No OneTemporary
Actions

Size

315 KB

Referenced Files

None

Subscribers

None

View Options

This file is larger than 256 KB, so syntax highlighting was skipped.

	diff --git a/CHANGELOG b/CHANGELOG
	index ee50eb16e..6914fa894 100644
	--- a/CHANGELOG
	+++ b/CHANGELOG
	@@ -1,2872 +1,2873 @@
	CHANGELOG Roundcube Webmail
	===========================

	- Enigma: Add script to import keys from filesystem to the db storage (for multihost)
	+- Fix so type attribute on script tags is not used on HTML5 pages (#6975)

	RELEASE 1.4.1
	-------------
	- Elastic: Change HTML editor widget to improve form flow (#6992)
	- Elastic: Fix position of mobile floating action button (#7038)
	- Managesieve: Fix locked UI after opening filter frame (#7007)
	- Fix PHP warning: "array_merge(): Expected parameter 2 to be an array, null given in sendmail.inc (#7003)
	- Fix bug where cache keys could exceed length limit specified in db schema (#7004)
	- Fix invalid Signature button state after escaping Mailvelope mode (#7015)
	- Fix so 401 error is returned only on failed logon requests (#7010)
	- Fix db_prefix handling in queries with `TRUNCATE TABLE <name>` and `UNIQUE <name>` (#7013)
	- Fix so update.sh script warns about changed defaults (#7011)
	- Fix tables listing routine when DSN contained a database with unsupported suffix (#7034)
	- Fix so Elastic is also a default in jqueryui plugin (#7039)
	- Fix bug where the Installer would not warn about required schema upgrade (#7042)

	RELEASE 1.4.0
	-------------
	- Elastic: Resizeable columns (#6929)
	- Elastic: Fix position and style of auto-complete dropdown on small screens (#6951)
	- Elastic: Fix initial focus on recipients input in mail compose screen
	- Elastic: Fix inserting responses at cursor position (#6971)
	- Elastic: Fix unread filter icon and search state on folder change (#6978)
	- Elastic: Fix regression where Encrypt button wasn't displayed in mail compose toolbar (#6982)
	- Elastic: Fix regression where recipient input didn't update internal input state (#6988)
	- Enigma: Fix bug where signing option was set to disabled after saving a draft in Elastic skin (#6515)
	- Redis: Improve error handling and phpredis 5.X support (#6888)
	- Archive: Fix bug where next email was not displayed after Archive button use (#6965)
	- Archive: Fix missing Archive icon in folder selector popup in Elastic
	- Fix bug where cache keys were not case-sensitive on MySQL/MSSQL (#6942)
	- Fix so an error is logged when encryption fails (#6948)
	- Fix bug where inline images could have been ignored if Content-Id header contained redundant spaces (#6980)
	- Fix and document skin_logo setup (#6981)

	RELEASE 1.4-rc2
	---------------
	- Update to jQuery 3.4.1
	- Clarified 'address_book_type' option behavior (#6680)
	- Added cookie mismatch detection, display an error message informing the user to clear cookies
	- Renamed 'log_session' option to 'session_debug'
	- Removed 'delete_always' option (#6782)
	- Don't log full session identifiers in userlogins log (#6625)
	- Support $HasAttachment/$HasNoAttachment keywords (#6201)
	- Support PECL memcached extension as a session and cache storage driver (experimental)
	- Switch to IDNA2008 variant (#6806)
	- installto.sh: Add possibility to run the update even on the up-to-date installation (#6533)
	- Plugin API: Add 'render_folder_selector' hook
	- Added 'keyservers' option to define list of HKP servers for Enigma/Mailvelope (#6326)
	- Added flag to disable server certificate validation via Mysql DSN argument (#6848)
	- Select all records on the current list page with CTRL + A (#6813)
	- Use Left/Right Arrow keys to faster move over threaded messages list (#6399)
	- Changes in `display_next` setting (#6795):
	- Move it to Preferences > User Interface > Main Options
	- Make it apply to Contacts interface too
	- Make it apply only if deleting/moving a previewed message/contact
	- Redis: Support connection to unix socket
	- Put charset meta specification before a title tag, add page title automatically (#6811)
	- Elastic: Various internal refactorings
	- Elastic: Add Prev/Next buttons on message page toolbar (#6648)
	- Elastic: Close search options on Enter key press in quick-search input (#6660)
	- Elastic: Changed some icons (#6852)
	- Elastic: Changed read/unread icons (#6636)
	- Elastic: Changed "Move to..." icon (#6637)
	- Elastic: Add hide/show for advanced preferences (#6632)
	- Elastic: Add default icon on Settings/Preferences lists for external plugins (#6814)
	- Elastic: Add indicator for popover menu items that open a submenu (#6868)
	- Elastic: Move compose attachments/options to the right side (#6839)
	- Elastic: Add border/background to attachments list widget (#6842)
	- Elastic: Add "Show unread messages" button to the search bar (#6587)
	- Elastic: Fix bug where toolbar disappears on attachment menu use in Chrome (#6677)
	- Elastic: Fix folders list scrolling on touch devices (#6706)
	- Elastic: Fix non-working pretty selects in Chrome browser (#6705)
	- Elastic: Fix issue with absolute positioned mail content (#6739)
	- Elastic: Fix bug where some menu actions could cause a browser popup warning
	- Elastic: Fix handling mailto: URL parameters in contact menu (#6751)
	- Elastic: Fix keyboard navigation in some menus, e.g. the contact menu
	- Elastic: Fix visual issue with long buttons in .boxwarning (#6797)
	- Elastic: Fix handling new-line in text pasted to a recipient input
	- Elastic: Fix so search is not reset when returning from the message preview page (#6847)
	- Larry: Fix regression where menu actions didn't work with keyboard (#6740)
	- ACL: Display user/group names (from ldap) instead of acl identifier
	- Password: Added ldap_exop driver (#4992)
	- Password: Added support for SSHA512 password algorithm (#6805)
	- Managesieve: Fix bug where global includes were requested for vacation (#6716)
	- Managesieve: Use RFC-compliant line endings, CRLF instead of LF (#6686)
	- Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723)
	- Enigma: For verified signatures, display the user id associated with the sender address (#5958)
	- Enigma: Fix bug where revoked users/keys were not greyed out in key info
	- Enigma: Fix error message when trying to encrypt with a revoked key (#6607)
	- Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
	- Enigma: Fix bug where signature verification could have been skipped for some message structures (#6838)
	- Fix language selection for spellchecker in html mode (#6915)
	- Fix css styles leak from replied/forwarded message to the rest of the composed text (#6831)
	- Fix invalid path to "add contact" icon when using assets_path setting
	- Fix invalid path to blocked.gif when using assets_path setting (#6752)
	- Fix so advanced search dialog is not automatically displayed on searchonly addressbooks (#6679)
	- Fix so an error is logged when more than one attachment plugin has been enabled, initialize the first one (#6735)
	- Fix bug where flag change could have been passed to a preview frame when not expected
	- Fix bug in HTML parser that could cause missing text fragments when there was no head/body tag (#6713)
	- Fix bug where HTML messages with a xml:namespace tag were not rendered (#6697)
	- Fix TinyMCE download location (#6694)
	- Fix so "Open in new window" consistently displays "external window" interface (#6659)
	- Fix bug where next row wasn't selected after deleting a collapsed thread (#6655)
	- Fix bug where external content (e.g. mail body) was passed to templates parsing code (#6640)
	- Fix bug where attachment preview didn't work with x_frame_options=deny (#6688)
	- Fix so bin/install-jsdeps.sh returns error code on error (#6704)
	- Fix bug where bmp images couldn't be displayed on some systems (#6728)
	- Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744)
	- Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758)
	- Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746)
	- Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793)
	- Fix bug where selection of columns on messages list wasn't working
	- Fix bug in converting multi-page Tiff images to Jpeg (#6824)
	- Fix bug where handling multiple messages from multi-folder search result could not work (#6845)
	- Fix bug where unread count wasn't updated after moving multi-folder result (#6846)
	- Fix wrong messages order after returning to a multi-folder search result (#6836)
	- Fix some PHP 7.4 compat. issues (#6884, #6866)
	- Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898)
	- Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899)
	- Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897)
	- Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896)

	RELEASE 1.4-rc1
	---------------
	- Changed 'password_charset' default to 'UTF-8' (#6522)
	- Add skins_allowed option (#6483)
	- SMTP GSSAPI support via krb_authentication plugin (#6417)
	- Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385)
	- Removed 'referer_check' option (#6440)
	- Use constant prefix for temp file names, don't remove temp files from other apps (#6511)
	- Ignore 'Sender' header on Reply-All action (#6506)
	- deluser.sh: Add option to delete users who have not logged in for more than X days (#6340)
	- HTML5 Upload Progress - as a replacement for the old server-side solution (#6177)
	- Update to TinyMCE 4.8.2
	- Update to jQuery-MiniColors 2.3.4
	- Prevent from using deprecated timezone names from jsTimezoneDetect
	- Force session.gc_probability=1 when using custom session handlers (#6560)
	- Support simple field labels (e.g. LetterHub examples) in csv imports (#6541)
	- Add cache busters also to images used by templates (#6610)
	- Plugin API: Added 'raise_error' hook (#6199)
	- Plugin API: Added 'common_headers' hook (#6385)
	- Plugin API: Added 'ldap_connected' hook
	- Enigma: Update to OpenPGPjs 4.2.1 - fixes user name encoding issues in key generation (#6524)
	- Enigma: Fixed multi-host synchronization of private and deleted keys and pubring.kbx file
	- Managesieve: Added support for 'editheader' extension - RFC5293 (#5954)
	- Managesieve: Fix bug where custom header or variable could be lost on form submission (#6594)
	- Markasjunk: Integrate markasjunk2 features into markasjunk - marking as non-junk + learning engine (#6504)
	- Password: Added 'modoboa' driver (#6361)
	- Password: Fix bug where password_dovecotpw_with_method setting could be ignored (#6436)
	- Password: Fix bug where new users could skip forced password change (#6434)
	- Password: Allow drivers to override default password comparisons (eg new is not same as current) (#6473)
	- Password: Allow drivers to override default strength checks (eg allow for 'not the same as last x passwords') (#246)
	- Passowrd: Allow drivers to define password strength rules displayed to the user
	- Password: Allow separate password saving and strength drivers for use of strength checking services (#5040)
	- Password: Add zxcvbn driver for checking password strength (#6479)
	- Password: Disallow control characters in passwords
	- Password: Add support for Plesk >= 17.8 (#6526)
	- Elastic: Improved datepicker displayed always in parent window
	- Elastic: On touch devices display attachment icons on messages list (#6296)
	- Elastic: Make menu button inactive if all subactions are inactive (#6444)
	- Elastic: On mobile/tablet jump to the list on folder selection (#6415)
	- Elastic: Various improvements on mail compose screen (#6413)
	- Elastic: Support new-line char as a separator for pasted recipients (#6460)
	- Elastic: Improved UX of search dialogs (#6416)
	- Elastic: Fix unwanted thread expanding when selecting a collapsed thread in non-mobile mode (#6445)
	- Elastic: Fix too small height of mailvelope mail preview frame (#6600)
	- Elastic: Add "status bar" for mobile in mail composer
	- Elastic: Add selection options on contacts list (#6595)
	- Elastic: Fix unintentional layout preference overwrite (#6613)
	- Elastic: Fix bug where Enigma options in mail compose could sometimes be ignored (#6515)
	- Log errors caused by low pcre.backtrack_limit when sending a mail message (#6433)
	- Fix regression where drafts were not deleted after sending the message (#6756)
	- Fix so max_message_size limit is checked also when forwarding messages as attachments (#6580)
	- Fix so performance stats are logged to the main console log also when per_user_logging=true
	- Fix malformed message saved into Sent folder when using big attachments and low memory limit (#6498)
	- Fix incorrect IMAP SASL GSSAPI negotiation (#6308)
	- Fix so unicode in local part of the email address is also supported in recipient inputs (#6490)
	- Fix bug where autocomplete list could be displayed out of screen (#6469)
	- Fix style/navigation on error page depending on authentication state (#6362)
	- Fix so invalid smtp_helo_host is never used, fallback to localhost (#6408)
	- Fix custom logo size in Elastic (#6424)
	- Fix listing the same attachment multiple times on forwarded messages
	- Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494)
	- Fix inconsistent offset for various time zones - always display Standard Time offset (#6531)
	- Fix dummy Message-Id when resuming a draft without Message-Id header (#6548)
	- Fix handling of empty entries in vCard import (#6564)
	- Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577)
	- Fix PHP 7.2 compatibility in debug_logger plugin (#6586)
	- Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581)
	- Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599)
	- Fix missing CSRF token on a link to download too-big message part (#6621)
	- Fix bug when aborting dragging with ESC key didn't stop the move action (#6623)

	RELEASE 1.4-beta
	----------------
	- Added new skin with mobile support - the Elastic
	- Support Redis cache
	- Email Resent (Bounce) feature (#4985)
	- Improved Mailvelope integration
	- Added private key listing and generating to identity settings
	- Enable encrypt & sign option if Mailvelope supports it
	- Allow contacts without an email address (#5079)
	- Support SMTPUTF8 and relax email address validation to support unicode in local part (#5120)
	- Support for IMAP folders that cannot contain both folders and messages (#5057)
	- Update to jQuery-3.3.1
	- Update to jQuery-minicolors 2.2.6
	- Update to TinyMCE 4.7.13
	- Remove sample PHP configuration from .htaccess and .user.ini files (#5850)
	- Extend skin_logo setting to allow per skin logos (#6272)
	- Use Masterminds/HTML5 parser for better HTML5 support (#5761)
	- Add More actions button in Contacts toolbar with Copy/Move actions (#6081)
	- Display an error when clicking disabled link to register protocol handler (#6079)
	- Add option trusted_host_patterns (#6009, #5752)
	- Support additional connect parameters in PostgreSQL database wrapper
	- Use UI dialogs instead of confirm() and alert() where possible
	- Display value of the SMTP message size limit in the error message (#6032)
	- Show message flagged status in message view (#5080)
	- Skip redundant INSERT query on successful logon when using PHP7
	- Replace display_version with display_product_version (#5904)
	- Extend disabled_actions config so it accepts also button names (#5903)
	- Handle remote stylesheets the same as remote images, ask the user to allow them (#5994)
	- Add Message-ID to the sendmail log (#5871)
	- Add option to hide folders in share/other-user namespace or outside of the personal namespace root (#5073)
	- Archive: Fix archiving by sender address on cyrus-imap
	- Archive: Style Archive folder also on folder selector and folder manager lists
	- Archive: Add Thunderbird compatible Month option (#5623)
	- Archive: Create archive folder automatically if it's configured, but does not exist (#6076)
	- Enigma: Add button to send mail unencrypted if no key was found (#5913)
	- Enigma: Add options to set PGP cipher/digest algorithms (#5645)
	- Enigma: Multi-host support
	- Managesieve: Add ability to disable filter sets and other actions (#5496, #5898)
	- Managesieve: Add option managesieve_forward to enable settings dialog for simple forwarding (#6021)
	- Managesieve: Support filter action with custom IMAP flags (#6011)
	- Managesieve: Support 'mime' extension tests - RFC5703 (#5832)
	- Managesieve: Support GSSAPI authentication with krb_authentication plugin (#5779)
	- Managesieve: Support enabling the plugin for specified hosts only (#6292)
	- Password: Support host variables in password_db_dsn option (#5955)
	- Password: Automatic virtualmin domain setting, removed password_virtualmin_format option (#5759)
	- Password: Added password_username_format option (#5766)
	- subscriptions_option: show \\Noselect folders greyed out (#5621)
	- zipdownload: Added option to define size limit for multiple messages download (#5696)
	- vcard_attachments: Add possibility to send contact vCard from Contacts toolbar (#6080)
	- Changed defaults for smtp_user (%u), smtp_pass (%p) and smtp_port (587)
	- Composer: Fix certificate validation errors by using packagist only (#5148)
	- Add --get and --extract arguments and CACHEDIR env-variable support to install-jsdeps.sh (#5882)
	- Support _filter and _scope as GET arguments for opening mail UI (#5825)
	- Various improvements for templating engine and skin behaviours
	- Support conditional include
	- Support for 'link' objects
	- Support including files with path relative to templates directory
	- Use <button> instead of <input> for submit button on logon screen
	- Support skin localization (#5853)
	- Reset onerror on images if placeholder does not exist to prevent from requests storm
	- Unified and simplified code for loading content frame for responses and identities
	- Display contact import and advanced search in popup dialogs
	- Display a dialog for mail import with supported format description and upload size hint
	- Make possible to set (some) config options from a skin
	- Added optional checkbox selection for the list widget
	- Make 'compose' command always enabled
	- Add .log suffix to all log file names, add option log_file_ext to control this (#313)
	- Return "401 Unauthorized" status when login fails (#5663)
	- Support both comma and semicolon as recipient separator, drop recipients_separator option (#5092)
	- Plugin API: Added 'show_bytes' hook (#5001)
	- Add option to not indent quoted text on top-posting reply (#5105)
	- Removed global $CONFIG variable
	- Removed debug_level setting
	- Support AUTHENTICATE LOGIN for IMAP connections (#5563)
	- Support LDAP GSSAPI authentication (#5703)
	- Localized timezone selector (#4983)
	- Use 7bit encoding for ISO-2022-* charsets in sent mail (#5640)
	- Handle inline images also inside multipart/mixed messages (#5905)
	- Allow style tags in HTML editor on composed/reply messages (#5751)
	- Use Github API as a fallback to fetch js dependencies to workaround throttling issues (#6248)
	- Show confirm dialog when moving folders using drag and drop (#6119)
	- Fix bug where new_user_dialog email check could have been circumvented by deleting / abandoning session (#5929)
	- Fix skin extending for assets (#5115)
	- Fix handling of forwarded messages inside of a TNEF message (#5632)
	- Fix bug where attachment size wasn't visible when the filename was too long (#6033)
	- Fix checking table columns when there's more schemas/databases in postgres/mysql (#6047)
	- Fix css conflicts in user interface and e-mail content (#5891)
	- Fix duplicated signature when using Back button in Chrome (#5809)
	- Fix touch event issue on messages list in IE/Edge (#5781)
	- Fix so links over images are not removed in plain text signatures converted from HTML (#4473)
	- Fix various issues when downloading files with names containing non-ascii chars, use RFC 2231 (#5772)

	RELEASE 1.3.8
	-------------
	- Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
	- Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
	- Enigma: Fix deleting keys with authentication subkeys (#6381)
	- Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
	- Fix so Classic skin splitter does not escape out of window (#6397)
	- Fix XSS issue in handling invalid style tag content [CVE-2018-19206] (#6410)
	- Fix compatibility with MySQL 8 - error on 'system' table use
	- Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
	- New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
	- Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449)
	- Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
	- Fix multiple VCard field search (#6466)
	- Fix session issue on long running requests (#6470)

	RELEASE 1.3.7
	-------------
	- Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244)
	- Fix bug where some parts of quota information could have been ignored (#6280)
	- Fix bug where some escape sequences in html styles could bypass security checks
	- Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names
	- Fix bug where only attachments with the same name would be ignored on zip download (#6301)
	- Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299)
	- Fix bug where after "mark all folders as read" action message counters were not reset (#6307)
	- Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289)
	- Fix bug where some HTML comments could have been malformed by HTML parser (#6333)

	RELEASE 1.3.6
	-------------
	- Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216)
	- Fix PHP 7.2: count(): Parameter must be an array in enchant-based spellchecker (#6234)
	- Fix possible IMAP command injection and type juggling vulnerabilities (#6229)
	- Enigma: Fix key selection for signing
	- Enigma: Enable keypair generation on Internet Explorer 11
	- Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238)
	- Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224)

	RELEASE 1.3.5
	-------------
	- Managesieve: Fix bug where text: syntax was forced for strings longer than 1024 characters (#6143)
	- Managesieve: Fix missing Save button in Edit Filter Set page of Classic skin (#6154)
	- Fix duplicated labels in Test SMTP Config section (#6166)
	- Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169)
	- Enigma: Fix key generation in Safari by upgrade to OpenPGP 2.6.2 (#6149)
	- Fix security issue in remote content blocking on HTML image and style tags (#6178)
	- Added 9pt and 11pt to the list of font sizes in HTML editor
	- Fix handling encoding of HTML tags in "inline" JSON output (#6207)
	- Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212)

	RELEASE 1.3.4
	-------------
	- Fix bug where contacts search could skip some records (#6130)
	- Fix possible information leak - add more strict sql error check on user creation (#6125)
	- Fix a couple of warnings on PHP 7.2 (#6098)
	- Fix broken long filenames when using imap4d server - workaround server bug (#6048)
	- Fix so temp_dir misconfiguration prints an error to the log (#6045)
	- Fix untagged COPYUID responses handling - again (#5982)
	- Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075)
	- Fix bug where Archive folder wasn't auto-created on login with create_default_folders=true
	- Fix performance issue when parsing malformed and long Date header (#6087)
	- Fix syntax error in mssql.initial.sql (#6097)
	- Fix bug where contacts export by selection returned no more than 10 entries (#6103)
	- Fix searching contacts by address in LDAP source (#6084)
	- Fix X-Frame-Options:ALLOW-FROM support, remove custom click-jacking protection (#6057)

	RELEASE 1.3.3
	-------------
	- Fix decoding of mailto: links with + character in HTML messages (#6020)
	- Fix false reporting of failed upgrade in installto.sh (#6019)
	- Fix file disclosure vulnerability caused by insufficient input validation [CVE-2017-16651] (#6026)
	- Fix mangled non-ASCII characters in links in HTML messages (#6028)

	RELEASE 1.3.2
	-------------
	- Fix bug where pink image was used instead of a thumbnail when image resize fails (#5933)
	- Fix so files size/count limit is verified (client-side) also on drag-n-drop uploads (#5940)
	- Fix invalid template loading on a message error in preview frame (#5941)
	- Fix bug where HTML messages could have been rendered empty on some systems (#5957)
	- Fix wording of "Mark previewed messages as read" to "Mark messages as read" (#5952)
	- Enigma: Fix decryption of messages encoded with non-ascii charset (#5962)
	- Fix missing cursor in HTML editor on mail reply (#5969)
	- Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
	- Fix bug where mail search could return empty result on servers without SORT capability (#5973)
	- Fix bug where assets_path wasn't added to some watermark frames
	- Fix so untagged COPYUID responses are also supported according to RFC6851 (#5982)
	- Fix issue caused by non-default session.cookie_lifetime setting (#5961)
	- Fix Edge encoding bug when pasting text into the HTML editor, update to TinyMCE 4.5.8 (#5885)
	- Fix handling of unknown Content-Disposition type (#6002)
	- Fix truncated folder name on messages list in multi-folder mode, for folders with non-ascii characters (#6004)
	- Fix bug where removing the last subfolder did not hide toggle button on its parent record (#6007)
	- Fix bug where ghost messages could be added to the list after fast delete (#5941)

	RELEASE 1.3.1
	-------------
	- Add Preferences > Mailbox View > Main Options > Layout (#5829)
	- Password: Fix compatibility with PHP 7+ in cpanel_webmail driver (#5820)
	- Managesieve: Fix parsing dot-staffed lines in multiline text (#5838)
	- Managesieve: Fix AM/PM suffix in vacation time selectors
	- Managesieve: Fix bug where 'exists' operator was reset to 'contains' (#5899)
	- Remove non-printable characters from filenames on download/display (#5880)
	- Fix decoding non-ascii attachment names from TNEF attachments (#5646, #5799)
	- Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788)
	- Fix bug where HTML messages with @media styles could moddify style of page body (#5811)
	- Fix style issue on selected and unfocused message that is part of a thread (#5798)
	- Fix bug where a.button style from managesieve plugin could impact other elements (#5800)
	- Fix position of selected icon for (Mailvelope) Encrypt button
	- Fix fatal error when using DMY- or MDY-based date format in PostgreSQL (#5808)
	- Fix bug where errors were not printed when using bin/update.sh (#5834)
	- Fix PHP 7.2 warnings on count() use (#5845)
	- Fix bug where Chrome could not upload the same file that was selected before (#5854)
	- Fix duplicate messages on the list after deleting messages on the next to the last page (#5862)
	- Fix bug where messages count was not updated after delete when imap_cache is set (#5872)
	- Fix potential XSS vulnerability with malformed HTML message markup
	- Fix sending message with "Too many public recipients" dialog buttons (#5924)
	- Bring back double-click behavior on the message list which was removed in 1.3.0 (#5823)
	- Enigma: Fix decrypting an encrypted+signed message when signature verification fails (#5914)

	RELEASE 1.3.0
	-------------
	- Update to TinyMCE 4.5.7
	- Fix bug where invalid recipients could be silently discarded (#5739)
	- Fix conflict with _gid cookie of Google Analytics (#5748)
	- Print error from CLI scripts when system/exec function is disabled (#5744)
	- Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747)
	- Fix bug where it wasn't possible to scroll folders list in Edge (#5750)
	- Fix folders list sorting on Windows - if php-intl is available (#5732)
	- Fix addressbook searching by gender (#5757)
	- Fix prevention from using % and * characters in folder name (#5762)
	- Fix POST parameter reflection in default_charset selector (#5768)
	- Enigma: Fix compatibility with assets_dir
	- Managesieve: Skip redundant LISTSCRIPTS command
	- Fix SQL syntax error on MariaDB 10.2 (#5774)
	- Fix bug where zipdownload ignored files with the same name (#5777)
	- Fix bug where it wasn't possible to set timezone to auto-detected value (#5782)

	RELEASE 1.3-rc
	--------------
	- "Flattened" the larry theme: fresher look by removing shadows and gradients
	- Support logging to php://stdout (#5721)
	- Add support for DelSp=Yes in format=flowed messages (#5702)
	- Update to jQuery 3.2.1
	- Update to TinyMCE 4.5.6
	- Plugin API: Call message_part_structure hook for sub-parts of multipart/alternative message (#5678)
	- Enigma: Always use detached signatures (#5624)
	- Enigma: Fix handling of messages with nested PGP encrypted parts (#5634)
	- Minimize unwanted message loading in preview frame on drag (#5616)
	- Fix failing database schema check in all engines except mysql (#5730)
	- Fix autocomplete popup closing with click outside the input, don't handle Tab key as Enter (#5606)
	- Fix jsdeps.json synchronization on update, warn about missing requirements of install-jsdeps.sh (#5598)
	- Fix missing thread expand icon on search result in widescreen mode (#5613)
	- Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
	- Fix bug where external content in src attribute of input/video tags was not secured (#5583)
	- Fix PHP error on update of a contact with multiple email addresses when using PHP 7.1 (#5587)
	- Fix bug where mail content frame couldn't be reset in some corner cases (#5608)
	- Fix bug where some classic skin images were not displayed in IE/Edge (#5614)
	- Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628)
	- Fix regression where groups with email address were resolved to its members' addresses
	- Fix update of group name in the contacts list header on group rename (#5648)
	- Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630)
	- Fix bug where it was too easy accidentally move a folder when using the subscription checkbox (#5655)
	- Managesieve: Fix parser issue with empty lines between comments (#5657)
	- Managesieve: Fix possible defect in handling \r\n in scripts (#5685)
	- Fix/rephrase "unsaved changes" warning when cancelling a draft (#5610)
	- Fix XSS issue in handling of a style tag inside of an svg element [CVE-2017-6820]
	- Fix bug where settings/upload.inc could not be used by plugins (#5694)
	- Fix regression in LDAP fuzzy search where it always used prefix search instead (#5713)
	- Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true (#5695)
	- Fix undesired effects when postgres database uses different timezone than PHP host (#5708)
	- Installer: Fix DB schema initialization on MS SQL Server
	- Fix bug where base_dn setting was ignored inside group_filters (#5720)
	- Password: Fix security issue in virtualmin and sasl drivers [CVE-2017-8114]

	RELEASE 1.3-beta
	----------------
	- Nicely handle contact deletion on contact edit (#5522)
	- vcard_attachments: Add possibility to attach contact vCard to composed message (#4997)
	- Preserve message internal/received date on import in mbox format (#5559)
	- Zipdownload: Fix date format in mbox "From line"
	- Possibility to display QR code for contacts data (#5030)
	- Added identicon plugin
	- Widescreen layout aka three column view (#5093)
	- Unify automatic marking as \Seen in preview pane, full-page and extwin views (#5071)
	- Disable double-click on the list when preview pane is on (#5199)
	- Support hostname and hostname:port in force_https option (#5511)
	- Support ALLOW-FROM in x_frame_options (#5122)
	- Allow to omit a subject when sending an email (#5068)
	- Warn about too many disclosed recipients in composed email [max_disclosed_recipients] (#5132)
	- identity_select: Support Received header (#5085)
	- Plugin API: Added get_compose_responses hook (#5457)
	- Display error when trying to upload more files than specified in max_file_uploads (#5483)
	- Add missing sql upgrade file for 'ip' column resize in session table (#5465)
	- Do not show inline images of unsupported mimetype (#5463)
	- Password: Added replacement variables support in password_pop_host (#5539)
	- Password: Don't store passwords in temp files when using dovecotpw (#5531)
	- Password: Added LDAP PPolicy driver (#5364)
	- Password: Added cpanel_webmail driver (#5549)
	- Password: Added possibility to nicely redirect from other plugins on password expiration (#5468)
	- Implement separate action to mark all messages in a folder as \Seen (#5006)
	- Implement marking as \Seen in all folders or in a folder and its subfolders (#5076)
	- Archive: Don't reload messages list when it's not needed (#5225)
	- Archive: Add option to automatically mark archived messages as \Seen (#5142)
	- Improve randomness of password salts and random hashes (#5266)
	- Password/cPanel: Add support for hash authentication and reseller accounts (#5252)
	- Support host-specific imap_conn_options/smtp_conn_options/managesieve_conn_options (#5136)
	- Center and scale images in attachment preview frame (#5421)
	- Added max_message_size option enforced when attaching files to a composed message (#4993)
	- Added Search button in quick search menus (#5312)
	- Implement "one click" attachment/messages/photo upload (#5024)
	- Squirrelmail_usercopy: Add option to define character set of data files
	- Removed useless 'created' column from 'session' table (#5389)
	- Dropped legacy browsers support (#5167)
	- Removed legacy_browser plugin
	- Removed hacks for IE < 10
	- Update to jQuery 3.1.1 and jQuery-UI 1.12.0
	- compile .min.js files with ECMASCRIPT5 option
	- Require PHP >= 5.4
	- Add possibility to preview and download attachments in mail compose (#5053)
	- Add possibility to rename attachments in mail compose (#4996)
	- Remove backward compatibility "layer" of bc.php (#4902)
	- Support WEBP images in mail messages (#5362)
	- Support MathML in HTML message preview (#5182)
	- Rename Addressbook to Contacts (#5233)
	- Remove PHP mail() support, smtp_server is required now (#5340)
	- Display full message subject in onmouseover on truncated subject in mail view (#5346)
	- Enigma: Support GnuPG 2.1 (#5313)
	- Enigma: Support key generation for multiple identities (#5383)
	- Enigma: Import keys from key-server(s) (#5286)
	- Enigma: Search missing public keys on a key-server in mail compose (#5286)
	- Enigma: Delete user keys when using deluser.sh script
	- Enigma: Fix redundant list-secret-keys/list-public-keys calls on signing/encryption
	- Enigma: Implement PGP encryption and signing in one go (#5302)
	- Enigma: Display signature verification status for encrypted+signed messages (#5302)
	- Display different attachment icon on encrypted messages
	- Display different confirmation text when moving messages to Trash (#5220)
	- Indicate that a collapsed thread has flagged children (#5013)
	- Implemented message/rfc822 attachment preview
	- Update to jsTimezoneDetect 1.0.6
	- Managesieve: Add (optional) RAW script editor (#5414)
	- Managesieve: Add option to automatically set vacation :from address (#5428)
	- Managesieve: Support 'string' test from variables extension [RFC 5229] (#5248)
	- Managesieve: Support 'duplicate' extension [RFC 7352]
	- Managesieve: Unhide advanced rule controls if there are inputs with errors
	- Managesieve: Display warning message when filter form contains errors
	- Control search engine crawlers via X-Robots-Tag header instead of <meta> and robots.txt (#5098)
	- Fixed redundancy in sql caching system and compatibility with Galera Cluster (#5439)
	- Removed redundant 'created' column from cache and cache_shared tables
	- Removed use of redundant data records
	- Added missing primary keys (dictionary, cache, cache_shared tables)
	- Fix so templating system does not mess with external (e.g. email) content (#5499)
	- Fix redundant keep-alive/refresh after session error on compose page (#5500)
	- Managesieve: Fix handling of scripts with nested rules (#5540)
	- Fix variable substitution in ldap host for some use-cases, e.g. new_user_identity (#5544)
	- Enigma: Fix PHP fatal error when decrypting a message with invalid signature (#5555)
	- Fix adding images to new identity signatures
	- Fix rsync error handling in installto.sh script (#5562)
	- Fix some advanced search issues with multiple addressbooks (#5572)
	- Fix so group/addressbook selection is retained on page refresh

	RELEASE 1.2.3
	-------------
	- Searching in both contacts and groups when LDAP addressbook with group_filters option is used
	- Fix vulnerability in handling of mail()'s 5th argument
	- Fix To: header encoding in mail sent with mail() method (#5475)
	- Fix flickering of header topline in min-mode (#5426)
	- Fix bug where folders list would scroll to top when clicking on subscription checkbox (#5447)
	- Fix decoding of GB2312/GBK text when iconv is not installed (#5448)
	- Fix regression where creation of default folders wasn't functioning without prefix (#5460)
	- Enigma: Fix bug where last records on keys list were hidden (#5461)
	- Enigma: Fix key search with keyword containing non-ascii characters (#5459)
	- Fix bug where deleting folders with subfolders could fail in some cases (#5466)
	- Fix bug where IMAP password could be exposed via error message (#5472)
	- Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc,
	Added memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452)
	- Fix "Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508)
	- Fix storing "empty" values in rcube_cache/rcube_cache_shared (#5519)
	- Fix missing content check when image resize fails on attachment thumbnail generation (#5485)
	- Fix displaying attached images with wrong Content-Type specified (#5527)

	RELEASE 1.2.2
	-------------
	- Enigma: Add possibility to configure gpg-agent binary location (enigma_pgp_agent)
	- Enigma: Fix signature verification with some IMAP servers, e.g. Gmail, DBMail (#5371)
	- Enigma: Make recipient key searches case-insensitive (#5434)
	- Fix regression in resizing JPEG images with Imagick (#5376)
	- Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372)
	- Use SymLinksIfOwnerMatch in .htaccess instead of FollowSymLinks disabled on some hosts for security reasons (#5370)
	- Wash position:fixed style in HTML mail for better security (#5264)
	- Fix bug where memcache_debug didn't work for session operations
	- Fix bug where Message-ID domain part was tied to username instead of current identity (#5385)
	- Fix bug where blocked.gif couldn't be attached to reply/forward with insecure content
	- Fix E_DEPRECATED warning when using Auth_SASL::factory() (#5401)
	- Fix bug where names of downloaded files could be malformed when derived from the message subject (#5404)
	- Fix so "All" messages selection is resetted on search reset (#5413)
	- Fix bug where folder creation could fail if personal namespace contained more than one entry (#5403)
	- Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified (#5400)
	- Fix PHP warning when handling shared namespace with empty prefix (#5420)
	- Fix so folders list is scrolled to the selected folder on page load (#5424)
	- Fix so when moving to Trash we make sure the folder exists (#5192)
	- Fix displaying size of attachments with zero size
	- Fix so "Action disabled" error uses more appropriate 404 code (#5440)

