+    }
 }
 
 
diff --git a/program/lib/Roundcube/rcube_charset.php b/program/lib/Roundcube/rcube_charset.php
index 968d1c4b8..a7f26a3f4 100644
--- a/program/lib/Roundcube/rcube_charset.php
+++ b/program/lib/Roundcube/rcube_charset.php
@@ -646,12 +646,13 @@ class rcube_charset
     /**
      * A method to guess character set of a string.
      *
-     * @param string $string    String.
-     * @param string $failover 	Default result for failover.
+     * @param string $string   String
+     * @param string $failover Default result for failover
+     * @param string $language User language
      *
      * @return string Charset name
      */
-    public static function detect($string, $failover='')
+    public static function detect($string, $failover = null, $language = null)
     {
         if (substr($string, 0, 4) == "\0\0\xFE\xFF") return 'UTF-32BE';  // Big Endian
         if (substr($string, 0, 4) == "\xFF\xFE\0\0") return 'UTF-32LE';  // Little Endian
@@ -666,38 +667,62 @@ class rcube_charset
         if ($string[0] != "\0" && $string[1] == "\0" && $string[2] != "\0" && $string[3] == "\0") return 'UTF-16LE';
 
         if (function_exists('mb_detect_encoding')) {
-            // FIXME: the order is important, because sometimes
-            // iso string is detected as euc-jp and etc.
-            $enc = array(
-                'UTF-8', 'SJIS', 'GB2312',
-                'ISO-8859-1', 'ISO-8859-2', 'ISO-8859-3', 'ISO-8859-4',
-                'ISO-8859-5', 'ISO-8859-6', 'ISO-8859-7', 'ISO-8859-8', 'ISO-8859-9',
-                'ISO-8859-10', 'ISO-8859-13', 'ISO-8859-14', 'ISO-8859-15', 'ISO-8859-16',
-                'WINDOWS-1252', 'WINDOWS-1251', 'EUC-JP', 'EUC-TW', 'KOI8-R', 'BIG5',
-                'ISO-2022-KR', 'ISO-2022-JP',
-            );
+            if (empty($language)) {
+                $rcube    = rcube::get_instance();
+                $language = $rcube->get_user_language();
+            }
+
+            // Prioritize charsets according to current language (#1485669)
+            switch ($language) {
+            case 'ja_JP': // for Japanese
+                $prio = array('ISO-2022-JP', 'JIS', 'UTF-8', 'EUC-JP', 'eucJP-win', 'SJIS', 'SJIS-win');
+                break;
+
+            case 'zh_CN': // for Chinese (Simplified)
+            case 'zh_TW': // for Chinese (Traditional)
+                $prio = array('UTF-8', 'BIG-5', 'GB2312', 'EUC-TW');
+                break;
+
+            case 'ko_KR': // for Korean
+                $prio = array('UTF-8', 'EUC-KR', 'ISO-2022-KR');
+                break;
+
+            case 'ru_RU': // for Russian
+                $prio = array('UTF-8', 'WINDOWS-1251', 'KOI8-R');
+                break;
 
-            $result = mb_detect_encoding($string, join(',', $enc));
+            default:
+                $prio = array('UTF-8', 'SJIS', 'GB2312',
+                    'ISO-8859-1', 'ISO-8859-2', 'ISO-8859-3', 'ISO-8859-4',
+                    'ISO-8859-5', 'ISO-8859-6', 'ISO-8859-7', 'ISO-8859-8', 'ISO-8859-9',
+                    'ISO-8859-10', 'ISO-8859-13', 'ISO-8859-14', 'ISO-8859-15', 'ISO-8859-16',
+                    'WINDOWS-1252', 'WINDOWS-1251', 'EUC-JP', 'EUC-TW', 'KOI8-R', 'BIG-5',
+                    'ISO-2022-KR', 'ISO-2022-JP',
+                );
+            }
+
+            $encodings = array_unique(array_merge($prio, mb_list_encodings()));
+
+            return mb_detect_encoding($string, $encodings);
         }
-        else {
-            // No match, check for UTF-8
-            // from http://w3.org/International/questions/qa-forms-utf-8.html
-            if (preg_match('/\A(
-                [\x09\x0A\x0D\x20-\x7E]
-                | [\xC2-\xDF][\x80-\xBF]
-                | \xE0[\xA0-\xBF][\x80-\xBF]
-                | [\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}
-                | \xED[\x80-\x9F][\x80-\xBF]
-                | \xF0[\x90-\xBF][\x80-\xBF]{2}
-                | [\xF1-\xF3][\x80-\xBF]{3}
-                | \xF4[\x80-\x8F][\x80-\xBF]{2}
-                )*\z/xs', substr($string, 0, 2048))
-            ) {
+
+        // No match, check for UTF-8
+        // from http://w3.org/International/questions/qa-forms-utf-8.html
+        if (preg_match('/\A(
+            [\x09\x0A\x0D\x20-\x7E]
+            | [\xC2-\xDF][\x80-\xBF]
+            | \xE0[\xA0-\xBF][\x80-\xBF]
+            | [\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}
+            | \xED[\x80-\x9F][\x80-\xBF]
+            | \xF0[\x90-\xBF][\x80-\xBF]{2}
+            | [\xF1-\xF3][\x80-\xBF]{3}
+            | \xF4[\x80-\x8F][\x80-\xBF]{2}
+            )*\z/xs', substr($string, 0, 2048))
+        ) {
             return 'UTF-8';
-            }
         }
 
-        return $result ? $result : $failover;
+        return $failover;
     }
 
 
diff --git a/tests/Framework/Charset.php b/tests/Framework/Charset.php
index 1fd1654dc..d3d3e88dd 100644
--- a/tests/Framework/Charset.php
+++ b/tests/Framework/Charset.php
@@ -159,4 +159,22 @@ class Framework_Charset extends PHPUnit_Framework_TestCase
         $this->assertEquals($output, rcube_charset::detect($input, $fallback));
     }
 
+    /**
+     * Data for test_detect()
+     */
+    function data_detect_with_lang()
+    {
+        return array(
+            array('��ܦW��,�D�n', 'zh_TW', 'BIG-5'),
+        );
+    }
+
+    /**
+     * @dataProvider data_detect_with_lang
+     */
+    function test_detect_with_lang($input, $lang, $output)
+    {
+        $this->assertEquals($output, rcube_charset::detect($input, $output, $lang));
+    }
+
 }
-- 
cgit v1.2.3


From acf851f823fba5354c2227e48c3097a524312268 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 7 Jan 2013 17:53:37 +0100
Subject: Fix address fields import from CSV (#1488900)

---
 program/lib/Roundcube/rcube_csv2vcard.php | 9 +++++++++
 tests/Framework/Csv2vcard.php             | 1 +
 tests/src/Csv2vcard/tb_plain.vcf          | 2 ++
 3 files changed, 12 insertions(+)

(limited to 'tests')

diff --git a/program/lib/Roundcube/rcube_csv2vcard.php b/program/lib/Roundcube/rcube_csv2vcard.php
index f94a7aac7..e8202c6d4 100644
--- a/program/lib/Roundcube/rcube_csv2vcard.php
+++ b/program/lib/Roundcube/rcube_csv2vcard.php
@@ -390,6 +390,15 @@ class rcube_csv2vcard
             }
         }
 
+        // Convert address(es) to rcube_vcard data
+        foreach ($contact as $idx => $value) {
+            $name = explode(':', $idx);
+            if (in_array($name[0], array('street', 'locality', 'region', 'zipcode', 'country'))) {
+                $contact['address:'.$name[1]][$name[0]] = $value;
+                unset($contact[$idx]);
+            }
+        }
+
         // Create vcard object
         $vcard = new rcube_vcard();
         foreach ($contact as $name => $value) {
diff --git a/tests/Framework/Csv2vcard.php b/tests/Framework/Csv2vcard.php
index 6fa3e163c..f460c42af 100644
--- a/tests/Framework/Csv2vcard.php
+++ b/tests/Framework/Csv2vcard.php
@@ -31,6 +31,7 @@ class Framework_Csv2vcard extends PHPUnit_Framework_TestCase
 
         $vcf_text = trim(str_replace("\r\n", "\n", $vcf_text));
         $vcard    = trim(str_replace("\r\n", "\n", $vcard));
+echo $vcard;
         $this->assertEquals($vcf_text, $vcard);
     }
 
diff --git a/tests/src/Csv2vcard/tb_plain.vcf b/tests/src/Csv2vcard/tb_plain.vcf
index aace259d8..b001c3924 100644
--- a/tests/src/Csv2vcard/tb_plain.vcf
+++ b/tests/src/Csv2vcard/tb_plain.vcf
@@ -15,4 +15,6 @@ ORG:Organization
 URL;TYPE=homepage:http://page.com
 URL;TYPE=other:http://webpage.tld
 BDAY;VALUE=date:1970-11-15
+ADR;TYPE=home:;;Priv address;City;region;xx-xxx;USA
+ADR;TYPE=work:;;Addr work;;;33-333;Poland
 END:VCARD
-- 
cgit v1.2.3


From 16915ee2ad97060e0c0c9376adf7eca77516cd86 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 8 Jan 2013 12:13:44 +0100
Subject: Don't convert to link a text with < and > characters

---
 program/lib/Roundcube/rcube_string_replacer.php | 2 +-
 tests/Framework/StringReplacer.php              | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'tests')

diff --git a/program/lib/Roundcube/rcube_string_replacer.php b/program/lib/Roundcube/rcube_string_replacer.php
index 6b289886b..49a378166 100644
--- a/program/lib/Roundcube/rcube_string_replacer.php
+++ b/program/lib/Roundcube/rcube_string_replacer.php
@@ -34,7 +34,7 @@ class rcube_string_replacer
     {
         // Simplified domain expression for UTF8 characters handling
         // Support unicode/punycode in top-level domain part
-        $utf_domain = '[^?&@"\'\\/()\s\r\t\n]+\\.?([^\\x00-\\x2f\\x3b-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-zA-Z0-9]{2,})';
+        $utf_domain = '[^?&@"\'\\/()<>\s\r\t\n]+\\.?([^\\x00-\\x2f\\x3b-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-zA-Z0-9]{2,})';
         $url1       = '.:;,';
         $url2       = 'a-zA-Z0-9%=#$@+?!&\\/_~\\[\\]\\(\\){}\*-';
 
diff --git a/tests/Framework/StringReplacer.php b/tests/Framework/StringReplacer.php
index 60399cf6b..e630ebac0 100644
--- a/tests/Framework/StringReplacer.php
+++ b/tests/Framework/StringReplacer.php
@@ -35,6 +35,8 @@ class Framework_StringReplacer extends PHPUnit_Framework_TestCase
             array('(http://link.com)', '(<a href="http://link.com" target="_blank">http://link.com</a>)'),
             array('http://link.com?a(b)c', '<a href="http://link.com?a(b)c" target="_blank">http://link.com?a(b)c</a>'),
             array('http://link.com?(link)', '<a href="http://link.com?(link)" target="_blank">http://link.com?(link)</a>'),
+            array('http://<test>', 'http://<test>'),
+            array('http://', 'http://'),
         );
     }
 
-- 
cgit v1.2.3


From c59ef9542a93a5cbacd99fe3dcfc0975bc749a12 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 11 Jan 2013 09:02:45 +0100
Subject: Support more Thunderbird CSV fields, added zh_TW localization for
 csv2vcard map (#1488901)

---
 program/lib/Roundcube/rcube_csv2vcard.php |  6 ++
 program/localization/zh_TW/csv2vcard.inc  | 99 +++++++++++++++++++++++++++++++
 tests/Framework/Csv2vcard.php             |  2 +-
 3 files changed, 106 insertions(+), 1 deletion(-)
 create mode 100644 program/localization/zh_TW/csv2vcard.inc

