Replaced nasty eval() expressions.

program/include/rcmail_output_html.php

@@ -722,7 +722,7 @@ class rcmail_output_html extends rcmail_output
      */
     protected function check_condition($condition)
     {
-        return eval("return (".$this->parse_expression($condition).");");
+        return $this->eval_expression($condition);
     }
 
 
@@ -773,6 +773,37 @@ class rcmail_output_html extends rcmail_output
             $expression);
     }
 
+    protected function eval_expression ($expression) {
+        return preg_replace_callback(
+            array(
+                '/session:([a-z0-9_]+)/i',
+                '/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i',
+                '/env:([a-z0-9_]+)/i',
+                '/request:([a-z0-9_]+)/i',
+                '/cookie:([a-z0-9_]+)/i',
+                '/browser:([a-z0-9_]+)/i',
+                '/template:name/i',
+            ),
+            function($match) {
+                if(preg_match('/session:([a-z0-9_]+)/i', $match, $matches)) {
+                    return $_SESSION[$matches[1]];
+                } else if(preg_match('/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i', $match, $matches)) {
+                    return $this->app->config->get($matches[1],rcube_utils::get_boolean($matches[3]));
+                } else if(preg_match('/env:([a-z0-9_]+)/i', $match, $matches)) {
+                    return $this->env[$matches[1]];
+                } else if(preg_match('/request:([a-z0-9_]+)/i', $match, $matches)) {
+                    return rcube_utils::get_input_value($matches[1], rcube_utils::INPUT_GPC);
+                } else if(preg_match('/cookie:([a-z0-9_]+)/i', $match, $matches)) {
+                    return $_COOKIE[$matches[1]];
+                } else if(preg_match('/browser:([a-z0-9_]+)/i', $match, $matches)) {
+                    return $this->browser->{$matches[1]};
+                } else if(preg_match('/template:name/i', $match, $matches)) {
+                    return $this->template_name;
+                }
+            },
+            $expression);
+    }
+
 
     /**
      * Search for special tags in input and replace them
@@ -955,7 +986,7 @@ class rcmail_output_html extends rcmail_output
             // return code for a specified eval expression
             case 'exp':
                 $value = $this->parse_expression($attrib['expression']);
-                return eval("return html::quote($value);");
+                return html::quote( $this->eval_expression($attrib['expression']) );
 
             // return variable
             case 'var':