	RELEASE 1.2.1
	-------------
	- Update TinyMCE to version 4.3.13 (#5309)
	- Fix bug where errors could have been not logged when per_user_logging=true
	- Fix bug where message list columns could be in wrong order after column drag-n-drop and list sorting
	- Fix so minified publickey.js (with cache-buster) is used when available (#5254)
	- Fix (replace) application/x-tar file extension test as it might not exist in nginx config (#5253)
	- Fix PHP warning when password_hosts is set, but is not an array (#5260)
	- Fix redundant keep-alive requests when session_lifetime is greater than ~20000 (#5273)
	- Fix so subfolders of INBOX can be set as Archive (#5274)
	- Fix bug where multi-folder search could choose a wrong folder in "this and subfolders" scope (#5282)
	- Fix bug where multi-folder search didn't work for unsubscribed INBOX (#5259)
	- Fix bug where "no body" alert could be displayed when sending mailvelope email
	- Enigma: Fix keys import from inside of an encrypted message (#5285)
	- Enigma: Fix malformed signed messages with force_7bit=true (#5292)
	- Enigma: Add possibility to configure gpg binary location (enigma_pgp_binary)
	- Enigma: Add possibility to export private keys (#5321)
	- Fix searching by email address in contacts with multiple addresses (#5291)
	- Fix handling of --delete argument in moduserprefs.sh script (#5296)
	- Workaround PHP issue by calling closelog() on script shutdown when using log_driver=syslog (#5289)
	- Fix so upgrade script makes sure program/lib directory does not contain old libraries (#5287)
	- Fix subscription checkbox state on error in folder subscribe/unsubscribe action (#5243)
	- Fix bug where microsecond format in logged date didn't work in some cases
	- Fix conflict in new_user_dialog and password_force_new_user settings (#5275)
	- Don't create multipart/alternative messages with empty text/plain part (#5283)
	- Use contact_search_name format in popup on results in compose contacts search
	- Fix handling of 'mailto' and 'error' arguments in message_before_send hook (#5347)
	- Fix missing localization of HTML editor when assets_dir != INSTALL_PATH
	- Fix handling of blockquote tags with mixed case on html2text conversion (#5363)
	- Fix javascript errors in IE on page with iframe that points to another domain

	RELEASE 1.2.0
	-------------
	- Enigma: Added enigma_debug option
	- Fix message list multi-select/deselect issue (#5219)
	- Fix bug where getting HTML editor content could steal focus from other form controls (#5223)
	- Fix bug where contact search menu fields where always unchecked in Larry skin
	- Fix autoloading of 'html' class
	- Fix bug where Encrypt button appears when switching editor to HTML (#5235)
	- Fix XSS issue in href attribute on area tag (#5240)

	RELEASE 1.2-rc
	--------------
	- Managesieve: Refactored script parser to be 100x faster
	- Enigma: added option to force users to use signing/encryption
	- Enigma: Added option to attach public keys to sent mail (#5152)
	- Enigma: Handle messages with text before an encrypted block (#5149)
	- Enigma: Handle encrypted/signed content inside message/rfc822 attachments
	- Enigma: Fix missing html/plain switch on multipart/signed messages (#4963)
	- Enigma: Disable format=flowed for signed plain text messages (#4960)
	- Enigma: Fix handling of encrypted + signed messages (#4950)
	- Enigma: Fix invalid boundary use in signed messages structure
	- Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955)
	- Save copy of original .htaccess file when using installto.sh script (#4947)
	- Fix regression where some message attachments could be missing on edit/forward (#4939)
	- Fix regression in displaying contents of message/rfc822 parts (#4937)
	- Fix handling of message/rfc822 attachments on replies and forwards (#4938)
	- Fix PDF support detection in Firefox > 19 (#4941)
	- Fix path traversal vulnerability in setting a skin [CVE-2015-8770] (#4945)
	- Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#4944)
	- Fix .htaccess rewrite rules to not block .well-known URIs (#4943)
	- Fix mail view scaling on iOS (#4915)
	- Fix PHP7 warning "session_start(): Session callback expects true/false return value" (#4948)
	- Fix XSS issue in SVG images handling [CVE-2015-8864, CVE-2016-4068] (#4949)
	- Fix missing language name in "Add to Dictionary" request in HTML mode (#4951)
	- Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#4958)
	- Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#4961)
	- Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964)
	- Plugin API: Added addressbook_export hook
	- Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966)
	- Hide DSN option in Preferences when smtp_server is not used (#4967)
	- Fix handling of body parameter in mail compose request
	- Protect download urls against CSRF using unique request tokens [CVE-2016-4069] (#4957)
	- newmail_notifier: Refactor desktop notifications
	- Fix so contactlist_fields option can be set via config file
	- Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782)
	- Fix performance in reverting order of THREAD result
	- Fix converting mail addresses with @www. into mailto links (#5197)

	RELEASE 1.2-beta
	----------------
	- Update TinyMCE to version 4.2
	- Added support for Redis session handler
	- Removed some deprecated methods: https://github.com/roundcube/roundcubemail/commit/454b0b1c
	- Remove backward compatibility "layer" of bc.php (#4902)
	- Add possibility to define date format in write operations for ldap attributes (#3956)
	- Display attachment size in compose (#1329)
	- Added possibility to drag-n-drop attachments from mail preview to compose window
	- Implemented mail messages searching with predefined date interval
	- PGP encryption support via Mailvelope integration
	- PGP encryption support via Enigma plugin
	- PHP7 compatibility fixes (#4836)
	- Security: Added brute-force attack prevention via login rate limit (#4922)
	- Security: Added options to validate username/password on logon (#4884)
	- Security: Improve randomness of security tokens (#4899)
	- Security: Use random security tokens instead of hashes based on encryption key (#4829)
	- Security: Improved encrypt/decrypt methods with option to choose the cipher_method (#4492)
	- Make optional adding of standard signature separator - sig_separator (#3276)
	- Optimize folder_size() on Cyrus IMAP by using special folder annotation (#4894)
	- Make optional hidding of folders with name starting with a dot - imap_skip_hidden_folders (#4870)
	- Add option to enable HTML editor always, except when replying to plain text messages (#4352)
	- Emoticons: Added option to switch on/off emoticons in compose editor (#2076)
	- Emoticons: Added option to switch on/off emoticons in plain text messages
	- Emoticons: All emoticons-related functionality is handled by the plugin now
	- Installer: Add button to save generated config file in system temp directory (#3553)
	- Remove common subject prefixes Re:, Re[x]:, Re-x: on reply (#4882)
	- Added GSSAPI/Kerberos authentication plugin - krb_authentication
	- Password: Allow temporarily disabling the plugin functionality with a notice
	- Require Mbstring and OpenSSL extensions (#5166)
	- Add --config and --type options to moduserprefs.sh script (#4651)
	- Implemented memcache_debug and apc_debug options
	- Installer: Remove system() function use (#4695)
	- Password plugin: Added 'kpasswd' driver by Peter Allgeyer
	- Add initdb.sh to create database from initial.sql script with prefix support (#4722)
	- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
	- Plugin API: Added html2text hook
	- Plugin API: Added message_part_body hook
	- Plugin API: Added message_ready hook
	- Plugin API: Add special onload() method to execute plugin actions before startup (session and GUI initialization)
	- Implemented UI element to jump to specified page of the messages list (#1677)
	- Fix searching of contacts to allow remote images for known senders (#4886)
	- Fix bug where clicking date column with 'arrival' sorting would switch to sorting by 'date' (#4690)
	- Fix bug where message content could overlap attachments list in Larry skin (#4876)
	- Fix so microseconds macro (u) in log_date_format works (#4855)
	- Fix so unrecognized TNEF attachments are displayed on the list of attachments (#5138)
	- Fix so database_attachments::cleanup() does not remove attachments from other sessions (#4907)
	- Fix responses list update issue after response name change (#4917)
	- Fix bug where message preview was unintentionally reset on check-recent action (#4921)
	- Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#4905)
	- Fix redundant blank lines when using HTML and top posting (#4927)
	- Fix redundant blank lines on start of text after html to text conversion (#4928)
	- Fix HTML sanitizer to skip <!-- node type X --> in output (#4932)
	- Fix invalid LDAP query in ACL user autocompletion (#4934)

	RELEASE 1.1.3
	-------------
	- Fix closing of nested menus (#4854)
	- Fix so E_DEPRECATED errors from PEAR libs are ignored by error_reporting change (#4770)
	- Fix compatibility with PHP 5.3 in rcube_ldap class (#4842)
	- Get rid of Mail_mimeDecode package dependency (#4836)
	- Fix "Importing..." message does not hide on error (#4840)
	- Fix Compose action in addressbook for results from multiple addressbooks (#4834)
	- Fix bug where some messages in multi-folder search couldn't be viewed/printed/downloaded (#4843)
	- Fix unintentional messages list page change on page switch in compose addressbook (#4844)
	- Fix race-condition in saving user preferences and loading plugin config (#4845)
	- Fix so plain text signature field uses monospace font (#4848)
	- Fix so links with href == content aren't added to links list on html to text conversion (#4847)
	- Fix handling of non-break spaces in html to text conversion (#4849)
	- Fix self-reply detection issues (#4852)
	- Fix multi-folder search result sorting by arrival date (#4858)
	- Fix so *-request@ addresses in Sender: header are also ignored on reply-all (#4860)
	- Update to TinyMCE 4.1.10 (#5164)
	- Fix draft removal after a message is sent and storing sent message is disabled (#4869)
	- Fix so imap folder attribute comparisons are case-insensitive (#4868)
	- Fix bug where new messages weren't added to the list in search mode
	- Fix wrong positioning of message list header on page scroll in Webkit browsers (#4646)
	- Fix some javascript errors in rare situations (#4853)
	- Fix error when using back button after sending an email (#4628)
	- Fix removing signature when switching to identity with an empty sig in HTML mode (#4872)
	- Disable links list generation on html-to-text conversion of identities or composed message (#4850)
	- Fix "washing" of style elements wrapped into many lines
	- Fix so input field (e.g. search box) does not loose focus on list load (#4862)
	- Fix so css of one html part does not apply to other text parts on message display (#4887)
	- Fix XSS issue in drag-n-drop file uploads [CVE-2015-8105] (#4900)
	- Fix handling of plus character in mailto: links (#4891)
	- Fix so adding CC/BCC recipients from the sidebar unhides compose form fields in Classic skin (#4874)
	- Fix so gc.sh script removes also expired sessions from sql database (#4893)
	- Fix support for Mozilla-based browsers, e.g. Pale Moon (#4895)
	- Fix various issues with Turkish (and similar) locales (#4896)
	- Fix so In-Reply-To header is set also for MDN receipts (#4897)
	- Fix missing HTTP_X_FORWARDED_FOR address in generated Received header
	- Fix issue where Content-Length of some attachments could be set to wrong value causing browser errors (#4877)

	RELEASE 1.1.2
	-------------
	- Add new plugin hook 'identity_create_after' providing the ID of the inserted identity (#4807)
	- Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below]
	- Fix handling of %-encoded entities in mailto: URLs (#4799)
	- Fix zipped messages downloads after selecting all messages in a folder (#4797)
	- Fix vpopmaild driver of password plugin
	- Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#4798)
	- Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#4796)
	- Fix message list header in classic skin on window resize in Internet Explorer (#4732)
	- Fix so text/calendar parts are listed as attachments even if not marked as such (#4795)
	- Fix lack of signature separator for plain text signatures in html mode (#4802)
	- Fix font artifact in Google Chrome on Windows (#4803)
	- Fix bug where forced extwin page reload could exit from the extwin mode (#4801)
	- Fix bug where some unrelated attachments in multipart/related message were not listed (#4805)
	- Fix mouseup event handling when dragging a list record (#4808)
	- Fix bug where preview_pane setting wasn't always saved into user preferences (#4809)
	- Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#4814)
	- Fix security issue in contact photo handling (#4817)
	- Fix possible memcache/apc cache data consistency issues (#4820)
	- Fix bug where imap_conn_options were ignored in IMAP connection test (#4822)
	- Fix bug where some files could have "executable" extension when stored in temp folder (#4815)
	- Fix attached file path unsetting in database_attachments plugin (#4823)
	- Fix issues when using moduserprefs.sh without --user argument (#4825)
	- Fix potential info disclosure issue by protecting directory access (#4816)
	- Fix blank image in html_signature when saving identity changes (#4833)
	- Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#4827)
	- Fix XSS vulnerability in _mbox argument handling (#4837)

	RELEASE 1.1.1
	-------------
	- ACL: Allow other plugins to adjust the list of permissions and groups to edit
	- Add possibility to print contact information (of a single contact)
	- Add possibility to configure max_allowed_packet value for all database engines (#4772)
	- Improved handling of storage errors after message is sent
	- Update to TinyMCE 4.1.9
	- Unified request* event arguments handling, added support for _unlock and _action parameters
	- Security: Generate random hash for the per-user local storage prefix (#4768)
	- Fix refreshing of drafts list when sending a message which was saved in meantime (#4745)
	- Fix saving/sending emoticon images when assets_dir is set
	- Fix PHP fatal error when visiting Vacation interface and there's no sieve script yet (#4778)
	- Fix setting max packet size for DB caches and check packet size also in shared cache
	- Fix needless security warning on BMP attachments display (#4771)
	- Fix handling of some improper constructs in format=flowed text as per the RFC3676[4.5] (#4773)
	- Fix performance of rcube_db_mysql::get_variable()
	- Fix missing or not up-to-date CATEGORIES entry in vCard export (#4766)
	- Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#4769)
	- Fix cursor position on reply below the quote in HTML mode (#4759)
	- Fix so "over quota" errors are displayed also in message compose page
	- Fix duplicate entries suppression in autocomplete result (#4776)
	- Fix "Non-static method PEAR::isError() should not be called statically" errors (#4770)
	- Fix parsing invalid HTML messages with BOM after <!DOCTYPE> (#4777)
	- Fix duplicate entry on timezones list in rcube_config::timezone_name_from_abbr() (#4779)
	- Fix so localized folder name is displayed in multi-folder search result (#4750)
	- Fix javascript error after creating a folder which is a subfolder of another one (#4781)
	- Fix bug where subject of sent/saved message was removed if mbstring wasn't installed (#4780)
	- Fix missing vcard_attachment icon on messages list (#4783)
	- Fix storing signatures with big images in MySQL database (#4785)
	- Fix Opera browser detection in javascript (#4786)
	- Fix so search filter, scope and fields are reset on folder change
	- Fix rows count when messages search fails (#4760)
	- Fix bug where spellchecking in HTML editor do not work after switching editor type more than once (#4789)
	- Fix bug where TinyMCE area height was too small on slow network connection (#4788)
	- Fix backtick character handling in sql queries (#4790)
	- Fix redirect URL for attachments loaded in an iframe when behind a proxy (#4724)
	- Fix menu container references to point to the actual <ul> element (#4791)
	- Fix javascripts errors in IE8 - lack of Event.which, focusing a hidden element (#4793)

	RELEASE 1.1.0
	-------------
	- Make SMTP error log more verbose - include server response and error code
	- Fix download options menu (added by zipdownload plugin) in classic skin (#4740)
	- Fix blocked.gif image usage with assets_dir set
	- Fix bug where max_group_members was ignored when adding a new contact (#4733)
	- Hide MDN and DSN options in compose if disabled by admin (#4735)
	- Fix checks based on window.ActiveXObject in IE > 10
	- Fix XSS issue in style attribute handling [CVE-2015-1433] (#4739)
	- Fix bug where Drafts list wasn't updated on draft-save action in new window (#4737)
	- Fix so "set as default" option is hidden if identities_level > 1 (#4738)
	- Fix bug where search was reset after returning from compose visited for reply
	- Fix javascript error in "IE 8.0/Tablet PC" browser (#4730)
	- Fix bug where Reply-To address was ignored on reply to messages sent by self (#4742)
	- Fix bug where empty fieldmap config entries caused empty results of ldap search (#4741)
	- Fix bug where drafts list wasn't refreshed after draft message was sent from another window (#4745)
	- Fix keyboard navigation and css in datepicker widget across many Firefox versions
	- Fix false warning when opening attached text/plain files (#4748)
	- Fix bug where signature could have been inserted twice after plain-to-html switch (#4746)
	- Fix security issue in DBMail driver of password plugin (#4757)
	- Enable FollowSymLinks option in .htaccess file which is required by rewrite rules (#4754)
	- Fix so JSON.parse() errors on localStorage items are ignored (#4752)

	RELEASE 1.1-rc
	--------------
	- Update jQuery to version 2.1.3
	- Allow to override any config option through env variables
	- Improve system security by using optional special URL with security token - use_secure_urls
	- Allow to define separate server/path for image/js/css files - assets_url/assets_dir
	- Sync vendor folder if exists in source package (#4700)
	- Avoid useless reloading list when resetting search with active filter (#4654)
	- Fix invalid folder selection if clicked while busy (#4709)
	- Fix import of multiple contact email addresses from Outlook-csv format (#4714)
	- Fix drag-n-drop to folders expanded while dragging (#4708)
	- Fix import of multiple contact groups from Google-csv format (#4710)
	- Fix import of contacts with multiple email addresses from Google-csv format (#4719)
	- Fix bugs where CSRF attacks were still possible on some requests [CVE-2014-9587]
	- Fix some rcube_utils::anytodatetime() corner cases with timezone mismatches (#4712)
	- Improve move-to and contact-export button in classic skin (#4713)
	- Fix wrong icon for download button in classic skin
	- Fix bug where sent message was saved in Sent folder even if disabled by user (#4729)

	RELEASE 1.1-beta
	----------------
	- Fix skin path handling in plugin context (#4111)
	- Prevent memory exhaustion on image resizing with GD on Windows (#4580)
	- Add plugin hook for database table name lookups as requested in #4538
	- Added Oracle database support
	- Support contacts import in GMail CSV format
	- Added namespace filter in Folder Manager
	- Added folder searching in Folder Manager
	- Fix restoring draft messages from localStorage if editor mode differs (#4631)
	- Added config option/user preference to disable saving messages in localStorage (#4606)
	- Added config option 'imap_log_session' to enable Roundcube <-> IMAP session ID logging
	- Added config option 'log_session_id' to control the length of the session identifier in logs
	- Implemented 'storage_connected' API hook after successful IMAP login (#4638)
	- Intergrate Net_LDAP3 and rcube_ldap_generic classes
	- Add option (disabled_actions) to disable UI elements/actions (#4478)
	- Support password encryption using openssl extension (#4614)
	- Create/rename groups in UI dialogs (#4592)
	- Added 'contact_search_name' option to define autocompletion entry format
	- Display quota information for current folder not INBOX only (#3442)
	- Support images in HTML signatures (#3917)
	- Display full quota information in popup (#2103, #2746)
	- Mail compose: Selecting contact inserts recipient to previously focused input - to/cc/bcc accordingly (#4487)
	- Close "no subject" prompt with Enter key (#4463)
	- Password: Add option to force new users to change their password (#2963)
	- Improve support for screen readers and assistive technology using WCAG 2.0 and WAI ARIA standards
	- Enable basic keyboard navigation throughout the UI (#3333)
	- Select/scroll to previously selected message when returning from message page (#4146)
	- Display a warning if popup window was blocked (#4472)
	- Remove (was: ...) from message subject on reply (#4359)
	- Update to TinyMCE 4.1 (#4168)
	- Enable autolink plugin in TinyMCE (#4029)
	- Support image operations with Imagick extension (#4498)
	- Support upload progress with session.upload_progress and PECL uploadprogress module (#3934)
	- Make identity name field optional (#4435)
	- Utility script to remove user records from the local database
	- Plugin API: Added message_saved hook (#4503)
	- Plugin API: Added imap_search_before hook
	- Support messages import from zip archives
	- Zipdownload: Added mbox format support (#2354)
	- Drop support for IE6, move IE7/IE8 support to legacy_browser plugin
	- Update to jQuery-2.1.1
	- Search across multiple folders (#1676)
	- Improve UI integration of ACL settings
	- Drop support for PHP < 5.3.7
	- Set In-Reply-To and References for forwarded messages (#4465)
	- Removed redundant default_folders config option (#4500)
	- Implemented IMAP SPECIAL-USE extension support [RFC6154] (#3326)
	- Optimize some framed pages content for better performance (#4517)
	- Improve text messages display and conversion to HTML (#4091)
	- Don't remove links when html signature is converted to text (#4473)
	- Fix page title when using search filter (#4636)
	- Fix mbox files import
	- Fix some character sets detection (#4694)
	- Fix so attachment charset is set in headers of forward/draft message (#4676)
	- Fix bug where wrong charset could be used for text attachment preview page (#4674)

	RELEASE 1.0.5
	-------------
	- Fix wrong icon for download button in classic skin
	- Fix checks based on window.ActiveXObject in IE > 10
	- Fix XSS issue in style attribute handling (#4739)
	- Fix bug where Drafts list wasn't updated on draft-save action in new window (#4737)
	- Fix so "set as default" option is hidden if identities_level > 1 (#4738)
	- Fix javascript error in "IE 8.0/Tablet PC" browser (#4730)
	- Fix bug where empty fieldmap config entries caused empty results of ldap search (#4741)
	- Fix bug where sent message was saved in Sent folder even if disabled by user (#4729)

	RELEASE 1.0.4
	-------------
	- Disable TinyMCE contextmenu plugin as there are more cons than pros in using it (#4684)
	- Fix bug where show_real_foldernames setting wasn't honored on compose page (#4705)
	- Fix issue where Archive folder wasn't protected in Folder Manager (#4706)
	- Fix compatibility with PHP 5.2. in rcube_imap_generic (#4682)
	- Fix setting flags on servers with no PERMANENTFLAGS response (#4667)
	- Fix regression in SHAA password generation in ldap driver of password plugin (#4670)
	- Fix displaying of HTML messages with absolutely positioned elements in Larry skin (#4672)
	- Fix font style display issue in HTML messages with styled <span> elements (#4671)
	- Fix download of attachments that are part of TNEF message (#4668)
	- Fix handling of uuencoded messages if messages_cache is enabled (#4675)
	- Fix handling of base64-encoded attachments with extra spaces (#4678)
	- Fix handling of UNKNOWN-CTE response, try do decode content client-side (#4650)
	- Fix bug where creating subfolders in shared folders wasn't possible without ACL extension (#4680)
	- Fix reply scrolling issue with text mode and start message below the quote (#4681)
	- Fix possible issues in skin/skin_path config handling (#4689)
	- Fix lack of delimiter for recipient addresses in smtp_log (#4703)
	- Fix generation of Blowfish-based password hashes (#4721)
	- Fix bugs where CSRF attacks were still possible on some requests [CVE-2014-9587]

	RELEASE 1.0.3
	-------------
	- Initialize HTML editor before restoring a message from localStorage (#4631)
	- Add 'sig_max_lines' config option to default config file (#5162)
	- Add config option to specify IMAP connection socket parameters - imap_conn_options (#4589)
	- Add option to set default message list mode - default_list_mode (#3157)
	- Enable contextmenu plugin for TinyMCE editor (#3062)
	- Fix insert-signature command in external compose window if opened from inline compose screen (#4663)
	- Fix some mime-type to extension mapping checks in Installer (#4610)
	- Fix errors when using localStorage in Safari's private browsing mode (#4619)
	- Fix bug where $Forwarded flag was being set even if server didn't support it (#4621)
	- Fix various iCloud vCard issues, added fallback for external photos (#4617)
	- Fix invalid Content-Type header when send_format_flowed=false (#4616)
	- Fix errors when adding/updating contacts in active search (#4630)
	- Fix incorrect thumbnail rotation with GD and exif orientation data (#4641)
	- Fix contacts list update after adding/deleting/moving a contact (#4640, #4644)
	- Fix handling of email addresses with quoted domain part (#4647)
	- Fix comm_path update on task switch (#4648)
	- Fix error in MSSQL update script 2013061000.sql (#4658)
	- Fix validation of email addresses with IDNA domains (#4661)

	RELEASE 1.0.2
	-------------
	- Fix storing unsaved drafts in localStorage (#4529)
	- Add configurable LDAP_OPT_DEREF option (#4546)
	- Fix so when switching editor mode original version of signature is used (#4032)
	- Fix unintentional draft autosave request if autosave is disabled (#4550)
	- Fix malformed References: header in send/saved mail (#4552)
	- Fix handling unicode characters in links (#4555)
	- Fix incorrect handling of HTML comments in messages sanitization code (#4558)
	- Fix so current page is reset on list-mode change (#4561)
	- Fix so responses menu hides on click in classic skin (#4566)
	- Fix unintentional line-height style modification in HTML messages (#4567)
	- Fix broken normalize_string(), add support for ISO-8859-2 (#4568)
	- Support csv contacts import in German localization (#4570)
	- Fix so message list and counters are updated when a message is opened in new window (#4569)
	- Fix malformed recipient name when composing a message by clicking on mailto link (#4583)
	- Fix list reload after sending message in another window (#4576)
	- Fix so address format errors are ignored when saving a draft (#4594)
	- Fix incorrect label translation in return receipt (#4598)
	- Fix security issue in delete-response action - allow only ajax request
	- Fix Delete button state after deleting identity/response (#4603)
	- Fix bug where contacts with no email address were listed on compose addressbook (#4602)
	- Fix images import from various vCard formats (#4604)
	- Fix sorting messages by size on servers without SORT capability (#4608)

	RELEASE 1.0.1
	-------------
	- Support 'error' and 'body_file' return attribs in 'message_before_send' hook (#4467)
	- Apply user-specific replacements to group's base_dn property (#4512)
	- Fix missing email address when importing contacts from outlook csv (#4535)
	- Fix bug where "With attachment" option in search filter wasn't selected after return from mail view (#4508)
	- Fix "washing" of unicoded style attributes (#4510)
	- Fix unintentional redirect from compose page in Webkit browsers (#4516)
	- Fix messages index cache update under some conditions (e.g. proxy) (#4505)
	- Fix lack of translation of special folders in some configurations (#4520)
	- Fix XSS issue in plain text spellchecker (#4524)
	- Fix invalid page title for some folders (1489804)
	- Fix redundant alert message on over-size uploads (#4528)
	- Fix next message display after removing a message (#4521)
	- Fix missing Mail-Followup-To header in sent mail (#4534)
	- Fix error when spell-checking an empty text (#4536)
	- Avoid popupmenus being closed when scrollbar is clicked (#4537)
	- Add proxy_whitelist configuration option (#4496)
	- Fix identities_level=4 handling in new_user_dialog plugin (#4540)
	- Fix various db_prefix issues (#4539)
	- Fix too small length of users.preferences column data type on MySQL
	- Fix redundant warning when switching from html to text in empty editor (#4530)
	- Fix invalid host validation on login (#4541)
	- Fix IMAP connection test in installer so it is aware of imap_auth_type (#4502)

	RELEASE 1.0.0
	-------------
	- Added toolbar button to move message in message view
	- Fix style of disabled protocol handler link on IE (#4460)
	- Fix message import dialog when no file is selected (#4488)
	- Fix opening compose screen in new window after saving as draft (#4479)
	- Fix directories check in Installer on Windows (#4462)
	- Fix issue when default_addressbook option is set to integer value (#4379)
	- Fix Opera > 15 detection (#4455)
	- Fix security issue in DomainFactory driver of Password plugin
	- Fix invalid X-Draft-Info on forwarded message draft (#4464)
	- Fix regression in handling of 'attachments' result in message_compose hook (#4474)
	- Fix issue where msgexport.sh printed the message to STDOUT instead of a file (#4476)
	- Fix fatal error in database_attachments plugin under some conditions (#4495)

	RELEASE 1.0-rc
	--------------
	- Small CSS fix with message notice boxes in Larry skin (#4429)
	- Include groups in contacts search on mail compose (#4186)
	- Add mime-type mapping for .7z files (#4436)
	- Invoke update scripts with php to circumvent execution restrictions (#4330)
	- Fix drag & drop message/contact moving on touch device (#4395)
	- Fix canned responses in HTML mode (#4446)
	- Check/create default folders on every login not only the first (#4391)
	- Update to jQuery-1.11.0 and jQuery-UI-1.9.2
	- Support SMTP socket context options via new config option 'smtp_conn_options'
	- Fix compatibility with PHP 5.2 in html.php file (#4438)
	- Remove expand/collapse with plus/minus keys (on numeric keypad) (#4437)
	- Fix issue where filesystem path was added to all-attachments (zip) file (#4433)
	- Fix case-sensitivity of email addresses handling on compose (#1899)
	- Don't alter Message-ID of a draft when sending (#4381)
	- Fix issue where deprecated syntax for HTML lists was not handled properly (#3975)
	- Display different icons when Trash folder is empty or full (#2108)
	- Remember last position of more headers switch (#3660)
	- Fix so message flags modified by another client are applied on the list on refresh (#1639)
	- Fix broken text/* attachments when forwarding/editing a message (#4393)
	- Improved minified files handling, added css minification (#3041)
	- Fix handling of X-Forwarded-For header with multiple addresses (#4424)
	- Fix border issue on folders list in classic skin (#4419)
	- Implemented menu actions to copy/move messages, added folder-selector widget (#863)
	- Fix security rules in .htaccess preventing access to base URL without the ending slash (#4422)
	- Fix regression where only first new folder was placed in correct place on the list (#4418)
	- Fix issue where children of selected and collapsed thread were skipped on various actions (#4410)
	- Fix issue where groups were not deleted when "Replace entire addressbook" option on contacts import was used (#4388)
	- Fix unreliable mimetype tests in Installer (#4408)
	- Fix performance of listing writeable folders (#4406)

	RELEASE 1.0-beta
	----------------
	- Fix handling of invalid closing tags in HTML messages (#4403)
	- Set real content-type for file downloads (#4400)
	- Update TinyMCE to version 3.5.10 (#4401)
	- Fix keyboard navigation in list widgets (#4367)
	- Allow plugins to grab the reference of opened windows (#4383)
	- Larry skin: Improved status message display for better visibility (#4115)
	- Fix Internet Explorer 11 detection (#4397)
	- Fix date column width to fit the widest possible date format (#4354)
	- Move certain user preference options to a collapsed "advanced" block (#4015)
	- Add file type icons for Powerpoint and Open Office presentations (#4269)
	- Fix operations on folders with trailing spaces in name (#4387)
	- Improve identity selection based on From: header (#4360)
	- Fix issue where mails with inline images of the same name contained only the first image multiple times (#4378)
	- Use left/right arrow keys to collapse/expand thread and spacebar to select a row, change Ctrl key behavior (#4367)
	- Fix an issue where using arrow keys to go up a list can result in selected message being under headers (#4375)
	- Fix an issue where Home/End keys don't focus list row properly, don't scrollTo properly (#4370)
	- Add an option to disable smart Reply-List behaviour - reply_all_mode (#3953)
	- Fix an issue where pressing minus key on contacts list was hiding list records (#4368)
	- Fix an issue where shift + arrow-up key wasn't selecting all messages in collapsed thread (#4371)
	- Added icon for priority column in messages list header (#4275)
	- New feature "Canned Responses" to save and recall boilerplate text snippets
	- Fix HTML part detection when encapsulated inside multipart/signed (#4357)
	- Add spellchecker backend for the After the Deadline service
	- Replace markdown-style [1] link indexes in plain text email bodies
	- Improved mailto: link arguments handling (#4351)
	- Use DOMDocument LIBXML_PARSEHUGE and LIBXML_COMPACT options if possible (#4316)
	- Support HTTP_HOST, SERVER_NAME and SERVER_ADDR values in include_host_config feature
	- Make default font size for HTML messages configurable (request #118)
	- Fix XSS issue in addressbook group name field [CVE-2013-5646] (#4337)
	- After message is sent refresh messages list of replied message folder (#4282)
	- Add option force specified domain in user login - username_domain_forced (#4290)
	- Add option to import Vcards with group assignments
	- Save groups membership in Vcard export (#3801)
	- Workaround broken PHP function timezone_name_from_abbr (#4289)
	- Make cached message size limit configurable - messages_cache_threshold (#4326)
	- Log also failed logins to userlogins log
	- Add temp_dir_ttl configuration option (#4318)
	- Allow setting INBOX as Sent folder (#4264)
	- Fix replacement variables in user-specific base_dn in some LDAP requests (#4299)
	- Fix image scaling issues when image has only one dimension smaller than the limit (#4296)
	- Fix issue where uploaded photo was lost when contact form did not validate (#4296)
	- Move identity selection based on non-standard headers into (new) identity_select plugin (#3835)
	- Fix downloading binary files with (wrong) text/* content-type (#4292)
	- Respect HTTP_X_FORWARDED_FOR and HTTP_X_REAL_IP variables for session IP check
	- Simplified configuration by merging it into one file + defaults (#3156)
	- Make message list header stay on top when scrolling (#353)
	- Add support for 'enchant' spellcheck engine
	- Check filetype detection in installer and update script (#4252)
	- Fix folder names truncation in Classic skin (#4265)
	- Make possible to disable some (broken) IMAP extensions with imap_disable_caps option (#4245)
	- Contacts drag-n-drop default action is to move contacts (#3962)
	- Added possibility to choose to move or copy contacts from drag-n-drop menu (#3962)
	- Fix Close link and remove About link on error pages (#4201)
	- Improved/unified attachment preview screen, added print button
	- Fix lack of space between searchfiler and quicksearchbar in Larry skin (#4233)
	- Cache LDAP's user_specific search and use vlv for better performance (#4247)
	- LDAP: auto-detect and use VLV indices for all search operations
	- LDAP: additional group configuration options for address books
	- LDAP: separated address book implementation from a generic LDAP wrapper class
	- Allow address books to browse a multi-level group hierarchy in the contacts list
	- Fix session issues when local and database time differs (#2401)
	- Fix thread cache syncronization/validation (#4150)
	- Added feature to import messages to the currently selected folder
	- Add option show_real_foldernames to disable localization of special folders
	- Fix database cache expunge issues (#4229)
	- Fix date format issues on MS SQL Server (#4078)
	- Add imap_cache_ttl option to configure TTL of imap_cache
	- Make LDAP cache engine configurable via ldap_cache and ldap_cache_ttl options
	- Fix "duplicate entry" errors on inserts to imap cache tables (#4228)
	- Improved handling of Reply-To/Bcc addresses of identity in compose form (#4142)
	- Added user preference to open all popups as standard windows
	- Implemented shared cache (rcube_cache_shared)
	- Change Reply-All button label/title when mailing list is detected (#4092)
	- Fix SMTP connection using IPv6 address in smtp_server option (#4147)
	- Added attachment_reminder plugin
	- Make PHP code eval() free, use create_function()
	- Add option to display email address together with a name in mail preview (#3952)
	- Support CSV import from Atmail (#4161)
	- Add db_prefix configuration option in place of db_table_/db_sequence_ options
	- Make possible to use db_prefix for schema initialization in Installer (#4175)
	- Fix updatedb.sh script so it recognizes also table prefix for external DDL files
	- Fix parsing invalid date string (#4155)
	- Add "with attachment" option to messages list filter (#1795)
	- Call resize handler in intervals to prevent lags and double onresize calls in Chrome (#4137)
	- Add rel="noreferrer" for links in displayed messages (#4976)
	- Add ability to toggle between HTML and text while viewing a message (#3005)
	- Remove "HTML message" from attachments list while viewing a message in text mode (#3005)
	- Support IMAP MOVE extension [RFC 6851]
	- Add attachment menu with Open and Download options (#4116)
	- Display user-friendly message on IMAP "over quota" errors (#914)
	- Extended archive plugin with user-configurable options to store messages into subfolders
	- Fix export of selected contacts from search result (#4070)
	- Feature to export only selected contacts from addressbook (by Phil Weir)

	RELEASE 0.9.5
	-------------
	- Fix failing vCard import when email address field contains spaces (#4363)
	- Fix default spell-check configuration after Google suspended their spell service
	- Fix vulnerability in handling _session argument of utils/save-prefs [CVE-2013-6172] (#4362)
	- Fix iframe onload for upload errors handling (#4361)
	- Fix address matching in Return-Path header on identity selection (#4358)
	- Fix text wrapping issue with long unwrappable lines (#4356)
	- Fixed issues where HTML comments inside style tag would hang Internet Explorer
	- Hide Delivery Status Notification option when smtp_server is unset (#4339)
	- Display full attachment name using title attribute when name is too long to display (#4328)
	- Fix attachment icon issue when rare font/language is used (#4334)
	- Fix expanded thread root message styling after refreshing messages list (#4335)
	- Fix issue where From address was removed from Cc and Bcc fields when editing a draft (#4327)
	- Fix error_reporting directive check (#4331)
	- Fix de_DE localization of "About" label in Help plugin (#4333)