(limited to 'tests')

diff --git a/program/lib/Roundcube/rcube_csv2vcard.php b/program/lib/Roundcube/rcube_csv2vcard.php
index e8202c6d4..0d3276b84 100644
--- a/program/lib/Roundcube/rcube_csv2vcard.php
+++ b/program/lib/Roundcube/rcube_csv2vcard.php
@@ -124,6 +124,12 @@ class rcube_csv2vcard
         //'work_address_2'        => '',
         'work_country'          => 'country:work',
         'work_zipcode'          => 'zipcode:work',
+        'last'                  => 'surname',
+        'first'                 => 'firstname',
+        'work_city'             => 'locality:work',
+        'work_state'            => 'region:work',
+        'home_city_short'       => 'locality:home',
+        'home_state_short'      => 'region:home',
     );
 
     /**
diff --git a/program/localization/zh_TW/csv2vcard.inc b/program/localization/zh_TW/csv2vcard.inc
new file mode 100644
index 000000000..9fcacc818
--- /dev/null
+++ b/program/localization/zh_TW/csv2vcard.inc
@@ -0,0 +1,99 @@
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | localization/zh_TW/csv2vcard.inc                                      |
+ |                                                                       |
+ | Localization file of the Roundcube Webmail client                     |
+ | Copyright (C) 2005-2012, The Roundcube Dev Team                       |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
+ |                                                                       |
+ +-----------------------------------------------------------------------+
+ | Author: Aleksander Machniak <alec@alec.pl>                            |
+ +-----------------------------------------------------------------------+
+*/
+
+// This is a list of CSV column names specified in CSV file header
+// These must be original texts used in Outlook/Thunderbird exported csv files
+// Encoding UTF-8
+
+$map = array();
+
+// MS Outlook 2010
+$map['anniversary'] = "紀念日";
+$map['assistants_name'] = "助理";
+$map['assistants_phone'] = "助理電話";
+$map['birthday'] = "生日";
+$map['business_city'] = "商務 - 市/鎮";
+$map['business_countryregion'] = "商務 - 國家/地區";
+$map['business_fax'] = "商務傳真";
+$map['business_phone'] = "商務電話";
+$map['business_phone_2'] = "商務電話 2";
+$map['business_postal_code'] = "商務 - 郵遞區號";
+$map['business_state'] = "商務 - 縣市";
+$map['business_street'] = "商務 - 街";
+$map['car_phone'] = "汽車電話";
+$map['categories'] = "類別";
+$map['company'] = "公司";
+$map['department'] = "部門";
+$map['email_address'] = "電子郵件地址";
+$map['first_name'] = "名字";
+$map['gender'] = "性別";
+$map['home_city'] = "住家 - 市/鎮";
+$map['home_countryregion'] = "住家 - 國家/地區";
+$map['home_fax'] = "住家傳真";
+$map['home_phone'] = "住家電話";
+$map['home_phone_2'] = "住家電話 2";
+$map['home_postal_code'] = "住家 - 郵遞區號";
+$map['home_state'] = "住家 - 縣/市";
+$map['home_street'] = "住家 - 街";
+$map['job_title'] = "職稱";
+$map['last_name'] = "姓氏";
+$map['managers_name'] = "主管名稱";
+$map['middle_name'] = "中間名";
+$map['mobile_phone'] = "行動電話";
+$map['notes'] = "記事";
+$map['other_city'] = "其他 - 市/鎮";
+$map['other_countryregion'] = "其他 - 國家/地區";
+$map['other_fax'] = "其他傳真";
+$map['other_phone'] = "其他電話";
+$map['other_postal_code'] = "其他 - 郵遞區號";
+$map['other_state'] = "其他 - 縣/市";
+$map['other_street'] = "其他 - 街";
+$map['pager'] = "呼叫器";
+$map['primary_phone'] = "代表電話";
+$map['spouse'] = "配偶";
+$map['suffix'] = "稱謂";
+$map['title'] = "頭銜";
+$map['web_page'] = "網頁";
+
+// Thunderbird
+$map['last'] = "姓";
+$map['first'] = "名";
+$map['birth_day'] = "生日 (日)";
+$map['birth_month'] = "生日 (月)";
+$map['birth_year'] = "生日 (年)";
+$map['display_name'] = "顯示名稱";
+$map['fax_number'] = "傳真號碼";
+$map['home_address'] = "住家住址";
+$map['home_country'] = "居住國家";
+$map['home_zipcode'] = "住址郵遞區號";
+$map['mobile_number'] = "手機號碼";
+$map['nickname'] = "暱稱";
+$map['organization'] = "Organization";
+$map['pager_number'] = "呼叫器號碼";
+$map['primary_email'] = "主要 Email";
+$map['secondary_email'] = "次要 Email";
+$map['web_page_1'] = "網頁 1";
+$map['web_page_2'] = "網頁 2";
+$map['work_phone'] = "商務電話";
+$map['work_address'] = "商務地址";
+$map['work_country'] = "商務國家";
+$map['work_zipcode'] = "商務郵遞區號";
+$map['work_city'] = "商務市鎮";
+$map['work_state'] = "商務縣市";
+$map['home_city_short'] = "居住市鎮";
+$map['home_state_short'] = "居住縣市";
diff --git a/tests/Framework/Csv2vcard.php b/tests/Framework/Csv2vcard.php
index f460c42af..5d52efc58 100644
--- a/tests/Framework/Csv2vcard.php
+++ b/tests/Framework/Csv2vcard.php
@@ -31,7 +31,7 @@ class Framework_Csv2vcard extends PHPUnit_Framework_TestCase
 
         $vcf_text = trim(str_replace("\r\n", "\n", $vcf_text));
         $vcard    = trim(str_replace("\r\n", "\n", $vcard));
-echo $vcard;
+
         $this->assertEquals($vcf_text, $vcard);
     }
 
-- 
cgit v1.2.3


From 6d41d8fd4bbd3f8854669fbf2fc5a4910803125a Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Fri, 18 Jan 2013 21:26:18 +0100
Subject: Fix format=flowed unfolding on quoted lines; added tests for
 rcube_mime::format_flowed() and rcube_mime::unfold_flowed()

---
 program/lib/Roundcube/rcube_mime.php |  3 ++-
 tests/Framework/Mime.php             | 22 ++++++++++++++++++++++
 tests/src/format-flowed-unfolded.txt | 14 ++++++++++++++
 tests/src/format-flowed.txt          | 16 ++++++++++++++++
 4 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 tests/src/format-flowed-unfolded.txt
 create mode 100644 tests/src/format-flowed.txt

(limited to 'tests')

diff --git a/program/lib/Roundcube/rcube_mime.php b/program/lib/Roundcube/rcube_mime.php
index eef8ca17c..d5fb35bcd 100644
--- a/program/lib/Roundcube/rcube_mime.php
+++ b/program/lib/Roundcube/rcube_mime.php
@@ -480,7 +480,8 @@ class rcube_mime
                 $q = strlen(str_replace(' ', '', $regs[0]));
                 $line = substr($line, strlen($regs[0]));
 
-                if ($q == $q_level && $line
+                if ($q == $q_level
+                    && strlen($line[$last]) > 1  // don't hit if line only consist of one single white space
                     && isset($text[$last])
                     && $text[$last][strlen($text[$last])-1] == ' '
                 ) {
diff --git a/tests/Framework/Mime.php b/tests/Framework/Mime.php
index dcd55992a..1f9a8c58f 100644
--- a/tests/Framework/Mime.php
+++ b/tests/Framework/Mime.php
@@ -120,4 +120,26 @@ class Framework_Mime extends PHPUnit_Framework_TestCase
             $this->assertEquals($item['out'], $res, "Header decoding for: " . $idx);
         }
     }
+
+    /**
+     * Test format=flowed unfolding
+     */
+    function test_format_flowed()
+    {
+        $raw = file_get_contents(TESTS_DIR . 'src/format-flowed-unfolded.txt');
+        $flowed = file_get_contents(TESTS_DIR . 'src/format-flowed.txt');
+
+        $this->assertEquals($flowed, rcube_mime::format_flowed($raw, 80), "Test correct folding and space-stuffing");
+    }
+
+    /**
+     * Test format=flowed unfolding
+     */
+    function test_unfold_flowed()
+    {
+        $flowed = file_get_contents(TESTS_DIR . 'src/format-flowed.txt');
+        $unfolded = file_get_contents(TESTS_DIR . 'src/format-flowed-unfolded.txt');
+
+        $this->assertEquals($unfolded, rcube_mime::unfold_flowed($flowed), "Test correct unfolding of quoted lines");
+    }
 }
diff --git a/tests/src/format-flowed-unfolded.txt b/tests/src/format-flowed-unfolded.txt
new file mode 100644
index 000000000..8245d59d4
--- /dev/null
+++ b/tests/src/format-flowed-unfolded.txt
@@ -0,0 +1,14 @@
+I'm replying on this with a very long line which is then wrapped and space-stuffed because the draft is saved as format=flowed.
+From what's specified in RFC 2646 some lines need to be space-stuffed to avoid muning during transport.
+
+X
+
+On XX.YY.YYYY Y:YY, Somebody wrote:
+> This part is a reply wihtout any flowing lines. rcube_mime::unfold_flowed()
+> has to be careful with empty quoted lines because they might end with a
+> space but still shouldn't be considered as flowed!
+> 
+> The above empty line should persist after unfolding.
+> xxxxxxxxxx. xxxx xxxxx xxxxx xxxx xx xx.xx. xxxxxx xxxxxxxxxxxx, xxxx xx
+> 
+> ... and this one as well.
diff --git a/tests/src/format-flowed.txt b/tests/src/format-flowed.txt
new file mode 100644
index 000000000..522f829c6
--- /dev/null
+++ b/tests/src/format-flowed.txt
@@ -0,0 +1,16 @@
+I'm replying on this with a very long line which is then wrapped and 
+space-stuffed because the draft is saved as format=flowed.
+ From what's specified in RFC 2646 some lines need to be space-stuffed to 
+avoid muning during transport.
+
+X
+
+On XX.YY.YYYY Y:YY, Somebody wrote:
+> This part is a reply wihtout any flowing lines. rcube_mime::unfold_flowed()
+> has to be careful with empty quoted lines because they might end with a
+> space but still shouldn't be considered as flowed!
+> 
+> The above empty line should persist after unfolding.
+> xxxxxxxxxx. xxxx xxxxx xxxxx xxxx xx xx.xx. xxxxxx xxxxxxxxxxxx, xxxx xx
+> 
+> ... and this one as well.
-- 
cgit v1.2.3


From b005927f919cbc09dccf71e8c638be45a8af37d0 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 19 Jan 2013 12:16:16 +0100
Subject: Add basic tests for plugins

