diff --git a/program/include/rcube_imap.inc b/program/include/rcube_imap.inc
index a11c74910..4e1719736 100644
--- a/program/include/rcube_imap.inc
+++ b/program/include/rcube_imap.inc
@@ -1010,9 +1010,9 @@ class rcube_imap
 	// get part size
 	if (!empty($part[6]) && $part[6]!='NIL')
 	  $struct->size = intval($part[6]);
-
+	  
 	// read part disposition
-    $di = count($part) - 3;
+    $di = count($part) - 2;
     if (is_array($part[$di]))
       {
       $struct->disposition = strtolower($part[$di][0]);
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index bae14a299..58da0ca45 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -676,18 +676,18 @@ function rcmail_print_body($part, $safe=FALSE, $plain=FALSE)
 
     if (!$safe)  // remove remote images and scripts
       {
-      $remote_patterns = array('/(src|background)=(["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)(\2|\s|>)/Ui',
-                           //  '/(src|background)=(["\']?)([\.\/]+[^"\'\s]+)(\2|\s|>)/Ui',
+      $remote_patterns = array('/<img\s+(.*)src=(["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)(\2|\s|>)/Ui',
+                               '/(src|background)=(["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)(\2|\s|>)/Ui',
                                '/(<base.*href=["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)([^<]*>)/i',
                                '/(<link.*href=["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)([^<]*>)/i',
                                '/url\s*\(["\']?([hftps]{3,5}:\/{2}[^"\'\s]+)["\']?\)/i',
                                '/url\s*\(["\']?([\.\/]+[^"\'\s]+)["\']?\)/i',
                                '/<script.+<\/script>/Umis');
 
-      $remote_replaces = array('',  // '\\1=\\2#\\4',
-                            // '\\1=\\2#\\4',
+      $remote_replaces = array('<img \\1src=\\2./program/blank.gif\\4',
+                               '',
+                               '',
                                '',
-                               '',  // '\\1#\\3',
                                'none',
                                'none',
                                '');
@@ -766,7 +766,7 @@ function rcmail_print_body($part, $safe=FALSE, $plain=FALSE)
     // insert the links for urls and mailtos
     $body = preg_replace("/##string_replacement\{([0-9]+)\}##/e", "\$replace_strings[\\1]", join("\n", $a_lines));
     
-    return "<div class=\"pre\">\n".$body."\n</div>";
+    return "<div class=\"pre\">".$body."\n</div>";
     }
   }
 
@@ -947,7 +947,7 @@ function rcmail_parse_message(&$structure, $arg=array(), $recursive=FALSE)
       $a_replaces = array();
         
       foreach ($sa_inline_objects as $inline_object)
-        $a_replaces['cid:'.$inline_object->content_id] = sprintf($get_url, $inline_object->mime_id);
+        $a_replaces['cid:'.$inline_object->content_id] = htmlspecialchars(sprintf($get_url, $inline_object->mime_id));
       
       // add replace array to each content part
       // (will be applied later when part body is available)
@@ -1092,8 +1092,8 @@ function rcmail_message_body($attrib)
     foreach ($MESSAGE['attachments'] as $attach_prop)
       {
       if (strpos($attach_prop->mimetype, 'image/')===0)
-        $out .= sprintf("\n<hr />\n<p align=\"center\"><img src=\"%s&_part=%s\" alt=\"%s\" title=\"%s\" /></p>\n",
-                        $GET_URL, $attach_prop->mime_id,
+        $out .= sprintf("\n<hr />\n<p align=\"center\"><img src=\"%s&amp;_part=%s\" alt=\"%s\" title=\"%s\" /></p>\n",
+                        htmlspecialchars($GET_URL), $attach_prop->mime_id,
                         $attach_prop->filename,
                         $attach_prop->filename);
       }
@@ -1121,15 +1121,12 @@ function rcmail_mod_html_body($body, $container_id)
   // find STYLE tags
   while (($pos = strpos($body_lc, '<style', $last_style_pos)) && ($pos2 = strpos($body_lc, '</style>', $pos)))
     {
-    $pos2 += 8;
-    $body_pre = substr($body, 0, $pos);
-    $styles = substr($body, $pos, $pos2-$pos);
-    $body_post = substr($body, $pos2, strlen($body)-$pos2);
-    
+    $pos = strpos($body_lc, '>', $pos)+1;
+
     // replace all css definitions with #container [def]
-    $styles = rcmail_mod_css_styles($styles, $container_id);
-    
-    $body = $body_pre . $styles . $body_post;
+    $styles = rcmail_mod_css_styles(substr($body, $pos, $pos2-$pos), $container_id);
+
+    $body = substr($body, 0, $pos) . $styles . substr($body, $pos2);    
     $last_style_pos = $pos2;
     }
 