	RELEASE 0.9.4
	-------------
	- Make identities matching case insensitive (#1881)
	- Fix issue where too big message data was stored in cache causing sql errors (#4325)
	- Fix iframe scrollbars on webkit desktop browsers (#4319)
	- Fix issue where legacy config was overridden by default config (#4305)
	- Fix newmail_notifier issue where favicon wasn't changed back to default (#4324)
	- Fix setting of Junk and NonJunk flags by markasjunk plugin (#4303)
	- Fix lack of Reply-To address in header of forwarded message body (#4314)
	- Fix bugs when invoking contact creation form when read-only addressbook is selected (#4313)
	- Fix identity selection on reply (#4308)
	- Fix so additional headers are added to all messages sent (#4302)
	- Fix display issue after moving folder in Folder Manager (#4310)
	- Fix handling of non-default date formats (#4311)
	- Fix unquoted path in PREG expression on Windows (#4307)
	- Fix wrong close tag in /template/mail.html (#4312)

	RELEASE 0.9.3
	-------------
	- Fix setting refresh_interval to "Never" in Preferences (#4304)
	- Fixed iframe scrolling on touch devices
	- Optimized message list for touch devices
	- Fix purge action in folder manager (#4300)
	- Fix base URL resolving on attribute values with no quotes (#4297)
	- Fix wrong handling of links with '\|' character (#4298)
	- Fix colorspace issue on image conversion using ImageMagick (#4294)
	- Fix XSS vulnerability when editing a message "as new" or draft [CVE-2013-5645] (#4283)
	- Fix XSS vulnerability when saving HTML signatures [CVE-2013-5645] (#4283)
	- Fix rewrite rule in .htaccess (#4278)
	- Fix detecting Turkish language in ISO-8859-9 encoding (#4284)
	- Fix identity-selection using Return-Path headers (#4279)
	- Fix parsing of links with ... in URL (#4251)
	- Fix compose priority selector when opening in new window (#4286)
	- Fix bug where signature wasn't changed on identity selection when editing a draft (#4272)
	- Fix IMAP SETMETADATA parameters quoting (#4274)
	- Fix "could not load message" error on valid empty message body (#4271)
	- Fix handling of message/rfc822 attachments on message forward and edit (#4262)
	- Fix parsing of square bracket characters in IMAP response strings (#4267)
	- Don't clear References and in-Reply-To when a message is "edited as new" (#4263)
	- Fix messages list sorting with THREAD=REFS
	- Remove deprecated (in PHP 5.5) PREG /e modifier usage (#4239)
	- Fix empty messages list when register_globals is enabled (#4232)
	- Fix so valid and set date.timezone is not required by installer checks (#4242)
	- Canonize boolean ini_get() results (#4249)
	- Fix so install do not fail when one of DB driver checks fails but other drivers exist (#4240)
	- Fix so exported vCard specifies encoding in v3-compatible format (#4244)

	RELEASE 0.9.2
	-------------
	- Fix image thumbnails display in print mode (#4220)
	- Fix height of message headers block (#4200)
	- Fix timeout issue on drag&drop uploads (#4238)
	- Fix default sorting of threaded list when THREAD=REFS isn't supported
	- Fix list mode switch to 'List' after saving list settings in Larry skin (#4236)
	- Fix error when there's no writeable addressbook source (#4235)
	- Fix zipdownload plugin issue with filenames charset (#4231)
	- Fix so non-inline images aren't skipped on forward (#4230)
	- Fix "null" instead of empty string on messages list in IE10 (#4227)
	- Fix legacy options handling
	- Fix so bounces addresses in Sender headers are skipped on Reply-All (#4140)
	- Fix bug where serialized strings were truncated in PDO::quote() (#4226)
	- Fix displaying messages with invalid self-closing HTML tags (#4223)
	- Fix PHP warning when responding to a message with many Return-Path headers (#4222)
	- Fix unintentional compose window resize (#4206)
	- Fix performance regression in text wrapping function (#4219)
	- Fix connection to posgtres db using unix socket (#4218)
	- Fix handling of comma when adding contact from contacts widget (#4199)
	- Fix bug where a message was opened in both preview pane and new window on double-click (#4212)
	- Fix fatal error when xdebug.max_nesting_level was exceeded in rcube_washtml (#4202)
	- Fix PHP warning in html_table::set_row_attribs() in PHP 5.4 (#4194)
	- Fix invalid option selected in default_font selector when font is unset (#4204)
	- Fix displaying contact with ID divisible by 100 in sql addressbook (#4211)
	- Fix browser warnings on PDF plugin detection (#4209)
	- Fix fatal error when parsing UUencoded messages (#4210)

	RELEASE 0.9.1
	-------------
	- Better German labels for from/to to avoid conflicts with 'sender' (#4188)
	- Fix problem where security warning was displayed for valid images with image/jpg type (#4196)
	- Fix handling of invalid email addresses in headers (#4193)
	- Fix IMAP connection issue with default_socket_timeout < 0 and imap_timeout < 0 (#4191)
	- Fix various PHP code bugs found using static analysis (#4190)
	- Fix backslash character handling on vCard import (#4189)
	- Fix csv import from Thunderbird with French localization (#4170)
	- Fix messages list focus issue in Opera and Webkit (#4169)
	- Fix Reply-To header handling in Reply-All action (#4157)
	- Fix so Sender: address is added to Cc: field on reply to all (#4140)
	- Fix so addressbook_search_mode works also for group search (#4183)
	- Fix removal of a contact from a group in LDAP addressbook (#4185)
	- Include SQL query in the log on SQL error (#4172)
	- Fix handling untagged responses in IMAP FETCH - "could not load message" error (#4180)
	- Fix very small window size in Chrome (#4087)
	- Fix list page reset when viewing a message in Larry skin (#4182)
	- Fix min_refresh_interval handling on preferences save (#4179)
	- Fix PDF support detection for Firefox PDF.js (#4113)
	- Fix possible collision in generated thumbnail cache key (#4177)
	- Fix exit code on bootsrap errors in CLI mode (#4160)
	- Fix error handling in CLI mode, use STDERR and non-empty exit code (#5161)
	- Fix error when using check_referer=true
	- Fix incorrect handling of some specific links (#4171)
	- Fix incorrect handling of leading spaces in text wrapping
	- Fix unintentional messages list jumps on click in Internet Explorer (#4167)
	- Fix list of required configuration options (#4166)
	- Fix DB error when creating a new contact and a group is selected (#4164)
	- Fix handling of deprecated boolean value of reply_mode option (#4165)

	RELEASE 0.9.0
	-------------
	- Fix display of HTML entities in protected folder name (#4159)
	- Set minimal permissions to temp files (#4131)
	- Improve content check for embedded images without filename (#4151)
	- Fix handling of invalid characters in message headers and output (#4153)
	- Fix selecting collapsed rows on select-all (#4156)
	- Avoid race-conditions with concurrent attachment uploads (#3739)
	- Fix possible header duplicates when using additional headers (#4154)
	- Fix session issues with use_https=true (#4125)
	- Fix blockquote width in sent mail (#4152)
	- Fix keyboard events on list widgets in Internet Explorer (#4148)

	RELEASE 0.9-rc2
	---------------
	- Fix security issue in save-pref command
	- Remove sig_above configuration option, use reply_mode only (#4135)
	- Refresh current folder in opener window after draft save or message sent (#4132)
	- Fix saving draft just after entering compose window (#4141)
	- Fix javascript error in IE9 when loading form with placeholders into an iframe (#4138)
	- Fix handling of some conditional comment tags in HTML message (#4136)
	- Fix so forward as attachment works if additional attachment is added by message_compose hook (#4134)
	- Better handling of session errors in ajax requests (#4105)
	- Fix HTML part detection for some specific message structures (#4130)
	- Don't show fake address - phishing prevention (#4120)
	- Fix forward as attachment bug with editormode != 1 (#4129)
	- Fix LIMIT/OFFSET queries handling on MS SQL Server (#4123)
	- Fix so task name can really contain all from a-z0-9_- characters (#4095)
	- Fix javascript errors when working in a page opened with taget="_blank"
	- Mention SQLite database format change in UPGRADING file (#4122)
	- Increase maxlength to 254 chars for email input fields in addressbook (#4126)
	- Fix thumbnail size when GD extension is used for image resize (#4124)
	- Display notice that message is encrypted also for application/pkcs7-mime messages (#3815)

	RELEASE 0.9-rc
	--------------
	- Fix plain text spellchecker incorrect highlighting in non-ASCII text (#4114)
	- Add workaround for invalid message charset detection by IMAP servers (#4112)
	- Fix NUL characters in content-type of ms-tnef attachment (#4108)
	- Fix regression in handling LDAP contact identifiers (#4104)
	- Updated translations from Transifex
	- Fix buggy error template in a frame (#4092)
	- Add addressbook widget on compose page in classic skin
	- Add search box to compose address book widget (#3710)
	- Fix login in case when default_host is an array with one element (#4085)
	- Use LDAP fallback hosts on connect + bind instead of ldap_connect() only.
	- Add config option for LDAP bind timeout (sets LDAP_OPT_NETWORK_TIMEOUT option)
	- Submit Addressbook advanced search form with Enter key (#3843)
	- Also block remote images in HTML part view (#4013)
	- Improved database schema upgrade procedure, added updatedb.sh script
	- Force autocommit mode in mysql database driver (#4068)

	RELEASE 0.9-beta
	----------------
	- Fix searching by date in address book (#4058)
	- Improve charset detection by prioritizing charset according to user language (#2032)
	- Fix handling of escaped separator in vCard file (#4064)
	- Add option to use envelope From address for MDN responses (#4052)
	- Add possibility to search in message body only (#3977)
	- Support "multipart/relative" as an alias for "multipart/related" type (#4057)
	- Display PGP/MIME signature attachments as "Digital Signature" (#3845)
	- Workaround UW-IMAP bug where hierarchy separator is added to the shared folder name (#4051)
	- Fix version comparisons with -stable suffix (#4050)
	- Add unsupported alternative parts to attachments list (#4046)
	- Add Compose button on message view page (#3959)
	- Display 'Sender' header in message preview
	- Plugin API: Added message_before_send hook
	- Fix contact copy/add-to-group operations on search result (#4042)
	- Use matching identity in MDN response (#4043)
	- Fix handling of signatures on draft edit (#3996)
	- Fix so compacting of non-empty folder is possible also when messages list is empty (#4039)
	- Allow forwarding of multiple emails (#2941)
	- Fix big memory consumption of DB layer (#4037)
	- Fix broken message/part bodies when FETCH response contains more untagged lines (#4020)
	- Fix empty email on identities list after identity update (#4018)
	- Add new identities_level: (4) one identity with possibility to edit only signature
	- Use Delivered-To and Envelope-To headers for identity selection (#4024, #3835)
	- Fix XSS vulnerability using Flash files (#4014)
	- Always save drafts with format=flowed in order to keep original line wraps (#3997)
	- Select default_addressbook on the list in Address Book (#3624)
	- Fix so mobile phone has TYPE=CELL in exported vCard (#4004)
	- Support contacts import from CSV file (#2605)
	- Improved keep-alive action. Now the interval is based on session_lifetime (#3799)
	- Added cross-task 'refresh' request for system state updates (#3799)
	- Renamed config options: keep_alive to refresh_interval, min_keep_alive to min_refresh_interval
	- Fix handling of text/enriched content on message reply/forward/edit
	- Option to display attached images as thumbnails below message body
	- Upgraded to jQuery 1.8.3 and jQuery UI 1.9.1
	- Add config option to automatically generate LDAP attributes for new entries
	- Add user settings to open message view and compose form in new windows (#1886)
	- Better client-side timezone detection using the jsTimezoneDetect library (#3947)
	- Add option to disable saving sent mail in Sent folder - no_save_sent_messages (#3923)
	- Fix handling dont_override with message_sort_col and message_sort_order settings (#3970)
	- Fix handling of URLs with asterisk characters (#3969)
	- Remove automatic to-lowercase conversion of usernames (#3941)
	- Plugin API: Add 'email_list' argument for identities data in user_create hook
	- Integrated zipdownload plugin to download all attachments (#617)
	- Fix HTML special characters handling in message list/header display (#3812)
	- List related text/html part as attachment in plain text mode (#3918)
	- Use IMAP BINARY (RFC3516) extension to fetch message/part bodies
	- Fix folder creation under public namespace root (#3910)
	- Fix so "Edit as new" on draft creates a new message (#3924)
	- Fix invalid error message on deleting mail from read only folder (#3929)
	- Replace data URIs of images (pasted in HTML editor) with inline attachments (#3795)
	- Remove (too big) min-width on mail screen
	- Added template object 'frame'
	- Add option to enable HTML editor on forwarding (#3807)
	- Add option to not include original message on reply, rename option top_posting to reply_mode (#1615)
	- Added session_path config option and unified cookies settings in javascript
	- Added "Undeleted" option to messages list filter
	- Rewritten test scripts for PHPUnit
	- Add new DB abstraction layer based on PHP PDO, supporting SQLite3 (#3668)
	- Removed PEAR::MDB2 package
	- Removed users.alias column, added option ('user_aliases')
	to use email address from identities as username (#3851)
	- Removed redundant cache.cache_id column (#3817)
	- Fix order of attachments in sent mail (#3740)
	- Fix Shift + delete button does not permanently delete messages (#3598)
	- Add Content-Length for attachments where possible (#1880)
	- Fix attachment sizes in message print page and attachment preview page (#3805)
	- Add mail attachments using drag & drop on HTML5 enabled browsers
	- Add workaround for invalid BODYSTRUCTURE response - parse message with Mail_mimeDecode package (#1966)
	- Display Tiff as Jpeg in browsers without Tiff support (#3757)
	- Don't display Pdf/Tiff/Flash attachments inline without browser support (#3757, #3394)
	- Add is_escaped attribute for html_select and html_textarea (#3782)
	- Fix issue where draft auto-save wasn't executed after some inactivity time
	- Add vCard import from multiple files at once (#3458)
	- Roundcube Framework:
	Add possibility to replace IMAP driver with custom class
	Add IMAP auto-connection feature, improving performance with caching enabled
	Replace imap_init hook with storage_init (with additional 'driver' argument)
	Improved performance by caching IMAP server's capabilities in session
	Unified global functions naming (rcube_ prefix)
	Better classes separation
	Framework files moved to lib/Roundcube

	RELEASE 0.8.5
	-------------
	- Fix #countcontrols issue in IE<=8 when text is very long (#4060)
	- Fix unwanted horizontal scrollbar in message preview header (#4044)
	- Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#4028)
	- Fix XSS vulnerability in vbscript: and data:text links handling [CVE-2012-6121] (#4033)
	- Fix absolute positioning in HTML messages (#4007)
	- Fix cache (in)validation after setting \Deleted flag
	- Fix keybord events on messages list in opera browser (#4011)
	- Fix selection of collapsed thread rows (#3978)
	- Fix wrapping of quoted text with format=flowed (#3561)

	RELEASE 0.8.4
	-------------
	- Fix regression where unintentional page reload was done after request abort (#3999)
	- Fix XSS vulnerability in handling of text/enriched messages (#4000)
	- Fix handling of 'media' attribute on linked css (#3989)
	- Fix excessive LFs at the end of composed message with top_posting=true (#3995)
	- Fix bug where leading blanks were stripped from quoted lines (#3994)

	RELEASE 0.8.3
	-------------
	- Fix AREA links handling (#3992)
	- Fix possible HTTP DoS on error in keep-alive requests (#3983)
	- Fix compatybility with MDB2 2.5.0b4 (#3982)
	- Fix a bug where saving a message in INBOX wasn't possible
	- Fix HTML part detection in messages with attachments (#3976)
	- Fix bug where wrong words were highlighted on spell-before-send check
	- Fix scrolling quirk in email preview frame using Opera 12 (#3973)
	- Fix displaying of multipart/alternative messages with empty parts (#3961)
	- Fix threaded list sorting on PHP < 5.2.9 (#3960)
	- Fix Warning: htmlspecialchars(): charset `RCMAIL_CHARSET' not supported warning in Installer (#3958)

	RELEASE 0.8.2
	-------------
	- Fix XSS vulnerability from HTTP User-Agent header (#3954)
	- Force fonts in compose fields to be all the same (#3926)
	- Fix handling vCard entries with TEL;TYPE=CELL (#3949)
	- Fix error where session wasn't updated after folder rename/delete (#3928)
	- Fix PLAIN authentication for some IMAP servers (#3916)
	- Fix encoding vCard file when contains PHOTO;ENCODING=b (#3922)
	- Fix focus issue in IE when selecting message row (#3881)
	- Add full headers view in message preview window (#3823)
	- Fix message display page issues - unified with message preview (#3856, #3895)
	- Fix displaying all headers when they contain malformed characters (#3911)
	- Fix decoding of HTML messages with UTF-16 charset specified (#3902)
	- Fix quota capability detection so it can be overwritten by a plugin (#3903)
	- Fix identity selection on reply (#3516)
	- Fix Larry's messages list filter in IE (#3890)
	- Fix more IE issues by disabling Compat. mode with X-UA-Compatible meta tag (#3886)
	- Fix setting locales under Solaris - use additional .UTF-8 suffix (#3887)
	- Fix email address validation for addresses with IP address in domain part
	- Fix Larry skin issues in IE7 compat. mode (#3879)
	- Fix so subscribed non-existing/non-accessible shared folder can be unsubscribed

	RELEASE 0.8.1
	-------------
	- Fix bug where domain name was converted to lower-case even with login_lc=false (#3859)
	- Fix lower-casing email address on replies (#3863)
	- Fix line separator in exported messages (#3866)
	- Fix XSS issue where plain signatures wasn't secured in HTML mode [CVE-2012-4668] (#3875)
	- Fix XSS issue where href="javascript:" wasn't secured [CVE-2012-3508] (#3875)
	- Fix impossible to create message with empty plain text part (#3873)
	- Fix stripped apostrophes when replying in plain text to HTML message (#3869)
	- Fix inactive Save search option after advanced search (#3870)
	- Fix Remove from group option is active for contact search result (#3871)
	- Disable autocapitalization in login form on iPad/iPhone (#3872)
	- Fix focus on the list when list row is clicked (#3865)
	- Added separate From and To columns apart from smart From/To column (#2970)
	- Fix fallback to Larry skin when configured skin isn't available (#3857)
	- Fix (workaround) delete operations with some versions of memcache (#3858)
	- Fix (disable) request validation for spell and spell_html actions

	RELEASE 0.8.0
	-------------
	- Don't show product version on login screen (can be enabled by config)
	- Renamed old default skin to 'classic'. Larry is the new default skin.
	- Support connections to memcached socket file (#3848)
	- Enable TinyMCE inlinepopups plugin
	- Update to TinyMCE 3.5.6
	- Correctly escape localized labels in javascript variable (#3842)
	- Update Net_SMTP/Auth_SASL packages to fix Digest-MD5/Cram-MD5 authentication (#3846)
	- Don't add attachments content into reply/forward/draft message body (#3837)
	- Fix 'no connection' errors on page unloads (#3832)
	- Plugin API: Add 'unauthenticated' hook (#3545)
	- Show explicit error message when provided hostname is invalid (#3834)
	- Fix wrong compose screen elements focus in IE9 (#3826)
	- Fix fatal error when date.timezone isn't set (#3831)
	- Update to TinyMCE 3.5.4.1
	- Better icons with distinct shapes for priority columns (#3706)
	- Show dedicated icon for multipart/report messages (#3813)
	- Properly hide text of icon links/buttons (#3820)
	- Fix handling of unitless CSS size values in HTML message (#3821)
	- Fix removing contact photo using LDAP addressbook (#3737)
	- Fix storing X-ANNIVERSARY date in vCard format (#3816)
	- Update to Mail_Mime-1.8.5 (#3810)
	- Fix XSS vulnerability in message subject handling using Larry skin [CVE-2012-3507] (#3809)
	- Fix handling of links with various URI schemes e.g. "skype:" (#3521)
	- Fix handling of links inside PRE elements on html to text conversion
	- Fix indexing of links on html to text conversion
	- Decode header value in rcube_mime::get() by default (#3803)
	- Fix errors with enabled PHP magic_quotes_sybase option (#3798)
	- Fix SQL query for contacts listing on MS SQL Server (#3797)
	- Fix window.resize handler on IE8 and Opera (#3758)
	- Don't let error message popups cover the login form (#3794)
	- Update to TinyMCE 3.5.2
	- Don't show errors when moving contacts into groups they are already in (#3788)
	- Make folders with unread messages in subfolders bold again (#2892)
	- Abbreviate long attachment file names with ellipsis (#3793)
	- Fix html2text conversion of strong\|b\|a\|th\|h tags when used in upper case
	- Add listcontrols template container in Larry skin (#3792)
	- Fix host autoselection when default_host is an array (#3790)
	- Move messages forwarding mode setting into Preferences
	- Fix HTML entities handling in HTML editor (#3780)
	- Fix listing shared folders on Courier IMAP (#3767)

	RELEASE 0.8-rc
	--------------
	- Added new translations in Belarusian, Interlingua and Malayalam
	- Flipped compose options arrow (#3772)
	- Fix handling of large uuencode attachments (#3771)
	- Fix handling of "usemap" attribute (#3770)
	- Fix handling of some HTML tags e.g. IMG (#3769)
	- Use similar language as a fallback for plugin localization (#3726)
	- Fix issue where signature wasn't re-added on draft compose (#3659)
	- Update to TinyMCE 3.5 (#3762)
	- Fixed multi-threaded autocompletion when number of threads > number of sources
	- Allow to configure the number of values allowed for each LDAP attribute
	- Support for serialized LDAP address values (usually delimited with a $)
	- Less restrictive session auth checks, repeat keep-alive requests on failure (#3755)
	- Fix redirect to mail/compose on re-login (#3585)
	- Add IE8 hack for messages list issue (#3317)
	- Fix handling errors on draft auto-save
	- Fix importing vCard photo with ENCODING param specified (#3746)
	- Support multiple name/email pairs for Bcc and Reply-To identity settings (#3752)
	- Set flexible width to login form fields (#3735)
	- Fix re-draw bug on list columns change in IE8 (#3318)
	- Allow mass-removal of addresses from a group (#3259)
	- Fix removing all contacts on import to LDAP addressbook
	- Fix so "Back" from compose/show doesn't reset search request (#3594)
	- Add option to delete messages instead of moving to Trash when in Junk folder (#2805)
	- Fix invisible cursor when replying to a html message (#3100)
	- Reset IP stored in session when destroying session data (#3485)
	- Fix bug where memory_limit = -1 wasn't handled properly
	- Support LDAP RFC2256's country object class read/write (#3535)
	- Upgraded to jQuery 1.7.2
	- Image resize with GD extension (#3712)
	- Fix lack of warning when switching task in compose window (#3725)
	- Fix bug where it wasn't possible to enter ( or & characters in autocomplete fields
	- Request all needed fields from address book backends (#3721)
	- Unified (single) spellchecker button
	- Scroll long lists on drag&drop (#2249)
	- Copy all skins in installto script (#3705)

	RELEASE 0.8-beta
	----------------
	- Upgraded to jQuery 1.7.1 (#3673) and jQuery UI 1.8.18
	- Add Russian to the spellchecker languages list (#3542)
	- Remember custom skin selection after logout (#3688)
	- Make sure About tab is always the last tab (#3609)
	- Fix issue with folder creation under INBOX. namespace (#3683)
	- Added mailto: protocol handler registration link in User Preferences (#2729)
	- Handle identity details box with an iframe (#3066)
	- Fix issue where some text from original message was missing on reply (#3675)
	- Fix autoselect_host() for login (#3639)
	- Changed license to GNU GPLv3+ with exceptions for skins & plugins
	- Added address book widget on compose screen
	- Use proper timezones from PHP's internal timezonedb (#1973)
	- Add separate pagesize setting for mail messages and contacts (#3617)
	- Deprecate $DB, $USER, $IMAP global variables, Use $RCMAIL instead
	- Add option to set default font for HTML message (#894)
	- Fix issues with big memory allocation of IMAP results
	- Prevent from memory_limit exceeding when trying to parse big messages bodies (#3164)
	- Add possibility to add SASL mechanisms for SMTP in smtp_connect hook (#3399)
	- Mark (with different color) folders with recent messages (#2479)
	- Added About tab in Settings
	- TinyMCE updated to 3.4.6

	RELEASE 0.7.2
	-------------
	- Fix encoding of attachment with comma in name (#3717)
	- Fix handling of % character in IMAP protocol (#3711)
	- Fix duplicate names handling in addressbook searches (#3704)
	- Fix displaying of HTML messages from Disqus (#3702)
	- Disable E_STRICT warnings on PHP 5.4
	- Prevent from folder selection on virtual folder collapsing (#3681)
	- Fix automatic unsubscribe of non-existent folders
	- Fix double-quotes handling in recipient names
	- User configurable setting how to display contact names in list
	- Make contacts list sorting configurable for the admin/user
	- Fix parse errors in DDL files for MS SQL Server
	- Revert SORT=DISPLAY support, removed by mistake (#3664)
	- Add lost translation label in de_DE (#3654)
	- Fix drafts update issues when edited from preview pane (#3653)
	- Fix wrong variable name in rcube_ldap.php (#3643)
	- Make mime type detection based on filename extension to be case-insensitive
	- Fix failure on MySQL database upgrade from 0.7 - text column can't have default value (#3642)


	RELEASE 0.7.1
	-------------
	- Fix bug in handling of base href and inline content (#3634)
	- Fix SQL Error when saving a contact with many email addresses (#3630)
	- Fix strict email address searching if contact has more than one address
	- Remove duplicated 'organization' label (#3631)
	- Fix so editor selector is hidden when 'htmleditor' is listed in 'dont_override'
	- Fix wrong (long) label usage (#3627)
	- Fix handling of INBOX's subfolders in special folders config (#3623)
	- Add ifModule statement for setting Options -Indexes in .htaccess file (#3620)
	- Fix crashes with eAccelerator (#3608)
	- Fix searching on IMAP servers without CHARSET specifier support (#3619)
	- Fix expanding folders during drag&drop (#3611)
	- Fix wrong postgres sequence name in upgrade from 0.6
	- Fix broken CREATE INDEX queries in SQLite DDL files (#3607)

	RELEASE 0.7
	-----------
	- Make Roundcube render the Email Standards Project Acid Test correctly
	- Replace prompt() with jQuery UI dialog (#1603)
	- Fix navigation in messages search results
	- Improved handling of some malformed values encoded with quoted-printable (#3590)
	- Add possibility to do LDAP bind before searching for bind DN
	- Fix handling of empty <U> tags in HTML messages (#3584)
	- Add content filter for embedded attachments to protect from XSS on IE [CVE-2012-1253] (#3372)
	- Use strpos() instead of strstr() when possible (#3581)
	- Fix handling HTML entities when converting HTML to text (#3582)
	- Fix fit_string_to_size() renders browser and ui unresponsive (#3577)
	- Fix handling of invalid characters in request (#3536)
	- Fix merging some configuration options in update.sh script (#2181)
	- Fix so TEXT key will remove all HEADER keys in IMAP SEARCH (#3578)
	- Fix handling contact photo url with https:// prefix (#3575)
	- Fix possible infinite redirect on attachment preview (#3572)
	- Improved clickjacking protection for browsers which don't support X-Frame-Options headers
	- Fixed bug where similar folder names were highlighted wrong (#3345)
	- Fixed bug in handling link with '!' character in it (#3569)
	- Fixed bug where session ID's length was limited to 40 characters (#3570)
	- TinyMCE security issue: removed moxieplayer (embedding flv and mp4 is not supported anymore)

	RELEASE 0.7-beta
	----------------
	- Fix handling of HTML form elements in messages (#1604)
	- Fix regression in setting recipient to self when replying to a Sent message (#3101)
	- Fix listing of folders in hidden namespaces (#2895)
	- Don't consider \Noselect flag when building folders tree (#3448)
	- Fix sorting autocomplete results (#3504)
	- Add option to set session name (#2630)
	- Add option to skip alternative email addresses in autocompletion
	- Fix inconsistent behaviour of Compose button in Drafts folder, add Edit button for drafts
	- Fix problem with parsing HTML message body with non-unicode characters (#3312)
	- Add option to define matching method for addressbook search (#2720, #3378)
	- Make email recipients separator configurable
	- Fix so folders with \Noinferiors attribute aren't listed in parent selector
	- Fix handling of curly brackets in URLs (#3555)
	- Fix handling of dates (birthday/anniversary) in contact data (#3552)
	- Fix error on opening searched LDAP contact (#3550)
	- Fix redundant line break in flowed format (#3551)
	- Fix IDN address validation issue (#3544)
	- Fix JS error when dst_active checkbox doesn't exist (#3540)
	- Autocomplete LDAP records when adding contacts from mail (#3498)
	- Plugin API: added 'ready' hook (#3492)
	- Ignore DSN request when it isn't supported by SMTP server (#3300)
	- Make sure LDAP name fields aren't arrays (#3523)
	- Fixed imap test to non-default port when using ssl (#3532)
	- Force all files to be overwritten when updating (#3531)
	- Fix issue where it wasn't possible to change list view mode in folder manager for INBOX (#3522)
	- Fix namespace handling in special folders settings (#3527)
	- Disable time limit for CLI scripts (#3524)
	- Fix misleading display when chaning editor type (#3519)
	- Add loading indicator on contact delete
	- Fix bug where after delete message rows can be added to the list of another folder (#3263)
	- Add notice on autocompletion that not all records were displayed
	- Add option 'searchonly' for LDAP address books
	- Add Priority filter to the messages list
	- Cache synchronization using QRESYNC/CONDSTORE
	- Trigger 'new_messages' hook for all checked folders (#3503)
	- Make date/time format user configurable; drop 'date_today' config option
	- Fix setting title for truncated subject in IE (#3141)
	- Fix displaying multipart/alternative messages with only one part (#3400)
	- Rewritten messages caching:
	Indexes are stored in a separate table, so there's no need to store all messages in a folder
	Added threads data caching
	Flags are stored separately, so flag change doesn't cause DELETE+INSERT, just UPDATE
	- Improved FETCH response handling
	- Improvements in response tokenization method
	- Use 'From' and 'To' labels instead of 'Sender' and 'Recipient'
	- Fix username case-insensitivity issue in MySQL (#3462)
	- Addressbook Saved Searches
	- Added spellchecker exceptions dictionary (shared or per-user)
	- Added possibility to ignore words containing caps, numbers, symbols (spellcheck_ignore_* options)
	- Added 'priority' column on messages list (#2884)
	- Localize forwarded message header (#3487)

	RELEASE 0.6
	-----------
	- Fix bug where the last identity is used on reply (#3516)
	- Fix locked folder rename option on servers supporting RFC2086 only (#3508)
	- Fix session race conditions when composing new messages
	- Fix encoding of LDAP contacts identifiers (#3501)
	- jQuery 1.6.4
	- Fix handling of binary attachments encoded with quoted-printable (#3494)
	- Fix text-overflow:ellipsis issues on messages list in FF7 and Webkit (#3490)
	- Fix handling of links with IP address
	- Fix compacting folder resets message list filter (#3499)

	RELEASE 0.6-rc
	----------------
	- Send X-Frame-Options headers to protect from clickjacking (#3079)
	- Fallback to mail_domain in LDAP variable replacements; added 'host' to 'user_create' hook arguments (#3464)
	- Fixed wrong vCard type parameter mobile (#3496)
	- Fixed vCard WORKFAX issue (#3476)
	- Add vCard's Profile URL support (#3491)
	- jQuery 1.6.3
	- Fix imap_cache setting to values other than 'db' (#3489)
	- Fix handling of attachments inside message/rfc822 parts (#3466)
	- Make list of mimetypes that open in preview window configurable (#3175)
	- Added plugin hook 'message_part_get' for attachment downloads
	- Added unique connection identifier to IMAP debug messages
	- Fix image type check for contact photo uploads

	RELEASE 0.6-beta
	----------------
	- Fixed selecting identity on reply/forward (#3434)
	- Add option to hide selected LDAP addressbook on the list
	- Add client-side checking of uploaded files size
	- Add newlines between organization, department, jobtitle (#3468)
	- Recalculate date when replying to a message and localize the cite header (#3212)
	- Fix handling of email addresses with quoted local part (#3401)
	- Fix EOL character in vCard exports (#3357)
	- Added optional "multithreading" autocomplete feature
	- Plugin API: Added 'config_get' hook
	- Fixed new_user_identity plugin to work with updated rcube_ldap class (#3443)
	- Plugin API: added folder_delete and folder_rename hooks
	- Added possibility to undo last contact delete operation
	- Fix sorting of contact groups after group create (#3258)
	- Add optional textual upload progress indicator (#2330)
	- Fix parsing URLs containing commas (#3425)
	- Added vertical splitter for books/groups list in addressbook (#3389)
	- Improved namespace roots handling in folder manager
	- Added searching in all addressbook sources
	- Added addressbook source selection in contacts import
	- Implement LDAPv3 Virtual List View (VLV) for paged results listing
	- Use 'address_template' config option when adding a new address block (#3406)
	- Added addressbook advanced search
	- Add popup with basic fields selection for addressbook search
	- Case-insensitive matching in autocompletion (#3398)
	- Added option to force spellchecking before sending a message (#1862)
	- Fix handling of "<" character in contact data, search fields and folder names (#3349)
	- Fix saving "<" character in identity name and organization fields (#3349)
	- Added option to specify to which address book add new contacts
	- Added plugin hook for keep-alive requests
	- Store user preferences in session when write-master is not available and session is stored in memcache, write them later
	- Improve performence of folder manager operations
	- Fix default_port option handling in Installer when config.inc.php file exists (#3390)
	- Removed option focus_on_new_message, added newmail_notifier plugin
	- Added general rcube_cache class with Memcache and APC support
	- Improved caching performance by skipping writes of unchanged data
	- Option enable_caching replaced by imap_cache and messages_cache options
	- Fix WORKFAX saving in address book (#3380)
	- Add forward-as-attachment feature
	- jQuery-1.6.2 (#5158, #3154)
	- Improve display name composition when saving contacts (#3153)
	- Fix problems with subfolders of INBOX folder on some IMAP servers (#3247)
	- Fix handling of folders that doesn't belong to any namespace (#3184)
	- Enable multiselection for attachments uploading in capable browsers (#2266)
	- Add possibility to change HTML editor configuration by skin
	- Fix a bug where selecting too many contacts would produce too large URI request (#3369)
	- Improve performance by including files with absolute path (#3337)
	- Move folder name truncation to client/skin (#1822)
	- Added plugin hook for request token creation
	- Replace LDAP vars in group queries (#3329)
	- Fix vcard folding with uncode characters (#3353)
	- Keep all submitted data if contact form validation fails (#3350)
	- Handle uncode strings in rcube_addressbook::normalize_string() (#3351)
	- Fix handling of debug_level=4 in ajax requests (#3327)
	- Enable TinyMCE's contextmenu (#3062)
	- Allow multiple concurrent compose sessions
	- New config option for custom logo
	- Allow skins to define/override texts with <roundcube:label />
	- Add simple ACL rights/namespace handling in folder manager
	- Force IE to send referers (#3306)
	- Better display of vcard import results (#1861)
	- Improved vcard import
	- Interactive update script with improved DB schema check
	- Fix problem with contactgroupmembers table creation on MySQL 4.x, add index on contact_id column
	- Add LDAP SASL bind and proxy authentication (#2810)
	- Replying to a sent message puts the old recipient as the new recipient (#3101)
	- Fulltext search over (almost) all data for contacts
	- Extend address book with rich contact information

	RELEASE 0.5.4
	-------------
	- Fix XSS vulnerability in UI messages [CVE-2011-2937] (#3469)

	RELEASE 0.5.3
	-------------
	- Fix identities "reply-to" and "bcc" fields have a bogus value when left empty (#3405)
	- Fix issue which cases IMAP disconnection when encrypt() method was used (#3374)
	- Fix some CSS issues in Settings for Internet Explorer
	- Fixed handling of folder with name "0" in folder selector
	- Fix bug where messages were deleted instead moved to trash folder after Shift key was used (#3376)
	- Fix relative URLs handling according to a <base> in HTML (#3368)
	- Fix handling of top-level domains with more than 5 chars or unicode chars (#3366)
	- Fix usage of non-standard HTTP error codes (#3297)
	- Fix PHP warning on mistaken in_array() usage (#3375)