---
 plugins/acl/tests/Acl.php                          | 23 ++++++++++++++++
 .../tests/AdditionalMessageHeaders.php             | 23 ++++++++++++++++
 plugins/archive/tests/Archive.php                  | 23 ++++++++++++++++
 plugins/autologon/tests/Autologon.php              | 23 ++++++++++++++++
 .../tests/DatabaseAttachments.php                  | 23 ++++++++++++++++
 plugins/debug_logger/debug_logger.php              |  7 ++---
 plugins/debug_logger/tests/DebugLogger.php         | 23 ++++++++++++++++
 plugins/emoticons/tests/Emoticons.php              | 23 ++++++++++++++++
 plugins/enigma/tests/Enigma.php                    | 23 ++++++++++++++++
 .../tests/ExampleAddressbook.php                   | 23 ++++++++++++++++
 .../tests/FilesystemAttachments.php                | 23 ++++++++++++++++
 plugins/help/tests/Help.php                        | 23 ++++++++++++++++
 plugins/hide_blockquote/tests/HideBlockquote.php   | 23 ++++++++++++++++
 .../tests/HttpAuthentication.php                   | 23 ++++++++++++++++
 plugins/jqueryui/tests/Jqueryui.php                | 23 ++++++++++++++++
 plugins/managesieve/tests/Managesieve.php          | 23 ++++++++++++++++
 plugins/markasjunk/tests/Markasjunk.php            | 23 ++++++++++++++++
 plugins/new_user_dialog/tests/NewUserDialog.php    | 23 ++++++++++++++++
 .../new_user_identity/tests/NewUserIdentity.php    | 23 ++++++++++++++++
 plugins/newmail_notifier/tests/NewmailNotifier.php | 23 ++++++++++++++++
 plugins/password/tests/Password.php                | 23 ++++++++++++++++
 .../tests/RedundantAttachments.php                 | 23 ++++++++++++++++
 .../tests/ShowAdditionalHeaders.php                | 23 ++++++++++++++++
 .../tests/SquirrelmailUsercopy.php                 | 23 ++++++++++++++++
 .../tests/SubscriptionsOption.php                  | 23 ++++++++++++++++
 plugins/userinfo/tests/Userinfo.php                | 23 ++++++++++++++++
 .../vcard_attachments/tests/VcardAttachments.php   | 23 ++++++++++++++++
 plugins/virtuser_file/tests/VirtuserFile.php       | 23 ++++++++++++++++
 plugins/virtuser_query/tests/VirtuserQuery.php     | 23 ++++++++++++++++
 plugins/zipdownload/tests/Zipdownload.php          | 23 ++++++++++++++++
 tests/bootstrap.php                                |  6 +++++
 tests/phpunit.xml                                  | 31 +++++++++++++++++++++-
 32 files changed, 707 insertions(+), 4 deletions(-)
 create mode 100644 plugins/acl/tests/Acl.php
 create mode 100644 plugins/additional_message_headers/tests/AdditionalMessageHeaders.php
 create mode 100644 plugins/archive/tests/Archive.php
 create mode 100644 plugins/autologon/tests/Autologon.php
 create mode 100644 plugins/database_attachments/tests/DatabaseAttachments.php
 create mode 100644 plugins/debug_logger/tests/DebugLogger.php
 create mode 100644 plugins/emoticons/tests/Emoticons.php
 create mode 100644 plugins/enigma/tests/Enigma.php
 create mode 100644 plugins/example_addressbook/tests/ExampleAddressbook.php
 create mode 100644 plugins/filesystem_attachments/tests/FilesystemAttachments.php
 create mode 100644 plugins/help/tests/Help.php
 create mode 100644 plugins/hide_blockquote/tests/HideBlockquote.php
 create mode 100644 plugins/http_authentication/tests/HttpAuthentication.php
 create mode 100644 plugins/jqueryui/tests/Jqueryui.php
 create mode 100644 plugins/managesieve/tests/Managesieve.php
 create mode 100644 plugins/markasjunk/tests/Markasjunk.php
 create mode 100644 plugins/new_user_dialog/tests/NewUserDialog.php
 create mode 100644 plugins/new_user_identity/tests/NewUserIdentity.php
 create mode 100644 plugins/newmail_notifier/tests/NewmailNotifier.php
 create mode 100644 plugins/password/tests/Password.php
 create mode 100644 plugins/redundant_attachments/tests/RedundantAttachments.php
 create mode 100644 plugins/show_additional_headers/tests/ShowAdditionalHeaders.php
 create mode 100644 plugins/squirrelmail_usercopy/tests/SquirrelmailUsercopy.php
 create mode 100644 plugins/subscriptions_option/tests/SubscriptionsOption.php
 create mode 100644 plugins/userinfo/tests/Userinfo.php
 create mode 100644 plugins/vcard_attachments/tests/VcardAttachments.php
 create mode 100644 plugins/virtuser_file/tests/VirtuserFile.php
 create mode 100644 plugins/virtuser_query/tests/VirtuserQuery.php
 create mode 100644 plugins/zipdownload/tests/Zipdownload.php

(limited to 'tests')

diff --git a/plugins/acl/tests/Acl.php b/plugins/acl/tests/Acl.php
new file mode 100644
index 000000000..e752ac977
--- /dev/null
+++ b/plugins/acl/tests/Acl.php
@@ -0,0 +1,23 @@
+<?php
+
+class Acl_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../acl.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new acl($rcube->api);
+
+        $this->assertInstanceOf('acl', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/additional_message_headers/tests/AdditionalMessageHeaders.php b/plugins/additional_message_headers/tests/AdditionalMessageHeaders.php
new file mode 100644
index 000000000..1c54ffc42
--- /dev/null
+++ b/plugins/additional_message_headers/tests/AdditionalMessageHeaders.php
@@ -0,0 +1,23 @@
+<?php
+
+class AdditionalMessageHeaders_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../additional_message_headers.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new additional_message_headers($rcube->api);
+
+        $this->assertInstanceOf('additional_message_headers', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/archive/tests/Archive.php b/plugins/archive/tests/Archive.php
new file mode 100644
index 000000000..0a1eeae11
--- /dev/null
+++ b/plugins/archive/tests/Archive.php
@@ -0,0 +1,23 @@
+<?php
+
+class Archive_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../archive.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new archive($rcube->api);
+
+        $this->assertInstanceOf('archive', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/autologon/tests/Autologon.php b/plugins/autologon/tests/Autologon.php
new file mode 100644
index 000000000..0de193e4a
--- /dev/null
+++ b/plugins/autologon/tests/Autologon.php
@@ -0,0 +1,23 @@
+<?php
+
+class Autologon_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../autologon.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new autologon($rcube->api);
+
+        $this->assertInstanceOf('autologon', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/database_attachments/tests/DatabaseAttachments.php b/plugins/database_attachments/tests/DatabaseAttachments.php
new file mode 100644
index 000000000..f260737ab
--- /dev/null
+++ b/plugins/database_attachments/tests/DatabaseAttachments.php
@@ -0,0 +1,23 @@
+<?php
+
+class DatabaseAttachments_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../database_attachments.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new database_attachments($rcube->api);
+
+        $this->assertInstanceOf('database_attachments', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/debug_logger/debug_logger.php b/plugins/debug_logger/debug_logger.php
index 1e015c201..87a163785 100644
--- a/plugins/debug_logger/debug_logger.php
+++ b/plugins/debug_logger/debug_logger.php
@@ -142,8 +142,9 @@ class debug_logger extends rcube_plugin
         return $args;
     }
 