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index f05bbbd94..083de8664 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -87,17 +87,19 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET))
     // deliver part content
     if ($ctype_primary=='text' && $ctype_secondary=='html')
       {
-      // get part body if not available
-      if (!$part->body)
-        $part->body = $IMAP->get_message_part($MESSAGE['UID'], $part->mime_id, $part);      
-
-      list($MESSAGE['parts']) = rcmail_parse_message($part,
+      // we have to analyze the whole structure again to find inline objects
+      list($MESSAGE['parts']) = rcmail_parse_message($MESSAGE['structure'],
                                                      array('safe' => (bool)$_GET['_safe'],
                                                            'prefer_html' => TRUE,
                                                            'get_url' => $GET_URL.'&_part=%s'));
+      $part = &$MESSAGE['parts'][0];
+
+      // get part body if not available
+      if (!$part->body)
+        $part->body = $IMAP->get_message_part($MESSAGE['UID'], $part->mime_id, $part);      
 
       $OUTPUT = new rcube_html_page();
-      $OUTPUT->write(rcmail_print_body($MESSAGE['parts'][0], (bool)$_GET['_safe']));
+      $OUTPUT->write(rcmail_print_body($part, (bool)$_GET['_safe']));
       }
     else
       {
diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc
index f381818ed..51633fa7b 100644
--- a/program/steps/mail/show.inc
+++ b/program/steps/mail/show.inc
@@ -108,7 +108,7 @@ function rcmail_message_attachments($attrib)
                         show_bytes($attach_prop->size));
       else
         $out .= sprintf('<li><a href="%s&amp;_part=%s" onclick="return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)">%s</a></li>'."\n",
-                        htmlentities($GET_URL),
+                        htmlspecialchars($GET_URL),
                         $attach_prop->mime_id,
                         $JS_OBJECT_NAME,
                         $attach_prop->mime_id,
diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc
index 2d64dc7b3..ffbcfe3d9 100644
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@@ -61,18 +61,19 @@ if ($_POST['_iid'])
     $updated = $DB->affected_rows();
     }
        
-  if ($updated && !empty($_POST['_standard']))
+  if ($updated)
     {
     show_message('successfullysaved', 'confirmation');
 
     // mark all other identities as 'not-default'
-    $DB->query("UPDATE ".get_table_name('identities')."
-                SET ".$DB->quoteIdentifier('standard')."='0'
-                WHERE  user_id=?
-                AND    identity_id<>?
-                AND    del<>1",
-                $_SESSION['user_id'],
-                get_input_value('_iid', RCUBE_INPUT_POST));
+    if (!empty($_POST['_standard']))
+      $DB->query("UPDATE ".get_table_name('identities')."
+                  SET ".$DB->quoteIdentifier('standard')."='0'
+                  WHERE  user_id=?
+                  AND    identity_id<>?
+                  AND    del<>1",
+                  $_SESSION['user_id'],
+                  get_input_value('_iid', RCUBE_INPUT_POST));
     
     if ($_POST['_framed'])
       {