	RELEASE 0.5.2
	-------------
	- TinyMCE 3.4.2 now compatible with IE9
	- PEAR::Net_SMTP 1.5.2, fixed timeout issue (#3332)
	- Fix bug where template name without plugin prefix was used in render_page hook
	- Support 'abort' and 'result' response in 'preferences_save' hook, add error handling
	- Fix bug where some content would cause hang on html2text conversion (#3348)
	- Improve space-stuffing handling in format=flowed messages (#3346)
	- Fix bug where some dates would produce SQL error in MySQL (#3342)
	- Added workaround for some IMAP server with broken STATUS response (#3344)
	- Fix bug where default_charset was not used for text messages (#3328)
	- Stateless request tokens. No keep-alive necessary on login page (#3325)
	- Force names of unique constraints in PostgreSQL DDL
	- Add code for prevention from IMAP connection hangs when server closes socket unexpectedly
	- Remove redundant DELETE query (for old session deletion) on login
	- Get around unreliable rand() and mt_rand() in session ID generation (#2516)
	- Fix some emails are not shown using Cyrus IMAP (#3316)
	- Fix handling of mime-encoded words with non-integral number of octets in a word (#3301)
	- Fix parsing links with non-printable characters inside (#3305)
	- Fixed de_CH Localization bugs (#3279)
	- Add variable for 'Today' label in date_today option (#2394)
	- Fix dont_override setting does not override existing user preferences (#3205)
	- Use only one from IMAP authentication methods to prevent login delays (1487784)
	- Support strftime format in date_today option
	- Fix SQL query in rcube_user::query() so it uses index on MySQL again
	- Removed redundant </form> tags from contact add/edit pages
	- Fix CSS error in contact details screen on IE7 (#3281)

	RELEASE 0.5.1
	-------------
	- Fix handling of attachments with invalid content type (#3275)
	- Add workaround for DBMail's bug http://www.dbmail.org/mantis/view.php?id=881 (#3274)
	- Use IMAP's ID extension (RFC2971) to print more info into debug log
	- Security: add optional referer check to prevent CSRF in GET requests
	- Fix email_dns_check setting not used for identities/contacts (#3251)
	- Fix ICANN example addresses doesn't validate (#3253)
	- Security: protect login form submission from CSRF [CVE-2011-1491]
	- Security: prevent from relaying malicious requests through modcss.inc [CVE-2011-1492]
	- Fix handling of non-image attachments in multipart/related messages (#3261)
	- Fix IDNA support when IDN/INTL modules are in use (#3253)
	- Fix handling of invalid HTML comments in messages (#3269)
	- Fix parsing FETCH response for very long headers (#3264)
	- Fix add/remove columns in message list when message_sort_order isn't set (#3262)
	- Check mime headers before attempt to parse them (#3256)
	- Quote header values in show_additional_headers plugin (#3255)
	- Fix settings UI on IE 6 (#3246)
	- Remove double borders in folder listing (#3236)
	- Separate full message headers UI element from headers table (#3238)
	- Add part MIME ID to message_part_* hooks (#3241)
	- Improve parsing of MS Outlook vCards (#3239)
	- Updated PEAR::Net_Socket to 1.0.10
	- Updated PEAR::Net_IDNA2 to 0.1.1
	- Fix handling of comments inside an email address spec. (#3210)
	- Show full mail subject as title when hovering a cut subject link (#3141)
	- Fix randomly disappearing folders list in IE (#3231)
	- Fix list column add/removal in IE (#3230)
	- Fix login redirect issues (#3221)
	- Require PHP 5.2.1 or greater
	- Fix %h/%z variables in username_domain option (#3228)
	- Workaround for setting charset in case of malformed bodystructure response (#3227)
	- Fix impossible to subscribe to protected folders (#3199)
	- Fix setting timezone in Preferences (#3232)

	RELEASE 0.5
	-----------
	- Fix double-login/session issue (#3124)
	- Wrap HTML parts with <html><body> and add Doctype declaration (#3119)
	- Make rcube_autoload silently skip unknown classes (#3128)
	- Fix charset detection in vcards with encoded values (#1934)
	- Better CSS cursors for splitters (#2954)
	- Show the same message only once (#3186)
	- Fix namespaces handling (#3192)
	- Add handling of multifolder METADATA/ANNOTATION responses
	- Fix handling of INBOX when personal namespace prefix is non-empty (#3200)
	- Fix handling square brackets in links (#3209)
	- Add description of 'use_https' option in main.inc.php.dist file

	RELEASE 0.5-RC
	--------------
	- Plugin API: Add 'pass' argument in 'authenticate' hook (#3147)
	- Fix attachments of type message/rfc822 are not listed on attachments list
	- Add 'login_lc' config option for case-insensitive authentication (#3131)
	- Fix window is blur'ed in IE when selecting a message (#3161)
	- Fix cursor position on compose form in Webkit browsers (#2796)
	- Fix setting charset of attachment filenames (#3136)
	- Allow setting autocomplete attribute for all inputs separately (#3158)
	- New Folder Manager UI
	- Fix invalid Request when creating a folder (#3165)
	- Add folder size and quota indicator in folder manager (#2112)
	- Add possibility to move a subfolder into root folder (#2890)
	- Fix copying all messages in a folder copies only messages from current page
	- Improve performance of moving or copying of all messages in a folder
	- Fix plaintext versions of HTML messages don't contain placeholders for emotions (#1657)
	- Improve performance of folder rename and delete actions
	- Better support for READ-ONLY and NOPERM responses handling (#3108)
	- Add confirmation message on purge/expunge command response
	- Fix handling of untagged responses for AUTHENTICATE command (#3171)
	- Add username and IP address to log message on unsuccessful login (#3176)
	- Improved Mail-Followup-To and Mail-Reply-To headers handling
	- Fix charset conversion for text attachments without charset specification (#3181)

	RELEASE 0.5-BETA
	----------------
	- Make session data storage more robust against garbage session data (#3148)
	- Config option for autocomplete on login screen
	- Allow plugin templates to include local files (#3146)
	- List groups in address detail view and allow to subscribe/unsubscribe from there (#2862)
	- Messages caching: performance improvements, fixed syncing, fixes related with #2857
	- Add link to identities in compose window (#2843)
	- Add Internationalized Domain Name (IDNA) support (#729)
	- Add option to automatically send read notifications for known senders (#2199)
	- Add option to "Return receipt" will be always checked (#2571)
	- Fix HTML to plain text conversion doesn't handle citation blocks (#2992)
	- Use custom sorting when SORT is disabled by IMAP admin (#3020)
	- Allow setting some washtml options from plugin (#2727)
	- Add option do bind for an individual LDAP address book (#3048)
	- Change reply prefix to display email address only if sender name doesn't exist (#2709)
	- Plugin API: improved 'abort' flag handling, added 'result' item in some hooks (#2988)
	- Fix mailto optional params in plain text messages aren't handled (#3071)
	- Add Reply-to-List feature (#977)
	- Add Mail-Followup-To/Mail-Reply-To support (#1937)
	- Fix confirmation message isn't displayed after sending mail on Chrome (#2437)
	- Fix keyboard doesn't work with autocomplete list with Chrome (#3073)
	- Improve tabs to fixed width and add tabs in identities info (#3030)
	- Add unique index on users.username+users.mail_host
	- Make htmleditor option more consistent and add option to use HTML on reply to HTML message (#2164)
	- Use empty envelope sender address for message disposition notifications (RFC 2298.3)
	- Support SMTP Delivery Status Notifications - RFC 3461 (#2409)
	- Use css sprite image for messages list
	- Add (different) attachment icon for messages of type multipart/report (#2426)
	- Prevent from inserting empty link when composing HTML message (#3007)
	- Add caching support in id2uid and uid2id functions (#3065)
	- Add SASL proxy authentication for SMTP (#2811)
	- Improve displaying of UI messages (#3033)
	- Fix double e-mail filed in identity form (#3088)
	- Display IMAP errors for LIST/THREAD/SEARCH commands (#2981)
	- Add LITERAL+ (IMAP4 non-synchronizing literals) support (RFC 2088)
	- Add separate column for message status icon (#2788)
	- Add ACL extension support into IMAP classes (RFC 4314)
	- Add ANNOTATEMORE extension support into IMAP classes (draft-daboo-imap-annotatemore)
	- Add METADATA extension support into IMAP classes (RFC 5464)
	- Fix decoding of e-mail address strings in message headers (#3097)
	- Fix handling of attachments when Content-Disposition is not inline nor attachment (#3086)
	- Improve performance of unseen messages counting (#3090)
	- Improve performance of messages counting using ESEARCH extension (RFC4731)
	- Add LIST-STATUS support in rcube_imap_generic class (RFC 5819)
	- Add SASL-IR support in IMAP (RFC 4959)
	- Add LOGINDISABLED support (RFC 2595)
	- Add support for AUTH=PLAIN in IMAP authentication
	- Re-implemented SMTP proxy authentication support
	- Add support for IMAP proxy authentication (#2808)
	- Add support for AUTH=DIGEST-MD5 in IMAP (RFC 2831)
	- Fix parent folder with unread subfolder not bold when message is open (#3104)
	- Add basic IMAP LIST's \Noselect option support
	- Add support for selection options from LIST-EXTENDED extension (RFC 5258)
	- Don't list subscribed but non-existent folders (#2474)
	- Fix handling of URLs with tilde (~) or semicolon (;) character (#3110, #3111)
	- Plugin API: added 'contact_form' hook
	- Add SORT=DISPLAY support (RFC 5957)
	- Plugin API: add possibility to disable plugin in AJAX mode, 'noajax' property
	- Plugin API: add possibility to disable plugin in framed mode, 'noframe' property
	- Improve performance of setting IMAP flags using .SILENT suffix
	- Improve performance of message cache status checking with skip_disabled=true
	- Support contact's email addresses up to 255 characters long (#3116)
	- Add option to place replies in the folder of the message being replied to (#2248)
	- Add missing confirmation/error messages on contact/group/message actions (#2935)
	- Add 'loading' message on message move/copy/delete/mark actions
	- Improve responsiveness of messages displaying (#3039)
	- Add option for minimum length of autocomplete's string (#2625)
	- Fix operations on messages in unsubscribed folder (#3126)
	- Add support for shared folders (#525)
	- Fix handling of folders with name "0" (#3133)
	- Fix handling of folders with "<>" characters in name
	- jQuery 1.4.4
	- Fix handling of HTML entity strings in plain text messages
	- Fix focused elements aren't unfocused when clicking on the list (#3137)
	- Fix error in MSSQL DDL scripts (#3130)
	- Lock submit button in onsubmit event on login page (#3078)
	- Don't set attachment's charset in Content-type header (#3136)
	- Fix handling of message bodies (quoted-printable encoded) with NULL characters (#2448)
	- Add workaround for MSOE's multipart/related messages with non-related attachments

	RELEASE 0.4.2
	-------------
	- Fix handling of backslash as IMAP delimiter
	- Fix charset replacement in HTML message bodies (#3067)
	- Fix: contact group input is empty when using rename action more than once on the same group record
	- Fix "Server Error! (Not Found)" when using utils/save-pref action (#3069)
	- Fix handling of Thunderbird's vCards (#3070)

	RELEASE 0.4.1
	-------------
	- Fix space-stuffing in format=flowed messages (#3064)
	- Fix msgexport.sh now using the new imap wrapper
	- Avoid displaying password on shell (#3010)
	- Only lower-case user name if first login attempt failed (#2600)
	- Make alias setting in squirrelmail_usercopy plugin configurable (patch by pommi, #3056)
	- Prevent from saving a non-existing skin path in user prefs (#3004)
	- Improve handling of single-part messages with bogus BODYSTRUCTURE (#2976)
	- Fix path to SQL files when using pgsql/mysqli/sqlsrv drivers (#2979)
	- Fix upgrade script for SQLite (#2980)
	- Fixes in SQL init script + added update script for MSSQL database
	- Remove redundant date in syslog messages (#3008)
	- Fix contacts list page controls when a group is selected (#3009)
	- Fix SMTP test in Installer (#3014)
	- Fix "Select all" causes message to be opened in folder with exactly one message (#2987)
	- Fix Tab key doesn't work in HTML editor in Google Chrome (#2995)
	- Fix TinyMCE uses zh_CN when zh_TW locale is set (#2998)
	- Fix TinyMCE buttons are hidden in Opera (#2993)
	- Fix JS error on IE when trying to send HTML message with enabled spellchecker (#3006)
	- Display inline images with known extensions and non-image content-type (#3002)
	- Fix "Threaded" checkbox after subfolder creation (#2997)
	- Fix timezone string in sent mail (#3021)
	- Show disabled checkboxes for protected folders instead of dots (#1898)
	- Added fieldsets in Identity form, added 'identity_form' hook
	- Re-added 'Close' button in upload form (#2999, #2917)
	- Fix handling of charsets with LATIN-* label
	- Fix messages background image handling in some cases (#3043)
	- Fix format=flowed handling (#3042)
	- Fix when IMAP connection fails in 'get' action session shouldn't be destroyed (#3046)
	- Fix list_cols is not updated after column dragging (#3050)
	- Support %z variable in host configuration options (#3054)

	RELEASE 0.4
	-----------
	- Fix disappearing upload form disappears when user selects a file on Safari (#2917)
	- Don't replace error messages with loading info (#2534)
	- Fix JS errors on compose mode switch (#2952)
	- Fix message structure parsing when it lacks optional fields (#2960)
	- Include all recipients in sendmail log
	- Support HTTP_X_FORWARDED_PROTO header for HTTPS detecting (#2950)
	- Fix default IMAP port configuration (#2948)
	- Create Sent folder when starting to compose a new message (#2900)
	- Fix handling of messages with Content-Type: application/* and no filename (#840)
	- Improved compose screen: resizable body and attachments list, vertical splitter, options menu
	- Fix RC forgets search results (#722)
	- TinyMCE 3.3.7
	- Improve parsing of styled empty tags in HTML messages (#2908)
	- Add %dc variable support in base_dn/bind_dn config (#2881)
	- Add button to hide/unhide the preview pane (#955)
	- Fix no-cache headers on https to prevent content caching by proxies (#2897)
	- Fix attachment filenames broken with TNEF decoder using long filenames (#2894)
	- Use user's timezone in Date header, not server's timezone (#2393)
	- Add option to set separate footer for HTML messages (#2784)
	- Add real SMTP error description to displayed error messages (#2233)
	- Fix some IMAP errors handling when opening the message (#1848)
	- Fix related parts aren't displayed when got mimetype other than image/* (#2629)
	- Multiple identity and database support for squirrelmail_usercopy plugin (#2686)
	- Support dynamic hostname (%d/%n) variables in configuration options (#1843)
	- Add 'messages_list' hook (#2504)
	- Add request* event triggers in http_post/http_request (#2340)
	- Fix use RFC-compliant line-delimiter when saving messages on IMAP (#2828)
	- Add 'imap_timeout' option (#2869)
	- Fix forwarding of messages with winmail attachments
	- Fix handling of uuencoded attachments in message body (#2163)
	- Added list_mailboxes hook in rcube_imap::list_unsubscribed() (#2791)
	- Fix wrong message on file upload error (#2839)
	- Add support for data URI scheme [RFC2397] (#2851)
	- Added 'actionbefore', 'actionafter', 'responsebefore', 'responseafter' events
	- Fix double-addition of e-mail domain to content ID in HTML images
	- Read and send messages with format=flowed (#1052), fixes word wrapping issues (#2703)
	- Fix duplicated attachments when forwarding a message (#2670)
	- Fix message/rfc822 attachments containing only attachments are not parsed properly (#2854)
	- Fix %00 character in winmail.dat attachments names (#2850)
	- Fix handling errors of folder deletion (#2821)
	- Parse untagged CAPABILITY response for LOGIN command (#2853)
	- Renamed all php-cli scripts to use .sh extension
	- Some files from /bin + spellchecking actions moved to the new 'utils' task
	- Added thread tree icons
	- Extend contact groups support (#2802)
	- Fix check-recent action issues and performance (#2690)
	- Fix messages order after checking for recent (#1249)
	- Fix autocomplete shows entries without email (#2640)
	- Fix listupdate event doesn't trigger on search response (#2824)
	- Fix select_all_mode value after selecting a message (#2834)
	- Set focus to editor on reply in HTML mode (#2768)
	- Fix composing in HTML jumps cursor to body instead of recipients (#2796)
	- Allow columns order change per user - drag&drop (#2124)
	- Add References header in read receipt (#2801)
	- Fix database constraint violation when opening a message (#2814)
	- Add 'loading' message while login is in progress (#2790)
	- Fix quota_zero_as_unlimited (#2786)
	- Fix folder subscription checking (#2804)
	- Fix INBOX appears (sometimes) twice in mailbox list (#2794)
	- Fix listing of attachments of some types e.g. "x-epoc/x-sisx-app" (#2779)
	- Fix DB Schema checking when some db_table_* options are not set (#2780)

	RELEASE 0.4-beta
	----------------
	- Add sizelimit and timelimit variables in LDAP config (#2704)
	- Hide IMAP host dropdown when single host is defined (#2553)
	- Add images pre-loading on login page (#623)
	- Add HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR to successful logins log (#2634)
	- Fix setting spellcheck languages with extended codes (#2747)
	- Fix messages list scrolling in FF3.6 (#2657)
	- Fix quicksearch input focus (#2770)
	- Always set changed date when flagging a DB record as deleted + provide a cleanup script
	- Fix address book/group selection (#2760)
	- Assign newly created contacts to the active group (#2764)
	- Added option not to mark messages as read when viewed in preview pane (#1513)
	- Allow plugins modify the Sent folder when composing (#2708)
	- Added optional (max_recipients) support to restrict total number of recipients per message (#1167)
	- Re-organize editor buttons, add blockquote and search buttons
	- Make possible to write inside or after a quoted html message (#1878)
	- Fix bugs on unexpected IMAP connection close (#2449, #2507)
	- Iloha's imap.inc rewritten into rcube_imap_generic class
	- Added contact groups in address book (not finished yet)
	- Added PageUp/PageDown/Home/End keys support on lists (#2627)
	- Added possibility to select all messages in a folder (#1312)
	- Added 'imap_force_caps' option for after-login CAPABILITY checking (#2087)
	- Password: Support dovecotpw encryption
	- TinyMCE 3.3.1
	- Implemented messages copying using drag&drop + SHIFT (#863)
	- Improved performance of folders operations (#2689)
	- Fix blocked.gif attachment is not attached to the message (#2685)
	- Managesieve: import from Horde-INGO
	- Managesieve: support for more than one match (#2362)
	- Managesieve: support for selectively disabling rules within a single sieve script (#2198)
	- Threaded message listing now available
	- Added sorting by ARRIVAL and CC
	- Message list columns configurable by the user
	- Removed 'index_sort' option, now we're using empty 'message_sort_col' for this
	- virtuser_query: support other identity data (#2413)
	- Options virtuser_* replaced with virtuser_* plugins
	- Plugin API: Implemented 'email2user' and 'user2email' hooks
	- Fix forwarding message omits CC header (#2538)
	- Add 'default_charset' option to user preferences (#1855)
	- Add 'delete_always' option to user preferences
	- Support/Require tls:// prefix in 'smtp_server' option for TLS connections
	- Fix inconsistent behaviour of 'delete_always' option (#2533)
	- Fix deleting all messages from last list page (#2528)
	- Flag original messages when sending a draft (#2458)
	- Changed signature separator when top-posting (#2555)
	- Let the admin define defaults for search modifiers (#2211)
	- Fix long e-mail addresses validation (#2641)
	- Remember search modifiers in user prefs (#2411)
	- Added force_7bit option to force MIME encoding of plain/text messages (#2679)
	- Use case sensitive check when checking for default folders (#2567)
	- Fix checking for new mail: now checks unseen count of inbox (#2123)
	- Improve performance by avoiding unnecessary updates to the session table (#2552)
	- Fix invalid <font> tags which cause HTML message rendering problems (#2687)
	- Fix CVE-2010-0464: Disable DNS prefetching (#2639)
	- Fix Received headers to behave better with SpamAssassin (#2682)
	- Password: Make passwords encoding consistent with core, add 'password_charset' global option (#2658)
	- Fix adding contacts SQL error on mysql (#2645)
	- Squirrelmail_usercopy: support reply-to field (#2678)
	- Fix IE spellcheck suggestion popup issue (#2656)
	- Fix email address auto-completion shows regexp pattern (#2498)
	- Fix merging of configuration parameters: user prefs always survive (#2584)
	- Fix quota indicator value after folder purge/expunge (#2671)
	- Fix external mailto links support for use as protocol handler (#2328)
	- Fix attachment excessive memory use, support messages of any size (#1245)
	- Fix setting task name according to auth state
	- Password: fix vpopmaild driver (#2662)
	- Add workaround for MySQL bug [http://bugs.mysql.com/bug.php?id=46293] (#2659)
	- Fix quoted text wrapping when replying to an HTML email in plain text (#897)
	- Fix handling of extended mailto links (with params) (#2573)
	- Fix sorting by date of messages without date header on servers without SORT (#2521)
	- Fix inconsistency when not using default table names (#2652)
	- Fix folder rename/delete buttons do not appear on creation of first folder (#2653)
	- Fix character set conversion fails on systems where iconv doesn't accept //IGNORE (#2590)
	- Log in performance: Create default folders on first login only
	- Import contacts into the selected address book (by Phil Weir)
	- Add support for MDB2's 'sqlsrv' driver (#2602)
	- Use jQuery-1.4
	- Removed problematic browser-caching of messages
	- Fix incompatybility with suhosin.executor.disable_emodifier (#2549)
	- Use PLAIN auth when CRAM fails and imap_auth_type='check' (#2587)
	- Fix removal of <title> tag from HTML messages (#2629)
	- Fix 'force_https' to specified port when URL contains a port number (#2612)
	- Fix to-text converting of HTML entities inside b/strong/th/hX tags (#2621)
	- Bug in spellchecker suggestions when server charset != UTF8 (#2607)
	- Managesieve: Fix requires generation for multiple actions (#2603)
	- Fix LDAP problem with special characters in RDN (#2548)
	- Improved handling of message parts of type message/rfc822
	- Plugin API: added 'quota' hook
	- Fix parsing conditional comments in HTML messages (#2569)
	- Use built-in json_encode() for proper JSON format in AJAX replies
	- Allow setting only selected params in 'message_compose' hook (#2543)
	- Plugin API: added 'message_compose_body' hook (#2520)
	- Fix counters of all folders are checked in 'getunread' action with check_all_folders disabled (#2399)
	- Fix displaying alternative parts in messages of type message/rfc822 (#2488)
	- Fix possible messages exposure when using Roundcube behind a proxy (#2516)
	- Fix unicode para and line separators in javascript response (#2542)
	- Additional_message_headers: allow unsetting headers, support plugin's config file (#2505)
	- Fix displaying of hidden directories in skins list (#2535)
	- Fix open_basedir restriction error when reading skins list (#2537)
	- Fix pasting from Office apps into html editor (#2508)
	- Fix empty <a> tags parsing (#2509)
	- Don't cut off attachment names when using non-RFC2231 encoding (#1912)
	- Allow inserting signatures above replied message body (#991)
	- Managesieve 2.0: multi-script support
	- Fix imap_auth_type regression (#2502)

	RELEASE 0.3.1
	------------------
	- Specify toolbar container in compose template (#2489)
	- Fix $_SERVER['HTTPS'] check for SSL forcing on IIS (#2486)
	- Avoid unnecessary page loads for selected tab (#2324)
	- Fix quota indicator issues by content generation on client-size (#2454, #2470)
	- Don't display disabled sections in Settings (#2380)
	- Added server-side e-mail address validation with 'email_dns_check' option (#2175)
	- Fix login page loading into an iframe when session expires (#2253)
	- Allow setting port number in 'force_https' option (#2373)
	- Option 'force_https' replaced by 'force_https' plugin
	- Fix IE issue with non-UTF-8 characters in AJAX response (#2422)
	- Partially fixed "empty body" issue by showing raw body of malformed message (#2427)
	- Fix importing/sending to email address with whitespace (#2467)
	- Added XIMSS (CommuniGate) driver for Password plugin
	- Fix newly attached files are not saved in drafts w/o editing any text (#2457)
	- Added attachment upload indicator with parallel upload (#2344)
	- Use default_charset for bodies of messages without charset definition (#2446)
	- Password: added cPanel driver
	- Fix return to first page from e-mail screen (#2385)
	- Fix handling HTML comments in HTML messages (#2448)
	- Fix folder/messagelist controls alignment - icons used (#2356)
	- Fix LDAP addressbook shows 'Contact not found' error sometimes (#2438)
	- Fix cache status checking + improve cache operations performance (#2384)
	- Prevent from setting INBOX as any of special folders (#2390)
	- Fix regular expression for e-mail address (#2417)
	- Fix Received header format
	- Implemented sorting by message index - added 'index_sort' option (#2240)
	- Fix dl() use in installer (#2415)
	- Added 'ldap_debug' option
	- Fix "Empty startup greeting" bug (#2369)
	- Fix setting user name in 'new_user_identity' plugin (#2405)
	- Fix incorrect count of new messages in folder list when using multiple IMAP clients (#2289)
	- Fix all folders checking for new messages with disabled caching (#2399)
	- Support skins in 'archive' and 'markasjunk' plugins
	- Added 'html_editor' hook (#2353)
	- Fix DB constraint violation when populating messages cache (#2338)
	- Password: added password strength options (#2348)
	- Fix LDAP partial result warning (#1928)
	- Fix delete in message view deletes permanently with flag_for_deletion=true (#2382)
	- Use faster/secure mt_rand() (#2376)
	- Fix roundcube hangs on empty inbox with bincimapd (#2375)
	- Fix wrong headers for IE on servers without $_SERVER['HTTPS'] (#2232)
	- Force IE style headers for attachments in non-HTTPS session, 'use_https' option (#2023)
	- Check 'post_max_size' for upload max filesize (#2372)
	- Password Plugin: Fix %d inserts username instead of domain (#2371)
	- Fix rcube_mdb2::affected_rows() (#2366)

	RELEASE 0.3-stable
	------------------
	- Fix gn and givenName should be synonymous in LDAP addressbook (#2208)
	- Add mail_domain to LDAP email entries without @ sign (#1652)
	- Fix saving empty values in LDAP contact data (#2113)
	- Fix LDAP contact update when RDN field is changed (#2119)
	- Fix LDAP attributes case senitivity problems (#2155)
	- Fix LDAP addressbook browsing when only one directory is used (#2314)
	- Fix endless loop on error response for APPEND command (#2346)
	- Don't require date.timezone setting in installer (#2284)
	- Fix date sorting problem with Courier IMAP server (#2351)
	- Unselect pressed buttons on mouse up (#2283)
	- Don't set php_value error_log in .htaccess but mention in INSTALL (#2230)
	- Fix too small status/flag/attachment columns in Safari 4 (#2349)
	- Fix selection disabling while dragging splitter in webkit browsers (#2342)
	- Added 'new_messages' plugin hook (#2298)
	- Added 'logout_after' plugin hook (#2333)
	- Added 'message_compose' hook
	- Added 'imap_connect' hook (#2256)
	- Fix vcard_attachments plugin (#2326)
	- Updated PEAR::Auth_SASL to 1.0.3 version
	- Use sequence names only with PostgreSQL (#2310)
	- Re-designed User Preferences interface
	- Fix MS SQL DDL (#2312)
	- Fix rcube_mdb2.php: call to setCharset not implemented in mssql driver (#2311)
	- Added 'display_next' option
	- Fix rcube_mdb2::unixtimestamp for MS SQL (#2308)
	- Fix HTML washing to respect character encoding
	- Fix endless loop in iil_C_Login() with Courier IMAP (#2303)
	- Fix #messagemenu display on IE (#2299)
	- Speedup UI by using sprites for (toolbar) buttons
	- Fix charset names with X- prefix handling
	- Fix displaying of HTML messages with unknown/malformed tags (#2296)

	RELEASE 0.3-RC1
	---------------
	- Fix import of vCard entries with params (#1857)
	- Fix HTML messages output with empty block elements (#2271)
	- Use request tokens to protect POST requests from CSRF [CVE-2009-4076, CVE-2009-4077]
	- Added hook when killing a session
	- Added hook to write_log function (#2268)
	- Performance improvements by use UID commands (#2046)
	- Fix HTML editor tabIndex setting (#2269)
	- Added 'imap_debug' and 'smtp_debug' options
	- Support strftime's format modifiers in date_* options (#1354)
	- Support %h variable in 'smtp_server' option (#2101)
	- Show SMTP errors in browser (#2233)
	- Allow WBR tag in HTML message (#2259)
	- Use spl_autoload_register() instead of __autoload (#2250)
	- Add hook for identities listing (#2257)
	- Trigger hook 'smtp_connect' when opening an SMTP connection (#2255)
	- Added config option to enforce HTTPS connections
	- Fix non-unicode characters caching in unicode database (#1209)
	- Performance improvements of messages caching
	- Fix empty Date header issue (#2229)
	- Open collapsed folders during drag & drop (#2221)
	- Fixed link text replacements (#2120)
	- Also trigger 'insertrow' events on page load (#2151)
	- No link on subject in IE browsers (#1438)
	- Fixed filename encoding according to RFC2231 (#2192)
	- Added message Edit feature (#727, #1101)
	- Fix message Etag generation for counter issues (#1996)
	- Fix messages searching on MailEnable IMAP (#2097)
	- Fixed many 'skip_deleted' issues (#2006)
	- Fixed messages list sorting on servers without SORT capability
	- Colorized signatures in plain text messages
	- Reviewed/fixed skip_deleted/read_when_deleted/flag_for_deletion options handling in UI
	- Fix displaying of big maximum upload filesize (#2205)
	- Added possibility to invert messages selection
	- After move/delete from 'show' action display next message instead of messages list (#2203)
	- Fixed problem with double quote at the end of folder name (#2200)
	- Speedup UI by using CSS sprites and etags/expires/deflate in Apache config (#1397,#2128)
	- Support UID EXPUNGE: remove only moved/deleted messages
	- Add drag cancelling with ESC key (#1036)
	- Support initial identity name from virtuser_query (#807)
	- Added message menu, removed Print and Source buttons
	- Added possibility to save message as .eml file (#2178)
	- Added 1 minute interval in autosave options (#2173)
	- Support UTF-7 encoding in messages (#2156)
	- Better support for malformed character names (#2093)

	RELEASE 0.3-BETA
	----------------
	- Plugin API + jQuery engine
	- Added possibility to encrypt received header, option 'http_received_header_encrypt',
	added some more logic in encrypt/decrypt functions for security
	- Fix Answered/Forwarded flag setting for messages in subfolders
	- Fix autocomplete problem with capital letters (#2122)
	- Support UUencode content encoding (#2163)
	- Minimize chance of race condition in session handling (#1260)
	- Fix session handling on non-session SQL query error (#2078)
	- Fix html editor mode setting when reopening draft message (#2158)
	- Added quick search box menu (#1010)
	- Fix wrong column sort order icons (#2149)
	- Updated TinyMCE to 3.2.3 version
	- Fix attachment names encoding when charset isn't specified in attachment part (#1483)
	- Fix message normal priority problem (#2146)
	- Fix autocomplete spinning wheel does not disappear (#2132)
	- Added log_date_format option (#2060)
	- Fix text wrapping in HTML editor after switching from plain text to HTML (#1917)
	- Fix auto-complete function hangs with plus sign (#2141)
	- Fix AJAX requests errors handler (#1503)
	- Speed up message list displaying on IE
	- Fix read/write database recognition (#2137)

	RELEASE 0.2.2
	-------------
	- Fix quicksearchbox look in Chrome and Konqueror (#1380)
	- Fix UTF-8 byte-order mark removing (#1911)
	- Fix folders subscribtions on Konqueror (#1380)
	- Fix debug console on Konqueror and Safari
	- Fix messagelist focus issue when modifying status of selected messages (#2134)
	- Support STARTTLS in IMAP connection (#1714)
	- Fix DEL key problem in search boxes (#1923)
	- Support several e-mail addresses per user from virtuser_file (#2036)
	- Fix drag&drop with scrolling on IE (#2117)
	- Fix adding signature separator in html mode (#1768)
	- Fix opening attachment marks message as read (#2131)
	- Fix 'temp_dir' does not support relative path under Windows (#1157)
	- Fix "Initialize Database" button missing from installer (#2130)
	- Fix compose window doesn't fit 1024x768 window (#1807)
	- Fix service not available error when pressing back from compose dialog (#1942)
	- Fix using mail() on Windows (#2111)
	- Fix word wrapping in message-part's <PRE>s for printing (#2118)
	- Fix incorrect word wrapping in outgoing plaintext multibyte messages (#2062)
	- Fix double footer in HTML message with embedded images
	- Fix TNEF implementation bug (#2107)
	- Fix incorrect row id parsing for LDAP contacts list (#2116)
	- Fix 'mode' parameter in sqlite DSN (#2106)

	RELEASE 0.2.1
	------------------
	- Use US-ASCII as failover when Unicode searching fails (#2097)
	- Fix errors handling in IMAP command continuations (#2097)
	- Fix FETCH result parsing for servers returning flags at the end of result (#2098)
	- Fix datetime columns defaults in mysql's DDL (#2012)
	- Fix attaching more than nine inline images (#2094)
	- Support 'UNICODE-1-1-UTF-7' alias for UTF-7 encoding (#2093)
	- Fix mime-type detection using a hard-coded map (#1735)
	- Don't return empty string if charset conversion failed (#2092)
	- Disable concurrent autocomplete query results display (#2082)
	- Fix new lines stripped from message footer (#2088)
	- Fix IE problem with mouse click autocomplete (#2080)
	- Fix html body washing on reply/forward + fix attachments handling (#2034)
	- Fix multiple recipients input parsing (#2077)
	- Fix replying to message with html attachment (#2034)
	- Use default_charset for messages without specified charset (#2027, #1484961)
	- Support non-standard "GMT-XXXX" literal in date header (#2074)
	- Added TNEF support to decode MS Outlook attachments (winmail.dat)
	- Fix "value continuation" MIME headers by adding required semicolon (#2073)
	- Fix pressing select all/unread multiple times (#2069)
	- Fix selecting all unread does not honor new messages (#2070)
	- Fix some base64 encoded attachments handling (#2071)
	- Support NGINX as IMAP backend: better BAD response handling (#2066)
	- Performance fix: don't fetch attachment parts headers twice to parse filename
	- Fix checking for recent messages on various IMAP servers (#2055)
	- Performance fix: Don't fetch quota and recent messages in "message view" mode
	- Fix displaying of alternative-inside-alternative messages (#2061)
	- Fix MDNSent flag checking, use arbitrary keywords (asterisk) flag (#2059)
	- Fix creation of folders with '&' sign in name
	- Fix parsing of email addresses without angle brackets (#2048)
	- Save spellcheck corrections when switching from plain to html editor (and spellchecking is on)
	- Fix large search results on server without SORT capability (#2031)
	- Get rid of preg_replace() with eval modifier and create_function usage (#2042)
	- Bring back <base> and <link> tags in HTML messages
	- Fix XSS vulnerability through background attributes [CVE-2009-0413]
	- Fix problems with backslash as IMAP hierarchy delimiter (#1116)
	- Secure vcard export by getting rid of preg's 'e' modifier use (#2045)
	- Fix authentication when submitting form with existing session (#2037)
	- Allow absolute URLs to images in HTML messages/sigs (#2029)
	- Fix message body which contains both inline attachments and emotions
	- Fix SQL query execution errors handling in rcube_mdb2 class (#1907)
	- Fix address names with '@' sign handling (#2022)
	- Improve messages display performance
	- Fix messages searching with 'to:' modifier