-    function __destruct(){
-                $this->runlog->end();
+    function __destruct()
+    {
+        if ($this->runlog)
+            $this->runlog->end();
     }
 }
-?>
diff --git a/plugins/debug_logger/tests/DebugLogger.php b/plugins/debug_logger/tests/DebugLogger.php
new file mode 100644
index 000000000..de20a069d
--- /dev/null
+++ b/plugins/debug_logger/tests/DebugLogger.php
@@ -0,0 +1,23 @@
+<?php
+
+class DebugLogger_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../debug_logger.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new debug_logger($rcube->api);
+
+        $this->assertInstanceOf('debug_logger', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/emoticons/tests/Emoticons.php b/plugins/emoticons/tests/Emoticons.php
new file mode 100644
index 000000000..4b6c303c2
--- /dev/null
+++ b/plugins/emoticons/tests/Emoticons.php
@@ -0,0 +1,23 @@
+<?php
+
+class Emoticons_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../emoticons.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new emoticons($rcube->api);
+
+        $this->assertInstanceOf('emoticons', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/enigma/tests/Enigma.php b/plugins/enigma/tests/Enigma.php
new file mode 100644
index 000000000..0d0d8f8ae
--- /dev/null
+++ b/plugins/enigma/tests/Enigma.php
@@ -0,0 +1,23 @@
+<?php
+
+class Enigma_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../enigma.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new enigma($rcube->api);
+
+        $this->assertInstanceOf('enigma', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/example_addressbook/tests/ExampleAddressbook.php b/plugins/example_addressbook/tests/ExampleAddressbook.php
new file mode 100644
index 000000000..4a54bd950
--- /dev/null
+++ b/plugins/example_addressbook/tests/ExampleAddressbook.php
@@ -0,0 +1,23 @@
+<?php
+
+class ExampleAddressbook_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../example_addressbook.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new example_addressbook($rcube->api);
+
+        $this->assertInstanceOf('example_addressbook', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/filesystem_attachments/tests/FilesystemAttachments.php b/plugins/filesystem_attachments/tests/FilesystemAttachments.php
new file mode 100644
index 000000000..dcab315d3
--- /dev/null
+++ b/plugins/filesystem_attachments/tests/FilesystemAttachments.php
@@ -0,0 +1,23 @@
+<?php
+
+class FilesystemAttachments_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../filesystem_attachments.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new filesystem_attachments($rcube->api);
+
+        $this->assertInstanceOf('filesystem_attachments', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/help/tests/Help.php b/plugins/help/tests/Help.php
new file mode 100644
index 000000000..baba492ae
--- /dev/null
+++ b/plugins/help/tests/Help.php
@@ -0,0 +1,23 @@
+<?php
+
+class Help_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../help.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new help($rcube->api);
+
+        $this->assertInstanceOf('help', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/hide_blockquote/tests/HideBlockquote.php b/plugins/hide_blockquote/tests/HideBlockquote.php
new file mode 100644
index 000000000..030c05324
--- /dev/null
+++ b/plugins/hide_blockquote/tests/HideBlockquote.php
@@ -0,0 +1,23 @@
+<?php
+
+class HideBlockquote_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../hide_blockquote.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new hide_blockquote($rcube->api);
+
+        $this->assertInstanceOf('hide_blockquote', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/http_authentication/tests/HttpAuthentication.php b/plugins/http_authentication/tests/HttpAuthentication.php
new file mode 100644
index 000000000..c17236821
--- /dev/null
+++ b/plugins/http_authentication/tests/HttpAuthentication.php
@@ -0,0 +1,23 @@
+<?php
+
+class HttpAuthentication_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../http_authentication.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new http_authentication($rcube->api);
+
+        $this->assertInstanceOf('http_authentication', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/jqueryui/tests/Jqueryui.php b/plugins/jqueryui/tests/Jqueryui.php
new file mode 100644
index 000000000..3bcd27c9f
--- /dev/null
+++ b/plugins/jqueryui/tests/Jqueryui.php
@@ -0,0 +1,23 @@
+<?php
+
+class Jqueryui_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../jqueryui.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new jqueryui($rcube->api);
+
+        $this->assertInstanceOf('jqueryui', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/managesieve/tests/Managesieve.php b/plugins/managesieve/tests/Managesieve.php
new file mode 100644
index 000000000..d802f5614
--- /dev/null
+++ b/plugins/managesieve/tests/Managesieve.php
@@ -0,0 +1,23 @@
+<?php
+
+class Managesieve_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../managesieve.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new managesieve($rcube->api);
+
+        $this->assertInstanceOf('managesieve', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/markasjunk/tests/Markasjunk.php b/plugins/markasjunk/tests/Markasjunk.php
new file mode 100644
index 000000000..cdf13255e
--- /dev/null
+++ b/plugins/markasjunk/tests/Markasjunk.php
@@ -0,0 +1,23 @@
+<?php
+
+class Markasjunk_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../markasjunk.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new markasjunk($rcube->api);
+
+        $this->assertInstanceOf('markasjunk', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/new_user_dialog/tests/NewUserDialog.php b/plugins/new_user_dialog/tests/NewUserDialog.php
new file mode 100644
index 000000000..3a52f20f3
--- /dev/null
+++ b/plugins/new_user_dialog/tests/NewUserDialog.php
@@ -0,0 +1,23 @@
+<?php
+
+class NewUserDialog_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../new_user_dialog.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new new_user_dialog($rcube->api);
+
+        $this->assertInstanceOf('new_user_dialog', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/new_user_identity/tests/NewUserIdentity.php b/plugins/new_user_identity/tests/NewUserIdentity.php
new file mode 100644
index 000000000..c1d385853
--- /dev/null
+++ b/plugins/new_user_identity/tests/NewUserIdentity.php
@@ -0,0 +1,23 @@
+<?php
+
+class NewUserIdentity_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../new_user_identity.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new new_user_identity($rcube->api);
+
+        $this->assertInstanceOf('new_user_identity', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/newmail_notifier/tests/NewmailNotifier.php b/plugins/newmail_notifier/tests/NewmailNotifier.php
new file mode 100644
index 000000000..571912a61
--- /dev/null
+++ b/plugins/newmail_notifier/tests/NewmailNotifier.php
@@ -0,0 +1,23 @@
+<?php
+
+class NewmailNotifier_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../newmail_notifier.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new newmail_notifier($rcube->api);
+
+        $this->assertInstanceOf('newmail_notifier', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/password/tests/Password.php b/plugins/password/tests/Password.php
new file mode 100644
index 000000000..a9663a946
--- /dev/null
+++ b/plugins/password/tests/Password.php
@@ -0,0 +1,23 @@
+<?php
+
+class Password_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../password.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new password($rcube->api);
+
+        $this->assertInstanceOf('password', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/redundant_attachments/tests/RedundantAttachments.php b/plugins/redundant_attachments/tests/RedundantAttachments.php
new file mode 100644
index 000000000..386f97e59
--- /dev/null
+++ b/plugins/redundant_attachments/tests/RedundantAttachments.php
@@ -0,0 +1,23 @@
+<?php
+
+class RedundantAttachments_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../redundant_attachments.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new redundant_attachments($rcube->api);
+
+        $this->assertInstanceOf('redundant_attachments', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/show_additional_headers/tests/ShowAdditionalHeaders.php b/plugins/show_additional_headers/tests/ShowAdditionalHeaders.php
new file mode 100644
index 000000000..902ce510b
--- /dev/null
+++ b/plugins/show_additional_headers/tests/ShowAdditionalHeaders.php
@@ -0,0 +1,23 @@
+<?php
+
+class ShowAdditionalHeaders_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../show_additional_headers.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new show_additional_headers($rcube->api);
+
+        $this->assertInstanceOf('show_additional_headers', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/squirrelmail_usercopy/tests/SquirrelmailUsercopy.php b/plugins/squirrelmail_usercopy/tests/SquirrelmailUsercopy.php
new file mode 100644
index 000000000..2e35509f0
--- /dev/null
+++ b/plugins/squirrelmail_usercopy/tests/SquirrelmailUsercopy.php
@@ -0,0 +1,23 @@
+<?php
+
+class SquirrelmailUsercopy_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../squirrelmail_usercopy.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new squirrelmail_usercopy($rcube->api);
+
+        $this->assertInstanceOf('squirrelmail_usercopy', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/subscriptions_option/tests/SubscriptionsOption.php b/plugins/subscriptions_option/tests/SubscriptionsOption.php
new file mode 100644
index 000000000..6932a955f
--- /dev/null
+++ b/plugins/subscriptions_option/tests/SubscriptionsOption.php
@@ -0,0 +1,23 @@
+<?php
+
+class SubscriptionsOption_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../subscriptions_option.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new subscriptions_option($rcube->api);
+
+        $this->assertInstanceOf('subscriptions_option', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/userinfo/tests/Userinfo.php b/plugins/userinfo/tests/Userinfo.php
new file mode 100644
index 000000000..762d5a1fa
--- /dev/null
+++ b/plugins/userinfo/tests/Userinfo.php
@@ -0,0 +1,23 @@
+<?php
+
+class Userinfo_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../userinfo.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new userinfo($rcube->api);
+
+        $this->assertInstanceOf('userinfo', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/vcard_attachments/tests/VcardAttachments.php b/plugins/vcard_attachments/tests/VcardAttachments.php
new file mode 100644
index 000000000..35fd7f447
--- /dev/null
+++ b/plugins/vcard_attachments/tests/VcardAttachments.php
@@ -0,0 +1,23 @@
+<?php
+
+class VcardAttachments_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../vcard_attachments.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new vcard_attachments($rcube->api);
+
+        $this->assertInstanceOf('vcard_attachments', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/virtuser_file/tests/VirtuserFile.php b/plugins/virtuser_file/tests/VirtuserFile.php
new file mode 100644
index 000000000..a4362c3dc
--- /dev/null
+++ b/plugins/virtuser_file/tests/VirtuserFile.php
@@ -0,0 +1,23 @@
+<?php
+
+class VirtuserFile_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../virtuser_file.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new virtuser_file($rcube->api);
+
+        $this->assertInstanceOf('virtuser_file', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/virtuser_query/tests/VirtuserQuery.php b/plugins/virtuser_query/tests/VirtuserQuery.php
new file mode 100644
index 000000000..d5bd4ee4b
--- /dev/null
+++ b/plugins/virtuser_query/tests/VirtuserQuery.php
@@ -0,0 +1,23 @@
+<?php
+
+class VirtuserQuery_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../virtuser_query.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new virtuser_query($rcube->api);
+
+        $this->assertInstanceOf('virtuser_query', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/plugins/zipdownload/tests/Zipdownload.php b/plugins/zipdownload/tests/Zipdownload.php
new file mode 100644
index 000000000..f3b4e1b35
--- /dev/null
+++ b/plugins/zipdownload/tests/Zipdownload.php
@@ -0,0 +1,23 @@
+<?php
+
+class Zipdownload_Plugin extends PHPUnit_Framework_TestCase
+{
+
+    function setUp()
+    {
+        include_once dirname(__FILE__) . '/../zipdownload.php';
+    }
+
+    /**
+     * Plugin object construction test
+     */
+    function test_constructor()
+    {
+        $rcube  = rcube::get_instance();
+        $plugin = new zipdownload($rcube->api);
+
+        $this->assertInstanceOf('zipdownload', $plugin);
+        $this->assertInstanceOf('rcube_plugin', $plugin);
+    }
+}
+
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
index a9e25610c..40659ebf0 100644
--- a/tests/bootstrap.php
+++ b/tests/bootstrap.php
@@ -33,3 +33,9 @@ if (@is_dir(TESTS_DIR . 'config')) {
 require_once(INSTALL_PATH . 'program/include/iniset.php');
 
 rcmail::get_instance()->config->set('devel_mode', false);
+
+// Extend include path so some plugin test won't fail
+$include_path = ini_get('include_path') . PATH_SEPARATOR . TESTS_DIR . '..';
+if (set_include_path($include_path) === false) {
+    die("Fatal error: ini_set/set_include_path does not work.");
+}
diff --git a/tests/phpunit.xml b/tests/phpunit.xml
index 5a858111b..da0f899a9 100644
--- a/tests/phpunit.xml
+++ b/tests/phpunit.xml
@@ -32,9 +32,38 @@
             <file>Framework/Washtml.php</file>
             <file>MailFunc.php</file>
         </testsuite>
-        <testsuite name="Managesieve Tests">
+        <testsuite name="Plugins Tests">
+            <file>./../plugins/acl/tests/Acl.php</file>
+            <file>./../plugins/additional_message_headers/tests/AdditionalMessageHeaders.php</file>
+            <file>./../plugins/archive/tests/Archive.php</file>
+            <file>./../plugins/autologon/tests/Autologon.php</file>
+            <file>./../plugins/database_attachments/tests/DatabaseAttachments.php</file>
+            <file>./../plugins/debug_logger/tests/DebugLogger.php</file>
+            <file>./../plugins/emoticons/tests/Emoticons.php</file>
+            <file>./../plugins/enigma/tests/Enigma.php</file>
+            <file>./../plugins/example_addressbook/tests/ExampleAddressbook.php</file>
+            <file>./../plugins/filesystem_attachments/tests/FilesystemAttachments.php</file>
+            <file>./../plugins/help/tests/Help.php</file>
+            <file>./../plugins/hide_blockquote/tests/HideBlockquote.php</file>
+            <file>./../plugins/http_authentication/tests/HttpAuthentication.php</file>
+            <file>./../plugins/jqueryui/tests/Jqueryui.php</file>
+            <file>./../plugins/managesieve/tests/Managesieve.php</file>
             <file>./../plugins/managesieve/tests/Parser.php</file>
             <file>./../plugins/managesieve/tests/Tokenizer.php</file>
+            <file>./../plugins/markasjunk/tests/Markasjunk.php</file>
+            <file>./../plugins/new_user_dialog/tests/NewUserDialog.php</file>
+            <file>./../plugins/new_user_identity/tests/NewUserIdentity.php</file>
+            <file>./../plugins/newmail_notifier/tests/NewmailNotifier.php</file>
+            <file>./../plugins/password/tests/Password.php</file>
+            <file>./../plugins/redundant_attachments/tests/RedundantAttachments.php</file>
+            <file>./../plugins/show_additional_headers/tests/ShowAdditionalHeaders.php</file>
+            <file>./../plugins/squirrelmail_usercopy/tests/Squirrelmail_usercopy.php</file>
+            <file>./../plugins/subscriptions_option/tests/SubscriptionsOption.php</file>
+            <file>./../plugins/userinfo/tests/Userinfo.php</file>
+            <file>./../plugins/vcard_attachments/tests/VcardAttachments.php</file>
+            <file>./../plugins/virtuser_file/tests/VirtuserFile.php</file>
+            <file>./../plugins/virtuser_query/tests/VirtuserQuery.php</file>
+            <file>./../plugins/zipdownload/tests/Zipdownload.php</file>
         </testsuite>
     </testsuites>
 </phpunit>
-- 
cgit v1.2.3


From aabd62828672c055205292c77f1463260f3b0c51 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sun, 20 Jan 2013 11:12:24 +0100
Subject: Improve format=flowed text unfolding, add test for signature
 separator handling

---
 program/lib/Roundcube/rcube_mime.php | 18 +++++++++++-------
 tests/src/format-flowed-unfolded.txt |  3 +++
 tests/src/format-flowed.txt          |  3 +++
 3 files changed, 17 insertions(+), 7 deletions(-)

(limited to 'tests')

diff --git a/program/lib/Roundcube/rcube_mime.php b/program/lib/Roundcube/rcube_mime.php
index d5fb35bcd..fd91ca979 100644
--- a/program/lib/Roundcube/rcube_mime.php
+++ b/program/lib/Roundcube/rcube_mime.php
@@ -476,14 +476,18 @@ class rcube_mime
         $q_level = 0;
 
         foreach ($text as $idx => $line) {
-            if ($line[0] == '>' && preg_match('/^(>+\s*)/', $line, $regs)) {
-                $q = strlen(str_replace(' ', '', $regs[0]));
-                $line = substr($line, strlen($regs[0]));
-
+            if ($line[0] == '>') {
+                $len  = strlen($line);
+                $line = preg_replace('/^>+ {0,1}/', '', $line);
+                $q    = $len - strlen($line);
+
+                // The same paragraph (We join current line with the previous one) when:
+                // - the same level of quoting
+                // - previous line was flowed
+                // - previous line contains more than only one single space (and quote char(s))
                 if ($q == $q_level
-                    && strlen($line[$last]) > 1  // don't hit if line only consist of one single white space
-                    && isset($text[$last])
-                    && $text[$last][strlen($text[$last])-1] == ' '
+                    && isset($text[$last]) && $text[$last][strlen($text[$last])-1] == ' '
+                    && !preg_match('/^>+ {0,1}$/', $text[$last])
                 ) {
                     $text[$last] .= $line;
                     unset($text[$idx]);
diff --git a/tests/src/format-flowed-unfolded.txt b/tests/src/format-flowed-unfolded.txt
index 8245d59d4..b422f981b 100644
--- a/tests/src/format-flowed-unfolded.txt
+++ b/tests/src/format-flowed-unfolded.txt
@@ -12,3 +12,6 @@ On XX.YY.YYYY Y:YY, Somebody wrote:
 > xxxxxxxxxx. xxxx xxxxx xxxxx xxxx xx xx.xx. xxxxxx xxxxxxxxxxxx, xxxx xx
 > 
 > ... and this one as well.
+
+-- 
+Sig
diff --git a/tests/src/format-flowed.txt b/tests/src/format-flowed.txt
index 522f829c6..d3bd90eed 100644
--- a/tests/src/format-flowed.txt
+++ b/tests/src/format-flowed.txt
@@ -14,3 +14,6 @@ On XX.YY.YYYY Y:YY, Somebody wrote:
 > xxxxxxxxxx. xxxx xxxxx xxxxx xxxx xx xx.xx. xxxxxx xxxxxxxxxxxx, xxxx xx
 > 
 > ... and this one as well.
+
+-- 
+Sig
-- 
cgit v1.2.3