	RELEASE 0.2-STABLE
	------------------
	- Fix mark popup in IE 7 (#1785)
	- Fix line-break issue when copy & paste in Firefox (#1832)
	- Fix autocomplete "unknown server error" (#2008)
	- Fix STARTTLS before AUTH in SMTP connection (#1415)
	- Support multiple quota values in QUOTAROOT resonse (#1999)
	- Only abbreviate file name for IE < 7 browsers (#1548)
	- Performance: allow setting imap rootdir and delimiter before connect (#1628)
	- Fix sorting of folders with more than 2 levels (#1953)
	- Fix search results page jumps in LDAP addressbook (#1689)
	- Fix empty line before the signature in IE (#1769)
	- Fix horizontal scrollbar in preview pane on IE (#1228)
	- Add Robots meta tag in login page and installer (#1385)
	- Added 'show_images' option, removed 'addrbook_show_images' (#1977)
	- Option to check for new mails in all folders (#1053)
	- Don't set client busy when checking for new messages (#1706)
	- Allow UTF-8 folder names in config (#1960)
	- Add junk_mbox option configuration in installer (#1960)
	- Do serverside addressbook queries for autocompletion (#1925)
	- Allow setting attachment col position in 'list_cols' option
	- Allow override 'list_cols' via skin (#1958)
	- Fix 'cache' table cleanup on session destroy (#1913)
	- Increase speed of session destroy and garbage clean up
	- Fix session timeout when DB server got clock skew (#1890)
	- Fix handling of some malformed messages (#1099)
	- Speed up raw message body handling
	- Better HTML entities conversion in html2text (#1916)
	- Fix big memory consumption and speed up searching on servers without SORT capability
	- Fix setting locale to tr_TR, ku and az_AZ (#1872)
	- Use SORT for searching on servers with SORT capability
	- Added message status filter
	- Fix empty file sending (#1801)
	- Improved searching with many criterias (calling one SEARCH command)
	- Fix HTML editor initialization on IE (#1731)
	- Add warning when switching editor mode from html to plain (#1888)
	- Make identities list scrollable (#1930)
	- Fix problem with numeric folder names (#1922)
	- Added BYE response simple support to prevent from endless loops in imap.inc (#777)
	- Fix unread message unintentionally marked as read if read_when_deleted=true (#1819)
	- Remove port number from SERVER_NAME in smtp_helo_host (#1915)
	- Don't send disposition notification receipts for messages marked as 'read' (#1918)
	- Added 'keep_alive' and 'min_keep_alive' options (#1777)
	- Added option 'identities_level', removed 'multiple_identities'
	- Allow deleting identities when multiple_identities=false (#1840)
	- Added option focus_on_new_message (#1789)
	- Fix html2text class autoloading on Windows (#1904)
	- Fix html signature formatting when identity save error occurred (#1833)
	- Add feedback and set busy when moving folder (#1897)
	- Fix 'Empty' link visibility for some languages e.g. Slovak (#1889)
	- Fix messages count bar overlapping (#1703)
	- Fix adding signature in drafts compose mode (#1884)
	- Fix iil_C_Sort() to support very long and/or divided responses (#1713)
	- Fix matching case sensitivity when setting identity on reply (#1881)
	- Prefer default identity on reply
	- Fix imap searching on ISMail server (#1870)
	- Add css class for flagged messages (#1868)
	- Write username instead of id in sendmail log (#1879)
	- Fix htmlspecialchars() use for PHP version < 5.2.3 (#1877)
	- Fix js keywords escaping in json_serialize() for IE/Opera (#1874)
	- Added bin/killcache.php script (#1839)
	- Add support for SJIS, GB2312, BIG5 in rc_detect_encoding()
	- Fix vCard file encoding detection for non-UTF-8 strings (#1820)
	- Add 'skip_deleted' option in User Preferences (#1850)
	- Minimize "inline" javascript scripts use (#1838)
	- Fix css class setting for folders with names matching defined classes names (#1772)
	- Fix race conditions when changing mailbox
	- Fix spellchecking when switching to html editor (#1779)
	- Fix compose window width/height (#1807)
	- Allow calling msgimport.sh/msgexport.sh from any directory (#1837)
	- Localized filesize units (#1760)
	- Better handling of "no identity" and "no email in identity" situations (#1592)
	- Added 'mime_param_folding' option with possibility to choose long/non-ascii attachment names encoding eg. to be readable in MS Outlook/OE (#1743)
	- Added "advanced options" feature in User Preferences
	- Fix unread counter when displaying cached massage in preview panel (#1720)
	- Fix htmleditor spellchecking on MS Windows (#1808)
	- Fix problem with non-ascii attachment names in Mail_mime (#1700, #1576)
	- Fix language autodetection (#1812)
	- Fix button label in folders management (#1816)
	- Fix collapsed folder not indicating unread msgs count of all subfolders (#1814)
	- Fix handling of apostrophes in filenames decoded according to rfc2231

	RELEASE 0.2-BETA
	----------------
	- Made config files location configurable (#1664)
	- Reduced memory footprint when forwarding attachments (#1764)
	- Allow and use spellcheck attribute for input/textarea fields (#1545)
	- Added icons for forwarded/forwarded+replied messages (#1691)
	- Added Reply-To to forwarded emails (#1739)
	- Display progress message for folders create/delete/rename (#1774)
	- Smart Tags and NOBR tag support in html messages (#1780, #1748)
	- Redesign of the identities settings (#836)
	- Add config option to disable creation/deletion of identities (#1139)
	- Added 'sendmail_delay' option to restrict messages sending interval (#1135)
	- Added vertical splitter for folders list resizing
	- Added possibility to view all headers in message view
	- Fixed splitter drag/resize on Opera (#1626)
	- Fixed quota img height/width setting from template (#1396)
	- Refactor drag & drop functionality. Don't rely on browser events anymore (#1108)
	- Insert "virtual" folders in subscription list (#1333)
	- Added link to open message in new window
	- Enable export of address book contacts as vCard
	- Add feature to import contacts from vcard files (#395)
	- Respect Content-Location headers in multipart/related messages according to RFC2110 (#1464)
	- Allowed max. attachment size now indicated in compose screen (#1523)
	- Also capture backspace key in list mode (#1186)
	- Allow application/pgp parts to be displayed (#1309)
	- Correctly handle options in mailto-links (#1671)
	- Immediately save sort_col/sort_order in user prefs (#1698)
	- Truncate very long (above 50 characters) attachment filenames when displaying
	- Allow to auto-detect client language if none set (#1095)
	- Auto-detect the client timezone (user configurable)
	- Add RFC2231 header value continuations support for attachment filenames + hack for servers that not support that feature
	- Fix Reply-To header displaying (#1738)
	- Mark form buttons that provide the most obvious operation (mainaction)
	- Added option 'quota_zero_as_unlimited' (#1206)
	- Added PRE handling in html2text class (#1301)
	- Added folder hierarchy collapsing
	- Added options to use syslog instead of log file (#1389)
	- Added Logging & Debugging section in Installer
	- Fix In-Reply-To and References headers when composing saved draft message (#1718)
	- Fix html message charset conversion for charsets with underline (#1717)
	- Fix buttons status after contacts deletion (#1675)
	- Fix escaping of To: and From: fields when building message body for reply or forward in the HTML editor (#1432)
	- Use current mailbox name in template (#1690)
	- Better fix for skipping untagged responses (#1694)
	- Added pspell support patch by Kris Steinhoff (#781)
	- Enable spellchecker for HTML editor (#1589)
	- Respect spellcheck_uri in tinyMCE spellchecker (#941)
	- Case insensitive contacts searching using PostgreSQL (#1692)
	- Make default imap folders configurable for each user (#1558)
	- Save outgoing mail to selectable folder (#1324581)
	- Fix hiding of mark menu when clicking th button again (#1463)
	- Use long date format in print mode (#1643)
	- Updated TinyMCE to version 3.1.0.1
	- Re-enable autocomplete attribute for login form (#1661)
	- Check PERMANENTFLAGS before saving $MDNSent flag (#1478, #1485163)
	- Added flag column on messages list (#1220)
	- Patched Mail/MimePart.php (http://pear.php.net/bugs/bug.php?id=14232)
	- Allow trash/junk subfolders to be purged (#1568)
	- Store compose parameters in session and redirect to a unique URL
	- Fixed CRAM-MD5 authentication (#1364)
	- Fixed forwarding messages with one HTML attachment (#1103)
	- Fixed encoding of message/rfc822 attachments and image/pjpeg handling (#1439)
	- Added option to select skin in user preferences
	- Added option to configure displaying of attached images below the message body
	- Added option to display images in messages from known senders (#1204)
	- User preferences grouped in more fieldsets
	- Fix corrupted MIME headers of messages in Sent folder (#1587)
	- Fixed bug in MDB2 package: http://pear.php.net/bugs/bug.php?id=14124
	- Use keypress instead of keydown to select list's row (#1362)
	- Don't call expunge and don't remove message row after message move if flag_for_deletion is set to true (#1505)

	RELEASE 0.2-ALPHA
	-----------------
	- Added option to disable autocompletion from selected LDAP address books (#1445)
	- TLS support in LDAP connections: 'use_tls' property (#1581)
	- Fixed removing messages from search set after deleting them (#1583)
	- imap.inc: Fixed iil_C_FetchStructureString() to handle many
	literal strings in response (#1483)
	- Support for subfolders in default/protected folders (#1250)
	- Disallowed delimiter in folder name (#1351)
	- Support " and \ in folder names
	- Escape \ in login (#1214)
	- Better HTML sanitization with the DOM-based washtml script (#1276)
	- Fixed sorting of folders with non-ascii characters
	- Fixed Mysql DDL for default identities creation (#1554)
	- In Preferences added possibility to configure 'read_when_deleted',
	'mdn_requests', 'flag_for_deletion' options
	- Made IMAP auth type configurable (#683)
	- Fixed empty values with FROM_UNIXTIME() in rcube_mdb2 (#1540)
	- Fixed attachment list on IE 6/7 (#1355)
	- Fixed JavaScript in compose.html that shows cc/bcc fields if populated
	- Make password input fields of type password in installer (#1417)
	- Don't attempt to delete cache entries if enable_caching is FALSE (#1537)
	- Optimized messages sorting on servers without sort capability (#1535)
	- Corrected message headers decoding when charset isn't specified and improved
	support for native languages (#1536, #1534)
	- Expanded LDAP configuration options to support LDAP server writes.
	- Installer: encode special characters in DB username/password (#1529)
	- Fixed management of folders with national characters in names (#1526, #1504)
	- Fixed identities saving when using MDB2 pgsql driver (#1525)
	- Fixed BCC header reset (#1501)
	- Improved messages list performance - patch from Justin Heesemann
	- Append skin_path to images location only when it starts with '/' sign (#1398)
	- Fix IMAP response in message body when message has no body (#1479)
	- Fixed non-RFC dates formatting (#1429)
	- Fixed typo in set_charset() (#1498)
	- Decode entities when inserting HTML signature to plain text message (#1497)
	- HTML editing is now working with PHP5 updates and TinyMCE v3.0.6
	- Fixed signature loading on Windows (#1169)
	- Added language support to HTML editing (#1401)
	- Fixed remove signature when replying (#446)
	- Fixed problem with line with a space at the end (#1440)
	- Fixed <!DOCTYPE> tag filtering (#1066)
	- Fixed <?xml> tag filtering (#1075)
	- Added sections (fieldset+label) in Settings interface
	- Mark as read in one action with message preview (#1486)
	- Deleted redundant quota reads (#1486)
	- Added options for empty trash and expunge inbox on logout (#707)
	- Removed lines wrapping when displaying message
	- Fixed month localization
	- Changed codebase to PHP5 with autoloader

	RELEASE 0.1.1
	-------------
	- Clear selection when selecting single item (#1461)
	- Remove hard-coded image size in skin templates (#1423)
	- Database schema improvements (dropped unnecessary indexes)
	- Fixed creating a new folder with a comma in its name (#1263)
	- Fixed sorting of messages when default mailbox is empty (#1020)
	- Improve message previewpane - less loading (#1019)
	- Fixed login form autoompletion (#1378)
	- Fixed virtuser_query option for mdb2 backend (#1409)
	- Fixed attachment resoting from Drafts when message body was empty (#1144)
	- Fixed usage of ob_gzhandler (#1390)
	- Fixed message part window in IE6 (#1211)
	- Fixed decoding of mime-encoded strings (#938)
	- Fixed some iconv/mb_string problems (#1202)
	- Correctly quote mailbox name when using in URL (#1016)
	- Fixed "headers already sent" errors (#1399)

	RELEASE 0.1-STABLE
	------------------
	- Added interactive installer script
	- Fix folder adding/renaming inspired by #1349
	- Localize folder name in page title (#1338)
	- Fix code using wrong variable name (#818)
	- Allow to send mail with BCC recipients only
	- condense TinyMCE toolbar down to one line, removing table buttons (#1306)
	- Add function to mark the selected messages as read/unread (#641)
	- Also do charset decoding as suggested in RFC 2231 (fix #1022)
	- Show message count in folder list and hint when creating a subfolder
	- Distinguish ssl and tls for imap connections (#1252)
	- Added some charset aliases to fix typical mis-labelling (#1185)
	- Remember decision to display images for a certain message during session (#1310)
	- Truncate attachment filenames to 55 characters due to an IE bug (#1313)
	- Make sending of read receipts configurable
	- Respect config when localize folder names (#1280)
	- Also respect receipt and priority settings when re-opening a draft message
	- Remember search results (closes #722), patch by the_glu
	- Add Received header on outgoing mail
	- Upgrade to TinyMCE 2.1.3
	- Allow inserting image attachments into HTML messages while composing (#1179)
	- Implement Message-Disposition-Notification (Receipts)
	- Fix overriding of session vars when register_globals is on (#1255)
	- Fix bug with case-sensitive folder names (#973)
	- Don't create default folders by default
	- Fixed some potential security risks (audited by Andris)
	- Only show new messages if they match the current search (#925)
	- Switch to/from when searcing in Sent folder (#1177)
	- Correctly read the References header (#1236)
	- Unset old cookie before sending a new value (#1232)
	- Correctly decode attachments when downloading them (#1235 and #1484642)
	- Suppress IE errors when clearing attachments form (#1043)
	- Log error when login fails due to auto_create_user turned off
	- Filter linked/imported CSS files (closes #844)
	- Improve message compose screen (closes #1060)
	- Select next row after removing one from list (#1063)

	RELEASE 0.1-RC2
	---------------
	- Enable drag-&-dropping of folders to a new parent and allow to create subfolders (#637)
	- Suppress IE errors when clearing attachments form (#1043)
	- Set preferences field in user table to NULL (#1062)
	- Log error when login fails due to auto_create_user turned off
	- Filter linked/imported CSS files (closes #844)
	- Improve message compose screen (closes #1060)
	- Select next row after removing one from list (#1063)
	- Make smtp HELO/EHLO hostname configurable (#851)
	- IPv6 Compatibility (#1023), Patch #1484373
	- Unlock interface when message sending fails (#1188)
	- Eval PHP code in template includes (if configured)
	- Show message when folder is empty. Mo more static text in table (#1068)
	- Only display unread count in page title when new messages arrived
	- Fixed wrong delete button tooltip (#785)
	- Fixed charset encoding bug (#1091)
	- Applied patch for LDAP version (#1175)
	- Improved XHTML validation
	- Fix message list selection (#1174)
	- Better fix lowercased usernames (#1120)
	- Update pngbehavior Script as suggested in #1134
	- Fixed moving/deleting messages when more than 1 is selected
	- Applied patch for LDAP contacts listing by Glen Ogilvie
	- Applied patch for more address fields in LDAP contacts (#1074)
	- Add alternative for getallheaders() (fix #1146)
	- Identify mailboxes case-sensitive
	- Sort mailbox list case-insensitive (closes #1032)
	- Fix display of multipart messages from Apple Mail (closes #823)
	- Protect AJAX request from being fetched by a foreign site (XSS)
	- Make autocomplete for loginform configurable by the skin template
	- Fix compose function from address book (closes #1089)
	- Added //IGNORE to iconv call (patch #1086, closes #821)
	- Check if mbstring supports charset (#1003 and #1004)
	- Prefer iconv over mbstring (as suggested in #1004)
	- Check filesize of template includes (#1079)
	- Fixed bug with buttons not dimming/enabling properly after switching folders
	- Fixed compose window becoming unresponsive after saving a draft (#1132)
	- Re-enabled "Back" button in compose window now that bug #1132 is fixed
	- Fixed unresponsive interface issue when downloading attachments (#1138)
	- Lowered status message time from 5 to 3 seconds to improve responsiveness
	- Raised .htaccess upload_max_filesize from 2M to 5M to differ from default php.ini
	- Increased "mailboxcontrols" mail.css width from 160 to 170px to fix non-english languages (#1140)
	- Fix status message bug #1114 with regard to #1041
	- Fix address adding bug reported by David Koblas
	- Applied socket error patch by Thomas Mangin
	- Pass-by-reference workarround for PHP5 in sendmail.inc
	- Fixed buggy imap_root settings (closes #1056)
	- Prevent default events on subject links (#1071)
	- Use HTTP-POST requests for actions that change state

	RELEASE 0.1-RC1
	---------------
	- Use global filters and bind username/ for Ldap searches (#909)
	- Hide quota display if imap server does not support it
	- Hide address groups if no LDAP servers configured
	- Add link to message subjects (closes #982)
	- Better SQL query for contact listing/search (closes #1051)
	- Fixed marking as read in preview pane (closes #1048)
	- CSS hack to display attachments correctly in IE6
	- Wrap message body text (closes #901)
	- LDAP access is back in address book (closes #864)
	- Added search function for contacts
	- New Template parsing and output encoding
	- Fixed bugs #884 and #793
	- Fixed message moving procedure (closes #1013)
	- Fixed display of multiple attachments (closes #647)
	- Fixed check for new messages (closes #1015)
	- List attachments without filename
	- New session authentication: Change sessid cookie when login, authentication with sessauth cookie is now configurable.
	Should close bugs #774 and #1484299
	- Correctly translate mailbox names (closes #993)
	- Quote e-mail address links (closes #1007)
	- Updated PEAR::Mail_mime package
	- Accept single quotes for HTML attributes when modifying message body (thanks Jason)
	- Sanitize input for new users/identities (thanks Colin Alston)
	- Don't download HTML message parts
	- Convert HTML parts to plaintext if 'prefer_html' is off
	- Correctly parse message/rfc822 parts (closes #838)
	- Also use user_id for unique key in messages table (closes #857)
	- Hide contacts drop down on blur (closes #946)
	- Make entries in contacts drop down clickable
	- Turn off browser autocompletion on login page
	- Quote <? in text/html message parts
	- Hide border around radio buttons
	- Applied patch for attachment download by crichardson (closes #943)
	- Fixed bug in Postgres DB handling (closes #852)
	- Fixed bug of invalid calls to fetchRow() in rcube_db.inc (closes #996)
	- Fixed array_merge bug (closes #997)
	- Fixed flag for deletion in list view (closes #987)
	- Finally support semicolons as recipient separator (closes ##976)
	- Fixed message headers (subject) encoding
	- check if safe mode is on or not (closes #990)
	- Show "no subject" in message list if subject is missing (closes #971)
	- Solved page caching of message preview (closes #905)
	- Only use gzip compression if configured (closes #967)
	- Fixed priority selector issue (#903)
	- Fixed some CSS issues in default skin (closes #951 and #911)
	- Prevent from double quoting of numeric HTML character references (closes #978)
	- Fixed display of HTML message attachments (closes #927)
	- Applied patch for preview caching (closes #933)
	- Added error handling for attachment uploads
	- Use multibyte safe string functions where necessary (closes #798)
	- Applied security patch to validate the submitted host value (by Kees Cook)
	- Applied security patch to validate input values when deleting contacts (by Kees Cook)
	- Applied security patch that sanitizes emoticon paths when attaching them (by Kees Cook)
	- Applied a patch to more aggressively sanitize a HTML message
	- Visualize blocked images in HTML messages
	- Fixed wrong message listing when showing search results (closes #890)
	- Show remote images when opening HTML message part as attachment
	- Improve memory usage when sending mail (closes #871)
	- Mark messages as read once the preview is loaded (closes #1484132)
	- Include smtp final response in log (closes #862)
	- Corrected date string in sent message header (closes #887)
	- Correclty choose "To" column in sent and draft mailboxes (closes #769)
	- Changed srong tooltips for message browse buttons (closes #757)
	- Fixed signature delimiter character to be standard (Bug #830)
	- Fixed XSS vulnerability (Bug #877)
	- Remove newlines from mail headers (Bug #827)
	- Selection issues when moving/deleting (Bug #837)
	- Applied patch of Clement Moulin for imap host auto-selection
	- ISO-encode IMAP password for plaintext login (Bugs #792 & #723)
	- Fixed folder name encoding in subscription list (Bug #879)
	- Fixed JS errors in identity list (Bug #885)
	- Translate foldernames in folder form (closes #879)
	- Added first and last buttons to message list, address book
	and message detail
	- Pressing Shift-Del bypasses Trash folder
	- Enable purge command for Junk folder
	- Fetch all aliases if virtuser_query is used instead
	- Re-enabled multi select of contacts (Bug #817)
	- Enable contact editing right after creation (Bug #644)
	- Correct UTF-7 to UTF-8 conversion if mbstring is not available
	- Fixed IMAP fetch of message body (Bug #819)
	- Fixed safe_mode problems (Bug #539)
	- Fixed wrong header encoding (Bug #1483976)
	- Made automatic draft saving configurable
	- Fixed JS bug when renaming folders (Bug #799)
	- Added quota display as image (by Brett Patterson)
	- Corrected creation of a message-id
	- New indentation for quoted message text
	- Improved HTML validity
	- Fixed URL character set (Ticket #616)
	- Fixed saving of contact into MySQL from LDAP query results (Ticket #681)
	- Fixed folder renaming: unsubscribe before rename (Bug #750)
	- Finalized new message parsing (+ chaching)
	- Fixed wrong usage of mbstring (Bug #645)
	- Set default spelling language (Ticket #764)
	- Added support for Nox Spell Server
	- Re-built message parsing (Bug #422)
	Now based on the message structure delivered by the IMAP server.
	- Fixed some XSS and SQL injection issues
	- Fixed charset problems with folder renaming
	diff --git a/plugins/enigma/skins/larry/templates/keys.html b/plugins/enigma/skins/larry/templates/keys.html
	index 7a3fd0554..6e2b3f3e5 100644
	--- a/plugins/enigma/skins/larry/templates/keys.html
	+++ b/plugins/enigma/skins/larry/templates/keys.html
	@@ -1,91 +1,91 @@
	<roundcube:object name="doctype" value="html5" />
	<html>
	<head>
	<roundcube:include file="/includes/links.html" />
	</head>
	<roundcube:if condition="env:extwin" /><body class="noscroll extwin"><roundcube:else /><body class="noscroll"><roundcube:endif />

	<roundcube:include file="/includes/header.html" />

	<div id="mainscreen" class="enigma">
	<h1 class="voice"><roundcube:label name="settings" /> : <roundcube:label name="enigma.enigmakeys" /></h1>

	<!-- toolbar -->
	<h2 id="aria-label-toolbar" class="voice"><roundcube:label name="arialabeltoolbar" /></h2>
	<div id="keystoolbar" class="toolbar" role="toolbar" aria-labelledby="aria-label-toolbar">
	<roundcube:button command="plugin.enigma-key-import-search" type="link" class="button search disabled" classAct="button search" classSel="button search pressed" label="search" title="enigma.keyimportsearchlabel" />
	<roundcube:button command="plugin.enigma-key-import" type="link" class="button import disabled" classAct="button import" classSel="button import pressed" label="import" title="enigma.importkeys" />
	<span class="dropbutton">
	<roundcube:button command="plugin.enigma-key-export" type="link" class="button export disabled" classAct="button export" classSel="button export pressed" label="export" title="enigma.exportkeys" />
	<a href="#export" class="dropbuttontip" id="exportmenulink" onclick="return UI.toggle_popup('exportmenu',event)" aria-haspopup="true" aria-expanded="false" aria-owns="exportmenu-menu" tabindex="0"><roundcube:label name="enigma.arialabelkeyexportoptions" /></a>
	</span>
	</div>

	<div id="exportmenu" class="popupmenu" aria-hidden="true">
	<h3 id="aria-label-exportmenu" class="voice"><roundcube:label name="enigma.arialabelkeyexportoptions" /></h3>
	<ul id="exportmenu-menu" class="toolbarmenu" role="menu" aria-labelledby="aria-label-exportmenu">
	<roundcube:button type="link-menuitem" command="plugin.enigma-key-export" label="exportall" prop="sub" class="exportalllink" classAct="exportalllink active" />
	<roundcube:button type="link-menuitem" command="plugin.enigma-key-export-selected" label="exportsel" prop="sub" class="exportsellink" classAct="exportsellink active" />
	</ul>
	</div>

	<div id="quicksearchbar" class="searchbox" role="search" aria-labelledby="aria-label-searchform">
	<h2 id="aria-label-searchform" class="voice"><roundcube:label name="enigma.arialabelkeysearchform" /></h2>
	<label for="quicksearchbox" class="voice"><roundcube:label name="arialabelmailquicksearchbox" /></label>
	<roundcube:object name="searchform" id="quicksearchbox" />
	<a id="searchmenulink" class="iconbutton searchicon" > </a>
	<roundcube:button command="reset-search" id="searchreset" type="link" class="iconbutton reset" title="resetsearch" label="resetsearch" />
	</div>

	<roundcube:include file="/includes/settingstabs.html" />

	<div id="settings-right" role="main" aria-labelledby="aria-label-enigmakeyslist">
	<div id="enigmakeyslist" class="uibox listbox" role="navigation" aria-labelledby="enigmakeyslist-header">
	<div id="enigmakeyslist-header" class="boxtitle"><roundcube:label name="enigma.enigmakeys" /></div>
	<div class="scroller withfooter">
	<roundcube:object name="keyslist" id="keys-table" class="listing" role="listbox" cellspacing="0" noheader="true" />
	</div>
	<div class="boxpagenav">
	<roundcube:button command="firstpage" type="link" class="icon firstpage disabled" classAct="icon firstpage" title="firstpage" label="first" />
	<roundcube:button command="previouspage" type="link" class="icon prevpage disabled" classAct="icon prevpage" title="previouspage" label="previous" />
	<roundcube:button command="nextpage" type="link" class="icon nextpage disabled" classAct="icon nextpage" title="nextpage" label="next" />
	<roundcube:button command="lastpage" type="link" class="icon lastpage disabled" classAct="icon lastpage" title="lastpage" label="last" />
	</div>
	<div class="boxfooter">
	<roundcube:button command="plugin.enigma-key-create" type="link" title="enigma.createkeys" class="listbutton add disabled" classAct="listbutton add" innerClass="inner" label="enigma.keyadd" /><roundcube:button name="moreactions" id="keyoptionslink" type="link" title="enigma.keyactions" class="listbutton groupactions" onclick="return UI.toggle_popup('keyoptions',event)" innerClass="inner" label="enigma.arialabelkeyoptions" aria-haspopup="true" aria-expanded="false" aria-owns="keyoptionsmenu" />
	<span class="countdisplay" aria-live="polite" aria-relevant="text">
	<span class="voice"><roundcube:label name="enigma.enigmakeys" /></span>
	<roundcube:object name="countdisplay" />
	</span>
	</div>
	</div>

	<div id="enigmacontent-box" class="uibox">
	<div class="iframebox">
	<roundcube:object name="contentframe" id="keyframe" width="100%" height="100%" frameborder="0" src="env:blankpage" />
	</div>
	</div>
	</div>
	</div>

	<div id="keyoptions" class="popupmenu">
	<ul class="toolbarmenu">
	<li><roundcube:button class="deletelink" type="link" command="plugin.enigma-key-delete" label="enigma.keyremove" target="_blank" classAct="deletelink active" /></li>
	<!--
	<li><roundcube:button class="disablelink" command="enigma.key-disable" label="enigma.keydisable" target="_blank" classAct="disablelink active" /></li>
	<li><roundcube:button class="revokelink" command="enigma.key-revoke" label="enigma.keyrevoke" classAct="revokelink active" /></li>
	<li class="separator_below"><roundcube:button class="sendlink" command="enigma.key-send" label="enigma.keysend" classAct="sendlink active" /></li>
	<li><roundcube:button class="chpasslink" command="enigma.key-chpass" label="enigma.keychpass" classAct="chpasslink active" /></li>
	-->
	</ul>
	</div>

	<roundcube:include file="/includes/footer.html" />

	-<script type="text/javascript">
	+<script>
	new rcube_splitter({ id:'enigmakeyssplitter', p1:'#enigmakeyslist', p2:'#enigmacontent-box',
	orientation:'v', relative:true, start:266, min:180, size:12 }).init();
	</script>

	</body>
	</html>
	diff --git a/plugins/jqueryui/jqueryui.php b/plugins/jqueryui/jqueryui.php
	index b4b69e9c5..23d7e8e7d 100644
	--- a/plugins/jqueryui/jqueryui.php
	+++ b/plugins/jqueryui/jqueryui.php
	@@ -1,156 +1,156 @@
	<?php

	/**
	* jQuery UI
	*
	* Provide the jQuery UI library with according themes.
	*
	* @version 1.12.0
	* @author Cor Bosman <roundcube@wa.ter.net>
	* @author Thomas Bruederli <roundcube@gmail.com>
	* @author Aleksander Machniak <alec@alec.pl>
	* @license GNU GPLv3+
	*/
	class jqueryui extends rcube_plugin
	{
	public $noajax = true;
	public $version = '1.12.0';

	private static $features = array();
	private static $ui_theme;
	private static $skin_map = array(
	'larry' => 'larry',
	'default' => 'elastic',
	);

	public function init()
	{
	$rcmail = rcmail::get_instance();

	// the plugin might have been force-loaded so do some sanity check first
	if ($rcmail->output->type != 'html' \|\| self::$ui_theme) {
	return;
	}

	$this->load_config();

	// include UI scripts
	$this->include_script("js/jquery-ui.min.js");

	// include UI stylesheet
	$skin = $rcmail->config->get('skin');
	$ui_map = $rcmail->config->get('jquery_ui_skin_map', self::$skin_map);
	$skins = array_keys($rcmail->output->skins);
	$skins[] = 'elastic';

	foreach ($skins as $skin) {
	self::$ui_theme = $ui_theme = $ui_map[$skin] ?: $skin;

	if (self::asset_exists("themes/$ui_theme/jquery-ui.css")) {
	$this->include_stylesheet("themes/$ui_theme/jquery-ui.css");
	break;
	}
	}

	// jquery UI localization
	$jquery_ui_i18n = $rcmail->config->get('jquery_ui_i18n', array('datepicker'));
	if (count($jquery_ui_i18n) > 0) {
	$lang_l = str_replace('_', '-', substr($_SESSION['language'], 0, 5));
	$lang_s = substr($_SESSION['language'], 0, 2);

	foreach ($jquery_ui_i18n as $package) {
	if (self::asset_exists("js/i18n/jquery.ui.$package-$lang_l.js", false)) {
	$this->include_script("js/i18n/jquery.ui.$package-$lang_l.js");
	}
	else if ($lang_s != 'en' && self::asset_exists("js/i18n/jquery.ui.$package-$lang_s.js", false)) {
	$this->include_script("js/i18n/jquery.ui.$package-$lang_s.js");
	}
	}
	}

	// Date format for datepicker
	$date_format = $date_format_localized = $rcmail->config->get('date_format', 'Y-m-d');
	$date_format = strtr($date_format, array(
	'y' => 'y',
	'Y' => 'yy',
	'm' => 'mm',
	'n' => 'm',
	'd' => 'dd',
	'j' => 'd',
	));

	$replaces = array('Y' => 'yyyy', 'y' => 'yy', 'm' => 'mm', 'd' => 'dd', 'j' => 'd', 'n' => 'm');

	foreach (array_keys($replaces) as $key) {
	if ($rcmail->text_exists("dateformat$key")) {
	$replaces[$key] = $rcmail->gettext("dateformat$key");
	}
	}

	$date_format_localized = strtr($date_format_localized, $replaces);

	$rcmail->output->set_env('date_format', $date_format);
	$rcmail->output->set_env('date_format_localized', $date_format_localized);
	}

	public static function miniColors()
	{
	if (in_array('miniColors', self::$features)) {
	return;
	}

	self::$features[] = 'miniColors';

	$ui_theme = self::$ui_theme;
	$rcube = rcube::get_instance();
	$script = 'plugins/jqueryui/js/jquery.minicolors.min.js';
	$css = "themes/$ui_theme/jquery.minicolors.css";

	if (!self::asset_exists($css)) {
	$css = "themes/larry/jquery.minicolors.css";
	}

	$colors_theme = $rcube->config->get('jquery_ui_colors_theme', 'default');
	$config = array('theme' => $colors_theme);
	$config_str = rcube_output::json_serialize($config);

	$rcube->output->include_css('plugins/jqueryui/' . $css);
	- $rcube->output->add_header(html::tag('script', array('type' => 'text/javascript', 'src' => $script)));
	+ $rcube->output->include_script($script, 'head', false);
	$rcube->output->add_script('$.fn.miniColors = $.fn.minicolors; $("input.colors").minicolors(' . $config_str . ')', 'docready');
	$rcube->output->set_env('minicolors_config', $config);
	}

	public static function tagedit()
	{
	if (in_array('tagedit', self::$features)) {
	return;
	}

	self::$features[] = 'tagedit';

	$script = 'plugins/jqueryui/js/jquery.tagedit.js';
	$rcube = rcube::get_instance();
	$ui_theme = self::$ui_theme;
	$css = "themes/$ui_theme/tagedit.css";

	if (!array_key_exists('elastic', (array) $rcube->output->skins)) {
	if (!self::asset_exists($css)) {
	$css = "themes/larry/tagedit.css";
	}

	$rcube->output->include_css('plugins/jqueryui/' . $css);
	}

	- $rcube->output->add_header(html::tag('script', array('type' => "text/javascript", 'src' => $script)));
	+ $rcube->output->include_script($script, 'head', false);
	}

	/**
	* Checks if an asset file exists in specified location (with assets_dir support)
	*/
	protected static function asset_exists($path, $minified = true)
	{
	$rcube = rcube::get_instance();

	return $rcube->find_asset('/plugins/jqueryui/' . $path, $minified) !== null;
	}
	}
	diff --git a/plugins/managesieve/skins/larry/templates/managesieve.html b/plugins/managesieve/skins/larry/templates/managesieve.html
	index c0d602ced..d08be47dc 100644
	--- a/plugins/managesieve/skins/larry/templates/managesieve.html
	+++ b/plugins/managesieve/skins/larry/templates/managesieve.html
	@@ -1,86 +1,86 @@
	<roundcube:object name="doctype" value="html5" />
	<html>
	<head>
	<roundcube:include file="/includes/links.html" />
	</head>
	<roundcube:if condition="env:extwin" /><body class="noscroll extwin"><roundcube:else /><body class="noscroll"><roundcube:endif />

	<roundcube:include file="/includes/header.html" />

	<h1 class="voice"><roundcube:label name="settings" /> : <roundcube:label name="managesieve.filters" /></h1>

	<div id="mainscreen" class="offset">

	<roundcube:include file="/includes/settingstabs.html" />

	<div id="settings-right" role="main">
	<roundcube:if condition="!env:managesieve_no_set_list" />
	<div id="filtersetslistbox" class="uibox listbox" aria-labelledby="aria-label-filtersets">
	<h2 class="boxtitle" id="aria-label-filtersets"><roundcube:label name="managesieve.filtersets" /></h2>
	<div class="scroller withfooter">
	<roundcube:object name="filtersetslist" id="filtersetslist" class="listing" summary="managesieve.ariasummaryfiltersetslist" type="list" noheader="true" role="listbox" />
	</div>
	<div class="boxfooter">
	<roundcube:button command="plugin.managesieve-setadd" type="link" title="managesieve.filtersetadd" class="listbutton add disabled" classAct="listbutton add" innerClass="inner" content="+" /><roundcube:button name="filtersetmenulink" id="filtersetmenulink" type="link" title="moreactions" class="listbutton groupactions" onclick="return UI.toggle_popup('filtersetmenu', event)" innerClass="inner" content="⚙" aria-haspopup="true" aria-expanded="false" aria-owns="filtersetmenu-menu" />
	</div>
	</div>
	<div id="filtersscreen">
	<roundcube:else />
	<div id="filtersscreen" class="nosetlist">
	<roundcube:endif />
	<div id="filterslistbox" class="uibox listbox" aria-labelledby="aria-label-filters">
	<h2 class="boxtitle" id="aria-label-filters"><roundcube:label name="managesieve.filters" /></h2>
	<div class="scroller withfooter">
	<roundcube:object name="filterslist" id="filterslist" class="listing" summary="managesieve.ariasummaryfilterslist" noheader="true" role="listbox" />
	</div>
	<div class="boxfooter">
	<roundcube:button command="plugin.managesieve-add" type="link" title="managesieve.filteradd" class="listbutton add disabled" classAct="listbutton add" innerClass="inner" content="+" /><roundcube:button name="filtermenulink" id="filtermenulink" type="link" title="moreactions" class="listbutton groupactions" onclick="return UI.toggle_popup('filtermenu', event)" innerClass="inner" content="⚙" aria-haspopup="true" aria-expanded="false" aria-owns="filtermenu-menu" />
	</div>
	</div>

	<div id="filter-box" class="uibox contentbox">
	<div class="iframebox" role="complementary" aria-labelledby="aria-label-filterform">
	<h2 id="aria-label-filterframe" class="voice"><roundcube:label name="managesieve.arialabelfilterform" /></h2>
	<roundcube:object name="contentframe" id="filter-frame" style="width:100%; height:100%" frameborder="0" src="env:blankpage" title="managesieve.arialabelfilterform" />
	</div>
	</div>

	</div>
	</div>
	</div>

	<div id="filtersetmenu" class="popupmenu" aria-hidden="true">
	<h3 id="aria-label-setactions" class="voice"><roundcube:label name="managesieve.arialabelfiltersetactions" /></h3>
	<ul class="toolbarmenu" id="filtersetmenu-menu" role="menu" aria-labelledby="aria-label-setactions">
	<li role="menuitem"><roundcube:button type="link" command="plugin.managesieve-setact" label="managesieve.enable" classAct="active" /></li>
	<li role="menuitem"><roundcube:button type="link" command="plugin.managesieve-setdel" label="delete" classAct="active" /></li>
	<roundcube:if condition="env:raw_sieve_editor != false" />
	<li role="menuitem"><roundcube:button type="link" command="plugin.managesieve-seteditraw" label="managesieve.filterseteditraw" classAct="active" /></li>
	<roundcube:endif />
	<li role="menuitem" class="separator_above"><roundcube:button type="link" command="plugin.managesieve-setget" label="download" classAct="active" /></li>
	<roundcube:container name="filtersetoptions" id="filtersetmenu" />
	</ul>
	</div>

	<div id="filtermenu" class="popupmenu" aria-hidden="true">
	<h3 id="aria-label-filteractions" class="voice"><roundcube:label name="managesieve.arialabelfilteractions" /></h3>
	<ul class="toolbarmenu" id="filtermenu-menu" role="menu" aria-labelledby="aria-label-filteractions">
	<li role="menuitem"><roundcube:button type="link" command="plugin.managesieve-act" label="managesieve.enable" classAct="active" /></li>
	<li role="menuitem"><roundcube:button type="link" command="plugin.managesieve-del" label="delete" classAct="active" /></li>
	<roundcube:container name="filteroptions" id="filtermenu" />
	</ul>
	</div>

	<roundcube:include file="/includes/footer.html" />

	-<script type="text/javascript">
	+<script>
	<roundcube:if condition="!env:managesieve_no_set_list" />
	new rcube_splitter({ id:'managesievesplitter1', p1:'#filtersetslistbox', p2:'#filtersscreen',
	orientation:'v', relative:true, start:156, min:120, size:12 }).init();
	<roundcube:endif />
	new rcube_splitter({ id:'managesievesplitter2', p1:'#filterslistbox', p2:'#filter-box',
	orientation:'v', relative:true, start:186, min:120, size:12 }).init();
	</script>

	</body>
	</html>
	diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php
	index ef66dd83d..891a64d84 100644
	--- a/program/include/rcmail_output_html.php
	+++ b/program/include/rcmail_output_html.php
	@@ -1,2501 +1,2501 @@
	<?php

	/**
	+-----------------------------------------------------------------------+
	\| This file is part of the Roundcube Webmail client \|
	\| \|
	\| Copyright (C) The Roundcube Dev Team \|
	\| \|
	\| Licensed under the GNU General Public License version 3 or \|
	\| any later version with exceptions for skins & plugins. \|
	\| See the README file for a full license statement. \|
	\| \|
	\| PURPOSE: \|
	\| Class to handle HTML page output using a skin template. \|
	+-----------------------------------------------------------------------+
	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
	+-----------------------------------------------------------------------+
	*/

	/**
	* Class to create HTML page output using a skin template
	*
	* @package Webmail
	* @subpackage View
	*/
	class rcmail_output_html extends rcmail_output
	{
	public $type = 'html';

	protected $message;
	protected $template_name;
	protected $objects = array();
	protected $js_env = array();
	protected $js_labels = array();
	protected $js_commands = array();
	protected $skin_paths = array();
	protected $skin_name = '';
	protected $scripts_path = '';
	protected $script_files = array();
	protected $css_files = array();
	protected $scripts = array();
	protected $meta_tags = array();
	protected $link_tags = array('shortcut icon' => '');
	protected $header = '';
	protected $footer = '';
	protected $body = '';
	protected $base_path = '';
	protected $assets_path;
	protected $assets_dir = RCUBE_INSTALL_PATH;
	protected $devel_mode = false;
	protected $default_template = "<html>\n<head><title></title></head>\n<body></body>\n</html>";

	// deprecated names of templates used before 0.5
	protected $deprecated_templates = array(
	'contact' => 'showcontact',
	'contactadd' => 'addcontact',
	'contactedit' => 'editcontact',
	'identityedit' => 'editidentity',
	'messageprint' => 'printmessage',
	);

	// deprecated names of template objects used before 1.4
	protected $deprecated_template_objects = array(
	'addressframe' => 'contentframe',
	'messagecontentframe' => 'contentframe',
	'prefsframe' => 'contentframe',
	'folderframe' => 'contentframe',
	'identityframe' => 'contentframe',
	'responseframe' => 'contentframe',
	'keyframe' => 'contentframe',
	'filterframe' => 'contentframe',
	);

	/**
	* Constructor
	*/
	public function __construct($task = null, $framed = false)
	{
	parent::__construct();

	$this->devel_mode = $this->config->get('devel_mode');

	$this->set_env('task', $task);
	$this->set_env('standard_windows', (bool) $this->config->get('standard_windows'));
	$this->set_env('locale', $_SESSION['language']);
	$this->set_env('devel_mode', $this->devel_mode);

	// Version number e.g. 1.4.2 will be 10402
	$version = explode('.', preg_replace('/[^0-9.].*/', '', RCMAIL_VERSION));
	$this->set_env('rcversion', $version[0] * 10000 + $version[1] * 100 + $version[2]);

	// add cookie info
	$this->set_env('cookie_domain', ini_get('session.cookie_domain'));
	$this->set_env('cookie_path', ini_get('session.cookie_path'));
	$this->set_env('cookie_secure', filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN));

	// Easy way to change skin via GET argument, for developers
	if ($this->devel_mode && !empty($_GET['skin']) && preg_match('/^[a-z0-9-_]+$/i', $_GET['skin'])) {
	if ($this->check_skin($_GET['skin'])) {
	$this->set_skin($_GET['skin']);
	$this->app->user->save_prefs(array('skin' => $_GET['skin']));
	}
	}

	// load and setup the skin
	$this->set_skin($this->config->get('skin'));
	$this->set_assets_path($this->config->get('assets_path'), $this->config->get('assets_dir'));

	if (!empty($_REQUEST['_extwin']))
	$this->set_env('extwin', 1);
	if ($this->framed \|\| $framed)
	$this->set_env('framed', 1);

	$lic = <<<EOF
	/*
	@licstart The following is the entire license notice for the
	JavaScript code in this page.

	Copyright (C) The Roundcube Dev Team

	The JavaScript code in this page is free software: you can redistribute
	it and/or modify it under the terms of the GNU General Public License
	as published by the Free Software Foundation, either version 3 of
	the License, or (at your option) any later version.

	The code is distributed WITHOUT ANY WARRANTY; without even the implied
	warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
	See the GNU GPL for more details.

	@licend The above is the entire license notice
	for the JavaScript code in this page.
	*/
	EOF;
	// add common javascripts
	$this->add_script($lic, 'head_top');
	$this->add_script('var '.self::JS_OBJECT_NAME.' = new rcube_webmail();', 'head_top');

	// don't wait for page onload. Call init at the bottom of the page (delayed)
	$this->add_script(self::JS_OBJECT_NAME.'.init();', 'docready');

	$this->scripts_path = 'program/js/';
	$this->include_script('jquery.min.js');
	$this->include_script('common.js');
	$this->include_script('app.js');

	// register common UI objects
	$this->add_handlers(array(
	'loginform' => array($this, 'login_form'),
	'preloader' => array($this, 'preloader'),
	'username' => array($this, 'current_username'),
	'message' => array($this, 'message_container'),
	'charsetselector' => array($this, 'charset_selector'),
	'aboutcontent' => array($this, 'about_content'),
	));

	// set blankpage (watermark) url
	$blankpage = $this->config->get('blankpage_url', '/watermark.html');
	$this->set_env('blankpage', $blankpage);
	}

	/**
	* Set environment variable
	*
	* @param string $name Property name
	* @param mixed $value Property value
	* @param boolean $addtojs True if this property should be added
	* to client environment
	*/
	public function set_env($name, $value, $addtojs = true)
	{
	$this->env[$name] = $value;

	if ($addtojs \|\| isset($this->js_env[$name])) {
	$this->js_env[$name] = $value;
	}
	}

	/**
	* Parse and set assets path
	*
	* @param string $path Assets path URL (relative or absolute)
	* @param string $fs_dif Assets path in filesystem
	*/
	public function set_assets_path($path, $fs_dir = null)
	{
	if (empty($path)) {
	return;
	}

	$path = rtrim($path, '/') . '/';

	// handle relative assets path
	if (!preg_match('\|^https?://\|', $path) && $path[0] != '/') {
	// save the path to search for asset files later
	$this->assets_dir = $path;

	$base = preg_replace('/[?#&].*$/', '', $_SERVER['REQUEST_URI']);
	$base = rtrim($base, '/');

	// remove url token if exists
	if ($len = intval($this->config->get('use_secure_urls'))) {
	$_base = explode('/', $base);
	$last = count($_base) - 1;
	$length = $len > 1 ? $len : 16; // as in rcube::get_secure_url_token()

	// we can't use real token here because it
	// does not exists in unauthenticated state,
	// hope this will not produce false-positive matches
	if ($last > -1 && preg_match('/^[a-f0-9]{' . $length . '}$/', $_base[$last])) {
	$path = '../' . $path;
	}
	}
	}

	// set filesystem path for assets
	if ($fs_dir) {
	if ($fs_dir[0] != '/') {
	$fs_dir = realpath(RCUBE_INSTALL_PATH . $fs_dir);
	}
	// ensure the path ends with a slash
	$this->assets_dir = rtrim($fs_dir, '/') . '/';
	}

	$this->assets_path = $path;
	$this->set_env('assets_path', $path);
	}

	/**
	* Getter for the current page title
	*
	* @param bool $full Prepend title with product/user name
	*
	* @return string The page title
	*/
	protected function get_pagetitle($full = true)
	{
	if (!empty($this->pagetitle)) {
	$title = $this->pagetitle;
	}
	else if ($this->env['task'] == 'login') {
	$title = $this->app->gettext(array(
	'name' => 'welcome',
	'vars' => array('product' => $this->config->get('product_name')
	)));
	}
	else {
	$title = ucfirst($this->env['task']);
	}

	if ($full) {
	if ($this->devel_mode && !empty($_SESSION['username'])) {
	$title = $_SESSION['username'] . ' :: ' . $title;
	}
	else if ($prod_name = $this->config->get('product_name')) {
	$title = $prod_name . ' :: ' . $title;
	}
	}

	return $title;
	}

	/**
	* Getter for the current skin path property
	*/
	public function get_skin_path()
	{
	return $this->skin_paths[0];
	}

	/**
	* Set skin
	*
	* @param string $skin Skin name
	*/
	public function set_skin($skin)
	{
	if (!$this->check_skin($skin)) {
	$skin = rcube_config::DEFAULT_SKIN;
	}

	$skin_path = 'skins/' . $skin;

	$this->config->set('skin_path', $skin_path);
	$this->base_path = $skin_path;

	// register skin path(s)
	$this->skin_paths = array();
	$this->skins = array();
	$this->load_skin($skin_path);

	$this->skin_name = $skin;
	$this->set_env('skin', $skin);
	}

	/**
	* Check skin validity/existence
	*
	* @param string $skin Skin name
	*
	* @return bool True if the skin exist and is readable, False otherwise
	*/
	public function check_skin($skin)
	{
	// Sanity check to prevent from path traversal vulnerability (#1490620)
	if (strpos($skin, '/') !== false \|\| strpos($skin, "\\") !== false) {
	rcube::raise_error(array(
	'file' => __FILE__,
	'line' => __LINE__,
	'message' => 'Invalid skin name'
	), true, false);

	return false;
	}

	$path = RCUBE_INSTALL_PATH . 'skins/';

	return !empty($skin) && is_dir($path . $skin) && is_readable($path . $skin);
	}

	/**
	* Helper method to recursively read skin meta files and register search paths
	*/
	private function load_skin($skin_path)
	{
	$this->skin_paths[] = $skin_path;

	// read meta file and check for dependencies
	$meta = @file_get_contents(RCUBE_INSTALL_PATH . $skin_path . '/meta.json');
	$meta = @json_decode($meta, true);

	$meta['path'] = $skin_path;
	$path_elements = explode('/', $skin_path);
	$skin_id = end($path_elements);

	if (!$meta['name']) {
	$meta['name'] = $skin_id;
	}

	$this->skins[$skin_id] = $meta;

	// Keep skin config for ajax requests (#6613)
	$_SESSION['skin_config'] = array();

	if ($meta['extends']) {
	$path = RCUBE_INSTALL_PATH . 'skins/';
	if (is_dir($path . $meta['extends']) && is_readable($path . $meta['extends'])) {
	$_SESSION['skin_config'] = $this->load_skin('skins/' . $meta['extends']);
	}
	}

	if (!empty($meta['config'])) {
	foreach ($meta['config'] as $key => $value) {
	$this->config->set($key, $value, true);
	$_SESSION['skin_config'][$key] = $value;
	}

	$value = array_merge((array) $this->config->get('dont_override'), array_keys($meta['config']));
	$this->config->set('dont_override', $value, true);
	}

	if (!empty($meta['localization'])) {
	$locdir = $meta['localization'] === true ? 'localization' : $meta['localization'];
	if ($texts = $this->app->read_localization(RCUBE_INSTALL_PATH . $skin_path . '/' . $locdir)) {
	$this->app->load_language($_SESSION['language'], $texts);
	}
	}

	// Use array_merge() here to allow for global default and extended skins
	$this->meta_tags = array_merge($this->meta_tags, (array) $meta['meta']);
	$this->link_tags = array_merge($this->link_tags, (array) $meta['links']);

	return $_SESSION['skin_config'];
	}

	/**
	* Check if a specific template exists
	*
	* @param string $name Template name
	*
	* @return boolean True if template exists
	*/
	public function template_exists($name)
	{
	foreach ($this->skin_paths as $skin_path) {
	$filename = RCUBE_INSTALL_PATH . $skin_path . '/templates/' . $name . '.html';
	if ((is_file($filename) && is_readable($filename))
	\|\| ($this->deprecated_templates[$name] && $this->template_exists($this->deprecated_templates[$name]))
	) {
	return true;
	}
	}

	return false;
	}

	/**
	* Find the given file in the current skin path stack
	*
	* @param string $file File name/path to resolve (starting with /)
	* @param string &$skin_path Reference to the base path of the matching skin
	* @param string $add_path Additional path to search in
	* @param bool $minified Fallback to a minified version of the file
	*
	* @return mixed Relative path to the requested file or False if not found
	*/
	public function get_skin_file($file, &$skin_path = null, $add_path = null, $minified = false)
	{
	$skin_paths = $this->skin_paths;

	if ($add_path) {
	array_unshift($skin_paths, $add_path);
	$skin_paths = array_unique($skin_paths);
	}

	if ($skin_path = $this->find_file_path($file, $skin_paths)) {
	return $skin_path . $file;
	}

	if ($minified && preg_match('/(?<!\.min)\.(js\|css)$/', $file)) {
	$file = preg_replace('/\.(js\|css)$/', '.min.\\1', $file);

	if ($skin_path = $this->find_file_path($file, $skin_paths)) {
	return $skin_path . $file;
	}
	}

	return false;
	}

	/**
	* Find path of the asset file
	*/
	protected function find_file_path($file, $skin_paths)
	{
	foreach ($skin_paths as $skin_path) {
	if ($this->assets_dir != RCUBE_INSTALL_PATH) {
	if (realpath($this->assets_dir . $skin_path . $file)) {
	return $skin_path;
	}
	}

	if (realpath(RCUBE_INSTALL_PATH . $skin_path . $file)) {
	return $skin_path;
	}
	}
	}

	/**
	* Register a GUI object to the client script
	*
	* @param string $obj Object name
	* @param string $id Object ID
	*/
	public function add_gui_object($obj, $id)
	{
	$this->add_script(self::JS_OBJECT_NAME.".gui_object('$obj', '$id');");
	}

	/**
	* Call a client method
	*
	* @param string Method to call
	* @param ... Additional arguments
	*/
	public function command()
	{
	$cmd = func_get_args();
	if (strpos($cmd[0], 'plugin.') !== false)
	$this->js_commands[] = array('triggerEvent', $cmd[0], $cmd[1]);
	else
	$this->js_commands[] = $cmd;
	}

	/**
	* Add a localized label to the client environment
	*/
	public function add_label()
	{
	$args = func_get_args();

	if (count($args) == 1 && is_array($args[0])) {
	$args = $args[0];
	}

	foreach ($args as $name) {
	$this->js_labels[$name] = $this->app->gettext($name);
	}
	}

	/**
	* Invoke display_message command
	*
	* @param string $message Message to display
	* @param string $type Message type [notice\|confirm\|error]
	* @param array $vars Key-value pairs to be replaced in localized text
	* @param boolean $override Override last set message
	* @param int $timeout Message display time in seconds
	*
	* @uses self::command()
	*/
	public function show_message($message, $type='notice', $vars=null, $override=true, $timeout=0)
	{
	if ($override \|\| !$this->message) {
	if ($this->app->text_exists($message)) {
	if (!empty($vars))
	$vars = array_map(array('rcube','Q'), $vars);
	$msgtext = $this->app->gettext(array('name' => $message, 'vars' => $vars));
	}
	else
	$msgtext = $message;

	$this->message = $message;
	$this->command('display_message', $msgtext, $type, $timeout * 1000);
	}
	}

	/**
	* Delete all stored env variables and commands
	*
	* @param bool $all Reset all env variables (including internal)
	*/
	public function reset($all = false)
	{
	$framed = $this->framed;
	$task = $this->env['task'];
	$env = $all ? null : array_intersect_key($this->env, array('extwin'=>1, 'framed'=>1));

	// keep jQuery-UI files
	$css_files = $script_files = array();

	foreach ($this->css_files as $file) {
	if (strpos($file, 'plugins/jqueryui') === 0) {
	$css_files[] = $file;
	}
	}

	foreach ($this->script_files as $position => $files) {
	foreach ($files as $file) {
	if (strpos($file, 'plugins/jqueryui') === 0) {
	$script_files[$position][] = $file;
	}
	}
	}

	parent::reset();

	// let some env variables survive
	$this->env = $this->js_env = $env;
	$this->framed = $framed \|\| $this->env['framed'];
	$this->js_labels = array();
	$this->js_commands = array();
	$this->scripts = array();
	$this->header = '';
	$this->footer = '';
	$this->body = '';
	$this->css_files = array();
	$this->script_files = array();

	// load defaults
	if (!$all) {
	$this->__construct();
	}

	// Note: we merge jQuery-UI scripts after jQuery...
	$this->css_files = array_merge($this->css_files, $css_files);
	$this->script_files = array_merge_recursive($this->script_files, $script_files);

	$this->set_env('orig_task', $task);
	}

	/**
	* Redirect to a certain url
	*
	* @param mixed $p Either a string with the action or url parameters as key-value pairs
	* @param int $delay Delay in seconds
	* @param bool $secure Redirect to secure location (see rcmail::url())
	*/
	public function redirect($p = array(), $delay = 1, $secure = false)
	{
	if ($this->env['extwin'])
	$p['extwin'] = 1;
	$location = $this->app->url($p, false, false, $secure);
	header('Location: ' . $location);
	exit;
	}

	/**
	* Send the request output to the client.
	* This will either parse a skin template.
	*
	* @param string $templ Template name
	* @param boolean $exit True if script should terminate (default)
	*/
	public function send($templ = null, $exit = true)
	{
	if ($templ != 'iframe') {
	// prevent from endless loops
	if ($exit != 'recur' && $this->app->plugins->is_processing('render_page')) {
	rcube::raise_error(array('code' => 505, 'type' => 'php',
	'file' => __FILE__, 'line' => __LINE__,
	'message' => 'Recursion alert: ignoring output->send()'), true, false);
	return;
	}
	$this->parse($templ, false);
	}
	else {
	$this->framed = true;
	$this->write();
	}

	// set output asap
	ob_flush();
	flush();

	if ($exit) {
	exit;
	}
	}

	/**
	* Process template and write to stdOut
	*
	* @param string $template HTML template content
	*/
	public function write($template = '')
	{
	if (!empty($this->script_files)) {
	$this->set_env('request_token', $this->app->get_request_token());
	}

	// Fix assets path on blankpage
	if ($this->js_env['blankpage']) {
	$this->js_env['blankpage'] = $this->asset_url($this->abs_url($this->js_env['blankpage'], true));
	}

	$commands = $this->get_js_commands($framed);

	// if all js commands go to parent window we can ignore all
	// script files and skip rcube_webmail initialization (#1489792)
	// but not on error pages where skins may need jQuery, etc.
	if ($framed && empty($this->js_env['server_error'])) {
	$this->scripts = array();
	$this->script_files = array();
	$this->header = '';
	$this->footer = '';
	}

	// write all javascript commands
	if (!empty($commands)) {
	$this->add_script($commands, 'head_top');
	}

	$this->page_headers();

	// call super method
	$this->_write($template);
	}

	/**
	* Send common page headers
	* For now it only (re)sets X-Frame-Options when needed
	*/
	public function page_headers()
	{
	if (headers_sent()) {
	return;
	}

	// allow (legal) iframe content to be loaded
	$framed = $this->framed \|\| $this->env['framed'];
	if ($framed && ($xopt = $this->app->config->get('x_frame_options', 'sameorigin'))) {
	if (strtolower($xopt) === 'deny') {
	header('X-Frame-Options: sameorigin', true);
	}
	}
	}

	/**
	* Parse a specific skin template and deliver to stdout (or return)
	*
	* @param string $name Template name
	* @param boolean $exit Exit script
	* @param boolean $write Don't write to stdout, return parsed content instead
	*
	* @link http://php.net/manual/en/function.exit.php
	*/
	function parse($name = 'main', $exit = true, $write = true)
	{
	$plugin = false;
	$realname = $name;
	$plugin_skin_paths = array();

	$this->template_name = $realname;

	$temp = explode('.', $name, 2);
	if (count($temp) > 1) {
	$plugin = $temp[0];
	$name = $temp[1];
	$skin_dir = $plugin . '/skins/' . $this->config->get('skin');

	// apply skin search escalation list to plugin directory
	foreach ($this->skin_paths as $skin_path) {
	$plugin_skin_paths[] = $this->app->plugins->url . $plugin . '/' . $skin_path;
	}

	// prepend plugin skin paths to search list
	$this->skin_paths = array_merge($plugin_skin_paths, $this->skin_paths);
	}

	// find skin template
	$path = false;
	foreach ($this->skin_paths as $skin_path) {
	// when requesting a plugin template ignore global skin path(s)
	if ($plugin && strpos($skin_path, $this->app->plugins->url) !== 0) {
	continue;
	}

	$path = RCUBE_INSTALL_PATH . "$skin_path/templates/$name.html";

	// fallback to deprecated template names
	if (!is_readable($path) && ($dname = $this->deprecated_templates[$realname])) {
	$path = RCUBE_INSTALL_PATH . "$skin_path/templates/$dname.html";

	if (is_readable($path)) {
	rcube::raise_error(array(
	'code' => 502, 'file' => __FILE__, 'line' => __LINE__,
	'message' => "Using deprecated template '$dname' in $skin_path/templates. Please rename to '$realname'"
	), true, false);
	}
	}

	if (is_readable($path)) {
	$this->config->set('skin_path', $skin_path);
	// set base_path to core skin directory (not plugin's skin)
	$this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path);
	$skin_dir = preg_replace('!^plugins/!', '', $skin_path);
	break;
	}
	else {
	$path = false;
	}
	}

	// read template file
	if (!$path \|\| ($templ = @file_get_contents($path)) === false) {
	rcube::raise_error(array(
	'code' => 404,
	'type' => 'php',
	'line' => __LINE__,
	'file' => __FILE__,
	'message' => 'Error loading template for '.$realname
	), true, $write);

	$this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));
	return false;
	}

	// replace all path references to plugins/... with the configured plugins dir
	// and /this/ to the current plugin skin directory
	if ($plugin) {
	$templ = preg_replace(
	array('/\bplugins\//', '/(["\']?)\/this\//'),
	array($this->app->plugins->url, '\\1'.$this->app->plugins->url.$skin_dir.'/'),
	$templ
	);
	}

	// parse for specialtags
	$output = $this->parse_conditions($templ);
	$output = $this->parse_xml($output);

	// trigger generic hook where plugins can put additional content to the page
	$hook = $this->app->plugins->exec_hook("render_page", array(
	'template' => $realname, 'content' => $output, 'write' => $write));

	// save some memory
	$output = $hook['content'];
	unset($hook['content']);

	// remove plugin skin paths from current context
	$this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));

	if (!$write) {
	return $this->postrender($output);
	}

	$this->write(trim($output));

	if ($exit) {
	exit;
	}
	}

	/**
	* Return executable javascript code for all registered commands
	*/
	protected function get_js_commands(&$framed = null)
	{
	$out = '';
	$parent_commands = 0;
	$top_commands = array();

	// these should be always on top,
	// e.g. hide_message() below depends on env.framed
	if (!$this->framed && !empty($this->js_env)) {
	$top_commands[] = array('set_env', $this->js_env);
	}
	if (!empty($this->js_labels)) {
	$top_commands[] = array('add_label', $this->js_labels);
	}

	// unlock interface after iframe load
	$unlock = preg_replace('/[^a-z0-9]/i', '', $_REQUEST['_unlock']);
	if ($this->framed) {
	$top_commands[] = array('iframe_loaded', $unlock);
	}
	else if ($unlock) {
	$top_commands[] = array('hide_message', $unlock);
	}

	$commands = array_merge($top_commands, $this->js_commands);

	foreach ($commands as $i => $args) {
	$method = array_shift($args);
	$parent = $this->framed \|\| preg_match('/^parent\./', $method);

	foreach ($args as $i => $arg) {
	$args[$i] = self::json_serialize($arg, $this->devel_mode);
	}

	if ($parent) {
	$parent_commands++;
	$method = preg_replace('/^parent\./', '', $method);
	$parent_prefix = 'if (window.parent && parent.' . self::JS_OBJECT_NAME . ') parent.';
	$method = $parent_prefix . self::JS_OBJECT_NAME . '.' . $method;
	}
	else {
	$method = self::JS_OBJECT_NAME . '.' . $method;
	}

	$out .= sprintf("%s(%s);\n", $method, implode(',', $args));
	}

	$framed = $parent_prefix && $parent_commands == count($commands);

	// make the output more compact if all commands go to parent window
	if ($framed) {
	$out = "if (window.parent && parent." . self::JS_OBJECT_NAME . ") {\n"
	. str_replace($parent_prefix, "\tparent.", $out)
	. "}\n";
	}

	return $out;
	}

	/**
	* Make URLs starting with a slash point to skin directory
	*
	* @param string $str Input string
	* @param bool $search_path True if URL should be resolved using the current skin path stack
	*
	* @return string URL
	*/
	public function abs_url($str, $search_path = false)
	{
	if ($str[0] == '/') {
	if ($search_path && ($file_url = $this->get_skin_file($str))) {
	return $file_url;
	}

	return $this->base_path . $str;
	}

	return $str;
	}

	/**
	* Show error page and terminate script execution
	*
	* @param int $code Error code
	* @param string $message Error message
	*/
	public function raise_error($code, $message)
	{
	global $__page_content, $ERROR_CODE, $ERROR_MESSAGE;

	$ERROR_CODE = $code;
	$ERROR_MESSAGE = $message;

	include RCUBE_INSTALL_PATH . 'program/steps/utils/error.inc';
	exit;
	}

	/**
	* Modify path by adding URL prefix if configured
	*
	* @param string $path Asset path
	* @param bool $abs_url Pass to self::abs_url() first
	*
	* @return string Asset path
	*/
	public function asset_url($path, $abs_url = false)
	{
	// iframe content can't be in a different domain
	// @TODO: check if assests are on a different domain

	if ($abs_url) {
	$path = $this->abs_url($path, true);
	}

	if (!$this->assets_path \|\| in_array($path[0], array('?', '/', '.')) \|\| strpos($path, '://')) {
	return $path;
	}

	return $this->assets_path . $path;
	}


	/*** Template parsing methods ***/

	/**
	* Replace all strings ($varname)
	* with the content of the according global variable.
	*/
	protected function parse_with_globals($input)
	{
	$GLOBALS['__version'] = html::quote(RCMAIL_VERSION);
	$GLOBALS['__comm_path'] = html::quote($this->app->comm_path);
	$GLOBALS['__skin_path'] = html::quote($this->base_path);

	return preg_replace_callback('/\$(__[a-z0-9_\-]+)/',
	array($this, 'globals_callback'), $input);
	}

	/**
	* Callback function for preg_replace_callback() in parse_with_globals()
	*/
	protected function globals_callback($matches)
	{
	return $GLOBALS[$matches[1]];
	}

	/**
	* Correct absolute paths in images and other tags (add cache busters)
	*/
	protected function fix_paths($output)
	{
	return preg_replace_callback(
	'!(src\|href\|background\|data-src-[a-z]+)=(["\']?)([a-z0-9/_.-]+)(["\'\s>])!i',
	array($this, 'file_callback'), $output);
	}

	/**
	* Callback function for preg_replace_callback in fix_paths()
	*
	* @return string Parsed string
	*/
	protected function file_callback($matches)
	{
	$file = $matches[3];
	$file = preg_replace('!^/this/!', '/', $file);

	// correct absolute paths
	if ($file[0] == '/') {
	$this->get_skin_file($file, $skin_path, $this->base_path);
	$file = ($skin_path ?: $this->base_path) . $file;
	}

	// add file modification timestamp
	if (preg_match('/\.(js\|css\|less\|ico\|png\|svg\|jpeg)$/', $file)) {
	$file = $this->file_mod($file);
	}

	return $matches[1] . '=' . $matches[2] . $file . $matches[4];
	}

	/**
	* Correct paths of asset files according to assets_path
	*/
	protected function fix_assets_paths($output)
	{
	return preg_replace_callback(
	'!(src\|href\|background)=(["\']?)([a-z0-9/_.?=-]+)(["\'\s>])!i',
	array($this, 'assets_callback'), $output);
	}

	/**
	* Callback function for preg_replace_callback in fix_assets_paths()
	*
	* @return string Parsed string
	*/
	protected function assets_callback($matches)
	{
	$file = $this->asset_url($matches[3]);

	return $matches[1] . '=' . $matches[2] . $file . $matches[4];
	}

	/**
	* Modify file by adding mtime indicator
	*/
	protected function file_mod($file)
	{
	$fs = false;
	$ext = substr($file, strrpos($file, '.') + 1);

	// use minified file if exists (not in development mode)
	if (!$this->devel_mode && !preg_match('/\.min\.' . $ext . '$/', $file)) {
	$minified_file = substr($file, 0, strlen($ext) * -1) . 'min.' . $ext;
	if ($fs = @filemtime($this->assets_dir . $minified_file)) {
	return $minified_file . '?s=' . $fs;
	}
	}

	if ($fs = @filemtime($this->assets_dir . $file)) {
	$file .= '?s=' . $fs;
	}

	return $file;
	}

	/**
	* Public wrapper to dipp into template parsing.
	*
	* @param string $input Template content
	*
	* @return string
	* @uses rcmail_output_html::parse_xml()
	* @since 0.1-rc1
	*/
	public function just_parse($input)
	{
	$input = $this->parse_conditions($input);
	$input = $this->parse_xml($input);
	$input = $this->postrender($input);

	return $input;
	}

	/**
	* Parse for conditional tags
	*/
	protected function parse_conditions($input)
	{
	$matches = preg_split('/<roundcube:(if\|elseif\|else\|endif)\s+([^>]+)>\n?/is', $input, 2, PREG_SPLIT_DELIM_CAPTURE);
	if ($matches && count($matches) == 4) {
	if (preg_match('/^(else\|endif)$/i', $matches[1])) {
	return $matches[0] . $this->parse_conditions($matches[3]);
	}

	$attrib = html::parse_attrib_string($matches[2]);

	if (isset($attrib['condition'])) {
	$condmet = $this->check_condition($attrib['condition']);
	$submatches = preg_split('/<roundcube:(elseif\|else\|endif)\s+([^>]+)>\n?/is', $matches[3], 2, PREG_SPLIT_DELIM_CAPTURE);

	if ($condmet) {
	$result = $submatches[0];
	if ($submatches[1] != 'endif') {
	$result .= preg_replace('/.*<roundcube:endif\s+[^>]+>\n?/Uis', '', $submatches[3], 1);
	}
	else {
	$result .= $submatches[3];
	}
	}
	else {
	$result = "<roundcube:$submatches[1] $submatches[2]>" . $submatches[3];
	}

	return $matches[0] . $this->parse_conditions($result);
	}

	rcube::raise_error(array(
	'code' => 500, 'line' => __LINE__, 'file' => __FILE__,
	'message' => "Unable to parse conditional tag " . $matches[2]
	), true, false);
	}

	return $input;
	}

	/**
	* Determines if a given condition is met
	*
	* @param string $condition Condition statement
	*
	* @return boolean True if condition is met, False if not
	* @todo Extend this to allow real conditions, not just "set"
	*/
	protected function check_condition($condition)
	{
	return $this->eval_expression($condition);
	}

	/**
	* Inserts hidden field with CSRF-prevention-token into POST forms
	*/
	protected function alter_form_tag($matches)
	{
	$out = $matches[0];
	$attrib = html::parse_attrib_string($matches[1]);

	if (strtolower($attrib['method']) == 'post') {
	$hidden = new html_hiddenfield(array('name' => '_token', 'value' => $this->app->get_request_token()));
	$out .= "\n" . $hidden->show();
	}

	return $out;
	}

	/**
	* Parse & evaluate a given expression and return its result.
	*
	* @param string $expression Expression statement
	*
	* @return mixed Expression result
	*/
	protected function eval_expression($expression)
	{
	$expression = preg_replace(
	array(
	'/session:([a-z0-9_]+)/i',
	'/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i',
	'/env:([a-z0-9_]+)/i',
	'/request:([a-z0-9_]+)/i',
	'/cookie:([a-z0-9_]+)/i',
	'/browser:([a-z0-9_]+)/i',
	'/template:name/i',
	),
	array(
	"\$_SESSION['\\1']",
	"\$this->app->config->get('\\1',rcube_utils::get_boolean('\\3'))",
	"\$this->env['\\1']",
	"rcube_utils::get_input_value('\\1', rcube_utils::INPUT_GPC)",
	"\$_COOKIE['\\1']",
	"\$this->browser->{'\\1'}",
	"'{$this->template_name}'",
	),
	$expression
	);

	// Note: We used create_function() before but it's deprecated in PHP 7.2
	// and really it was just a wrapper on eval().
	return eval("return ($expression);");
	}