From 7ebed11b05fe9b3659d18ed797572e7ffccad5a3 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sun, 20 Jan 2013 11:57:46 +0100
Subject: More improvements to format=flowed handling + fix in wordwrap() used
 internally by format_flowed()

---
 program/lib/Roundcube/rcube_mime.php | 17 ++++++++++-------
 tests/src/format-flowed-unfolded.txt |  2 ++
 tests/src/format-flowed.txt          |  2 ++
 3 files changed, 14 insertions(+), 7 deletions(-)

(limited to 'tests')

diff --git a/program/lib/Roundcube/rcube_mime.php b/program/lib/Roundcube/rcube_mime.php
index fd91ca979..e9d5cf148 100644
--- a/program/lib/Roundcube/rcube_mime.php
+++ b/program/lib/Roundcube/rcube_mime.php
@@ -477,9 +477,10 @@ class rcube_mime
 
         foreach ($text as $idx => $line) {
             if ($line[0] == '>') {
-                $len  = strlen($line);
-                $line = preg_replace('/^>+ {0,1}/', '', $line);
-                $q    = $len - strlen($line);
+                // remove quote chars, store level in $q
+                $line = preg_replace('/^>+/', '', $line, -1, $q);
+                // remove (optional) space-staffing
+                $line = preg_replace('/^ /', '', $line);
 
                 // The same paragraph (We join current line with the previous one) when:
                 // - the same level of quoting
@@ -540,10 +541,12 @@ class rcube_mime
 
         foreach ($text as $idx => $line) {
             if ($line != '-- ') {
-                if ($line[0] == '>' && preg_match('/^(>+ {0,1})+/', $line, $regs)) {
-                    $level  = substr_count($regs[0], '>');
+                if ($line[0] == '>') {
+                    // remove quote chars, store level in $level
+                    $line   = preg_replace('/^>+/', '', $line, -1, $level);
+                    // remove (optional) space-staffing
+                    $line   = preg_replace('/^ /', '', $line);
                     $prefix = str_repeat('>', $level) . ' ';
-                    $line   = rtrim(substr($line, strlen($regs[0])));
                     $line   = $prefix . self::wordwrap($line, $length - $level - 2, " \r\n$prefix", false, $charset);
                 }
                 else if ($line) {
@@ -583,7 +586,7 @@ class rcube_mime
         while (count($para)) {
             $line = array_shift($para);
             if ($line[0] == '>') {
-                $string .= $line.$break;
+                $string .= $line . (count($para) ? $break : '');
                 continue;
             }
 
diff --git a/tests/src/format-flowed-unfolded.txt b/tests/src/format-flowed-unfolded.txt
index b422f981b..14e526be4 100644
--- a/tests/src/format-flowed-unfolded.txt
+++ b/tests/src/format-flowed-unfolded.txt
@@ -13,5 +13,7 @@ On XX.YY.YYYY Y:YY, Somebody wrote:
 > 
 > ... and this one as well.
 
+> > text
+
 -- 
 Sig
diff --git a/tests/src/format-flowed.txt b/tests/src/format-flowed.txt
index d3bd90eed..a390ffd11 100644
--- a/tests/src/format-flowed.txt
+++ b/tests/src/format-flowed.txt
@@ -15,5 +15,7 @@ On XX.YY.YYYY Y:YY, Somebody wrote:
 > 
 > ... and this one as well.
 
+> > text
+
 -- 
 Sig
-- 
cgit v1.2.3


From bb6f4b2b5d0676ef0ed90f8050ad28e46f2dce35 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Fri, 25 Jan 2013 23:46:06 +0100
Subject: Refactored blockquote quotion routine in html2text conversion: it now
 correctly converts multiple and/or nested blockquotes

---
 program/lib/Roundcube/rcube_html2text.php | 87 ++++++++++++++++---------------
 tests/Framework/Html2text.php             | 19 +++++++
 2 files changed, 64 insertions(+), 42 deletions(-)

(limited to 'tests')

diff --git a/program/lib/Roundcube/rcube_html2text.php b/program/lib/Roundcube/rcube_html2text.php
index 0b172ebfa..3d32fe766 100644
--- a/program/lib/Roundcube/rcube_html2text.php
+++ b/program/lib/Roundcube/rcube_html2text.php
@@ -571,54 +571,57 @@ class rcube_html2text
      */
     protected function _convert_blockquotes(&$text)
     {
-        if (preg_match_all('/<\/*blockquote[^>]*>/i', $text, $matches, PREG_OFFSET_CAPTURE)) {
-            $level = 0;
-            $diff = 0;
-            foreach ($matches[0] as $m) {
-                if ($m[0][0] == '<' && $m[0][1] == '/') {
+        $level = 0;
+        $offset = 0;
+        while (($start = strpos($text, '<blockquote', $offset)) !== false) {
+            $offset = $start + 12;
+            do {
+                $end = strpos($text, '</blockquote>', $offset);
+                $next = strpos($text, '<blockquote', $offset);
+
+                // nested <blockquote>, skip
+                if ($next !== false && $next < $end) {
+                    $offset = $next + 12;
+                    $level++;
+                }
+                // nested </blockquote> tag
+                if ($end !== false && $level > 0) {
+                    $offset = $end + 12;
                     $level--;
-                    if ($level < 0) {
-                        $level = 0; // malformed HTML: go to next blockquote
-                    }
-                    else if ($level > 0) {
-                        // skip inner blockquote
-                    }
-                    else {
-                        $end  = $m[1];
-                        $len  = $end - $taglen - $start;
-                        // Get blockquote content
-                        $body = substr($text, $start + $taglen - $diff, $len);
-
-                        // Set text width
-                        $p_width = $this->width;
-                        if ($this->width > 0) $this->width -= 2;
-                        // Convert blockquote content
-                        $body = trim($body);
-                        $this->_converter($body);
-                        // Add citation markers and create PRE block
-                        $body = preg_replace('/((^|\n)>*)/', '\\1> ', trim($body));
-                        $body = '<pre>' . htmlspecialchars($body) . '</pre>';
-                        // Re-set text width
-                        $this->width = $p_width;
-                        // Replace content
-                        $text = substr($text, 0, $start - $diff)
-                            . $body . substr($text, $end + strlen($m[0]) - $diff);
-
-                        $diff = $len + $taglen + strlen($m[0]) - strlen($body);
-                        unset($body);
-                    }
                 }
-                else {
-                    if ($level == 0) {
-                        $start = $m[1];
-                        $taglen = strlen($m[0]);
-                    }
-                    $level ++;
+                // found matching end tag
+                else if ($end !== false && $level == 0) {
+                    $taglen = strpos($text, '>', $start) - $start;
+                    $startpos = $start + $taglen + 1;
+
+                    // get blockquote content
+                    $body = trim(substr($text, $startpos, $end - $startpos));
+
+                    // replace content with inner blockquotes
+                    $this->_converter($body);
+
+                    // Add citation markers and create <pre> block
+                    $body = preg_replace_callback('/((?:^|\n)>*)([^\n]*)/', array($this, 'blockquote_citation_ballback'), trim($body));
+                    $body = '<pre>' . htmlspecialchars($body) . '</pre>';
+
+                    $text = substr($text, 0, $start) . $body . "\n" . substr($text, $end + 13);
+                    $offset = 0;
+                    break;
                 }
-            }
+            } while ($end || $next);
         }
     }
 
+    /**
+     * Callback function to correctly add citation markers for blockquote contents
+     */
+    public function blockquote_citation_ballback($m)
+    {
+        $line = ltrim($m[2]);
+        $space = $line[0] == '>' ? '' : ' ';
+        return $m[1] . '>' . $space . $line;
+    }
+
     /**
      * Callback function for preg_replace_callback use.
      *
diff --git a/tests/Framework/Html2text.php b/tests/Framework/Html2text.php
index 1d8963878..3e0df48d9 100644
--- a/tests/Framework/Html2text.php
+++ b/tests/Framework/Html2text.php
@@ -56,4 +56,23 @@ class rc_html2text extends PHPUnit_Framework_TestCase
 
         $this->assertEquals($out, $res, $title);
     }
+
+    /**
+     *
+     */
+    function test_multiple_blockquotes()
+    {
+        $html = <<<EOF
+<br>Begin<br><blockquote>OUTER BEGIN<blockquote>INNER 1<br></blockquote><div><br></div><div>Par 1</div>
+<blockquote>INNER 2</blockquote><div><br></div><div>Par 2</div>
+<div><br></div><div>Par 3</div><div><br></div>
+<blockquote>INNER 3</blockquote>OUTER END</blockquote>
+EOF;
+        $ht = new rcube_html2text($html, false, false);
+        $res = $ht->get_text();
+
+        $this->assertContains('>> INNER 1', $res, 'Quote inner');
+        $this->assertContains('>> INNER 3', $res, 'Quote inner');
+        $this->assertContains('> OUTER END', $res, 'Quote outer');
+    }
 }
-- 
cgit v1.2.3


From a2a1f8d7ed2911c2a4bab05ae599a80ed690c9c4 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Wed, 30 Jan 2013 11:50:52 +0100
Subject: Added automated in-browser tests (PHPUnit + Selenium Web Driver)

---
 tests/Selenium/Addressbook/Addressbook.php |  21 ++++
 tests/Selenium/Addressbook/Import.php      |  29 +++++
 tests/Selenium/Login.php                   |  21 ++++
 tests/Selenium/Logout.php                  |  20 ++++
 tests/Selenium/Mail/CheckRecent.php        |  14 +++
 tests/Selenium/Mail/Compose.php            |  25 ++++
 tests/Selenium/Mail/Getunread.php          |  13 +++
 tests/Selenium/Mail/List.php               |  25 ++++
 tests/Selenium/Mail/Mail.php               |  23 ++++
 tests/Selenium/Settings/About.php          |  14 +++
 tests/Selenium/Settings/Folders.php        |  20 ++++
 tests/Selenium/Settings/Identities.php     |  19 +++
 tests/Selenium/Settings/Settings.php       |  17 +++
 tests/Selenium/bootstrap.php               | 181 +++++++++++++++++++++++++++++
 tests/Selenium/phpunit.xml                 |  21 ++++
 15 files changed, 463 insertions(+)
 create mode 100644 tests/Selenium/Addressbook/Addressbook.php
 create mode 100644 tests/Selenium/Addressbook/Import.php
 create mode 100644 tests/Selenium/Login.php
 create mode 100644 tests/Selenium/Logout.php
 create mode 100644 tests/Selenium/Mail/CheckRecent.php
 create mode 100644 tests/Selenium/Mail/Compose.php
 create mode 100644 tests/Selenium/Mail/Getunread.php
 create mode 100644 tests/Selenium/Mail/List.php
 create mode 100644 tests/Selenium/Mail/Mail.php
 create mode 100644 tests/Selenium/Settings/About.php
 create mode 100644 tests/Selenium/Settings/Folders.php
 create mode 100644 tests/Selenium/Settings/Identities.php
 create mode 100644 tests/Selenium/Settings/Settings.php
 create mode 100644 tests/Selenium/bootstrap.php
 create mode 100644 tests/Selenium/phpunit.xml