	/**
	* Parse variable strings
	*
	* @param string $type Variable type (env, config etc)
	* @param string $name Variable name
	*
	* @return mixed Variable value
	*/
	protected function parse_variable($type, $name)
	{
	$value = '';

	switch ($type) {
	case 'env':
	$value = $this->env[$name];
	break;
	case 'config':
	$value = $this->config->get($name);
	if (is_array($value) && $value[$_SESSION['storage_host']]) {
	$value = $value[$_SESSION['storage_host']];
	}
	break;
	case 'request':
	$value = rcube_utils::get_input_value($name, rcube_utils::INPUT_GPC);
	break;
	case 'session':
	$value = $_SESSION[$name];
	break;
	case 'cookie':
	$value = htmlspecialchars($_COOKIE[$name], ENT_COMPAT \| ENT_HTML401, RCUBE_CHARSET);
	break;
	case 'browser':
	$value = $this->browser->{$name};
	break;
	}

	return $value;
	}

	/**
	* Search for special tags in input and replace them
	* with the appropriate content
	*
	* @param string $input Input string to parse
	*
	* @return string Altered input string
	* @todo Use DOM-parser to traverse template HTML
	* @todo Maybe a cache.
	*/
	protected function parse_xml($input)
	{
	return preg_replace_callback('/<roundcube:([-_a-z]+)\s+((?:[^>]\|\\\\>)+)(?<!\\\\)>/Ui', array($this, 'xml_command'), $input);
	}

	/**
	* Callback function for parsing an xml command tag
	* and turn it into real html content
	*
	* @param array $matches Matches array of preg_replace_callback
	*
	* @return string Tag/Object content
	*/
	protected function xml_command($matches)
	{
	$command = strtolower($matches[1]);
	$attrib = html::parse_attrib_string($matches[2]);

	// empty output if required condition is not met
	if (!empty($attrib['condition']) && !$this->check_condition($attrib['condition'])) {
	return '';
	}

	// localize title and summary attributes
	if ($command != 'button' && !empty($attrib['title']) && $this->app->text_exists($attrib['title'])) {
	$attrib['title'] = $this->app->gettext($attrib['title']);
	}
	if ($command != 'button' && !empty($attrib['summary']) && $this->app->text_exists($attrib['summary'])) {
	$attrib['summary'] = $this->app->gettext($attrib['summary']);
	}

	// execute command
	switch ($command) {
	// return a button
	case 'button':
	if ($attrib['name'] \|\| $attrib['command']) {
	return $this->button($attrib);
	}
	break;

	// frame
	case 'frame':
	return $this->frame($attrib);
	break;

	// show a label
	case 'label':
	if ($attrib['expression'])
	$attrib['name'] = $this->eval_expression($attrib['expression']);

	if ($attrib['name'] \|\| $attrib['command']) {
	$vars = $attrib + array('product' => $this->config->get('product_name'));
	unset($vars['name'], $vars['command']);

	$label = $this->app->gettext($attrib + array('vars' => $vars));
	$quoting = !empty($attrib['quoting']) ? strtolower($attrib['quoting']) : (rcube_utils::get_boolean((string)$attrib['html']) ? 'no' : '');

	// 'noshow' can be used in skins to define new labels
	if ($attrib['noshow']) {
	return '';
	}

	switch ($quoting) {
	case 'no':
	case 'raw':
	break;
	case 'javascript':
	case 'js':
	$label = rcube::JQ($label);
	break;
	default:
	$label = html::quote($label);
	break;
	}

	return $label;
	}
	break;

	case 'add_label':
	$this->add_label($attrib['name']);
	break;

	// include a file
	case 'include':
	if ($attrib['condition'] && !$this->check_condition($attrib['condition'])) {
	break;
	}

	if ($attrib['file'][0] != '/') {
	$attrib['file'] = '/templates/' . $attrib['file'];
	}

	$old_base_path = $this->base_path;
	$include = '';

	if (!empty($attrib['skin_path'])) {
	$attrib['skinpath'] = $attrib['skin_path'];
	}

	if ($path = $this->get_skin_file($attrib['file'], $skin_path, $attrib['skinpath'])) {
	// set base_path to core skin directory (not plugin's skin)
	$this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path);
	$path = realpath(RCUBE_INSTALL_PATH . $path);
	}

	if (is_readable($path)) {
	$allow_php = $this->config->get('skin_include_php');
	$include = $allow_php ? $this->include_php($path) : file_get_contents($path);
	$include = $this->parse_conditions($include);
	$include = $this->parse_xml($include);
	$include = $this->fix_paths($include);
	}

	$this->base_path = $old_base_path;

	return $include;

	case 'plugin.include':
	$hook = $this->app->plugins->exec_hook("template_plugin_include", $attrib);
	return $hook['content'];

	// define a container block
	case 'container':
	if ($attrib['name'] && $attrib['id']) {
	$this->command('gui_container', $attrib['name'], $attrib['id']);
	// let plugins insert some content here
	$hook = $this->app->plugins->exec_hook("template_container", $attrib);
	return $hook['content'];
	}
	break;

	// return code for a specific application object
	case 'object':
	$object = strtolower($attrib['name']);
	$content = '';

	// correct deprecated object names
	if ($this->deprecated_template_objects[$object]) {
	$object = $this->deprecated_template_objects[$object];
	}

	$handler = $this->object_handlers[$object];

	// execute object handler function
	if (is_callable($handler)) {
	$this->prepare_object_attribs($attrib);

	// We assume that objects with src attribute are internal (in most
	// cases this is a watermark frame). We need this to make sure assets_path
	// is added to the internal assets paths
	$external = empty($attrib['src']);
	$content = call_user_func($handler, $attrib);
	}
	else if ($object == 'doctype') {
	$content = html::doctype($attrib['value']);
	}
	else if ($object == 'logo') {
	$attrib += array('alt' => $this->xml_command(array('', 'object', 'name="productname"')));

	if (!empty($attrib['type']) && ($template_logo = $this->get_template_logo($attrib['type'])) !== null) {
	$attrib['src'] = $template_logo;
	}
	else if (($template_logo = $this->get_template_logo()) !== null) {
	$attrib['src'] = $template_logo;
	}

	// process alternative logos (eg for Elastic small screen)
	foreach ($attrib as $key => $value) {
	if (preg_match('/data-src-(.*)/', $key, $matches)) {
	if (($template_logo = $this->get_template_logo($matches[1])) !== null) {
	$attrib[$key] = $template_logo;
	}

	$attrib[$key] = !empty($attrib[$key]) ? $this->abs_url($attrib[$key]) : null;
	}
	}

	if ($attrib['src']) {
	$content = html::img($attrib);
	}
	}
	else if ($object == 'productname') {
	$name = $this->config->get('product_name', 'Roundcube Webmail');
	$content = html::quote($name);
	}
	else if ($object == 'version') {
	$ver = (string)RCMAIL_VERSION;
	if (is_file(RCUBE_INSTALL_PATH . '.svn/entries')) {
	if (preg_match('/Revision:\s(\d+)/', @shell_exec('svn info'), $regs))
	$ver .= ' [SVN r'.$regs[1].']';
	}
	else if (is_file(RCUBE_INSTALL_PATH . '.git/index')) {
	if (preg_match('/Date:\s+([^\n]+)/', @shell_exec('git log -1'), $regs)) {
	if ($date = date('Ymd.Hi', strtotime($regs[1]))) {
	$ver .= ' [GIT '.$date.']';
	}
	}
	}
	$content = html::quote($ver);
	}
	else if ($object == 'steptitle') {
	$content = html::quote($this->get_pagetitle(false));
	}
	else if ($object == 'pagetitle') {
	// Deprecated, <title> will be added automatically
	$content = html::quote($this->get_pagetitle());
	}
	else if ($object == 'contentframe') {
	if (empty($attrib['id'])) {
	$attrib['id'] = 'rcm' . $this->env['task'] . 'frame';
	}

	// parse variables
	if (preg_match('/^(config\|env):([a-z0-9_]+)$/i', $attrib['src'], $matches)) {
	$attrib['src'] = $this->parse_variable($matches[1], $matches[2]);
	}

	$content = $this->frame($attrib, true);
	}
	else if ($object == 'meta' \|\| $object == 'links') {
	if ($object == 'meta') {
	$source = 'meta_tags';
	$tag = 'meta';
	$key = 'name';
	$param = 'content';
	}
	else if ($object == 'links') {
	$source = 'link_tags';
	$tag = 'link';
	$key = 'rel';
	$param = 'href';
	}

	foreach ($this->$source as $name => $vars) {
	// $vars can be in many forms:
	// - string
	// - array('key' => 'val')
	// - array(string, string)
	// - array(array(), string)
	// - array(array('key' => 'val'), array('key' => 'val'))
	// normalise this for processing by checking for string array keys
	$vars = is_array($vars) ? (count(array_filter(array_keys($vars), 'is_string')) > 0 ? array($vars) : $vars) : array($vars);

	foreach ($vars as $args) {
	// skip unset headers e.g. when extending a skin and removing a header defined in the parent
	if ($args === false) {
	continue;
	}

	$args = is_array($args) ? $args : array($param => $args);

	// special handling for favicon
	if ($object == 'links' && $name == 'shortcut icon' && empty($args[$param])) {
	if ($href = $this->get_template_logo('favicon')) {
	$args[$param] = $href;
	}
	else if ($href = $this->config->get('favicon', '/images/favicon.ico')) {
	$args[$param] = $href;
	}
	}

	$content .= html::tag($tag, array($key => $name, 'nl' => true) + $args);
	}
	}
	}

	// exec plugin hooks for this template object
	$hook = $this->app->plugins->exec_hook("template_object_$object", $attrib + array('content' => $content));

	if (strlen($hook['content']) && !empty($external)) {
	$object_id = uniqid('TEMPLOBJECT:', true);
	$this->objects[$object_id] = $hook['content'];
	$hook['content'] = $object_id;
	}

	return $hook['content'];

	// return <link> element
	case 'link':
	if ($attrib['condition'] && !$this->check_condition($attrib['condition'])) {
	break;
	}

	unset($attrib['condition']);

	return html::tag('link', $attrib);


	// return code for a specified eval expression
	case 'exp':
	return html::quote($this->eval_expression($attrib['expression']));

	// return variable
	case 'var':
	$var = explode(':', $attrib['name']);
	$value = $this->parse_variable($var[0], $var[1]);

	if (is_array($value)) {
	$value = implode(', ', $value);
	}

	return html::quote($value);

	case 'form':
	return $this->form_tag($attrib);
	}
	return '';
	}

	/**
	* Prepares template object attributes
	*
	* @param array &$attribs Attributes
	*/
	protected function prepare_object_attribs(&$attribs)
	{
	// Localize data-label-* attributes
	array_walk($attribs, function(&$value, $key, $rcube) {
	if (strpos($key, 'data-label-') === 0) {
	$value = $rcube->gettext($value);
	}
	}, $this->app);
	}

	/**
	* Include a specific file and return it's contents
	*
	* @param string $file File path
	*
	* @return string Contents of the processed file
	*/
	protected function include_php($file)
	{
	ob_start();
	include $file;
	$out = ob_get_contents();
	ob_end_clean();

	return $out;
	}

	/**
	* Put objects' content back into template output
	*/
	protected function postrender($output)
	{
	// insert objects' contents
	foreach ($this->objects as $key => $val) {
	$output = str_replace($key, $val, $output, $count);
	if ($count) {
	$this->objects[$key] = null;
	}
	}

	// make sure all <form> tags have a valid request token
	$output = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $output);

	return $output;
	}

	/**
	* Create and register a button
	*
	* @param array $attrib Named button attributes
	*
	* @return string HTML button
	* @todo Remove all inline JS calls and use jQuery instead.
	* @todo Remove all sprintf()'s - they are pretty, but also slow.
	*/
	public function button($attrib)
	{
	static $s_button_count = 100;
	static $disabled_actions = null;

	// these commands can be called directly via url
	$a_static_commands = array('compose', 'list', 'preferences', 'folders', 'identities');

	if (!($attrib['command'] \|\| $attrib['name'] \|\| $attrib['href'])) {
	return '';
	}

	// try to find out the button type
	if ($attrib['type']) {
	$attrib['type'] = strtolower($attrib['type']);
	if (strpos($attrib['type'], '-menuitem')) {
	$attrib['type'] = substr($attrib['type'], 0, -9);
	$menuitem = true;
	}
	}
	else {
	$attrib['type'] = ($attrib['image'] \|\| $attrib['imagepas'] \|\| $attrib['imageact']) ? 'image' : 'button';
	}

	$command = $attrib['command'];
	$action = $command ?: $attrib['name'];

	if ($attrib['task']) {
	$command = $attrib['task'] . '.' . $command;
	$element = $attrib['task'] . '.' . $action;
	}
	else {
	$element = ($this->env['task'] ? $this->env['task'] . '.' : '') . $action;
	}

	if ($disabled_actions === null) {
	$disabled_actions = (array) $this->config->get('disabled_actions');
	}

	// remove buttons for disabled actions
	if (in_array($element, $disabled_actions) \|\| in_array($action, $disabled_actions)) {
	return '';
	}

	if (!$attrib['image']) {
	$attrib['image'] = $attrib['imagepas'] ? $attrib['imagepas'] : $attrib['imageact'];
	}

	if (!$attrib['id']) {
	$attrib['id'] = sprintf('rcmbtn%d', $s_button_count++);
	}
	// get localized text for labels and titles
	if ($attrib['title']) {
	$attrib['title'] = html::quote($this->app->gettext($attrib['title'], $attrib['domain']));
	}
	if ($attrib['label']) {
	$attrib['label'] = html::quote($this->app->gettext($attrib['label'], $attrib['domain']));
	}
	if ($attrib['alt']) {
	$attrib['alt'] = html::quote($this->app->gettext($attrib['alt'], $attrib['domain']));
	}

	// set accessibility attributes
	if (!$attrib['role']) {
	$attrib['role'] = 'button';
	}
	if (!empty($attrib['class']) && !empty($attrib['classact']) \|\| !empty($attrib['imagepas']) && !empty($attrib['imageact'])) {
	if (array_key_exists('tabindex', $attrib))
	$attrib['data-tabindex'] = $attrib['tabindex'];
	$attrib['tabindex'] = '-1'; // disable button by default
	$attrib['aria-disabled'] = 'true';
	}

	// set title to alt attribute for IE browsers
	if ($this->browser->ie && !$attrib['title'] && $attrib['alt']) {
	$attrib['title'] = $attrib['alt'];
	}

	// add empty alt attribute for XHTML compatibility
	if (!isset($attrib['alt'])) {
	$attrib['alt'] = '';
	}

	// register button in the system
	if ($attrib['command']) {
	$this->add_script(sprintf(
	"%s.register_button('%s', '%s', '%s', '%s', '%s', '%s');",
	self::JS_OBJECT_NAME,
	$command,
	$attrib['id'],
	$attrib['type'],
	$attrib['imageact'] ? $this->abs_url($attrib['imageact']) : $attrib['classact'],
	$attrib['imagesel'] ? $this->abs_url($attrib['imagesel']) : $attrib['classsel'],
	$attrib['imageover'] ? $this->abs_url($attrib['imageover']) : ''
	));

	// make valid href to specific buttons
	if (in_array($attrib['command'], rcmail::$main_tasks)) {
	$attrib['href'] = $this->app->url(array('task' => $attrib['command']));
	$attrib['onclick'] = sprintf("return %s.command('switch-task','%s',this,event)", self::JS_OBJECT_NAME, $attrib['command']);
	}
	else if ($attrib['task'] && in_array($attrib['task'], rcmail::$main_tasks)) {
	$attrib['href'] = $this->app->url(array('action' => $attrib['command'], 'task' => $attrib['task']));
	}
	else if (in_array($attrib['command'], $a_static_commands)) {
	$attrib['href'] = $this->app->url(array('action' => $attrib['command']));
	}
	else if (($attrib['command'] == 'permaurl' \|\| $attrib['command'] == 'extwin') && !empty($this->env['permaurl'])) {
	$attrib['href'] = $this->env['permaurl'];
	}
	}

	// overwrite attributes
	if (!$attrib['href']) {
	$attrib['href'] = '#';
	}

	if ($attrib['task']) {
	if ($attrib['classact']) {
	$attrib['class'] = $attrib['classact'];
	}
	}
	else if ($command && !$attrib['onclick']) {
	$attrib['onclick'] = sprintf(
	"return %s.command('%s','%s',this,event)",
	self::JS_OBJECT_NAME,
	$command,
	$attrib['prop']
	);
	}

	$out = '';

	// generate image tag
	if ($attrib['type'] == 'image') {
	$attrib_str = html::attrib_string(
	$attrib,
	array(
	'style', 'class', 'id', 'width', 'height', 'border', 'hspace',
	'vspace', 'align', 'alt', 'tabindex', 'title'
	)
	);
	$btn_content = sprintf('<img src="%s"%s />', $this->abs_url($attrib['image']), $attrib_str);
	if ($attrib['label']) {
	$btn_content .= ' '.$attrib['label'];
	}
	$link_attrib = array('href', 'onclick', 'onmouseover', 'onmouseout', 'onmousedown', 'onmouseup', 'target');
	}
	else if ($attrib['type'] == 'link') {
	$btn_content = isset($attrib['content']) ? $attrib['content'] : ($attrib['label'] ? $attrib['label'] : $attrib['command']);
	$link_attrib = array_merge(html::$common_attrib, array('href', 'onclick', 'tabindex', 'target', 'rel'));
	if ($attrib['innerclass']) {
	$btn_content = html::span($attrib['innerclass'], $btn_content);
	}
	}
	else if ($attrib['type'] == 'input') {
	$attrib['type'] = 'button';

	if ($attrib['label']) {
	$attrib['value'] = $attrib['label'];
	}
	if ($attrib['command']) {
	$attrib['disabled'] = 'disabled';
	}

	$out = html::tag('input', $attrib, null, array('type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex', 'disabled'));
	}
	else {
	if ($attrib['label']) {
	$attrib['value'] = $attrib['label'];
	}
	if ($attrib['command']) {
	$attrib['disabled'] = 'disabled';
	}

	$content = isset($attrib['content']) ? $attrib['content'] : $attrib['label'];
	$out = html::tag('button', $attrib, $content, array('type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex', 'disabled'));
	}

	// generate html code for button
	if ($btn_content) {
	$attrib_str = html::attrib_string($attrib, $link_attrib);
	$out = sprintf('<a%s>%s</a>', $attrib_str, $btn_content);
	}

	if ($attrib['wrapper']) {
	$out = html::tag($attrib['wrapper'], null, $out);
	}

	if ($menuitem) {
	$class = $attrib['menuitem-class'] ? ' class="' . $attrib['menuitem-class'] . '"' : '';
	$out = '<li role="menuitem"' . $class . '>' . $out . '</li>';
	}

	return $out;
	}

	/**
	* Link an external script file
	*
	* @param string $file File URL
	* @param string $position Target position [head\|head_bottom\|foot]
	*/
	public function include_script($file, $position = 'head', $add_path = true)
	{
	if ($add_path && !preg_match('\|^https?://\|i', $file) && $file[0] != '/') {
	$file = $this->file_mod($this->scripts_path . $file);
	}

	if (!is_array($this->script_files[$position])) {
	$this->script_files[$position] = array();
	}

	if (!in_array($file, $this->script_files[$position])) {
	$this->script_files[$position][] = $file;
	}
	}

	/**
	* Add inline javascript code
	*
	* @param string $script JS code snippet
	* @param string $position Target position [head\|head_top\|foot\|docready]
	*/
	public function add_script($script, $position = 'head')
	{
	if (!isset($this->scripts[$position])) {
	- $this->scripts[$position] = "\n" . rtrim($script);
	+ $this->scripts[$position] = rtrim($script);
	}
	else {
	$this->scripts[$position] .= "\n" . rtrim($script);
	}
	}

	/**
	* Link an external css file
	*
	* @param string $file File URL
	*/
	public function include_css($file)
	{
	$this->css_files[] = $file;
	}

	/**
	* Add HTML code to the page header
	*
	* @param string $str HTML code
	*/
	public function add_header($str)
	{
	$this->header .= "\n" . $str;
	}

	/**
	* Add HTML code to the page footer
	* To be added right befor </body>
	*
	* @param string $str HTML code
	*/
	public function add_footer($str)
	{
	$this->footer .= "\n" . $str;
	}

	/**
	* Process template and write to stdOut
	*
	* @param string $output HTML output
	*/
	protected function _write($output = '')
	{
	$output = trim($output);

	if (empty($output)) {
	$output = html::doctype('html5') . "\n" . $this->default_template;
	$is_empty = true;
	}

	$merge_script_files = function($output, $script) {
	return $output . html::script($script);
	};

	$merge_scripts = function($output, $script) {
	return $output . html::script(array(), $script);
	};

	// put docready commands into page footer
	if (!empty($this->scripts['docready'])) {
	- $this->add_script('$(function(){ ' . $this->scripts['docready'] . "\n});", 'foot');
	+ $this->add_script("\$(function() {\n" . $this->scripts['docready'] . "\n});", 'foot');
	}

	$page_header = '';
	$page_footer = '';
	$meta = '';

	// declare page language
	if (!empty($_SESSION['language'])) {
	$lang = substr($_SESSION['language'], 0, 2);
	$output = preg_replace('/<html/', '<html lang="' . html::quote($lang) . '"', $output, 1);

	if (!headers_sent()) {
	header('Content-Language: ' . $lang);
	}
	}

	// include meta tag with charset
	if (!empty($this->charset)) {
	if (!headers_sent()) {
	header('Content-Type: text/html; charset=' . $this->charset);
	}

	$meta .= html::tag('meta', array(
	'http-equiv' => 'content-type',
	'content' => "text/html; charset={$this->charset}",
	'nl' => true
	));
	}

	// include page title (after charset specification)
	$meta .= '<title>' . html::quote($this->get_pagetitle()) . "</title>\n";

	$output = preg_replace('/(<head[^>]>)\n/i', "\\1\n{$meta}", $output, 1, $count);
	if (!$count) {
	$page_header .= $meta;
	}

	// include scripts into header/footer
	$page_header .= array_reduce((array) $this->script_files['head'], $merge_script_files);
	$page_header .= array_reduce(array($this->scripts['head_top'] . $this->scripts['head']), $merge_scripts);
	$page_header .= $this->header . "\n";
	$page_header .= array_reduce((array) $this->script_files['head_bottom'], $merge_script_files);

	$page_footer .= array_reduce((array) $this->script_files['foot'], $merge_script_files);
	$page_footer .= $this->footer . "\n";
	$page_footer .= array_reduce((array) $this->scripts['foot'], $merge_scripts);

	// find page header
	if ($hpos = stripos($output, '</head>')) {
	$page_header .= "\n";
	}
	else {
	if (!is_numeric($hpos)) {
	$hpos = stripos($output, '<body');
	}
	if (!is_numeric($hpos) && ($hpos = stripos($output, '<html'))) {
	while ($output[$hpos] != '>') {
	$hpos++;
	}
	$hpos++;
	}
	$page_header = "<head>\n$page_header\n</head>\n";
	}

	// add page hader
	if ($hpos) {
	$output = substr_replace($output, $page_header, $hpos, 0);
	}
	else {
	$output = $page_header . $output;
	}

	// add page footer
	if (($fpos = strripos($output, '</body>')) \|\| ($fpos = strripos($output, '</html>'))) {
	// for Elastic: put footer content before "footer scripts"
	while (($npos = strripos($output, "\n", -strlen($output) + $fpos - 1))
	&& $npos != $fpos
	&& ($chunk = substr($output, $npos, $fpos - $npos)) !== ''
	&& (trim($chunk) === '' \|\| preg_match('/\s<script[^>]+><\/script>\s/', $chunk))
	) {
	$fpos = $npos;
	}

	$output = substr_replace($output, $page_footer."\n", $fpos, 0);
	}
	else {
	$output .= "\n".$page_footer;
	}

	// add css files in head, before scripts, for speed up with parallel downloads
	if (!empty($this->css_files) && !$is_empty
	&& (($pos = stripos($output, '<script ')) \|\| ($pos = stripos($output, '</head>')))
	) {
	$css = '';
	foreach ($this->css_files as $file) {
	$is_less = substr_compare($file, '.less', -5, 5, true) === 0;
	$css .= html::tag('link', array(
	'rel' => $is_less ? 'stylesheet/less' : 'stylesheet',
	'type' => 'text/css',
	'href' => $file,
	'nl' => true,
	));
	}
	$output = substr_replace($output, $css, $pos, 0);
	}

	$output = $this->parse_with_globals($this->fix_paths($output));

	if ($this->assets_path) {
	$output = $this->fix_assets_paths($output);
	}

	$output = $this->postrender($output);

	// trigger hook with final HTML content to be sent
	$hook = $this->app->plugins->exec_hook("send_page", array('content' => $output));
	if (!$hook['abort']) {
	if ($this->charset != RCUBE_CHARSET) {
	echo rcube_charset::convert($hook['content'], RCUBE_CHARSET, $this->charset);
	}
	else {
	echo $hook['content'];
	}
	}
	}

	/**
	* Returns iframe object, registers some related env variables
	*
	* @param array $attrib HTML attributes
	* @param boolean $is_contentframe Register this iframe as the 'contentframe' gui object
	*
	* @return string IFRAME element
	*/
	public function frame($attrib, $is_contentframe = false)
	{
	static $idcount = 0;

	if (!$attrib['id']) {
	$attrib['id'] = 'rcmframe' . ++$idcount;
	}

	$attrib['name'] = $attrib['id'];
	$attrib['src'] = $attrib['src'] ? $this->abs_url($attrib['src'], true) : 'about:blank';

	// register as 'contentframe' object
	if ($is_contentframe \|\| $attrib['contentframe']) {
	$this->set_env('contentframe', $attrib['contentframe'] ? $attrib['contentframe'] : $attrib['name']);
	}

	return html::iframe($attrib);
	}


	/* *********** common functions delivering gui objects ************ */

	/**
	* Create a form tag with the necessary hidden fields
	*
	* @param array $attrib Named tag parameters
	* @param string $content HTML content of the form
	*
	* @return string HTML code for the form
	*/
	public function form_tag($attrib, $content = null)
	{
	if ($this->env['extwin']) {
	$hiddenfield = new html_hiddenfield(array('name' => '_extwin', 'value' => '1'));
	$hidden = $hiddenfield->show();
	}
	else if ($this->framed \|\| $this->env['framed']) {
	$hiddenfield = new html_hiddenfield(array('name' => '_framed', 'value' => '1'));
	$hidden = $hiddenfield->show();
	}

	if (!$content) {
	$attrib['noclose'] = true;
	}

	return html::tag('form',
	$attrib + array('action' => $this->app->comm_path, 'method' => "get"),
	$hidden . $content,
	array('id','class','style','name','method','action','enctype','onsubmit')
	);
	}

	/**
	* Build a form tag with a unique request token
	*
	* @param array $attrib Named tag parameters including 'action' and 'task' values
	* which will be put into hidden fields
	* @param string $content Form content
	*
	* @return string HTML code for the form
	*/
	public function request_form($attrib, $content = '')
	{
	$hidden = new html_hiddenfield();
	if ($attrib['task']) {
	$hidden->add(array('name' => '_task', 'value' => $attrib['task']));
	}
	if ($attrib['action']) {
	$hidden->add(array('name' => '_action', 'value' => $attrib['action']));
	}

	// we already have a <form> tag
	if ($attrib['form']) {
	if ($this->framed \|\| $this->env['framed']) {
	$hidden->add(array('name' => '_framed', 'value' => '1'));
	}

	return $hidden->show() . $content;
	}

	unset($attrib['task'], $attrib['request']);
	$attrib['action'] = './';

	return $this->form_tag($attrib, $hidden->show() . $content);
	}

	/**
	* GUI object 'username'
	* Showing IMAP username of the current session
	*
	* @param array $attrib Named tag parameters (currently not used)
	*
	* @return string HTML code for the gui object
	*/
	public function current_username($attrib)
	{
	static $username;

	// alread fetched
	if (!empty($username)) {
	return $username;
	}

	// Current username is an e-mail address
	if (strpos($_SESSION['username'], '@')) {
	$username = $_SESSION['username'];
	}
	// get e-mail address from default identity
	else if ($sql_arr = $this->app->user->get_identity()) {
	$username = $sql_arr['email'];
	}
	else {
	$username = $this->app->user->get_username();
	}

	return rcube_utils::idn_to_utf8($username);
	}

	/**
	* GUI object 'loginform'
	* Returns code for the webmail login form
	*
	* @param array $attrib Named parameters
	*
	* @return string HTML code for the gui object
	*/
	protected function login_form($attrib)
	{
	$default_host = $this->config->get('default_host');
	$autocomplete = (int) $this->config->get('login_autocomplete');

	$_SESSION['temp'] = true;

	// save original url
	$url = rcube_utils::get_input_value('_url', rcube_utils::INPUT_POST);
	if (empty($url) && !preg_match('/_(task\|action)=logout/', $_SERVER['QUERY_STRING']))
	$url = $_SERVER['QUERY_STRING'];

	// Disable autocapitalization on iPad/iPhone (#1488609)
	$attrib['autocapitalize'] = 'off';

	$form_name = !empty($attrib['form']) ? $attrib['form'] : 'form';

	// set atocomplete attribute
	$user_attrib = $autocomplete > 0 ? array() : array('autocomplete' => 'off');
	$host_attrib = $autocomplete > 0 ? array() : array('autocomplete' => 'off');
	$pass_attrib = $autocomplete > 1 ? array() : array('autocomplete' => 'off');

	$input_task = new html_hiddenfield(array('name' => '_task', 'value' => 'login'));
	$input_action = new html_hiddenfield(array('name' => '_action', 'value' => 'login'));
	$input_tzone = new html_hiddenfield(array('name' => '_timezone', 'id' => 'rcmlogintz', 'value' => '_default_'));
	$input_url = new html_hiddenfield(array('name' => '_url', 'id' => 'rcmloginurl', 'value' => $url));
	$input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser', 'required' => 'required')
	+ $attrib + $user_attrib);
	$input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'required' => 'required')
	+ $attrib + $pass_attrib);
	$input_host = null;

	if (is_array($default_host) && count($default_host) > 1) {
	$input_host = new html_select(array('name' => '_host', 'id' => 'rcmloginhost'));

	foreach ($default_host as $key => $value) {
	if (!is_array($value)) {
	$input_host->add($value, (is_numeric($key) ? $value : $key));
	}
	else {
	$input_host = null;
	break;
	}
	}
	}
	else if (is_array($default_host) && ($host = key($default_host)) !== null) {
	$hide_host = true;
	$input_host = new html_hiddenfield(array(
	'name' => '_host', 'id' => 'rcmloginhost', 'value' => is_numeric($host) ? $default_host[$host] : $host) + $attrib);
	}
	else if (empty($default_host)) {
	$input_host = new html_inputfield(array('name' => '_host', 'id' => 'rcmloginhost')
	+ $attrib + $host_attrib);
	}

	$this->add_gui_object('loginform', $form_name);

	// create HTML table with two cols
	$table = new html_table(array('cols' => 2));

	$table->add('title', html::label('rcmloginuser', html::quote($this->app->gettext('username'))));
	$table->add('input', $input_user->show(rcube_utils::get_input_value('_user', rcube_utils::INPUT_GPC)));

	$table->add('title', html::label('rcmloginpwd', html::quote($this->app->gettext('password'))));
	$table->add('input', $input_pass->show());

	// add host selection row
	if (is_object($input_host) && !$hide_host) {
	$table->add('title', html::label('rcmloginhost', html::quote($this->app->gettext('server'))));
	$table->add('input', $input_host->show(rcube_utils::get_input_value('_host', rcube_utils::INPUT_GPC)));
	}

	$out = $input_task->show();
	$out .= $input_action->show();
	$out .= $input_tzone->show();
	$out .= $input_url->show();
	$out .= $table->show();

	if ($hide_host) {
	$out .= $input_host->show();
	}

	if (rcube_utils::get_boolean($attrib['submit'])) {
	$button_attr = array('type' => 'submit', 'id' => 'rcmloginsubmit', 'class' => 'button mainaction submit');
	$out .= html::p('formbuttons', html::tag('button', $button_attr, $this->app->gettext('login')));
	}

	// surround html output with a form tag
	if (empty($attrib['form'])) {
	$out = $this->form_tag(array('name' => $form_name, 'method' => 'post'), $out);
	}

	// include script for timezone detection
	$this->include_script('jstz.min.js');

	return $out;
	}

	/**
	* GUI object 'preloader'
	* Loads javascript code for images preloading
	*
	* @param array $attrib Named parameters
	* @return void
	*/
	protected function preloader($attrib)
	{
	$images = preg_split('/[\s\t\n,]+/', $attrib['images'], -1, PREG_SPLIT_NO_EMPTY);
	$images = array_map(array($this, 'abs_url'), $images);
	$images = array_map(array($this, 'asset_url'), $images);

	if (empty($images) \|\| $_REQUEST['_task'] == 'logout') {
	return;
	}

	$this->add_script('var images = ' . self::json_serialize($images, $this->devel_mode) .';
	for (var i=0; i<images.length; i++) {
	img = new Image();
	img.src = images[i];
	}', 'docready');
	}

	/**
	* GUI object 'searchform'
	* Returns code for search function
	*
	* @param array $attrib Named parameters
	*
	* @return string HTML code for the gui object
	*/
	public function search_form($attrib)
	{
	// add some labels to client
	$this->add_label('searching');

	$attrib['name'] = '_q';
	$attrib['class'] = trim($attrib['class'] . ' no-bs');

	if (empty($attrib['id'])) {
	$attrib['id'] = 'rcmqsearchbox';
	}
	if ($attrib['type'] == 'search' && !$this->browser->khtml) {
	unset($attrib['type'], $attrib['results']);
	}
	if (empty($attrib['placeholder'])) {
	$attrib['placeholder'] = $this->app->gettext('searchplaceholder');
	}

	$label = html::label(array('for' => $attrib['id'], 'class' => 'voice'), rcube::Q($this->app->gettext('arialabelsearchterms')));
	$input_q = new html_inputfield($attrib);
	$out = $label . $input_q->show();

	// Support for multiple searchforms on the same page
	if ($attrib['gui-object'] !== false && $attrib['gui-object'] !== 'false') {
	$this->add_gui_object($attrib['gui-object'] ?: 'qsearchbox', $attrib['id']);
	}

	// add form tag around text field
	if (empty($attrib['form']) && empty($attrib['no-form'])) {
	$out = $this->form_tag(array(
	'name' => $attrib['form-name'] ?: 'rcmqsearchform',
	'onsubmit' => sprintf("%s.command('%s'); return false", self::JS_OBJECT_NAME, $attrib['command'] ?: 'search'),
	// 'style' => "display:inline"
	), $out);
	}

	if (!empty($attrib['wrapper'])) {
	$header = html::tag($attrib['ariatag'] ?: 'h2', array(
	'id' => 'aria-label-' . $attrib['label'],
	'class' => 'voice'
	), rcube::Q($this->app->gettext('arialabel' . $attrib['label'], $attrib['label-domain'])));

	if ($attrib['options']) {
	$options_button = $this->button(array(
	'type' => 'link',
	'href' => '#search-filter',
	'class' => 'button options',
	'label' => 'options',
	'title' => 'options',
	'tabindex' => '0',
	'innerclass' => 'inner',
	'data-target' => $attrib['options']
	));
	}

	$search_button = $this->button(array(
	'type' => 'link',
	'href' => '#search',
	'class' => 'button search',
	'label' => $attrib['buttontitle'],
	'title' => $attrib['buttontitle'],
	'tabindex' => '0',
	'innerclass' => 'inner',
	));

	$reset_button = $this->button(array(
	'type' => 'link',
	'command' => $attrib['reset-command'] ?: 'reset-search',
	'class' => 'button reset',
	'label' => 'resetsearch',
	'title' => 'resetsearch',
	'tabindex' => '0',
	'innerclass' => 'inner',
	));

	$out = html::div(array(
	'role' => 'search',
	'aria-labelledby' => $attrib['label'] ? 'aria-label-' . $attrib['label'] : null,
	'class' => $attrib['wrapper'],
	), "$header$out\n$reset_button\n$options_button\n$search_button");
	}

	return $out;
	}

	/**
	* Builder for GUI object 'message'
	*
	* @param array Named tag parameters
	* @return string HTML code for the gui object
	*/
	protected function message_container($attrib)
	{
	if (isset($attrib['id']) === false) {
	$attrib['id'] = 'rcmMessageContainer';
	}