(limited to 'tests')

diff --git a/tests/Selenium/Addressbook/Addressbook.php b/tests/Selenium/Addressbook/Addressbook.php
new file mode 100644
index 000000000..9a22b6e13
--- /dev/null
+++ b/tests/Selenium/Addressbook/Addressbook.php
@@ -0,0 +1,21 @@
+<?php
+
+class Selenium_Addressbook_Addressbook extends Selenium_Test
+{
+    public function testAddressbook()
+    {
+        $this->go('addressbook');
+
+        // check task
+        $env = $this->get_env();
+        $this->assertEquals('addressbook', $env['task']);
+
+        $objects = $this->get_objects();
+
+        // these objects should be there always
+        $this->assertContains('qsearchbox', $objects);
+        $this->assertContains('folderlist', $objects);
+        $this->assertContains('contactslist', $objects);
+        $this->assertContains('countdisplay', $objects);
+    }
+}
diff --git a/tests/Selenium/Addressbook/Import.php b/tests/Selenium/Addressbook/Import.php
new file mode 100644
index 000000000..13d81740f
--- /dev/null
+++ b/tests/Selenium/Addressbook/Import.php
@@ -0,0 +1,29 @@
+<?php
+
+class Selenium_Addressbook_Import extends Selenium_Test
+{
+    public function testImport()
+    {
+        $this->go('addressbook', 'import');
+
+        // check task and action
+        $env = $this->get_env();
+        $this->assertEquals('addressbook', $env['task']);
+        $this->assertEquals('import', $env['action']);
+
+        $objects = $this->get_objects();
+
+        // these objects should be there always
+        $this->assertContains('importform', $objects);
+    }
+
+    public function testImport2()
+    {
+        $this->go('addressbook', 'import');
+
+        $objects = $this->get_objects();
+
+        // these objects should be there always
+        $this->assertContains('importform', $objects);
+    }
+}
diff --git a/tests/Selenium/Login.php b/tests/Selenium/Login.php
new file mode 100644
index 000000000..a3f0ab6b4
--- /dev/null
+++ b/tests/Selenium/Login.php
@@ -0,0 +1,21 @@
+<?php
+
+class Selenium_Login extends Selenium_Test
+{
+    public function testLogin()
+    {
+        // first test, we're already on the login page
+        $this->url(TESTS_URL);
+
+        // task should be set to 'login'
+        $env = $this->get_env();
+        $this->assertEquals('login', $env['task']);
+
+        // test valid login
+        $this->login();
+
+        // task should be set to 'mail' now
+        $env = $this->get_env();
+        $this->assertEquals('mail', $env['task']);
+    }
+}
diff --git a/tests/Selenium/Logout.php b/tests/Selenium/Logout.php
new file mode 100644
index 000000000..95eeda57c
--- /dev/null
+++ b/tests/Selenium/Logout.php
@@ -0,0 +1,20 @@
+<?php
+
+class Selenium_Logout extends Selenium_Test
+{
+    public function testLogout()
+    {
+        $this->go('mail');
+
+        $this->click_button('logout');
+
+        sleep(TESTS_SLEEP);
+
+        // task should be set to 'login'
+        $env = $this->get_env();
+        $this->assertEquals('login', $env['task']);
+
+        // form should exist
+        $user_input = $this->byCssSelector('form input[name="_user"]');
+    }
+}
diff --git a/tests/Selenium/Mail/CheckRecent.php b/tests/Selenium/Mail/CheckRecent.php
new file mode 100644
index 000000000..865421c2d
--- /dev/null
+++ b/tests/Selenium/Mail/CheckRecent.php
@@ -0,0 +1,14 @@
+<?php
+
+class Selenium_Mail_CheckRecent extends Selenium_Test
+{
+    public function testCheckRecent()
+    {
+        $this->go('mail');
+
+        $res = $this->ajaxResponse('check-recent', "rcmail.command('checkmail')");
+
+        $this->assertEquals('check-recent', $res['action']);
+        $this->assertRegExp('/this\.set_unread_count/', $res['exec']);
+    }
+}
diff --git a/tests/Selenium/Mail/Compose.php b/tests/Selenium/Mail/Compose.php
new file mode 100644
index 000000000..e707ef17d
--- /dev/null
+++ b/tests/Selenium/Mail/Compose.php
@@ -0,0 +1,25 @@
+<?php
+
+class Selenium_Mail_Compose extends Selenium_Test
+{
+    public function testCompose()
+    {
+        $this->go('mail', 'compose');
+
+        // check task and action
+        $env = $this->get_env();
+        $this->assertEquals('mail', $env['task']);
+        $this->assertEquals('compose', $env['action']);
+
+        $objects = $this->get_objects();
+
+        // these objects should be there always
+        $this->assertContains('qsearchbox', $objects);
+        $this->assertContains('addressbookslist', $objects);
+        $this->assertContains('contactslist', $objects);
+        $this->assertContains('messageform', $objects);
+        $this->assertContains('attachmentlist', $objects);
+        $this->assertContains('filedrop', $objects);
+        $this->assertContains('uploadform', $objects);
+    }
+}
diff --git a/tests/Selenium/Mail/Getunread.php b/tests/Selenium/Mail/Getunread.php
new file mode 100644
index 000000000..d6362f2f4
--- /dev/null
+++ b/tests/Selenium/Mail/Getunread.php
@@ -0,0 +1,13 @@
+<?php
+
+class Selenium_Mail_Getunread extends Selenium_Test
+{
+    public function testGetunread()
+    {
+        $this->go('mail');
+
+        $res = $this->ajaxResponse('getunread', "rcmail.http_request('getunread')");
+
+        $this->assertEquals('getunread', $res['action']);
+    }
+}
diff --git a/tests/Selenium/Mail/List.php b/tests/Selenium/Mail/List.php
new file mode 100644
index 000000000..7574c1801
--- /dev/null
+++ b/tests/Selenium/Mail/List.php
@@ -0,0 +1,25 @@
+<?php
+
+class Selenium_Mail_List extends Selenium_Test
+{
+    public function testCheckRecent()
+    {
+        $this->go('mail');
+
+        $res = $this->ajaxResponse('list', "rcmail.command('list')");
+
+        $this->assertEquals('list', $res['action']);
+        $this->assertRegExp('/this\.set_pagetitle/', $res['exec']);
+        $this->assertRegExp('/this\.set_unread_count/', $res['exec']);
+        $this->assertRegExp('/this\.set_rowcount/', $res['exec']);
+        $this->assertRegExp('/this\.set_message_coltypes/', $res['exec']);
+//        $this->assertRegExp('/this\.add_message_row/', $res['exec']);
+
+        $this->assertContains('current_page', $res['env']);
+        $this->assertContains('exists', $res['env']);
+        $this->assertContains('pagecount', $res['env']);
+        $this->assertContains('pagesize', $res['env']);
+        $this->assertContains('messagecount', $res['env']);
+        $this->assertContains('mailbox', $res['env']);
+    }
+}
diff --git a/tests/Selenium/Mail/Mail.php b/tests/Selenium/Mail/Mail.php
new file mode 100644
index 000000000..98413787b
--- /dev/null
+++ b/tests/Selenium/Mail/Mail.php
@@ -0,0 +1,23 @@
+<?php
+
+class Selenium_Mail_Mail extends Selenium_Test
+{
+    public function testMail()
+    {
+        $this->go('mail');
+
+        // check task
+        $env = $this->get_env();
+        $this->assertEquals('mail', $env['task']);
+
+        $objects = $this->get_objects();
+
+        // these objects should be there always
+        $this->assertContains('qsearchbox', $objects);
+        $this->assertContains('mailboxlist', $objects);
+        $this->assertContains('messagelist', $objects);
+        $this->assertContains('quotadisplay', $objects);
+        $this->assertContains('search_filter', $objects);
+        $this->assertContains('countdisplay', $objects);
+    }
+}
diff --git a/tests/Selenium/Settings/About.php b/tests/Selenium/Settings/About.php
new file mode 100644
index 000000000..9a6c31d4b
--- /dev/null
+++ b/tests/Selenium/Settings/About.php
@@ -0,0 +1,14 @@
+<?php
+
+class Selenium_Settings_About extends Selenium_Test
+{
+    public function testAbout()
+    {
+        $this->url(TESTS_URL . '/?_task=settings&_action=about');
+
+        // check task and action
+        $env = $this->get_env();
+        $this->assertEquals('settings', $env['task']);
+        $this->assertEquals('about', $env['action']);
+    }
+}
diff --git a/tests/Selenium/Settings/Folders.php b/tests/Selenium/Settings/Folders.php
new file mode 100644
index 000000000..fa64e45d6
--- /dev/null
+++ b/tests/Selenium/Settings/Folders.php
@@ -0,0 +1,20 @@
+<?php
+
+class Selenium_Settings_Folders extends Selenium_Test
+{
+    public function testFolders()
+    {
+        $this->go('settings', 'folders');
+
+        // task should be set to 'settings' and action to 'folders'
+        $env = $this->get_env();
+        $this->assertEquals('settings', $env['task']);
+        $this->assertEquals('folders', $env['action']);
+
+        $objects = $this->get_objects();
+
+        // these objects should be there always
+        $this->assertContains('quotadisplay', $objects);
+        $this->assertContains('subscriptionlist', $objects);
+    }
+}
diff --git a/tests/Selenium/Settings/Identities.php b/tests/Selenium/Settings/Identities.php
new file mode 100644
index 000000000..869018b09
--- /dev/null
+++ b/tests/Selenium/Settings/Identities.php
@@ -0,0 +1,19 @@
+<?php
+
+class Selenium_Settings_Identities extends Selenium_Test
+{
+    public function testIdentities()
+    {
+        $this->go('settings', 'identities');
+
+        // check task and action
+        $env = $this->get_env();
+        $this->assertEquals('settings', $env['task']);
+        $this->assertEquals('identities', $env['action']);
+
+        $objects = $this->get_objects();
+
+        // these objects should be there always
+        $this->assertContains('identitieslist', $objects);
+    }
+}
diff --git a/tests/Selenium/Settings/Settings.php b/tests/Selenium/Settings/Settings.php
new file mode 100644
index 000000000..08d8339f1
--- /dev/null
+++ b/tests/Selenium/Settings/Settings.php
@@ -0,0 +1,17 @@
+<?php
+
+class Selenium_Settings_Settings extends Selenium_Test
+{
+    public function testSettings()
+    {
+        $this->go('settings');
+
+        // task should be set to 'settings'
+        $env = $this->get_env();
+        $this->assertEquals('settings', $env['task']);
+
+        $objects = $this->get_objects();
+
+        $this->assertContains('sectionslist', $objects);
+    }
+}
diff --git a/tests/Selenium/bootstrap.php b/tests/Selenium/bootstrap.php
new file mode 100644
index 000000000..0f7eed0d9
--- /dev/null
+++ b/tests/Selenium/bootstrap.php
@@ -0,0 +1,181 @@
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | tests/Selenium/bootstrap.php                                          |
+ |                                                                       |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2009-2013, The Roundcube Dev Team                       |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
+ |                                                                       |
+ | PURPOSE:                                                              |
+ |   Environment initialization script for unit tests                    |
+ +-----------------------------------------------------------------------+
+ | Author: Thomas Bruederli <roundcube@gmail.com>                        |
+ | Author: Aleksander Machniak <alec@alec.pl>                            |
+ +-----------------------------------------------------------------------+
+*/
+
+if (php_sapi_name() != 'cli')
+  die("Not in shell mode (php-cli)");
+
+if (!defined('INSTALL_PATH')) define('INSTALL_PATH', realpath(dirname(__FILE__) . '/../../') . '/' );
+
+define('TESTS_DIR', dirname(__FILE__) . '/');
+
+if (@is_dir(TESTS_DIR . 'config')) {
+    define('RCMAIL_CONFIG_DIR', TESTS_DIR . 'config');
+}
+
+require_once(INSTALL_PATH . 'program/include/iniset.php');
+
+// Extend include path so some plugin test won't fail
+$include_path = ini_get('include_path') . PATH_SEPARATOR . TESTS_DIR . '..';
+if (set_include_path($include_path) === false) {
+    die("Fatal error: ini_set/set_include_path does not work.");
+}
+
+$rcmail = rcube::get_instance();
+
+define('TESTS_URL',     $rcmail->config->get('tests_url'));
+define('TESTS_BROWSER', $rcmail->config->get('tests_browser', 'firefox'));
+define('TESTS_USER',    $rcmail->config->get('tests_username'));
+define('TESTS_PASS',    $rcmail->config->get('tests_password'));
+define('TESTS_SLEEP',   $rcmail->config->get('tests_sleep', 5));
+
+PHPUnit_Extensions_Selenium2TestCase::shareSession(true);
+
+// @TODO: remove user record from DB before running tests
+// @TODO: make sure mailbox has some content (always the same) or is empty
+
+/**
+ * Base class for all tests in this directory
+ */
+class Selenium_Test extends PHPUnit_Extensions_Selenium2TestCase
+{
+    protected function setUp()
+    {
+//        $this->rc = rcube::get_instance();
+        $this->setBrowser(TESTS_BROWSER);
+        $this->setBrowserUrl(TESTS_URL);
+    }
+
+    protected function login()
+    {
+        $this->go('mail');
+
+        $user_input = $this->byCssSelector('form input[name="_user"]');
+        $pass_input = $this->byCssSelector('form input[name="_pass"]');
+        $submit     = $this->byCssSelector('form input[type="submit"]');
+
+        $user_input->value(TESTS_USER);
+        $pass_input->value(TESTS_PASS);
+
+        // submit login form
+        $submit->click();
+
+        // wait after successful login
+        sleep(TESTS_SLEEP);
+    }
+
+    protected function go($task = 'mail', $action = null)
+    {
+        $this->url(TESTS_URL . '/?_task=' . $task);
+
+        // wait for interface load (initial ajax requests, etc.)
+        sleep(TESTS_SLEEP);
+
+        if ($action) {
+            $this->click_button($action);
+
+            sleep(TESTS_SLEEP);
+        }
+    }
+
+    protected function get_env()
+    {
+        return $this->execute(array(
+            'script' => 'return rcmail.env;',
+            'args' => array(),
+        ));
+    }
+
+    protected function get_buttons($action)
+    {
+        $buttons = $this->execute(array(
+            'script' => "return rcmail.buttons['$action'];",
+            'args' => array(),
+        ));
+
+        if (is_array($buttons)) {
+            foreach ($buttons as $idx => $button) {
+                $buttons[$idx] = $button['id'];
+            }
+        }
+
+        return (array) $buttons;
+    }
+
+    protected function get_objects()
+    {
+        return $this->execute(array(
+            'script' => "var i,r = []; for (i in rcmail.gui_objects) r.push(i); return r;",
+            'args' => array(),
+        ));
+    }
+
+    protected function click_button($action)
+    {
+        $buttons = $this->get_buttons($action);
+        $id      = array_shift($buttons);
+
+        // this doesn't work for me
+        $this->byId($id)->click();
+    }
+
+    protected function ajaxResponse($action, $script = '', $button = false)
+    {
+        if (!$script && !$button) {
+            $script = "rcmail.command('$action')";
+        }
+
+        $script = 
+        "if (!window.test_ajax_response) {
+            window.test_ajax_response_object = {};
+            function test_ajax_response(response)
+            {
+                if (response.response && response.response.action) {
+                    window.test_ajax_response_object[response.response.action] = response.response;
+                }
+            }
+            rcmail.addEventListener('responsebefore', test_ajax_response);
+        }
+        window.test_ajax_response_object['$action'] = null;
+        $script;
+        ";
+
+        // run request
+        $this->execute(array(
+            'script' => $script,
+            'args' => array(),
+        ));
+
+        if ($button) {
+            $this->click_button($action);
+        }
+
+        // wait
+        sleep(TESTS_SLEEP);
+
+        // get response
+        $response = $this->execute(array(
+            'script' => "return window.test_ajax_response_object['$action'];",
+            'args' => array(),
+        ));
+
+        return $response;
+    }
+}
diff --git a/tests/Selenium/phpunit.xml b/tests/Selenium/phpunit.xml
new file mode 100644
index 000000000..b5835cf74
--- /dev/null
+++ b/tests/Selenium/phpunit.xml
@@ -0,0 +1,21 @@
+<phpunit backupGlobals="false"
+    bootstrap="bootstrap.php"
+    colors="true">
+    <testsuites>
+        <testsuite name="All Tests">
+            <file>Login.php</file><!-- Login.php test must be first -->
+            <file>Addressbook/Addressbook.php</file>
+            <file>Addressbook/Import.php</file>
+            <file>Mail/Mail.php</file>
+            <file>Mail/CheckRecent.php</file>
+            <file>Mail/Compose.php</file>
+            <file>Mail/Getunread.php</file>
+            <file>Mail/List.php</file>
+            <file>Settings/About.php</file>
+            <file>Settings/Folders.php</file>
+            <file>Settings/Identities.php</file>
+            <file>Settings/Settings.php</file>
+            <file>Logout.php</file><!-- Logout.php test must be last -->
+        </testsuite>
+    </testsuites>
+</phpunit>
-- 
cgit v1.2.3


From 8466690851f0774facc6c8e443a0df2610c96ce5 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 31 Jan 2013 10:13:28 +0100
Subject: Set root URL to our index.html, for better performance See
 https://github.com/sebastianbergmann/phpunit-selenium/issues/217

---
 tests/Selenium/bootstrap.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'tests')

diff --git a/tests/Selenium/bootstrap.php b/tests/Selenium/bootstrap.php
index 0f7eed0d9..6611e8feb 100644
--- a/tests/Selenium/bootstrap.php
+++ b/tests/Selenium/bootstrap.php
@@ -50,6 +50,7 @@ PHPUnit_Extensions_Selenium2TestCase::shareSession(true);
 
 // @TODO: remove user record from DB before running tests
 // @TODO: make sure mailbox has some content (always the same) or is empty
+// @TODO: plugins: enable all?
 
 /**
  * Base class for all tests in this directory
@@ -60,7 +61,10 @@ class Selenium_Test extends PHPUnit_Extensions_Selenium2TestCase
     {
 //        $this->rc = rcube::get_instance();
         $this->setBrowser(TESTS_BROWSER);
-        $this->setBrowserUrl(TESTS_URL);
+
+        // Set root to our index.html, for better performance
+        // See https://github.com/sebastianbergmann/phpunit-selenium/issues/217
+        $this->setBrowserUrl(TESTS_URL . '/tests/Selenium');
     }
 
     protected function login()
-- 
cgit v1.2.3


From ee01be5b5b854320de83e09c66070acd71283a70 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 31 Jan 2013 18:24:16 +0100
Subject: Add dummy index.html file for Selenum tests

---
 tests/Selenium/index.html | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 tests/Selenium/index.html

(limited to 'tests')

diff --git a/tests/Selenium/index.html b/tests/Selenium/index.html
new file mode 100644
index 000000000..7aa65f829
--- /dev/null
+++ b/tests/Selenium/index.html
@@ -0,0 +1,8 @@
+<html>
+<head>
+    <title>Roundcube Webmail Tests</title>
+</head>
+<body>
+Testing...
+</body>
+</html>
-- 
cgit v1.2.3


From 1f910cb50dcb12e84d92db4d61dcd8dbb0f0c5b6 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 1 Feb 2013 20:04:00 +0100
Subject: Fix handling link href attribute value with (valid) newline
 characters (#1488940)

---
 program/lib/Roundcube/rcube_washtml.php |  3 ++-
 tests/Framework/Washtml.php             | 14 ++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

(limited to 'tests')

diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php
index 715c46047..2a261419f 100644
--- a/program/lib/Roundcube/rcube_washtml.php
+++ b/program/lib/Roundcube/rcube_washtml.php
@@ -240,7 +240,8 @@ class rcube_washtml
             $value = $node->getAttribute($key);
 
             if (isset($this->_html_attribs[$key]) ||
-                ($key == 'href' && !preg_match('!^(javascript|vbscript|data:text)!i', $value)
+                ($key == 'href' && ($value = trim($value))
+                    && !preg_match('!^(javascript|vbscript|data:text)!i', $value)
                     && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value))
             ) {
                 $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php
index 088ac4a8c..6f4aa9783 100644
--- a/tests/Framework/Washtml.php
+++ b/tests/Framework/Washtml.php
@@ -25,4 +25,18 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase
         $this->assertNotRegExp('/vbscript:/', $washed, "Remove vbscript: links");
     }
 
+    /**
+     * Test fixing of invalid href (#1488940)
+     */
+    function test_href()
+    {
+        $html = "<p><a href=\"\nhttp://test.com\n\">Firefox</a>";
+
+        $washer = new rcube_washtml;
+
+        $washed = $washer->wash($html);
+
+        $this->assertRegExp('|href="http://test.com">|', $washed, "Link href with newlines (#1488940)");
+    }
+
 }
-- 
cgit v1.2.3


From d8270b66ccca4aef0db76bade89a398b1d33abe9 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 18 Mar 2013 19:51:32 +0100
Subject: Fix wrapping of text lines with the same length as specified length
 limit

---
 program/lib/Roundcube/rcube_mime.php | 7 ++++---
 tests/src/format-flowed.txt          | 4 ++--
 2 files changed, 6 insertions(+), 5 deletions(-)

(limited to 'tests')

diff --git a/program/lib/Roundcube/rcube_mime.php b/program/lib/Roundcube/rcube_mime.php
index 2f24a1bb3..d21e3b4d5 100644
--- a/program/lib/Roundcube/rcube_mime.php
+++ b/program/lib/Roundcube/rcube_mime.php
@@ -595,11 +595,12 @@ class rcube_mime
             while (count($list)) {
                 $line   = array_shift($list);
                 $l      = mb_strlen($line);
-                $newlen = $len + $l + ($len ? 1 : 0);
+                $space  = $len ? 1 : 0;
+                $newlen = $len + $l + $space;
 
                 if ($newlen <= $width) {
-                    $string .= ($len ? ' ' : '').$line;
-                    $len += (1 + $l);
+                    $string .= ($space ? ' ' : '').$line;
+                    $len += ($space + $l);
                 }
                 else {
                     if ($l > $width) {
diff --git a/tests/src/format-flowed.txt b/tests/src/format-flowed.txt
index a390ffd11..359a41aec 100644
--- a/tests/src/format-flowed.txt
+++ b/tests/src/format-flowed.txt
@@ -1,7 +1,7 @@
 I'm replying on this with a very long line which is then wrapped and 
 space-stuffed because the draft is saved as format=flowed.
- From what's specified in RFC 2646 some lines need to be space-stuffed to 
-avoid muning during transport.
+ From what's specified in RFC 2646 some lines need to be space-stuffed to avoid 
+muning during transport.
 
 X
 
-- 
cgit v1.2.3


From 1e32540839683c1309db012c4d5b9aff35ec6ae3 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 19 Mar 2013 12:47:07 +0100
Subject: Add rel="noreferrer" for links in displayed messages (#1484686)

---
 CHANGELOG                                       |  1 +
 program/lib/Roundcube/rcube_string_replacer.php | 13 ++++++++-----
 program/steps/mail/func.inc                     | 14 ++++++++++----
 tests/Framework/StringReplacer.php              | 22 +++++++++++-----------
 tests/MailFunc.php                              |  8 ++++----
 5 files changed, 34 insertions(+), 24 deletions(-)

(limited to 'tests')

diff --git a/CHANGELOG b/CHANGELOG
index 1e3eb77b5..ed0ea6ef3 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Add rel="noreferrer" for links in displayed messages (#1484686)
 - Fix so forward as attachment works if additional attachment is added by message_compose hook (#1489000)
 - Add ability to toggle between HTML and text while viewing a message (#1486939)
 - Better handling of session errors in ajax requests (#1488960)
diff --git a/program/lib/Roundcube/rcube_string_replacer.php b/program/lib/Roundcube/rcube_string_replacer.php
index 49a378166..b8768bc98 100644
--- a/program/lib/Roundcube/rcube_string_replacer.php
+++ b/program/lib/Roundcube/rcube_string_replacer.php
@@ -28,9 +28,10 @@ class rcube_string_replacer
     public $mailto_pattern;
     public $link_pattern;
     private $values = array();
+    private $options = array();
 
 
-    function __construct()
+    function __construct($options = array())
     {
         // Simplified domain expression for UTF8 characters handling
         // Support unicode/punycode in top-level domain part
@@ -44,6 +45,8 @@ class rcube_string_replacer
             ."@$utf_domain"                                                 // domain-part
             ."(\?[$url1$url2]+)?"                                           // e.g. ?subject=test...
             .")/";
+
+        $this->options = $options;
     }
 
     /**
@@ -89,10 +92,10 @@ class rcube_string_replacer
 
         if ($url) {
             $suffix = $this->parse_url_brackets($url);
-            $i = $this->add($prefix . html::a(array(
-                'href'   => $url_prefix . $url,
-                'target' => '_blank'
-            ), rcube::Q($url)) . $suffix);
+            $attrib = (array)$this->options['link_attribs'];
+            $attrib['href'] = $url_prefix . $url;
+
+            $i = $this->add($prefix . html::a($attrib, rcube::Q($url)) . $suffix);
         }
 
         // Return valid link for recognized schemes, otherwise
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 8c9743949..274c40b5c 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -760,7 +760,8 @@ function rcmail_plain_body($body, $flowed=false)
   global $RCMAIL;
 
   // make links and email-addresses clickable
-  $replacer = new rcmail_string_replacer;
+  $attribs  = array('link_attribs' => array('rel' => 'noreferrer', 'target' => '_blank'));
+  $replacer = new rcmail_string_replacer($attribs);
 
   // search for patterns like links and e-mail addresses and replace with tokens
   $body = $replacer->replace($body);
@@ -1373,7 +1374,7 @@ function rcmail_html4inline($body, $container_id, $body_id='', &$attributes=null
 
 
 /**
- * parse link attributes and set correct target
+ * parse link (a, link, area) attributes and set correct target
  */
 function rcmail_alter_html_link($matches)
 {
@@ -1382,9 +1383,9 @@ function rcmail_alter_html_link($matches)
   // Support unicode/punycode in top-level domain part
   $EMAIL_PATTERN = '([a-z0-9][a-z0-9\-\.\+\_]*@[^&@"\'.][^@&"\']*\\.([^\\x00-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-z0-9]{2,}))';
 
-  $tag = $matches[1];
+  $tag    = strtolower($matches[1]);
   $attrib = parse_attrib_string($matches[2]);
-  $end = '>';
+  $end    = '>';
 
   // Remove non-printable characters in URL (#1487805)
   if ($attrib['href'])
@@ -1411,6 +1412,11 @@ function rcmail_alter_html_link($matches)
     $attrib['target'] = '_blank';
   }
 
+  // Better security by adding rel="noreferrer" (#1484686)
+  if (($tag == 'a' || $tag == 'area') && $attrib['href'] && $attrib['href'][0] != '#') {
+    $attrib['rel'] = 'noreferrer';
+  }
+
   // allowed attributes for a|link|area tags
   $allow = array('href','name','target','onclick','id','class','style','title',
     'rel','type','media','alt','coords','nohref','hreflang','shape');
diff --git a/tests/Framework/StringReplacer.php b/tests/Framework/StringReplacer.php
index e630ebac0..95c59221b 100644
--- a/tests/Framework/StringReplacer.php
+++ b/tests/Framework/StringReplacer.php
@@ -24,17 +24,17 @@ class Framework_StringReplacer extends PHPUnit_Framework_TestCase
     function data_replace()
     {
         return array(
-            array('http://domain.tld/path*path2', '<a href="http://domain.tld/path*path2" target="_blank">http://domain.tld/path*path2</a>'),
-            array("Click this link:\nhttps://mail.xn--brderli-o2a.ch/rc/ EOF", "Click this link:\n<a href=\"https://mail.xn--brderli-o2a.ch/rc/\" target=\"_blank\">https://mail.xn--brderli-o2a.ch/rc/</a> EOF"),
-            array('Start http://localhost/?foo End', 'Start <a href="http://localhost/?foo" target="_blank">http://localhost/?foo</a> End'),
-            array('www.domain.tld', '<a href="http://www.domain.tld" target="_blank">www.domain.tld</a>'),
-            array('WWW.DOMAIN.TLD', '<a href="http://WWW.DOMAIN.TLD" target="_blank">WWW.DOMAIN.TLD</a>'),
-            array('[http://link.com]', '[<a href="http://link.com" target="_blank">http://link.com</a>]'),
-            array('http://link.com?a[]=1', '<a href="http://link.com?a[]=1" target="_blank">http://link.com?a[]=1</a>'),
-            array('http://link.com?a[]', '<a href="http://link.com?a[]" target="_blank">http://link.com?a[]</a>'),
-            array('(http://link.com)', '(<a href="http://link.com" target="_blank">http://link.com</a>)'),
-            array('http://link.com?a(b)c', '<a href="http://link.com?a(b)c" target="_blank">http://link.com?a(b)c</a>'),
-            array('http://link.com?(link)', '<a href="http://link.com?(link)" target="_blank">http://link.com?(link)</a>'),
+            array('http://domain.tld/path*path2', '<a href="http://domain.tld/path*path2">http://domain.tld/path*path2</a>'),
+            array("Click this link:\nhttps://mail.xn--brderli-o2a.ch/rc/ EOF", "Click this link:\n<a href=\"https://mail.xn--brderli-o2a.ch/rc/\">https://mail.xn--brderli-o2a.ch/rc/</a> EOF"),
+            array('Start http://localhost/?foo End', 'Start <a href="http://localhost/?foo">http://localhost/?foo</a> End'),
+            array('www.domain.tld', '<a href="http://www.domain.tld">www.domain.tld</a>'),
+            array('WWW.DOMAIN.TLD', '<a href="http://WWW.DOMAIN.TLD">WWW.DOMAIN.TLD</a>'),
+            array('[http://link.com]', '[<a href="http://link.com">http://link.com</a>]'),
+            array('http://link.com?a[]=1', '<a href="http://link.com?a[]=1">http://link.com?a[]=1</a>'),
+            array('http://link.com?a[]', '<a href="http://link.com?a[]">http://link.com?a[]</a>'),
+            array('(http://link.com)', '(<a href="http://link.com">http://link.com</a>)'),
+            array('http://link.com?a(b)c', '<a href="http://link.com?a(b)c">http://link.com?a(b)c</a>'),
+            array('http://link.com?(link)', '<a href="http://link.com?(link)">http://link.com?(link)</a>'),
             array('http://<test>', 'http://<test>'),
             array('http://', 'http://'),
         );
diff --git a/tests/MailFunc.php b/tests/MailFunc.php
index 38c0bac30..319075abd 100644
--- a/tests/MailFunc.php
+++ b/tests/MailFunc.php
@@ -54,7 +54,7 @@ class MailFunc extends PHPUnit_Framework_TestCase
         $this->assertNotRegExp('/<form [^>]+>/', $html, "No form tags allowed");
         $this->assertRegExp('/Subscription form/', $html, "Include <form> contents");
         $this->assertRegExp('/<!-- link ignored -->/', $html, "No external links allowed");
-        $this->assertRegExp('/<a[^>]+ target="_blank">/', $html, "Set target to _blank");
+        $this->assertRegExp('/<a[^>]+ target="_blank"/', $html, "Set target to _blank");
         $this->assertTrue($GLOBALS['REMOTE_OBJECTS'], "Remote object detected");
 
         // render HTML in safe mode
@@ -133,8 +133,8 @@ class MailFunc extends PHPUnit_Framework_TestCase
         $html = rcmail_print_body($part, array('safe' => true));
 
         $this->assertRegExp('/<a href="mailto:nobody@roundcube.net" onclick="return rcmail.command\(\'compose\',\'nobody@roundcube.net\',this\)">nobody@roundcube.net<\/a>/', $html, "Mailto links with onclick");
-        $this->assertRegExp('#<a href="http://www.apple.com/legal/privacy" target="_blank">http://www.apple.com/legal/privacy</a>#', $html, "Links with target=_blank");
-        $this->assertRegExp('#\\[<a href="http://example.com/\\?tx\\[a\\]=5" target="_blank">http://example.com/\\?tx\\[a\\]=5</a>\\]#', $html, "Links with square brackets");
+        $this->assertRegExp('#<a rel="noreferrer" target="_blank" href="http://www.apple.com/legal/privacy">http://www.apple.com/legal/privacy</a>#', $html, "Links with target=_blank");
+        $this->assertRegExp('#\\[<a rel="noreferrer" target="_blank" href="http://example.com/\\?tx\\[a\\]=5">http://example.com/\\?tx\\[a\\]=5</a>\\]#', $html, "Links with square brackets");
     }
 
     /**
@@ -148,7 +148,7 @@ class MailFunc extends PHPUnit_Framework_TestCase
         $html = rcmail_html4inline(rcmail_print_body($part, array('safe' => false)), 'foo');
 
         $mailto = '<a href="mailto:me@me.com?subject=this is the subject&amp;body=this is the body"'
-            .' onclick="return rcmail.command(\'compose\',\'me@me.com?subject=this is the subject&amp;body=this is the body\',this)">e-mail</a>';
+            .' onclick="return rcmail.command(\'compose\',\'me@me.com?subject=this is the subject&amp;body=this is the body\',this)" rel="noreferrer">e-mail</a>';
 
         $this->assertRegExp('|'.preg_quote($mailto, '|').'|', $html, "Extended mailto links");
     }
-- 
cgit v1.2.3


From 1e2468e4b9e9fb44055757a5460df1a6bf31313b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 22 Mar 2013 10:23:39 +0100
Subject: Added two tests for HTML comments handling in rcube_washtml class

---
 tests/Framework/Washtml.php | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

(limited to 'tests')

diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php
index 6f4aa9783..cd443266f 100644
--- a/tests/Framework/Washtml.php
+++ b/tests/Framework/Washtml.php
@@ -18,7 +18,6 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase
             .'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>';
 
         $washer = new rcube_washtml;
-
         $washed = $washer->wash($html);
 
         $this->assertNotRegExp('/data:text/', $washed, "Remove data:text/html links");
@@ -33,10 +32,27 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase
         $html = "<p><a href=\"\nhttp://test.com\n\">Firefox</a>";
 
         $washer = new rcube_washtml;
-
         $washed = $washer->wash($html);
 
         $this->assertRegExp('|href="http://test.com">|', $washed, "Link href with newlines (#1488940)");
     }
 
+    /**
+     * Test handling HTML comments
+     */
+    function test_comments()
+    {
+        $washer = new rcube_washtml;
+
+        $html   = "<!--[if gte mso 10]><p>p1</p><!--><p>p2</p>";
+        $washed = $washer->wash($html);
+
+        $this->assertEquals('<!-- html ignored --><!-- body ignored --><p>p2</p>', $washed, "HTML conditional comments (#1489004)");
+
+        $html   = "<!--TestCommentInvalid><p>test</p>";
+        $washed = $washer->wash($html);
+
+        $this->assertEquals('<!-- html ignored --><!-- body ignored --><p>test</p>', $washed, "HTML invalid comments (#1487759)");
+    }
+
 }
-- 
cgit v1.2.3