	$this->add_gui_object('message', $attrib['id']);

	return html::div($attrib, '');
	}

	/**
	* GUI object 'charsetselector'
	*
	* @param array $attrib Named parameters for the select tag
	*
	* @return string HTML code for the gui object
	*/
	public function charset_selector($attrib)
	{
	// pass the following attributes to the form class
	$field_attrib = array('name' => '_charset');
	foreach ($attrib as $attr => $value) {
	if (in_array($attr, array('id', 'name', 'class', 'style', 'size', 'tabindex'))) {
	$field_attrib[$attr] = $value;
	}
	}

	$charsets = array(
	'UTF-8' => 'UTF-8 ('.$this->app->gettext('unicode').')',
	'US-ASCII' => 'ASCII ('.$this->app->gettext('english').')',
	'ISO-8859-1' => 'ISO-8859-1 ('.$this->app->gettext('westerneuropean').')',
	'ISO-8859-2' => 'ISO-8859-2 ('.$this->app->gettext('easterneuropean').')',
	'ISO-8859-4' => 'ISO-8859-4 ('.$this->app->gettext('baltic').')',
	'ISO-8859-5' => 'ISO-8859-5 ('.$this->app->gettext('cyrillic').')',
	'ISO-8859-6' => 'ISO-8859-6 ('.$this->app->gettext('arabic').')',
	'ISO-8859-7' => 'ISO-8859-7 ('.$this->app->gettext('greek').')',
	'ISO-8859-8' => 'ISO-8859-8 ('.$this->app->gettext('hebrew').')',
	'ISO-8859-9' => 'ISO-8859-9 ('.$this->app->gettext('turkish').')',
	'ISO-8859-10' => 'ISO-8859-10 ('.$this->app->gettext('nordic').')',
	'ISO-8859-11' => 'ISO-8859-11 ('.$this->app->gettext('thai').')',
	'ISO-8859-13' => 'ISO-8859-13 ('.$this->app->gettext('baltic').')',
	'ISO-8859-14' => 'ISO-8859-14 ('.$this->app->gettext('celtic').')',
	'ISO-8859-15' => 'ISO-8859-15 ('.$this->app->gettext('westerneuropean').')',
	'ISO-8859-16' => 'ISO-8859-16 ('.$this->app->gettext('southeasterneuropean').')',
	'WINDOWS-1250' => 'Windows-1250 ('.$this->app->gettext('easterneuropean').')',
	'WINDOWS-1251' => 'Windows-1251 ('.$this->app->gettext('cyrillic').')',
	'WINDOWS-1252' => 'Windows-1252 ('.$this->app->gettext('westerneuropean').')',
	'WINDOWS-1253' => 'Windows-1253 ('.$this->app->gettext('greek').')',
	'WINDOWS-1254' => 'Windows-1254 ('.$this->app->gettext('turkish').')',
	'WINDOWS-1255' => 'Windows-1255 ('.$this->app->gettext('hebrew').')',
	'WINDOWS-1256' => 'Windows-1256 ('.$this->app->gettext('arabic').')',
	'WINDOWS-1257' => 'Windows-1257 ('.$this->app->gettext('baltic').')',
	'WINDOWS-1258' => 'Windows-1258 ('.$this->app->gettext('vietnamese').')',
	'ISO-2022-JP' => 'ISO-2022-JP ('.$this->app->gettext('japanese').')',
	'ISO-2022-KR' => 'ISO-2022-KR ('.$this->app->gettext('korean').')',
	'ISO-2022-CN' => 'ISO-2022-CN ('.$this->app->gettext('chinese').')',
	'EUC-JP' => 'EUC-JP ('.$this->app->gettext('japanese').')',
	'EUC-KR' => 'EUC-KR ('.$this->app->gettext('korean').')',
	'EUC-CN' => 'EUC-CN ('.$this->app->gettext('chinese').')',
	'BIG5' => 'BIG5 ('.$this->app->gettext('chinese').')',
	'GB2312' => 'GB2312 ('.$this->app->gettext('chinese').')',
	'KOI8-R' => 'KOI8-R ('.$this->app->gettext('cyrillic').')',
	);

	if ($post = rcube_utils::get_input_value('_charset', rcube_utils::INPUT_POST)) {
	$set = $post;
	}
	else if (!empty($attrib['selected'])) {
	$set = $attrib['selected'];
	}
	else {
	$set = $this->get_charset();
	}

	$set = strtoupper($set);
	if (!isset($charsets[$set]) && preg_match('/^[A-Z0-9-]+$/', $set)) {
	$charsets[$set] = $set;
	}

	$select = new html_select($field_attrib);
	$select->add(array_values($charsets), array_keys($charsets));

	return $select->show($set);
	}

	/**
	* Include content from config/about.<LANG>.html if available
	*/
	protected function about_content($attrib)
	{
	$content = '';
	$filenames = array(
	'about.' . $_SESSION['language'] . '.html',
	'about.' . substr($_SESSION['language'], 0, 2) . '.html',
	'about.html',
	);
	foreach ($filenames as $file) {
	$fn = RCUBE_CONFIG_DIR . $file;
	if (is_readable($fn)) {
	$content = file_get_contents($fn);
	$content = $this->parse_conditions($content);
	$content = $this->parse_xml($content);
	break;
	}
	}

	return $content;
	}

	/**
	* Get logo URL for current template based on skin_logo config option
	*
	* @param string $type Type of the logo to check for (e.g. 'print' or 'small')
	* default is null (no special type)
	*
	* @return string image URL
	*/
	protected function get_template_logo($type = null)
	{
	$template_logo = null;

	if ($logo = $this->config->get('skin_logo')) {
	if (is_array($logo)) {
	$template_names = array(
	$this->skin_name . ':' . $this->template_name . '[' . $type . ']',
	$this->skin_name . ':' . $this->template_name,
	$this->skin_name . ':*[' . $type . ']',
	$this->skin_name . ':[' . $type . ']',
	$this->skin_name . ':*',
	'*:' . $this->template_name . '[' . $type . ']',
	'*:' . $this->template_name,
	':[' . $type . ']',
	'*:[' . $type . ']',
	$this->template_name . '[' . $type . ']',
	$this->template_name,
	'*[' . $type . ']',
	'[' . $type . ']',
	'*',
	);

	if (!empty($type)) {
	// Use strict matching, remove wild card options
	$template_names = preg_grep("/\*$/", $template_names, PREG_GREP_INVERT);
	}
	else {
	// No type set so remove those options from the list
	$template_names = preg_grep("/\\[\]$/", $template_names, PREG_GREP_INVERT);
	}

	foreach ($template_names as $key) {
	if (isset($logo[$key])) {
	$template_logo = $logo[$key];
	break;
	}
	}
	}
	else {
	$template_logo = $logo;
	}
	}

	return $template_logo;
	}
	}
	diff --git a/program/lib/Roundcube/html.php b/program/lib/Roundcube/html.php
	index 4f282df4b..9fb3dda1c 100644
	--- a/program/lib/Roundcube/html.php
	+++ b/program/lib/Roundcube/html.php
	@@ -1,992 +1,998 @@
	<?php

	/**
	+-----------------------------------------------------------------------+
	\| This file is part of the Roundcube Webmail client \|
	\| \|
	\| Copyright (C) The Roundcube Dev Team \|
	\| \|
	\| Licensed under the GNU General Public License version 3 or \|
	\| any later version with exceptions for skins & plugins. \|
	\| See the README file for a full license statement. \|
	\| \|
	\| PURPOSE: \|
	\| Helper class to create valid XHTML code \|
	+-----------------------------------------------------------------------+
	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
	+-----------------------------------------------------------------------+
	*/

	/**
	* Class for HTML code creation
	*
	* @package Framework
	* @subpackage View
	*/
	class html
	{
	protected $tagname;
	protected $content;
	protected $attrib = array();
	protected $allowed = array();

	public static $doctype = 'xhtml';
	public static $lc_tags = true;
	public static $common_attrib = array('id','class','style','title','align','unselectable','tabindex','role');
	public static $containers = array('iframe','div','span','p','h1','h2','h3','ul','form','textarea','table','thead','tbody','tr','th','td','style','script','a');
	public static $bool_attrib = array('checked','multiple','disabled','selected','autofocus','readonly','required');


	/**
	* Constructor
	*
	* @param array $attrib Hash array with tag attributes
	*/
	public function __construct($attrib = array())
	{
	if (is_array($attrib)) {
	$this->attrib = $attrib;
	}
	}

	/**
	* Return the tag code
	*
	* @return string The finally composed HTML tag
	*/
	public function show()
	{
	return self::tag($this->tagname, $this->attrib, $this->content, array_merge(self::$common_attrib, $this->allowed));
	}

	/**** STATIC METHODS *****/

	/**
	* Generic method to create a HTML tag
	*
	* @param string $tagname Tag name
	* @param array $attrib Tag attributes as key/value pairs
	* @param string $content Optional Tag content (creates a container tag)
	* @param array $allowed List with allowed attributes, omit to allow all
	*
	* @return string The XHTML tag
	*/
	public static function tag($tagname, $attrib = array(), $content = null, $allowed = null)
	{
	if (is_string($attrib)) {
	$attrib = array('class' => $attrib);
	}

	$inline_tags = array('a','span','img');
	$suffix = $attrib['nl'] \|\| ($content && $attrib['nl'] !== false && !in_array($tagname, $inline_tags)) ? "\n" : '';

	$tagname = self::$lc_tags ? strtolower($tagname) : $tagname;
	if (isset($content) \|\| in_array($tagname, self::$containers)) {
	$suffix = $attrib['noclose'] ? $suffix : '</' . $tagname . '>' . $suffix;
	unset($attrib['noclose'], $attrib['nl']);
	return '<' . $tagname . self::attrib_string($attrib, $allowed) . '>' . $content . $suffix;
	}
	else {
	return '<' . $tagname . self::attrib_string($attrib, $allowed) . '>' . $suffix;
	}
	}

	/**
	* Return DOCTYPE tag of specified type
	*
	* @param string $type Document type (html5, xhtml, 'xhtml-trans, xhtml-strict)
	*/
	public static function doctype($type)
	{
	$doctypes = array(
	'html5' => '<!DOCTYPE html>',
	'xhtml' => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">',
	'xhtml-trans' => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">',
	'xhtml-strict' => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">',
	);

	if ($doctypes[$type]) {
	self::$doctype = preg_replace('/-\w+$/', '', $type);
	return $doctypes[$type];
	}

	return '';
	}

	/**
	* Derrived method for <div> containers
	*
	* @param mixed $attr Hash array with tag attributes or string with class name
	* @param string $cont Div content
	*
	* @return string HTML code
	* @see html::tag()
	*/
	public static function div($attr = null, $cont = null)
	{
	if (is_string($attr)) {
	$attr = array('class' => $attr);
	}

	return self::tag('div', $attr, $cont, array_merge(self::$common_attrib, array('onclick')));
	}

	/**
	* Derrived method for <p> blocks
	*
	* @param mixed $attr Hash array with tag attributes or string with class name
	* @param string $cont Paragraph content
	*
	* @return string HTML code
	* @see html::tag()
	*/
	public static function p($attr = null, $cont = null)
	{
	if (is_string($attr)) {
	$attr = array('class' => $attr);
	}

	return self::tag('p', $attr, $cont, self::$common_attrib);
	}

	/**
	* Derrived method to create <img />
	*
	* @param mixed $attr Hash array with tag attributes or string with image source (src)
	*
	* @return string HTML code
	* @see html::tag()
	*/
	public static function img($attr = null)
	{
	if (is_string($attr)) {
	$attr = array('src' => $attr);
	}

	return self::tag('img', $attr + array('alt' => ''), null, array_merge(self::$common_attrib,
	array('src','alt','width','height','border','usemap','onclick','onerror','onload')));
	}

	/**
	* Derrived method for link tags
	*
	* @param mixed $attr Hash array with tag attributes or string with link location (href)
	* @param string $cont Link content
	*
	* @return string HTML code
	* @see html::tag()
	*/
	public static function a($attr, $cont)
	{
	if (is_string($attr)) {
	$attr = array('href' => $attr);
	}

	return self::tag('a', $attr, $cont, array_merge(self::$common_attrib,
	array('href','target','name','rel','onclick','onmouseover','onmouseout','onmousedown','onmouseup')));
	}

	/**
	* Derrived method for inline span tags
	*
	* @param mixed $attr Hash array with tag attributes or string with class name
	* @param string $cont Tag content
	*
	* @return string HTML code
	* @see html::tag()
	*/
	public static function span($attr, $cont)
	{
	if (is_string($attr)) {
	$attr = array('class' => $attr);
	}

	return self::tag('span', $attr, $cont, self::$common_attrib);
	}

	/**
	* Derrived method for form element labels
	*
	* @param mixed $attr Hash array with tag attributes or string with 'for' attrib
	* @param string $cont Tag content
	*
	* @return string HTML code
	* @see html::tag()
	*/
	public static function label($attr, $cont)
	{
	if (is_string($attr)) {
	$attr = array('for' => $attr);
	}

	return self::tag('label', $attr, $cont, array_merge(self::$common_attrib,
	array('for','onkeypress')));
	}

	/**
	* Derrived method to create <iframe></iframe>
	*
	* @param mixed $attr Hash array with tag attributes or string with frame source (src)
	* @param string $cont Tag content
	*
	* @return string HTML code
	* @see html::tag()
	*/
	public static function iframe($attr = null, $cont = null)
	{
	if (is_string($attr)) {
	$attr = array('src' => $attr);
	}

	return self::tag('iframe', $attr, $cont, array_merge(self::$common_attrib,
	array('src','name','width','height','border','frameborder','onload','allowfullscreen')));
	}

	/**
	* Derrived method to create <script> tags
	*
	* @param mixed $attr Hash array with tag attributes or string with script source (src)
	* @param string $cont Javascript code to be placed as tag content
	*
	* @return string HTML code
	* @see html::tag()
	*/
	public static function script($attr, $cont = null)
	{
	if (is_string($attr)) {
	$attr = array('src' => $attr);
	}
	+
	if ($cont) {
	- if (self::$doctype == 'xhtml')
	- $cont = "\n/* <![CDATA[ /\n" . $cont . "\n/ ]]> */\n";
	- else
	- $cont = "\n" . $cont . "\n";
	+ if (self::$doctype == 'xhtml') {
	+ $cont = "/* <![CDATA[ /\n{$cont}\n/ ]]> */";
	+ }
	+
	+ $cont = "\n{$cont}\n";
	+ }
	+
	+ if (self::$doctype == 'xhtml') {
	+ $attr += array('type' => 'text/javascript');
	}

	- return self::tag('script', $attr + array('type' => 'text/javascript', 'nl' => true),
	- $cont, array_merge(self::$common_attrib, array('src','type','charset')));
	+ return self::tag('script', $attr + array('nl' => true), $cont,
	+ array_merge(self::$common_attrib, array('src', 'type', 'charset')));
	}

	/**
	* Derrived method for line breaks
	*
	* @param array $attrib Associative arry with tag attributes
	*
	* @return string HTML code
	* @see html::tag()
	*/
	public static function br($attrib = array())
	{
	return self::tag('br', $attrib);
	}

	/**
	* Create string with attributes
	*
	* @param array $attrib Associative array with tag attributes
	* @param array $allowed List of allowed attributes
	*
	* @return string Valid attribute string
	*/
	public static function attrib_string($attrib = array(), $allowed = null)
	{
	if (empty($attrib)) {
	return '';
	}

	$allowed_f = array_flip((array)$allowed);
	$attrib_arr = array();

	foreach ($attrib as $key => $value) {
	// skip size if not numeric
	if ($key == 'size' && !is_numeric($value)) {
	continue;
	}

	// ignore "internal" or empty attributes
	if ($key == 'nl' \|\| $value === null) {
	continue;
	}

	// ignore not allowed attributes, except aria-* and data-*
	if (!empty($allowed)) {
	$is_data_attr = @substr_compare($key, 'data-', 0, 5) === 0;
	$is_aria_attr = @substr_compare($key, 'aria-', 0, 5) === 0;
	if (!$is_aria_attr && !$is_data_attr && !isset($allowed_f[$key])) {
	continue;
	}
	}

	// skip empty eventhandlers
	if (preg_match('/^on[a-z]+/', $key) && !$value) {
	continue;
	}

	// attributes with no value
	if (in_array($key, self::$bool_attrib)) {
	if ($value) {
	$value = $key;
	if (self::$doctype == 'xhtml') {
	$value .= '="' . $value . '"';
	}

	$attrib_arr[] = $value;
	}
	}
	else {
	$attrib_arr[] = $key . '="' . self::quote($value) . '"';
	}
	}

	return count($attrib_arr) ? ' '.implode(' ', $attrib_arr) : '';
	}

	/**
	* Convert a HTML attribute string attributes to an associative array (name => value)
	*
	* @param string $str Input string
	*
	* @return array Key-value pairs of parsed attributes
	*/
	public static function parse_attrib_string($str)
	{
	$attrib = array();
	$html = '<html>'
	. '<head><meta http-equiv="Content-Type" content="text/html; charset=' . RCUBE_CHARSET . '" /></head>'
	. '<body><div ' . rtrim($str, '/ ') . ' /></body>'
	. '</html>';

	$document = new DOMDocument('1.0', RCUBE_CHARSET);
	@$document->loadHTML($html);

	if ($node = $document->getElementsByTagName('div')->item(0)) {
	foreach ($node->attributes as $name => $attr) {
	$attrib[strtolower($name)] = $attr->nodeValue;
	}
	}

	return $attrib;
	}

	/**
	* Replacing specials characters in html attribute value
	*
	* @param string $str Input string
	*
	* @return string The quoted string
	*/
	public static function quote($str)
	{
	return @htmlspecialchars($str, ENT_COMPAT \| ENT_SUBSTITUTE, RCUBE_CHARSET);
	}
	}


	/**
	* Class to create an HTML input field
	*
	* @package Framework
	* @subpackage View
	*/
	class html_inputfield extends html
	{
	protected $tagname = 'input';
	protected $type = 'text';
	protected $allowed = array(
	'type','name','value','size','tabindex','autocapitalize','required',
	'autocomplete','checked','onchange','onclick','disabled','readonly',
	'spellcheck','results','maxlength','src','multiple','accept',
	'placeholder','autofocus','pattern','oninput'
	);

	/**
	* Object constructor
	*
	* @param array $attrib Associative array with tag attributes
	*/
	public function __construct($attrib = array())
	{
	if (is_array($attrib)) {
	$this->attrib = $attrib;
	}

	if ($attrib['type']) {
	$this->type = $attrib['type'];
	}
	}

	/**
	* Compose input tag
	*
	* @param string $value Field value
	* @param array $attrib Additional attributes to override
	*
	* @return string HTML output
	*/
	public function show($value = null, $attrib = null)
	{
	// overwrite object attributes
	if (is_array($attrib)) {
	$this->attrib = array_merge($this->attrib, $attrib);
	}

	// set value attribute
	if ($value !== null) {
	$this->attrib['value'] = $value;
	}
	// set type
	$this->attrib['type'] = $this->type;

	return parent::show();
	}
	}

	/**
	* Class to create an HTML password field
	*
	* @package Framework
	* @subpackage View
	*/
	class html_passwordfield extends html_inputfield
	{
	protected $type = 'password';
	}

	/**
	* Class to create an hidden HTML input field
	*
	* @package Framework
	* @subpackage View
	*/
	class html_hiddenfield extends html
	{
	protected $tagname = 'input';
	protected $type = 'hidden';
	protected $allowed = array('type','name','value','onchange','disabled','readonly');
	protected $fields = array();

	/**
	* Constructor
	*
	* @param array $attrib Named tag attributes
	*/
	public function __construct($attrib = null)
	{
	if (is_array($attrib)) {
	$this->add($attrib);
	}
	}

	/**
	* Add a hidden field to this instance
	*
	* @param array $attrib Named tag attributes
	*/
	public function add($attrib)
	{
	$this->fields[] = $attrib;
	}

	/**
	* Create HTML code for the hidden fields
	*
	* @return string Final HTML code
	*/
	public function show()
	{
	$out = '';
	foreach ($this->fields as $attrib) {
	$out .= self::tag($this->tagname, array('type' => $this->type) + $attrib);
	}

	return $out;
	}
	}

	/**
	* Class to create HTML radio buttons
	*
	* @package Framework
	* @subpackage View
	*/
	class html_radiobutton extends html_inputfield
	{
	protected $type = 'radio';

	/**
	* Get HTML code for this object
	*
	* @param string $value Value of the checked field
	* @param array $attrib Additional attributes to override
	*
	* @return string HTML output
	*/
	public function show($value = '', $attrib = null)
	{
	// overwrite object attributes
	if (is_array($attrib)) {
	$this->attrib = array_merge($this->attrib, $attrib);
	}

	// set value attribute
	$this->attrib['checked'] = ((string)$value == (string)$this->attrib['value']);

	return parent::show();
	}
	}

	/**
	* Class to create HTML checkboxes
	*
	* @package Framework
	* @subpackage View
	*/
	class html_checkbox extends html_inputfield
	{
	protected $type = 'checkbox';

	/**
	* Get HTML code for this object
	*
	* @param string $value Value of the checked field
	* @param array $attrib Additional attributes to override
	*
	* @return string HTML output
	*/
	public function show($value = '', $attrib = null)
	{
	// overwrite object attributes
	if (is_array($attrib)) {
	$this->attrib = array_merge($this->attrib, $attrib);
	}

	// set value attribute
	$this->attrib['checked'] = ((string)$value == (string)$this->attrib['value']);

	return parent::show();
	}
	}

	/**
	* Class to create HTML button
	*
	* @package Framework
	* @subpackage View
	*/
	class html_button extends html_inputfield
	{
	protected $tagname = 'button';
	protected $type = 'button';

	/**
	* Get HTML code for this object
	*
	* @param string $content Text Content of the button
	* @param array $attrib Additional attributes to override
	*
	* @return string HTML output
	*/
	public function show($content = '', $attrib = null)
	{
	// overwrite object attributes
	if (is_array($attrib)) {
	$this->attrib = array_merge($this->attrib, $attrib);
	}

	$this->content = $content;

	return parent::show();
	}
	}

	/**
	* Class to create an HTML textarea
	*
	* @package Framework
	* @subpackage View
	*/
	class html_textarea extends html
	{
	protected $tagname = 'textarea';
	protected $allowed = array('name','rows','cols','wrap','tabindex',
	'onchange','disabled','readonly','spellcheck');

	/**
	* Get HTML code for this object
	*
	* @param string $value Textbox value
	* @param array $attrib Additional attributes to override
	*
	* @return string HTML output
	*/
	public function show($value = '', $attrib = null)
	{
	// overwrite object attributes
	if (is_array($attrib)) {
	$this->attrib = array_merge($this->attrib, $attrib);
	}

	// take value attribute as content
	if (empty($value) && !empty($this->attrib['value'])) {
	$value = $this->attrib['value'];
	}

	// make shure we don't print the value attribute
	if (isset($this->attrib['value'])) {
	unset($this->attrib['value']);
	}

	if (!empty($value) && empty($this->attrib['is_escaped'])) {
	$value = self::quote($value);
	}

	return self::tag($this->tagname, $this->attrib, $value,
	array_merge(self::$common_attrib, $this->allowed));
	}
	}

	/**
	* Builder for HTML drop-down menus
	* Syntax:<pre>
	* // create instance. arguments are used to set attributes of select-tag
	* $select = new html_select(array('name' => 'fieldname'));
	*
	* // add one option
	* $select->add('Switzerland', 'CH');
	*
	* // add multiple options
	* $select->add(array('Switzerland','Germany'), array('CH','DE'));
	*
	* // generate pulldown with selection 'Switzerland' and return html-code
	* // as second argument the same attributes available to instantiate can be used
	* print $select->show('CH');
	* </pre>
	*
	* @package Framework
	* @subpackage View
	*/
	class html_select extends html
	{
	protected $tagname = 'select';
	protected $options = array();
	protected $allowed = array('name','size','tabindex','autocomplete',
	'multiple','onchange','disabled','rel');

	/**
	* Add a new option to this drop-down
	*
	* @param mixed $names Option name or array with option names
	* @param mixed $values Option value or array with option values
	* @param array $attrib Additional attributes for the option entry
	*/
	public function add($names, $values = null, $attrib = array())
	{
	if (is_array($names)) {
	foreach ($names as $i => $text) {
	$this->options[] = array('text' => $text, 'value' => $values[$i]) + $attrib;
	}
	}
	else {
	$this->options[] = array('text' => $names, 'value' => $values) + $attrib;
	}
	}

	/**
	* Get HTML code for this object
	*
	* @param string $select Value of the selection option
	* @param array $attrib Additional attributes to override
	*
	* @return string HTML output
	*/
	public function show($select = array(), $attrib = null)
	{
	// overwrite object attributes
	if (is_array($attrib)) {
	$this->attrib = array_merge($this->attrib, $attrib);
	}

	$this->content = "\n";
	$select = (array)$select;
	foreach ($this->options as $option) {
	$attr = array(
	'value' => $option['value'],
	'selected' => (in_array($option['value'], $select, true) \|\|
	in_array($option['text'], $select, true)) ? 1 : null);

	$option_content = $option['text'];
	if (empty($this->attrib['is_escaped'])) {
	$option_content = self::quote($option_content);
	}

	$this->content .= self::tag('option', $attr + $option, $option_content, array('value','label','class','style','title','disabled','selected'));
	}

	return parent::show();
	}
	}


	/**
	* Class to build an HTML table
	*
	* @package Framework
	* @subpackage View
	*/
	class html_table extends html
	{
	protected $tagname = 'table';
	protected $allowed = array('id','class','style','width','summary',
	'cellpadding','cellspacing','border');

	private $header = array();
	private $rows = array();
	private $rowindex = 0;
	private $colindex = 0;

	/**
	* Constructor
	*
	* @param array $attrib Named tag attributes
	*/
	public function __construct($attrib = array())
	{
	$default_attrib = self::$doctype == 'xhtml' ? array('summary' => '', 'border' => '0') : array();
	$this->attrib = array_merge($attrib, $default_attrib);

	if (!empty($attrib['tagname']) && $attrib['tagname'] != 'table') {
	$this->tagname = $attrib['tagname'];
	$this->allowed = self::$common_attrib;
	}
	}

	/**
	* Add a table cell
	*
	* @param array $attr Cell attributes
	* @param string $cont Cell content
	*/
	public function add($attr, $cont)
	{
	if (is_string($attr)) {
	$attr = array('class' => $attr);
	}

	$cell = new stdClass;
	$cell->attrib = $attr;
	$cell->content = $cont;

	if (!isset($this->rows[$this->rowindex])) {
	$this->rows[$this->rowindex] = new stdClass;
	}

	$this->rows[$this->rowindex]->cells[$this->colindex] = $cell;
	$this->colindex += max(1, intval($attr['colspan']));

	if ($this->attrib['cols'] && $this->colindex >= $this->attrib['cols']) {
	$this->add_row();
	}
	}

	/**
	* Add a table header cell
	*
	* @param array $attr Cell attributes
	* @param string $cont Cell content
	*/
	public function add_header($attr, $cont)
	{
	if (is_string($attr)) {
	$attr = array('class' => $attr);
	}

	$cell = new stdClass;
	$cell->attrib = $attr;
	$cell->content = $cont;
	$this->header[] = $cell;
	}

	/**
	* Remove a column from a table
	* Useful for plugins making alterations
	*
	* @param string $class Class name
	*/
	public function remove_column($class)
	{
	// Remove the header
	foreach ($this->header as $index => $header){
	if ($header->attrib['class'] == $class){
	unset($this->header[$index]);
	break;
	}
	}

	// Remove cells from rows
	foreach ($this->rows as $i => $row){
	foreach ($row->cells as $j => $cell){
	if ($cell->attrib['class'] == $class){
	unset($this->rows[$i]->cells[$j]);
	break;
	}
	}
	}
	}

	/**
	* Jump to next row
	*
	* @param array $attr Row attributes
	*/
	public function add_row($attr = array())
	{
	$this->rowindex++;
	$this->colindex = 0;
	$this->rows[$this->rowindex] = new stdClass;
	$this->rows[$this->rowindex]->attrib = $attr;
	$this->rows[$this->rowindex]->cells = array();
	}

	/**
	* Set row attributes
	*
	* @param array $attr Row attributes
	* @param int $index Optional row index (default current row index)
	*/
	public function set_row_attribs($attr = array(), $index = null)
	{
	if (is_string($attr)) {
	$attr = array('class' => $attr);
	}

	if ($index === null) {
	$index = $this->rowindex;
	}

	// make sure row object exists (#1489094)
	if (!$this->rows[$index]) {
	$this->rows[$index] = new stdClass;
	}

	$this->rows[$index]->attrib = $attr;
	}

	/**
	* Get row attributes
	*
	* @param int $index Row index
	*
	* @return array Row attributes
	*/
	public function get_row_attribs($index = null)
	{
	if ($index === null) {
	$index = $this->rowindex;
	}

	return $this->rows[$index] ? $this->rows[$index]->attrib : null;
	}

	/**
	* Build HTML output of the table data
	*
	* @param array $attrib Table attributes
	*
	* @return string The final table HTML code
	*/
	public function show($attrib = null)
	{
	if (is_array($attrib)) {
	$this->attrib = array_merge($this->attrib, $attrib);
	}

	$thead = '';
	$tbody = '';
	$col_tagname = $this->_col_tagname();
	$row_tagname = $this->_row_tagname();
	$head_tagname = $this->_head_tagname();

	// include <thead>
	if (!empty($this->header)) {
	$rowcontent = '';
	foreach ($this->header as $c => $col) {
	$rowcontent .= self::tag($head_tagname, $col->attrib, $col->content);
	}
	$thead = $this->tagname == 'table' ? self::tag('thead', null, self::tag('tr', null, $rowcontent, parent::$common_attrib)) :
	self::tag($row_tagname, array('class' => 'thead'), $rowcontent, parent::$common_attrib);
	}

	foreach ($this->rows as $r => $row) {
	$rowcontent = '';
	foreach ($row->cells as $c => $col) {
	if ($row_tagname == 'li' && empty($col->attrib) && count($row->cells) == 1) {
	$rowcontent .= $col->content;
	}
	else {
	$rowcontent .= self::tag($col_tagname, $col->attrib, $col->content);
	}
	}

	if ($r < $this->rowindex \|\| count($row->cells)) {
	$tbody .= self::tag($row_tagname, $row->attrib, $rowcontent, parent::$common_attrib);
	}
	}

	if ($this->attrib['rowsonly']) {
	return $tbody;
	}

	// add <tbody>
	$this->content = $thead . ($this->tagname == 'table' ? self::tag('tbody', null, $tbody) : $tbody);

	unset($this->attrib['cols'], $this->attrib['rowsonly']);

	return parent::show();
	}

	/**
	* Count number of rows
	*
	* @return int The number of rows
	*/
	public function size()
	{
	return count($this->rows);
	}

	/**
	* Remove table body (all rows)
	*/
	public function remove_body()
	{
	$this->rows = array();
	$this->rowindex = 0;
	}

	/**
	* Getter for the corresponding tag name for table row elements
	*/
	private function _row_tagname()
	{
	static $row_tagnames = array('table' => 'tr', 'ul' => 'li', '*' => 'div');
	return $row_tagnames[$this->tagname] ?: $row_tagnames['*'];
	}

	/**
	* Getter for the corresponding tag name for table row elements
	*/
	private function _head_tagname()
	{
	static $head_tagnames = array('table' => 'th', '*' => 'span');
	return $head_tagnames[$this->tagname] ?: $head_tagnames['*'];
	}

	/**
	* Getter for the corresponding tag name for table cell elements
	*/
	private function _col_tagname()
	{
	static $col_tagnames = array('table' => 'td', '*' => 'span');
	return $col_tagnames[$this->tagname] ?: $col_tagnames['*'];
	}
	}
	diff --git a/skins/larry/includes/footer.html b/skins/larry/includes/footer.html
	index f64420d27..3be29f0d1 100644
	--- a/skins/larry/includes/footer.html
	+++ b/skins/larry/includes/footer.html
	@@ -1,5 +1,5 @@
	<roundcube:object name="message" id="messagestack" condition="env:task != 'login'" />

	-<script type="text/javascript">
	+<script>
	if (!window.UI) { var UI = new rcube_mail_ui(); }
	</script>
	diff --git a/skins/larry/includes/header.html b/skins/larry/includes/header.html
	index 292b3c4be..89a625aa0 100644
	--- a/skins/larry/includes/header.html
	+++ b/skins/larry/includes/header.html
	@@ -1,44 +1,44 @@
	-<script type="text/javascript">
	+<script>
	var UI = new rcube_mail_ui();
	</script>

	<div id="header">
	<div id="topline" role="banner" aria-labelledby="aria-label-topnav">
	<h2 id="aria-label-topnav" class="voice"><roundcube:label name="arialabeltopnav" /></h2>
	<div class="topleft">
	<roundcube:container name="topline-left" id="topline-left" />
	<roundcube:if condition="template:name != 'error'" />
	<roundcube:button name="about" type="link" label="about" class="about-link" onclick="UI.show_about(this);return false" condition="!env:extwin" />
	<roundcube:endif />
	<roundcube:if condition="config:support_url" />
	<a href="<roundcube:var name='config:support_url' />" target="_blank" class="support-link" id="supportlink"><roundcube:label name="support" /></a>
	<roundcube:endif />
	</div>
	<roundcube:container name="topline-center" id="topline-center" />
	<div class="topright">
	<roundcube:container name="topline-right" id="topline-right" />
	<roundcube:if condition="!env:extwin && !env:framed" />
	<span class="username"><roundcube:object name="username" /></span>
	<roundcube:button command="logout" label="logout" type="link" class="button-logout" />
	<roundcube:elseif condition="env:extwin" />
	<roundcube:button name="close" type="link" label="close" class="closelink" onclick="self.close()" />
	<roundcube:endif />
	</div>
	</div>
	<roundcube:if condition="!env:extwin && !env:framed" />
	<div id="topnav">
	<h2 id="aria-label-tasknav" class="voice"><roundcube:label name="arialabeltasknav" /></h2>
	<div id="taskbar" class="topright" role="navigation" aria-labelledby="aria-label-tasknav">
	<roundcube:button command="mail" label="mail" type="link" class="button-mail" classSel="button-mail button-selected" innerClass="button-inner" />
	<roundcube:button command="addressbook" label="contacts" type="link" class="button-addressbook" classSel="button-addressbook button-selected" innerClass="button-inner" />
	<roundcube:container name="taskbar" id="taskbar" />
	<roundcube:button command="settings" label="settings" type="link" class="button-settings" classSel="button-settings button-selected" innerClass="button-inner" />
	<roundcube:button command="logout" label="logout" type="link" class="button-logout" classSel="button-logout" innerClass="button-inner" />
	<span class="minmodetoggle" role="presentation"></span>
	</div>
	<roundcube:object name="logo" src="/images/roundcube_logo.png" id="toplogo" alt="Logo" onclick="if(window.rcmail)rcmail.command('switch-task','mail')" />
	</div>
	<roundcube:endif />

	<br style="clear:both" />
	</div>
	diff --git a/skins/larry/includes/links.html b/skins/larry/includes/links.html
	index d8cd557dc..29ef88e2d 100644
	--- a/skins/larry/includes/links.html
	+++ b/skins/larry/includes/links.html
	@@ -1,11 +1,11 @@
	<meta name="viewport" content="" id="viewport" />
	<roundcube:object name="meta" />
	<roundcube:object name="links" />
	<link rel="stylesheet" type="text/css" href="/styles.css" />
	<roundcube:if condition="in_array(env:task, array('mail','addressbook','settings'))" />
	<link rel="stylesheet" type="text/css" href="/<roundcube:var name="env:task" />.css" />
	<roundcube:endif />
	-<script type="text/javascript" src="/ui.js"></script>
	+<script src="/ui.js"></script>
	<roundcube:add_label name="errortitle" />
	<roundcube:add_label name="toggleadvancedoptions" />
	<roundcube:add_label name="options" />

File Metadata

Mime Type: text/x-diff
Expires: Sat, Apr 5, 12:28 AM (6 h, 36 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 175731
Default Alt Text: (315 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions