Bump version to 1.2.10

Fix CSRF bypass that could be used to log out an authenticated user (#7302 )
Fix local file inclusion (and code execution) via crafted 'plugins' option
2496 changed files with 65863 additions and 106040 deletions
--- a/.ci/config-test.inc.php
+++ b/.ci/config-test.inc.php
@ -1,30 +0,0 @@
-<?php
-
-$config = array();
-
-// Database configuration
-$config['db_dsnw'] = 'sqlite:////tmp/sqlite.db?mode=0646';
-
-// Test user credentials
-$config['tests_username'] = 'test';
-$config['tests_password'] = 'test';
-
-// GreenMail
-$config['smtp_port'] = 25;
-
-// Settings required by the tests
-
-$config['create_default_folders'] = true;
-$config['skin'] = 'elastic';
-$config['support_url'] = 'http://support.url';
-
-// Plugins with tests
-
-$config['plugins'] = [
-    'archive',
-    'attachment_reminder',
-    'markasjunk',
-    'zipdownload'
-];
-
-$config['archive_mbox'] = 'Archive';
--- a/.ci/install.sh
+++ b/.ci/install.sh
@ -1,22 +0,0 @@
-#!/bin/bash
-
-# The script is intended for use on Travis with Trusty distribution
-
-DIR=$(dirname $0)
-
-# Enable xdebug for code coverage
-if [ "$CODE_COVERAGE" != 1 ]; then phpenv config-rm xdebug.ini || true; fi
-
-cd $DIR/..
-
-cp composer.json-dist composer.json
-
-# Add laravel/dusk for Browser tests
-if [ "$BROWSER_TESTS" = 1 ]; then composer require "laravel/dusk:~5.9.1" --no-update; fi
-
-# Remove qr-code as it requires php-gd which is not always available on Travis
-# and we don't really need it for tests
-composer remove endroid/qr-code --no-update
-
-# Install PHP dependencies
-composer install --prefer-dist
--- a/.ci/run.sh
+++ b/.ci/run.sh
@ -1,25 +0,0 @@
-#!/bin/bash
-
-# The script is intended for use on Travis with Trusty distribution
-# It executes unit and functional tests
-
-DIR=$(dirname $0)
-cd $DIR/..
-
-if [ "$CODE_COVERAGE" = 1 ]
-then
-    CODE_COVERAGE_ARGS="--coverage-text"
-fi
-
-vendor/bin/phpunit -c tests/phpunit.xml $CODE_COVERAGE_ARGS
-
-if [ "$BROWSER_TESTS" = 1 ] && [ $? = 0 ]
-then
-    .ci/setup.sh \
-    && echo "TESTS_MODE: DESKTOP" \
-    && TESTS_MODE=desktop vendor/bin/phpunit -c tests/Browser/phpunit.xml \
-    && echo "TESTS_MODE: PHONE" \
-    && TESTS_MODE=phone vendor/bin/phpunit -c tests/Browser/phpunit.xml \
-    && echo "TESTS_MODE: TABLET" \
-    && TESTS_MODE=tablet vendor/bin/phpunit -c tests/Browser/phpunit.xml
-fi
--- a/.ci/setup.sh
+++ b/.ci/setup.sh
@ -1,30 +0,0 @@
-#!/bin/bash
-
-# The script is intended for use on Travis with Trusty distribution
-# It installs in-browser tests dependencies and prepares Roundcube instance
-
-GMV=1.5.11
-CHROMEVERSION=$(google-chrome-stable --version | tr -cd [:digit:]. | cut -d . -f 1)
-GMARGS="-Dgreenmail.setup.all -Dgreenmail.users=test:test -Dgreenmail.startup.timeout=3000"
-
-# Roundcube tests and instance configuration
-cp .ci/config-test.inc.php config/config-test.inc.php
-
-# Make temp and logs writeable
-sudo chmod 777 temp logs
-
-# Install javascript dependencies
-bin/install-jsdeps.sh
-
-# Compile Elastic's styles
-lessc skins/elastic/styles/styles.less > skins/elastic/styles/styles.css
-lessc skins/elastic/styles/print.less > skins/elastic/styles/print.css
-lessc skins/elastic/styles/embed.less > skins/elastic/styles/embed.css
-
-# Install proper WebDriver version for installed Chrome browser
-php tests/Browser/install.php $CHROMEVERSION
-
-# GreenMail server download, setup and start
-wget https://repo1.maven.org/maven2/com/icegreen/greenmail-standalone/$GMV/greenmail-standalone-$GMV.jar \
-    && (sudo java $GMARGS -jar greenmail-standalone-$GMV.jar &) \
-    && sleep 5
--- a/.gitignore
+++ b/.gitignore
@ -13,11 +13,3 @@ composer.json
 composer.phar
 composer.lock
 vendor
-
-# javascript dependencies
-plugins/enigma/openpgp.min.js
-plugins/managesieve/codemirror/
-program/js/jquery.min.js
-program/js/jstz.min.js
-program/js/publickey.js
-program/js/tinymce/
--- a/.htaccess
+++ b/.htaccess
@ -1,4 +1,26 @@
-# This is a sample with suggested security and performance options
+# WARNING: For PHP 7 the module name in the line below need to be modified!
+<IfModule mod_php5.c>
+php_flag    display_errors  Off
+php_flag    log_errors      On
+# php_value    error_log    logs/errors
+
+php_value   upload_max_filesize   5M
+php_value   post_max_size         6M
+php_value   memory_limit          64M
+
+php_flag    register_globals            Off
+php_flag    zlib.output_compression     Off
+php_flag    magic_quotes_gpc            Off
+php_flag    magic_quotes_runtime        Off
+php_flag    suhosin.session.encrypt     Off
+
+#php_value   session.cookie_path     /
+#php_value   session.hash_function   sha256
+php_flag    session.auto_start       Off
+php_value   session.gc_maxlifetime   21600
+php_value   session.gc_divisor       500
+php_value   session.gc_probability   1
+</IfModule>

 <IfModule mod_rewrite.c>
 Options +SymLinksIfOwnerMatch
@ -10,15 +32,24 @@ RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
 #   in all locations except installer directory
 RewriteRule ^(?!installer|\.well-known\/|[a-zA-Z0-9]{16})(\.?[^\.]+)$ - [F]
 # - deny access to some locations
-RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|vendor|program\/(include|lib|localization|steps)) - [F]
+RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
+# - deny access to composer binaries
+RewriteRule ^/vendor\/bin\/.* - [F]
 # - deny access to some documentation files
-RewriteRule /?(README.*|meta\.json|composer\..*|jsdeps.json)$ - [F]
+RewriteRule /?(README\.md|composer\.json-dist|composer\.json|package\.xml|Dockerfile)$ - [F]
 </IfModule>

 <IfModule mod_deflate.c>
 SetOutputFilter DEFLATE
 </IfModule>

+<IfModule mod_headers.c>
+# replace 'append' with 'merge' for Apache version 2.2.9 and later
+#Header append Cache-Control public env=!NO_CACHE
+# for better privacy/security ask browsers to not set the Referer
+#Header set Content-Security-Policy "referrer no-referrer"
+</IfModule>
+
 <IfModule mod_expires.c>
 ExpiresActive On
 ExpiresDefault "access plus 1 month"
@ -28,42 +59,4 @@ FileETag MTime Size

 <IfModule mod_autoindex.c>
 Options -Indexes
-</IfModule>
-
-<IfModule mod_headers.c>
-# Disable page indexing
-Header set X-Robots-Tag "noindex, nofollow"
-
-# replace 'merge' with 'append' for Apache < 2.2.9
-#Header merge Cache-Control public env=!NO_CACHE
-
-# Optional security headers
-# Only provides increased security if the browser supports those features
-# Be careful! Testing is required! They should be adjusted to your installation / user environment
-
-# HSTS - HTTP Strict Transport Security
-#Header always set Strict-Transport-Security "max-age=31536000; preload" env=HTTPS
-
-# HPKP - HTTP Public Key Pinning
-# Only template - fill with your values
-#Header always set Public-Key-Pins "max-age=3600; report-uri=\"\"; pin-sha256=\"\"; pin-sha256=\"\"" env=HTTPS
-
-# X-Xss-Protection
-# This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit). 
-#Header set X-XSS-Protection "1; mode=block"
-
-# X-Frame-Options
-# The X-Frame-Options header (RFC), or XFO header, protects your visitors against clickjacking attacks
-# Already set by php code! Do not activate both options
-#Header set X-Frame-Options SAMEORIGIN
-
-# X-Content-Type-Options
-# It prevents Google Chrome and Internet Explorer from trying to mime-sniff the content-type of a response away from the one being declared by the server.
-#Header set X-Content-Type-Options: "nosniff"
-
-# CSP - Content Security Policy
-# for better privacy/security ask browsers to not set the Referer
-# more flags for script, stylesheets and images available, read RFC for more information
-# Note: "Referrer-Policy: same-origin" is already set by php code.
-#Header set Content-Security-Policy "referrer no-referrer"
-</IfModule>
+</ifModule>
--- a/.travis.yml
+++ b/.travis.yml
@ -1,37 +0,0 @@
-language: php
-
-dist: trusty #
-sudo: false
-
-matrix:
-  fast_finish: true
-  include:
-    - php: 5.4
-    - php: 5.5
-    - php: 5.6
-    - php: 7.0
-    - php: 7.1
-      env: CODE_COVERAGE=1
-    - php: 7.2
-    - php: 7.3
-      dist: bionic # for proper node-less version
-      env: BROWSER_TESTS=1
-      addons:
-        chrome: stable
-        apt:
-          packages:
-            - node-less
-    - php: 7.4
-
-cache:
-  directories:
-    - $HOME/.composer
-
-install:
-  - .ci/install.sh
-
-script:
-  - .ci/run.sh
-
-notifications:
-  email: false
--- a/.tx/config
+++ b/.tx/config
@ -13,11 +13,6 @@ file_filter = program/localization/<lang>/messages.inc
 source_file = program/localization/en_US/messages.inc
 source_lang = en_US

-[roundcube-webmail.timezones]
-file_filter = program/localization/<lang>/timezones.inc
-source_file = program/localization/en_US/timezones.inc
-source_lang = en_US
-
 [roundcube-webmail.plugin-acl]
 file_filter = plugins/acl/localization/<lang>.inc
 source_file = plugins/acl/localization/en_US.inc
@ -33,11 +28,6 @@ file_filter = plugins/attachment_reminder/localization/<lang>.inc
 source_file = plugins/attachment_reminder/localization/en_US.inc
 source_lang = en_US

-[roundcube-webmail.plugin-emoticons]
-file_filter = plugins/emoticons/localization/<lang>.inc
-source_file = plugins/emoticons/localization/en_US.inc
-source_lang = en_US
-
 [roundcube-webmail.plugin-enigma]
 file_filter = plugins/enigma/localization/<lang>.inc
 source_file = plugins/enigma/localization/en_US.inc
--- a/730
+++ b/730
@ -1,700 +1,78 @@
 CHANGELOG Roundcube Webmail
 ===========================

- Allow array in smtp_host config (#7296)
- Remove use of ext-iconv
- Support RFC8438: IMAP STATUS=SIZE - for faster folder size calculation (#7269)
- MySQL: Use utf8mb4 charset and utf8mb4_unicode_ci collation (#6535, #7113)
- Support for language codes up to 16 chars long (e.g. es-419) in database schema (#6851)
- Relaxed domain name validation for extended TLDs support (#5588)
- Allow opening application/octet-stream attachments according to filename extension (#6821)
- Added support for INSERT OR REPLACE queries (#6771)
- Allow skins to define which layout options they support (#7235)
- Extract RFC2231 attachment name from message headers (#6729, #6783)
- Archive: Added options to split archive by year or year+month and folder (#7216)
- Managesieve: Allow display name with email address in vacation :from field (#6760)
- Managesieve: Improve UX on custom header input (#7207)
- Managesieve: Fix bug where activation of forward/vacation rule could activate a wrong script (#7423)
- Managesieve: Fix bug where forward/vacation rule could end up being duplicated (#7349)
- Password: Added 'pwned' password strength driver (#7274)
- Add support for SameSite cookie attribute via session_samesite option (req PHP >= 7.3.0) (#6772)
- Elastic: Moving single recipients between recipient inputs with drag-n-drop (#5069)
- Elastic: Display a special icon for other users and shared namespace roots (#5012)
- Elastic: Support space-separated email addresses in recipient input (#6529, #6457)
- Change folders sorting so shared/other users namespaces are listed last (#5012)
- Display a warning and do not try to open empty attachments (#7332)
- Templates: Add support for expressions in object attributes (#7237)
- Templates: Add support for nested if conditions (#6818)
- Templates: Make [space][slash] ending of condition objects optional (#6954)
- Fix ISO-2022-JP-MS encoding issues (#7091)
- Fix so messages in threads with no root aren't displayed separately (#4999)
- Fix so anchor tags without href attribute are not modified (#7413)
- Fix bug where subfolders of special folders could have been duplicated on folder list
- Increase maximum size of contact jobtitle and department fields to 128 characters
- Fix missing newline after the logged line when writing to stdout (#7418)
- Elastic: Fix context menu (paste) on the recipient input (#7431)
- Fix problem with forwarding inline images attached to messages with no HTML part (#7414)
-
-RELEASE 1.4.6
-------------
- Installer: Fix regression in SMTP test section (#7417)
+RELEASE 1.2.10
+--------------
+- Fix missing message-htmlpart1 class breaking inline CSS (#6493)
+- Security: Fix XSS issue in handling of CDATA in HTML messages
+- Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings
+- Security: Fix local file inclusion (and code execution) via crafted 'plugins' option
+- Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302)

-RELEASE 1.4.5
-------------
- Fix bug in extracting required plugins from composer.json that led to spurious error in log (#7364)
- Fix so the database setup description is compatible with MySQL 8 (#7340)
- Markasjunk: Fix regression in jsevent driver (#7361)
- Fix missing flag indication on collapsed thread in Larry and Elastic (#7366)
- Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367)
- Password: Fix issue with Modoboa driver (#7372)
- Mailvelope: Use sender's address to find pubkeys to check signatures (#7348)
- Mailvelope: Fix Encrypt button hidden in Elastic (#7353)
- Fix PHP warning: count(): Parameter must be an array or an object... in ID command handler (#7392)
- Fix error when user-configured skin does not exist anymore (#7271)
- Elastic: Fix aspect ratio of a contact photo in mail preview (#7339)
- Fix bug where PDF attachments marked as inline could have not been attached on mail forward (#7382)
- Security: Fix a couple of XSS issues in Installer (#7406)
- Security: Fix XSS issue in template object 'username' (#7406)
- Security: Better fix for CVE-2020-12641
- Security: Fix cross-site scripting (XSS) via malicious XML attachment
-
-RELEASE 1.4.4
-------------
- Fix bug where attachments with Content-Id were attached to the message on reply (#7122)
- Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211)
- Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230)
- Elastic: Fix recipient input bug when using click to select a contact from autocomplete list (#7231)
- Elastic: Fix color of a folder with recent messages (#7281)
- Elastic: Restrict logo size in print view (#7275)
- Fix invalid Content-Type for messages with only html part and inline images - Mail_Mime-1.10.7 (#7261)
- Fix missing contact display name in QR Code data (#7257)
- Fix so button label in Select image/media dialogs is "Close" not "Cancel" (#7246)
- Fix regression in testing database schema on MSSQL (#7227)
- Fix cursor position after inserting a group to a recipient input using autocompletion (#7267)
- Fix string literals handling in IMAP STATUS (and various other) responses (#7290)
- Fix bug where multiple images in a message were replaced by the first one on forward/reply/edit (#7293)
- Fix handling keyservers configured with protocol prefix (#7295)
- Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189)
- Markasjunk: Fix bug where moving to Junk was failing on messages selected with Select > All (#7206)
- Fix so imap error message is displayed to the user on folder create/update (#7245)
- Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147)
- Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312)
- Fix characters encoding in group rename input after group creation/rename (#7330)
- Fix bug where some message/rfc822 parts could not be attached on forward (#7323)
- Make install-jsdeps.sh script working without the 'file' program installed (#7325)
- Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331)
- Fix so Print button for PDF attachments works on Firefox >= 75 (#5125)
- Security: Fix XSS issue in handling of CDATA in HTML messages [CVE-2020-12625]
- Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings [CVE-2020-12641]
- Security: Fix local file inclusion (and code execution) via crafted 'plugins' option [CVE-2020-12640]
- Security: Fix CSRF bypass that could be used to log out an authenticated user [CVE-2020-12626] (#7302)
-
-RELEASE 1.4.3
-------------
- Enigma: Fix so key list selection is reset when opening key creation form (#7154)
- Enigma: Fix so using list checkbox selection does not load the key preview frame
- Enigma: Fix generation of key pairs for identities with IDN domains (#7181)
- Enigma: Display IDN domains of key users and identities in UTF8
- Enigma: Fix bug where "Send unencrypted" button didn't work in Elastic skin (#7205)
- Managesieve: Fix bug where it wasn't possible to save flag actions (#7188)
- Markasjunk: Fix bug where marking as spam/ham didn't work on moving messages with drag-and-drop (#7137)
- Password: Make chpass-wrapper.py Python 3 compatible (#7135)
- Elastic: Fix disappearing sidebar in mail compose after clicking Mail button
- Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button in mail compose
- Elastic: Fix bug where it was possible to switch editor mode when 'htmleditor' was in 'dont_override' (#7143)
- Elastic: Fix text selection in recipient inputs (#7129)
- Elastic: Fix missing Close button in "more recipients" dialog
- Elastic: Fix non-working folder subscription checkbox for newly added folders (#7174)
- Fix regression where "Open in new window" action didn't work (#7155)
- Fix PHP Warning: array_filter() expects parameter 1 to be array, null given in subscriptions_option plugin (#7165)
- Fix unexpected error message when mail refresh involves folder auto-unsubscribe (#6923)
- Fix recipient duplicates in print-view when the recipient list has been expanded (#7169)
- Fix bug where files in skins/ directory were listed on skins list (#7180)
- Fix bug where message parts with no Content-Disposition header and no name were not listed on attachments list (#7117)
- Fix display issues with mail subject that contains line-breaks (#7191)
- Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime fix (#7170)
- Fix regression where using an absolute path to SQLite database file on Windows didn't work (#7196)
- Fix using unix:///path/to/socket.file in memcached driver (#7210)
-
-RELEASE 1.4.2
-------------
- Add support for PHPUnit 6 and 7 (#6870)
- Plugin API: Make actionbefore, before<action>, actionafter and after<action> events working with plugin actions (#7106)
- Managesieve: Replace "Filter disabled" with "Filter enabled" (#7028)
- Managesieve: Fix so modifier type select wasn't hidden after hiding modifier select on header change
- Managesieve: Fix filter selection after removing a first filter (#7079)
- Markasjunk: Fix marking more than one message as spam/ham with email_learn driver (#7121)
- Password: Fix kpasswd and smb drivers' double-escaping bug (#7092)
- Enigma: Add script to import keys from filesystem to the db storage (for multihost)
- Installer: Fix DB Write test on SQLite database ("database is locked" error) (#7064)
- Installer: Fix so SQLite DSN with a relative path to the database file works in Installer
- Elastic: Fix contrast of warning toasts (#7058)
- Elastic: Simple search in pretty selects (#7072)
- Elastic: Fix hidden list widget on mobile/tablet when selecting folder while search menu is open (#7120)
- Fix so type attribute on script tags is not used on HTML5 pages (#6975)
- Fix unread count after purge on a folder that is not currently selected (#7051)
- Fix bug where Enter key didn't work on messages list in "List" layout (#7052)
- Fix bug where deleting a saved search in addressbook caused display issue on sources/groups list (#7061)
- Fix bug where a new saved search added after removing all searches wasn't added to the list (#7061)
- Fix bug where a new contact group added after removing all groups from addressbook wasn't added to the list
- Fix bug where Ctype extension wasn't required in Installer and INSTALL file (#7049)
- Fix so install-jsdeps.sh removes Bootstrap's sourceMappingURL (#7035)
- Fix so use of Ctrl+A does not scroll the list (#7020)
- Fix/remove useless keyup event handler on username input in logon form (#6970)
- Fix bug where cancelling switching from HTML to plain text didn't set the flag properly (#7077)
- Fix bug where HTML reply could add an empty line with extra indentation above the original message (#7088)
- Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' (#7107)
- Fix so displayed maximum attachment size depends also on 'max_message_size' (#7105)
- Fix bug where 'skins_allowed' option didn't enforce user skin preference (#7080)
- Fix so contact's organization field accepts up to 128 characters (it was 50)
- Fix bug where listing tables in PostgreSQL database with db_prefix didn't work (#7093)
- Fix bug where 'text' attribute on body tag was ignored when displaying HTML message (#7109)
- Fix bug where next message wasn't displayed after delete in List mode (#7096)
- Fix so number of contacts in a group is not limited to 200 when redirecting to mail composer from Contacts (#6972)
- Fix malformed characters in HTML message with charset meta tag not in head (#7116)
-
-RELEASE 1.4.1
-------------
- Elastic: Change HTML editor widget to improve form flow (#6992)
- Elastic: Fix position of mobile floating action button (#7038)
- Managesieve: Fix locked UI after opening filter frame (#7007)
- Fix PHP warning: "array_merge(): Expected parameter 2 to be an array, null given in sendmail.inc (#7003)
- Fix bug where cache keys could exceed length limit specified in db schema (#7004)
- Fix invalid Signature button state after escaping Mailvelope mode (#7015)
- Fix so 401 error is returned only on failed logon requests (#7010)
- Fix db_prefix handling in queries with `TRUNCATE TABLE <name>` and `UNIQUE <name>` (#7013)
- Fix so update.sh script warns about changed defaults (#7011)
- Fix tables listing routine when DSN contained a database with unsupported suffix (#7034)
- Fix so Elastic is also a default in jqueryui plugin (#7039)
- Fix bug where the Installer would not warn about required schema upgrade (#7042)
-
-RELEASE 1.4.0
-------------
- Elastic: Resizeable columns (#6929)
- Elastic: Fix position and style of auto-complete dropdown on small screens (#6951)
- Elastic: Fix initial focus on recipients input in mail compose screen
- Elastic: Fix inserting responses at cursor position (#6971)
- Elastic: Fix unread filter icon and search state on folder change (#6978)
- Elastic: Fix regression where Encrypt button wasn't displayed in mail compose toolbar (#6982)
- Elastic: Fix regression where recipient input didn't update internal input state (#6988)
- Enigma: Fix bug where signing option was set to disabled after saving a draft in Elastic skin (#6515)
- Redis: Improve error handling and phpredis 5.X support (#6888)
- Archive: Fix bug where next email was not displayed after Archive button use (#6965)
- Archive: Fix missing Archive icon in folder selector popup in Elastic
- Fix bug where cache keys were not case-sensitive on MySQL/MSSQL (#6942)
- Fix so an error is logged when encryption fails (#6948)
- Fix bug where inline images could have been ignored if Content-Id header contained redundant spaces (#6980)
- Fix and document skin_logo setup (#6981)
-
-RELEASE 1.4-rc2
---------------
- Update to jQuery 3.4.1
- Clarified 'address_book_type' option behavior (#6680)
- Added cookie mismatch detection, display an error message informing the user to clear cookies
- Renamed 'log_session' option to 'session_debug'
- Removed 'delete_always' option (#6782)
- Don't log full session identifiers in userlogins log (#6625)
- Support $HasAttachment/$HasNoAttachment keywords (#6201)
- Support PECL memcached extension as a session and cache storage driver (experimental)
- Switch to IDNA2008 variant (#6806)
- installto.sh: Add possibility to run the update even on the up-to-date installation (#6533)
- Plugin API: Add 'render_folder_selector' hook
- Added 'keyservers' option to define list of HKP servers for Enigma/Mailvelope (#6326)
- Added flag to disable server certificate validation via Mysql DSN argument (#6848)
- Select all records on the current list page with CTRL + A (#6813)
- Use Left/Right Arrow keys to faster move over threaded messages list (#6399)
- Changes in `display_next` setting (#6795):
-    - Move it to Preferences > User Interface > Main Options
-    - Make it apply to Contacts interface too
-    - Make it apply only if deleting/moving a previewed message/contact
- Redis: Support connection to unix socket
- Put charset meta specification before a title tag, add page title automatically (#6811)
- Elastic: Various internal refactorings
- Elastic: Add Prev/Next buttons on message page toolbar (#6648)
- Elastic: Close search options on Enter key press in quick-search input (#6660)
- Elastic: Changed some icons (#6852)
- Elastic: Changed read/unread icons (#6636)
- Elastic: Changed "Move to..." icon (#6637)
- Elastic: Add hide/show for advanced preferences (#6632)
- Elastic: Add default icon on Settings/Preferences lists for external plugins (#6814)
- Elastic: Add indicator for popover menu items that open a submenu (#6868)
- Elastic: Move compose attachments/options to the right side (#6839)
- Elastic: Add border/background to attachments list widget (#6842)
- Elastic: Add "Show unread messages" button to the search bar (#6587)
- Elastic: Fix bug where toolbar disappears on attachment menu use in Chrome (#6677)
- Elastic: Fix folders list scrolling on touch devices (#6706)
- Elastic: Fix non-working pretty selects in Chrome browser (#6705)
- Elastic: Fix issue with absolute positioned mail content (#6739)
- Elastic: Fix bug where some menu actions could cause a browser popup warning
- Elastic: Fix handling mailto: URL parameters in contact menu (#6751)
- Elastic: Fix keyboard navigation in some menus, e.g. the contact menu
- Elastic: Fix visual issue with long buttons in .boxwarning (#6797)
- Elastic: Fix handling new-line in text pasted to a recipient input
- Elastic: Fix so search is not reset when returning from the message preview page (#6847)
- Larry: Fix regression where menu actions didn't work with keyboard (#6740)
- ACL: Display user/group names (from ldap) instead of acl identifier
- Password: Added ldap_exop driver (#4992)
- Password: Added support for SSHA512 password algorithm (#6805)
- Managesieve: Fix bug where global includes were requested for vacation (#6716)
- Managesieve: Use RFC-compliant line endings, CRLF instead of LF (#6686)
- Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723)
- Enigma: For verified signatures, display the user id associated with the sender address (#5958)
- Enigma: Fix bug where revoked users/keys were not greyed out in key info
- Enigma: Fix error message when trying to encrypt with a revoked key (#6607)
- Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
- Enigma: Fix bug where signature verification could have been skipped for some message structures (#6838)
- Fix language selection for spellchecker in html mode (#6915)
- Fix css styles leak from replied/forwarded message to the rest of the composed text (#6831)
- Fix invalid path to "add contact" icon when using assets_path setting
- Fix invalid path to blocked.gif when using assets_path setting (#6752)
- Fix so advanced search dialog is not automatically displayed on searchonly addressbooks (#6679)
- Fix so an error is logged when more than one attachment plugin has been enabled, initialize the first one (#6735)
- Fix bug where flag change could have been passed to a preview frame when not expected
- Fix bug in HTML parser that could cause missing text fragments when there was no head/body tag (#6713)
- Fix bug where HTML messages with a xml:namespace tag were not rendered (#6697)
- Fix TinyMCE download location (#6694)
- Fix so "Open in new window" consistently displays "external window" interface (#6659)
- Fix bug where next row wasn't selected after deleting a collapsed thread (#6655)
- Fix bug where external content (e.g. mail body) was passed to templates parsing code (#6640)
- Fix bug where attachment preview didn't work with x_frame_options=deny (#6688)
- Fix so bin/install-jsdeps.sh returns error code on error (#6704)
- Fix bug where bmp images couldn't be displayed on some systems (#6728)
- Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744)
- Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758)
- Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746)
- Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793)
- Fix bug where selection of columns on messages list wasn't working
- Fix bug in converting multi-page Tiff images to Jpeg (#6824)
- Fix bug where handling multiple messages from multi-folder search result could not work (#6845)
- Fix bug where unread count wasn't updated after moving multi-folder result (#6846)
- Fix wrong messages order after returning to a multi-folder search result (#6836)
- Fix some PHP 7.4 compat. issues (#6884, #6866)
- Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898)
- Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899)
- Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897)
- Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896)
-
-RELEASE 1.4-rc1
---------------
- Changed 'password_charset' default to 'UTF-8' (#6522)
- Add skins_allowed option (#6483)
- SMTP GSSAPI support via krb_authentication plugin (#6417)
- Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385)
- Removed 'referer_check' option (#6440)
- Use constant prefix for temp file names, don't remove temp files from other apps (#6511)
- Ignore 'Sender' header on Reply-All action (#6506)
- deluser.sh: Add option to delete users who have not logged in for more than X days (#6340)
- HTML5 Upload Progress - as a replacement for the old server-side solution (#6177)
- Update to TinyMCE 4.8.2
- Update to jQuery-MiniColors 2.3.4
- Prevent from using deprecated timezone names from jsTimezoneDetect
- Force session.gc_probability=1 when using custom session handlers (#6560)
- Support simple field labels (e.g. LetterHub examples) in csv imports (#6541)
- Add cache busters also to images used by templates (#6610)
- Plugin API: Added 'raise_error' hook (#6199)
- Plugin API: Added 'common_headers' hook (#6385)
- Plugin API: Added 'ldap_connected' hook
- Enigma: Update to OpenPGPjs 4.2.1 - fixes user name encoding issues in key generation (#6524)
- Enigma: Fixed multi-host synchronization of private and deleted keys and pubring.kbx file
- Managesieve: Added support for 'editheader' extension - RFC5293 (#5954)
- Managesieve: Fix bug where custom header or variable could be lost on form submission (#6594)
- Markasjunk: Integrate markasjunk2 features into markasjunk - marking as non-junk + learning engine (#6504)
- Password: Added 'modoboa' driver (#6361)
- Password: Fix bug where password_dovecotpw_with_method setting could be ignored (#6436)
- Password: Fix bug where new users could skip forced password change (#6434)
- Password: Allow drivers to override default password comparisons (eg new is not same as current) (#6473)
- Password: Allow drivers to override default strength checks (eg allow for 'not the same as last x passwords') (#246)
- Passowrd: Allow drivers to define password strength rules displayed to the user
- Password: Allow separate password saving and strength drivers for use of strength checking services (#5040)
- Password: Add zxcvbn driver for checking password strength (#6479)
- Password: Disallow control characters in passwords
- Password: Add support for Plesk >= 17.8 (#6526)
- Elastic: Improved datepicker displayed always in parent window
- Elastic: On touch devices display attachment icons on messages list (#6296)
- Elastic: Make menu button inactive if all subactions are inactive (#6444)
- Elastic: On mobile/tablet jump to the list on folder selection (#6415)
- Elastic: Various improvements on mail compose screen (#6413)
- Elastic: Support new-line char as a separator for pasted recipients (#6460)
- Elastic: Improved UX of search dialogs (#6416)
- Elastic: Fix unwanted thread expanding when selecting a collapsed thread in non-mobile mode (#6445)
- Elastic: Fix too small height of mailvelope mail preview frame (#6600)
- Elastic: Add "status bar" for mobile in mail composer
- Elastic: Add selection options on contacts list (#6595)
- Elastic: Fix unintentional layout preference overwrite (#6613)
- Elastic: Fix bug where Enigma options in mail compose could sometimes be ignored (#6515)
- Log errors caused by low pcre.backtrack_limit when sending a mail message (#6433)
- Fix regression where drafts were not deleted after sending the message (#6756)
- Fix so max_message_size limit is checked also when forwarding messages as attachments (#6580)
- Fix so performance stats are logged to the main console log also when per_user_logging=true
- Fix malformed message saved into Sent folder when using big attachments and low memory limit (#6498)
- Fix incorrect IMAP SASL GSSAPI negotiation (#6308)
- Fix so unicode in local part of the email address is also supported in recipient inputs (#6490)
- Fix bug where autocomplete list could be displayed out of screen (#6469)
- Fix style/navigation on error page depending on authentication state (#6362)
- Fix so invalid smtp_helo_host is never used, fallback to localhost (#6408)
- Fix custom logo size in Elastic (#6424)
- Fix listing the same attachment multiple times on forwarded messages
- Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494)
- Fix inconsistent offset for various time zones - always display Standard Time offset (#6531)
- Fix dummy Message-Id when resuming a draft without Message-Id header (#6548)
- Fix handling of empty entries in vCard import (#6564)
- Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577)
- Fix PHP 7.2 compatibility in debug_logger plugin (#6586)
- Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581)
- Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599)
- Fix missing CSRF token on a link to download too-big message part (#6621)
- Fix bug when aborting dragging with ESC key didn't stop the move action (#6623)
-
-RELEASE 1.4-beta
----------------
- Added new skin with mobile support - the Elastic
- Support Redis cache
- Email Resent (Bounce) feature (#4985)
- Improved Mailvelope integration
-  - Added private key listing and generating to identity settings
-  - Enable encrypt & sign option if Mailvelope supports it
- Allow contacts without an email address (#5079)
- Support SMTPUTF8 and relax email address validation to support unicode in local part (#5120)
- Support for IMAP folders that cannot contain both folders and messages (#5057)
- Update to jQuery-3.3.1
- Update to jQuery-minicolors 2.2.6
- Update to TinyMCE 4.7.13
- Remove sample PHP configuration from .htaccess and .user.ini files (#5850)
- Extend skin_logo setting to allow per skin logos (#6272)
- Use Masterminds/HTML5 parser for better HTML5 support (#5761)
- Add More actions button in Contacts toolbar with Copy/Move actions (#6081)
- Display an error when clicking disabled link to register protocol handler (#6079)
- Add option trusted_host_patterns (#6009, #5752)
- Support additional connect parameters in PostgreSQL database wrapper
- Use UI dialogs instead of confirm() and alert() where possible
- Display value of the SMTP message size limit in the error message (#6032)
- Show message flagged status in message view (#5080)
- Skip redundant INSERT query on successful logon when using PHP7
- Replace display_version with display_product_version (#5904)
- Extend disabled_actions config so it accepts also button names (#5903)
- Handle remote stylesheets the same as remote images, ask the user to allow them (#5994)
- Add Message-ID to the sendmail log (#5871)
- Add option to hide folders in share/other-user namespace or outside of the personal namespace root (#5073)
- Archive: Fix archiving by sender address on cyrus-imap
- Archive: Style Archive folder also on folder selector and folder manager lists
- Archive: Add Thunderbird compatible Month option (#5623)
- Archive: Create archive folder automatically if it's configured, but does not exist (#6076)
- Enigma: Add button to send mail unencrypted if no key was found (#5913)
- Enigma: Add options to set PGP cipher/digest algorithms (#5645)
- Enigma: Multi-host support
- Managesieve: Add ability to disable filter sets and other actions (#5496, #5898)
- Managesieve: Add option managesieve_forward to enable settings dialog for simple forwarding (#6021)
- Managesieve: Support filter action with custom IMAP flags (#6011)
- Managesieve: Support 'mime' extension tests - RFC5703 (#5832)
- Managesieve: Support GSSAPI authentication with krb_authentication plugin (#5779)
- Managesieve: Support enabling the plugin for specified hosts only (#6292)
- Password: Support host variables in password_db_dsn option (#5955)
- Password: Automatic virtualmin domain setting, removed password_virtualmin_format option (#5759)
- Password: Added password_username_format option (#5766)
- subscriptions_option: show \\Noselect folders greyed out (#5621)
- zipdownload: Added option to define size limit for multiple messages download (#5696)
- vcard_attachments: Add possibility to send contact vCard from Contacts toolbar (#6080)
- Changed defaults for smtp_user (%u), smtp_pass (%p) and smtp_port (587)
- Composer: Fix certificate validation errors by using packagist only (#5148)
- Add --get and --extract arguments and CACHEDIR env-variable support to install-jsdeps.sh (#5882)
- Support _filter and _scope as GET arguments for opening mail UI (#5825)
- Various improvements for templating engine and skin behaviours
-  - Support conditional include
-  - Support for 'link' objects
-  - Support including files with path relative to templates directory
-  - Use <button> instead of <input> for submit button on logon screen
- Support skin localization (#5853)
- Reset onerror on images if placeholder does not exist to prevent from requests storm
- Unified and simplified code for loading content frame for responses and identities
- Display contact import and advanced search in popup dialogs
- Display a dialog for mail import with supported format description and upload size hint
- Make possible to set (some) config options from a skin
- Added optional checkbox selection for the list widget
- Make 'compose' command always enabled
- Add .log suffix to all log file names, add option log_file_ext to control this (#313)
- Return "401 Unauthorized" status when login fails (#5663)
- Support both comma and semicolon as recipient separator, drop recipients_separator option (#5092)
- Plugin API: Added 'show_bytes' hook (#5001)
- Add option to not indent quoted text on top-posting reply (#5105)
- Removed global $CONFIG variable
- Removed debug_level setting
- Support AUTHENTICATE LOGIN for IMAP connections (#5563)
- Support LDAP GSSAPI authentication (#5703)
- Localized timezone selector (#4983)
- Use 7bit encoding for ISO-2022-* charsets in sent mail (#5640)
- Handle inline images also inside multipart/mixed messages (#5905)
- Allow style tags in HTML editor on composed/reply messages (#5751)
- Use Github API as a fallback to fetch js dependencies to workaround throttling issues (#6248)
- Show confirm dialog when moving folders using drag and drop (#6119)
- Fix bug where new_user_dialog email check could have been circumvented by deleting / abandoning session (#5929)
- Fix skin extending for assets (#5115)
- Fix handling of forwarded messages inside of a TNEF message (#5632)
- Fix bug where attachment size wasn't visible when the filename was too long (#6033)
- Fix checking table columns when there's more schemas/databases in postgres/mysql (#6047)
- Fix css conflicts in user interface and e-mail content (#5891)
- Fix duplicated signature when using Back button in Chrome (#5809)
- Fix touch event issue on messages list in IE/Edge (#5781)
- Fix so links over images are not removed in plain text signatures converted from HTML (#4473)
- Fix various issues when downloading files with names containing non-ascii chars, use RFC 2231 (#5772)
-
-RELEASE 1.3.8
-------------
- Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
- Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
- Enigma: Fix deleting keys with authentication subkeys (#6381)
- Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
- Fix so Classic skin splitter does not escape out of window (#6397)
- Fix XSS issue in handling invalid style tag content [CVE-2018-19206] (#6410)
- Fix compatibility with MySQL 8 - error on 'system' table use
- Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
- New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
- Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449)
- Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
- Fix multiple VCard field search (#6466)
- Fix session issue on long running requests (#6470)
-
-RELEASE 1.3.7
+RELEASE 1.2.9
 -------------
- Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244)
- Fix bug where some parts of quota information could have been ignored (#6280)
- Fix bug where some escape sequences in html styles could bypass security checks
- Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names
- Fix bug where only attachments with the same name would be ignored on zip download (#6301)
- Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299)
- Fix bug where after "mark all folders as read" action message counters were not reset (#6307)
- Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289)
- Fix bug where some HTML comments could have been malformed by HTML parser (#6333)
-
-RELEASE 1.3.6
-------------
- Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216)
- Fix PHP 7.2: count(): Parameter must be an array in enchant-based spellchecker (#6234)
- Fix possible IMAP command injection and type juggling vulnerabilities (#6229)
- Enigma: Fix key selection for signing
- Enigma: Enable keypair generation on Internet Explorer 11
- Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238)
- Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224)
+- Fix regression where IMAP commands with '*' uidset argument wasn't working

-RELEASE 1.3.5
+RELEASE 1.2.8
 -------------
- Managesieve: Fix bug where text: syntax was forced for strings longer than 1024 characters (#6143)
- Managesieve: Fix missing Save button in Edit Filter Set page of Classic skin (#6154)
- Fix duplicated labels in Test SMTP Config section (#6166)
- Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169)
- Enigma: Fix key generation in Safari by upgrade to OpenPGP 2.6.2 (#6149)
+- Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238)
+- Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)
 - Fix security issue in remote content blocking on HTML image and style tags (#6178)
- Added 9pt and 11pt to the list of font sizes in HTML editor
- Fix handling encoding of HTML tags in "inline" JSON output (#6207)
- Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212)

-RELEASE 1.3.4
-------------
- Fix bug where contacts search could skip some records (#6130)
- Fix possible information leak - add more strict sql error check on user creation (#6125)
- Fix a couple of warnings on PHP 7.2 (#6098)
- Fix broken long filenames when using imap4d server - workaround server bug (#6048)
- Fix so temp_dir misconfiguration prints an error to the log (#6045)
- Fix untagged COPYUID responses handling - again (#5982)
- Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075)
- Fix bug where Archive folder wasn't auto-created on login with create_default_folders=true
- Fix performance issue when parsing malformed and long Date header (#6087)
- Fix syntax error in mssql.initial.sql (#6097)
- Fix bug where contacts export by selection returned no more than 10 entries (#6103)
- Fix searching contacts by address in LDAP source (#6084)
- Fix X-Frame-Options:ALLOW-FROM support, remove custom click-jacking protection (#6057)
-
-RELEASE 1.3.3
+RELEASE 1.2.7
 -------------
- Fix decoding of mailto: links with + character in HTML messages (#6020)
- Fix false reporting of failed upgrade in installto.sh (#6019)
- Fix file disclosure vulnerability caused by insufficient input validation [CVE-2017-16651] (#6026)
- Fix mangled non-ASCII characters in links in HTML messages (#6028)
-
-RELEASE 1.3.2
-------------
- Fix bug where pink image was used instead of a thumbnail when image resize fails (#5933)
- Fix so files size/count limit is verified (client-side) also on drag-n-drop uploads (#5940)
- Fix invalid template loading on a message error in preview frame (#5941)
+- Fix rewind(): stream does not support seeking (#5950)
 - Fix bug where HTML messages could have been rendered empty on some systems (#5957)
- Fix wording of "Mark previewed messages as read" to "Mark messages as read" (#5952)
- Enigma: Fix decryption of messages encoded with non-ascii charset (#5962)
- Fix missing cursor in HTML editor on mail reply (#5969)
 - Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
- Fix bug where mail search could return empty result on servers without SORT capability (#5973)
- Fix bug where assets_path wasn't added to some watermark frames
- Fix so untagged COPYUID responses are also supported according to RFC6851 (#5982)
- Fix issue caused by non-default session.cookie_lifetime setting (#5961)
- Fix Edge encoding bug when pasting text into the HTML editor, update to TinyMCE 4.5.8 (#5885)
- Fix handling of unknown Content-Disposition type (#6002)
- Fix truncated folder name on messages list in multi-folder mode, for folders with non-ascii characters (#6004)
- Fix bug where removing the last subfolder did not hide toggle button on its parent record (#6007)
- Fix bug where ghost messages could be added to the list after fast delete (#5941)
-
-RELEASE 1.3.1
-------------
- Add Preferences > Mailbox View > Main Options > Layout (#5829)
- Password: Fix compatibility with PHP 7+ in cpanel_webmail driver (#5820)
- Managesieve: Fix parsing dot-staffed lines in multiline text (#5838)
- Managesieve: Fix AM/PM suffix in vacation time selectors
- Managesieve: Fix bug where 'exists' operator was reset to 'contains' (#5899)
- Remove non-printable characters from filenames on download/display (#5880)
- Fix decoding non-ascii attachment names from TNEF attachments (#5646, #5799)
- Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788)
- Fix bug where HTML messages with @media styles could moddify style of page body (#5811)
- Fix style issue on selected and unfocused message that is part of a thread (#5798)
- Fix bug where a.button style from managesieve plugin could impact other elements (#5800)
- Fix position of selected icon for (Mailvelope) Encrypt button
- Fix fatal error when using DMY- or MDY-based date format in PostgreSQL (#5808)
- Fix bug where errors were not printed when using bin/update.sh (#5834)
- Fix PHP 7.2 warnings on count() use (#5845)
- Fix bug where Chrome could not upload the same file that was selected before (#5854)
- Fix duplicate messages on the list after deleting messages on the next to the last page (#5862)
- Fix bug where messages count was not updated after delete when imap_cache is set (#5872)
- Fix potential XSS vulnerability with malformed HTML message markup
- Fix sending message with "Too many public recipients" dialog buttons (#5924)
- Bring back double-click behavior on the message list which was removed in 1.3.0 (#5823)
- Enigma: Fix decrypting an encrypted+signed message when signature verification fails (#5914)
+- Managesieve: Fix parsing dot-staffed lines in multiline text (#5838, #5959)
+- Fix file disclosure vulnerability caused by insufficient input validation [CVE-2017-16651] (#6026)

-RELEASE 1.3.0
+RELEASE 1.2.6
 -------------
- Update to TinyMCE 4.5.7
- Fix bug where invalid recipients could be silently discarded (#5739)
- Fix conflict with _gid cookie of Google Analytics (#5748)
- Print error from CLI scripts when system/exec function is disabled (#5744)
+- Don't ignore (global) userlogins/sendmail logging in per_user_logging mode
+- Enigma: Fix compatibility with assets_dir
+- Managesieve: Fix AM/PM suffix in vacation time selectors
 - Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747)
 - Fix bug where it wasn't possible to scroll folders list in Edge (#5750)
- Fix folders list sorting on Windows - if php-intl is available (#5732)
 - Fix addressbook searching by gender (#5757)
- Fix prevention from using % and * characters in folder name (#5762)
- Fix POST parameter reflection in default_charset selector (#5768)
- Enigma: Fix compatibility with assets_dir
- Managesieve: Skip redundant LISTSCRIPTS command
 - Fix SQL syntax error on MariaDB 10.2 (#5774)
- Fix bug where zipdownload ignored files with the same name (#5777)
 - Fix bug where it wasn't possible to set timezone to auto-detected value (#5782)
+- Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788)
+- Fix potential XSS vulnerability with malformed HTML message markup

-RELEASE 1.3-rc
--------------
- "Flattened" the larry theme: fresher look by removing shadows and gradients
- Support logging to php://stdout (#5721)
- Add support for DelSp=Yes in format=flowed messages (#5702)
- Update to jQuery 3.2.1
- Update to TinyMCE 4.5.6
- Plugin API: Call message_part_structure hook for sub-parts of multipart/alternative message (#5678)
- Enigma: Always use detached signatures (#5624)
- Enigma: Fix handling of messages with nested PGP encrypted parts (#5634)
- Minimize unwanted message loading in preview frame on drag (#5616)
- Fix failing database schema check in all engines except mysql (#5730)
- Fix autocomplete popup closing with click outside the input, don't handle Tab key as Enter (#5606)
- Fix jsdeps.json synchronization on update, warn about missing requirements of install-jsdeps.sh (#5598)
- Fix missing thread expand icon on search result in widescreen mode (#5613)
- Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
- Fix bug where external content in src attribute of input/video tags was not secured (#5583)
- Fix PHP error on update of a contact with multiple email addresses when using PHP 7.1 (#5587)
- Fix bug where mail content frame couldn't be reset in some corner cases (#5608)
- Fix bug where some classic skin images were not displayed in IE/Edge (#5614)
- Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628)
- Fix regression where groups with email address were resolved to its members' addresses
- Fix update of group name in the contacts list header on group rename (#5648)
- Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630)
- Fix bug where it was too easy accidentally move a folder when using the subscription checkbox (#5655)
- Managesieve: Fix parser issue with empty lines between comments (#5657)
- Managesieve: Fix possible defect in handling \r\n in scripts (#5685)
- Fix/rephrase "unsaved changes" warning when cancelling a draft (#5610)
- Fix XSS issue in handling of a style tag inside of an svg element [CVE-2017-6820]
- Fix bug where settings/upload.inc could not be used by plugins (#5694)
+RELEASE 1.2.5
+-------------
+- Fix re-positioning of the fixed header of messages list in Chrome when using minimal mode toggle and About dialog (#5711)
+- Fix so settings/upload.inc could not be used by plugins (#5694)
 - Fix regression in LDAP fuzzy search where it always used prefix search instead (#5713)
 - Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true (#5695)
- Fix undesired effects when postgres database uses different timezone than PHP host (#5708)
- Installer: Fix DB schema initialization on MS SQL Server
 - Fix bug where base_dn setting was ignored inside group_filters (#5720)
 - Password: Fix security issue in virtualmin and sasl drivers [CVE-2017-8114]

-RELEASE 1.3-beta
----------------
- Nicely handle contact deletion on contact edit (#5522)
- vcard_attachments: Add possibility to attach contact vCard to composed message (#4997)
- Preserve message internal/received date on import in mbox format (#5559)
- Zipdownload: Fix date format in mbox "From line"
- Possibility to display QR code for contacts data (#5030)
- Added identicon plugin
- Widescreen layout aka three column view (#5093)
- Unify automatic marking as \Seen in preview pane, full-page and extwin views (#5071)
- Disable double-click on the list when preview pane is on (#5199)
- Support hostname and hostname:port in force_https option (#5511)
- Support ALLOW-FROM in x_frame_options (#5122)
- Allow to omit a subject when sending an email (#5068)
- Warn about too many disclosed recipients in composed email [max_disclosed_recipients] (#5132)
- identity_select: Support Received header (#5085)
- Plugin API: Added get_compose_responses hook (#5457)
- Display error when trying to upload more files than specified in max_file_uploads (#5483)
- Add missing sql upgrade file for 'ip' column resize in session table (#5465)
- Do not show inline images of unsupported mimetype (#5463)
- Password: Added replacement variables support in password_pop_host (#5539)
- Password: Don't store passwords in temp files when using dovecotpw (#5531)
- Password: Added LDAP PPolicy driver (#5364)
- Password: Added cpanel_webmail driver (#5549)
- Password: Added possibility to nicely redirect from other plugins on password expiration (#5468)
- Implement separate action to mark all messages in a folder as \Seen (#5006)
- Implement marking as \Seen in all folders or in a folder and its subfolders (#5076)
- Archive: Don't reload messages list when it's not needed (#5225)
- Archive: Add option to automatically mark archived messages as \Seen (#5142)
- Improve randomness of password salts and random hashes (#5266)
- Password/cPanel: Add support for hash authentication and reseller accounts (#5252)
- Support host-specific imap_conn_options/smtp_conn_options/managesieve_conn_options (#5136)
- Center and scale images in attachment preview frame (#5421)
- Added max_message_size option enforced when attaching files to a composed message (#4993)
- Added Search button in quick search menus (#5312)
- Implement "one click" attachment/messages/photo upload (#5024)
- Squirrelmail_usercopy: Add option to define character set of data files
- Removed useless 'created' column from 'session' table (#5389)
- Dropped legacy browsers support (#5167)
-    - Removed legacy_browser plugin
-    - Removed hacks for IE < 10
-    - Update to jQuery 3.1.1 and jQuery-UI 1.12.0
-    - compile .min.js files with ECMASCRIPT5 option
- Require PHP >= 5.4
- Add possibility to preview and download attachments in mail compose (#5053)
- Add possibility to rename attachments in mail compose (#4996)
- Remove backward compatibility "layer" of bc.php (#4902)
- Support WEBP images in mail messages (#5362)
- Support MathML in HTML message preview (#5182)
- Rename Addressbook to Contacts (#5233)
- Remove PHP mail() support, smtp_server is required now (#5340)
- Display full message subject in onmouseover on truncated subject in mail view (#5346)
- Enigma: Support GnuPG 2.1 (#5313)
- Enigma: Support key generation for multiple identities (#5383)
- Enigma: Import keys from key-server(s) (#5286)
- Enigma: Search missing public keys on a key-server in mail compose (#5286)
- Enigma: Delete user keys when using deluser.sh script
- Enigma: Fix redundant list-secret-keys/list-public-keys calls on signing/encryption
- Enigma: Implement PGP encryption and signing in one go (#5302)
- Enigma: Display signature verification status for encrypted+signed messages (#5302)
- Display different attachment icon on encrypted messages
- Display different confirmation text when moving messages to Trash (#5220)
- Indicate that a collapsed thread has flagged children (#5013)
- Implemented message/rfc822 attachment preview
- Update to jsTimezoneDetect 1.0.6
- Managesieve: Add (optional) RAW script editor (#5414)
- Managesieve: Add option to automatically set vacation :from address (#5428)
- Managesieve: Support 'string' test from variables extension [RFC 5229] (#5248)
- Managesieve: Support 'duplicate' extension [RFC 7352]
- Managesieve: Unhide advanced rule controls if there are inputs with errors
- Managesieve: Display warning message when filter form contains errors
- Control search engine crawlers via X-Robots-Tag header instead of <meta> and robots.txt (#5098)
- Fixed redundancy in sql caching system and compatibility with Galera Cluster (#5439)
-    - Removed redundant 'created' column from cache and cache_shared tables
-    - Removed use of redundant data records
-    - Added missing primary keys (dictionary, cache, cache_shared tables)
- Fix so templating system does not mess with external (e.g. email) content (#5499)
- Fix redundant keep-alive/refresh after session error on compose page (#5500)
+RELEASE 1.2.4
+-------------
 - Managesieve: Fix handling of scripts with nested rules (#5540)
- Fix variable substitution in ldap host for some use-cases, e.g. new_user_identity (#5544)
+- Managesieve: Fix parser issue with empty lines between comments (#5657)
+- Managesieve: Fix possible defect in handling \r\n in scripts (#5685)
+- Enigma: Fix handling of messages with nested PGP encrypted parts (#5634)
 - Enigma: Fix PHP fatal error when decrypting a message with invalid signature (#5555)
+- Enigma: Fix missing require statement for Crypt_GPG_KeyGenerator (#5641)
+- Fix variable substitution in ldap host for some use-cases, e.g. new_user_identity (#5544)
 - Fix adding images to new identity signatures
 - Fix rsync error handling in installto.sh script (#5562)
 - Fix some advanced search issues with multiple addressbooks (#5572)
 - Fix so group/addressbook selection is retained on page refresh
+- Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
+- Fix bug where external content in src attribute of input/video tags was not secured (#5583)
+- Fix PHP error on update of a contact with multiple email addresses when using PHP 7.1 (#5587)
+- Fix bug where mail content frame couldn't be reset in some corner cases (#5608)
+- Fix bug where some classic skin images were not displayed in IE/Edge (#5614)
+- Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628)
+- Fix regression where groups with email address were resolved to its members' addresses
+- Fix update of group name in the contacts list header on group rename (#5648)
+- Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630)
+- Fix bug where it was too easy accidentally move a folder when using the subscription checkbox (#5655)
+- Fix XSS issue in handling of a style tag inside of an svg element (CVE-2017-6820)

 RELEASE 1.2.3
 -------------
@ -802,7 +180,7 @@ RELEASE 1.2-rc
 - Fix .htaccess rewrite rules to not block .well-known URIs (#4943)
 - Fix mail view scaling on iOS (#4915)
 - Fix PHP7 warning "session_start(): Session callback expects true/false return value" (#4948)
- Fix XSS issue in SVG images handling [CVE-2015-8864, CVE-2016-4068] (#4949)
+- Fix XSS issue in SVG images handling (#4949)
 - Fix missing language name in "Add to Dictionary" request in HTML mode (#4951)
 - Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#4958)
 - Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#4961)
@ -811,7 +189,7 @@ RELEASE 1.2-rc
 - Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966)
 - Hide DSN option in Preferences when smtp_server is not used (#4967)
 - Fix handling of body parameter in mail compose request
- Protect download urls against CSRF using unique request tokens [CVE-2016-4069] (#4957)
+- Protect download urls against CSRF using unique request tokens (#4957)
 - newmail_notifier: Refactor desktop notifications
 - Fix so contactlist_fields option can be set via config file
 - Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782)
@ -961,7 +339,7 @@ RELEASE 1.1.1
 - Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#4769)
 - Fix cursor position on reply below the quote in HTML mode (#4759)
 - Fix so "over quota" errors are displayed also in message compose page
- Fix duplicate entries suppression in autocomplete result (#4776)
+- Fix duplicate entries supression in autocomplete result (#4776)
 - Fix "Non-static method PEAR::isError() should not be called statically" errors (#4770)
 - Fix parsing invalid HTML messages with BOM after <!DOCTYPE> (#4777)
 - Fix duplicate entry on timezones list in rcube_config::timezone_name_from_abbr() (#4779)
@ -1034,7 +412,7 @@ RELEASE 1.1-beta
 - Fix restoring draft messages from localStorage if editor mode differs (#4631)
 - Added config option/user preference to disable saving messages in localStorage (#4606)
 - Added config option 'imap_log_session' to enable Roundcube <-> IMAP session ID logging
- Added config option 'log_session_id' to control the length of the session identifier in logs
+- Added config option 'log_session_id' to control the lengh of the session identifer in logs
 - Implemented 'storage_connected' API hook after successful IMAP login (#4638)
 - Intergrate Net_LDAP3 and rcube_ldap_generic classes
 - Add option (disabled_actions) to disable UI elements/actions (#4478)
@ -1347,7 +725,7 @@ RELEASE 0.9.4
 - Make identities matching case insensitive (#1881)
 - Fix issue where too big message data was stored in cache causing sql errors (#4325)
 - Fix iframe scrollbars on webkit desktop browsers (#4319)
- Fix issue where legacy config was overridden by default config (#4305)
+- Fix issue where legacy config was overriden by default config (#4305)
 - Fix newmail_notifier issue where favicon wasn't changed back to default (#4324)
 - Fix setting of Junk and NonJunk flags by markasjunk plugin (#4303)
 - Fix lack of Reply-To address in header of forwarded message body (#4314)
@ -1431,7 +809,7 @@ RELEASE 0.9.1
 - Fix so Sender: address is added to Cc: field on reply to all (#4140)
 - Fix so addressbook_search_mode works also for group search (#4183)
 - Fix removal of a contact from a group in LDAP addressbook (#4185)
- Include SQL query in the log on SQL error (#4172)
+- Inlcude SQL query in the log on SQL error (#4172)
 - Fix handling untagged responses in IMAP FETCH - "could not load message" error (#4180)
 - Fix very small window size in Chrome (#4087)
 - Fix list page reset when viewing a message in Larry skin (#4182)
@ -1718,7 +1096,7 @@ RELEASE 0.8-rc
 - Add IE8 hack for messages list issue (#3317)
 - Fix handling errors on draft auto-save
 - Fix importing vCard photo with ENCODING param specified (#3746)
- Support multiple name/email pairs for Bcc and Reply-To identity settings (#3752)
+- Support mutliple name/email pairs for Bcc and Reply-To identity settings (#3752)
 - Set flexible width to login form fields (#3735)
 - Fix re-draw bug on list columns change in IE8 (#3318)
 - Allow mass-removal of addresses from a group (#3259)
@ -2214,7 +1592,7 @@ RELEASE 0.4.1

 RELEASE 0.4
 -----------
- Fix disappearing upload form disappears when user selects a file on Safari (#2917)
+- Fix disapearing upload form disapears when user selects a file on Safari (#2917)
 - Don't replace error messages with loading info (#2534)
 - Fix JS errors on compose mode switch (#2952)
 - Fix message structure parsing when it lacks optional fields (#2960)
@ -2877,7 +2255,7 @@ RELEASE 0.1-RC2
 - Improve message compose screen (closes #1060)
 - Select next row after removing one from list (#1063)
 - Make smtp HELO/EHLO hostname configurable (#851)
- IPv6 Compatibility (#1023), Patch #1484373
+- IPv6 Compatability (#1023), Patch #1484373
 - Unlock interface when message sending fails (#1188)
 - Eval PHP code in template includes (if configured)
 - Show message when folder is empty. Mo more static text in table (#1068)
@ -2983,7 +2361,7 @@ RELEASE 0.1-RC1
 - Corrected date string in sent message header (closes #887)
 - Correclty choose "To" column in sent and draft mailboxes (closes #769)
 - Changed srong tooltips for message browse buttons (closes #757)
- Fixed signature delimiter character to be standard (Bug #830)
+- Fixed signature delimeter character to be standard (Bug #830)
 - Fixed XSS vulnerability (Bug #877)
 - Remove newlines from mail headers (Bug #827)
 - Selection issues when moving/deleting (Bug #837)
--- a/34
+++ b/34
@ -0,0 +1,34 @@
+FROM debian:8.0
+MAINTAINER Alex Brandt <alunduil@alunduil.com>
+
+EXPOSE 80 443
+
+RUN apt-get -qq update
+RUN apt-get install -qq apache2-mpm-event ca-certificates
+
+RUN sed -e 's|/var/www/html|/var/www/public_html|' -e 's@\(Log \+\)[^ ]\+@\1"|/bin/cat"@' -i /etc/apache2/sites-available/000-default.conf
+RUN a2ensite 000-default
+
+RUN sed -e 's|/var/www/html|/var/www/public_html|' -e 's@\(Log \+\)[^ ]\+@\1"|/bin/cat"@' -i /etc/apache2/sites-available/default-ssl.conf
+RUN sed -e '/SSLCertificateKeyFile/s|ssl-cert-snakeoil.key|ssl-cert.key|' -e '/SSLCertificateFile/s|ssl-cert-snakeoil.pem|ssl-cert.pem|' -i /etc/apache2/sites-available/default-ssl.conf
+RUN ln -snf ssl-cert-snakeoil.pem /etc/ssl/certs/ssl-cert.pem
+RUN ln -snf ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert.key
+RUN a2ensite default-ssl
+
+RUN a2enmod expires
+RUN a2enmod headers
+RUN a2enmod ssl
+
+RUN apt-get install -qq php5 php-pear php5-mysql php5-pgsql php5-sqlite
+RUN pear install mail_mime mail_mimedecode net_smtp net_idna2-beta auth_sasl net_sieve crypt_gpg
+
+RUN rm -rf /var/www
+ADD . /var/www
+
+RUN echo -e '<?php\n$config = array();\n' > /var/www/config/config.inc.php
+RUN rm -rf /var/www/installer
+
+RUN . /etc/apache2/envvars && chown -R ${APACHE_RUN_USER}:${APACHE_RUN_GROUP} /var/www/temp /var/www/logs
+
+ENTRYPOINT [ "/usr/sbin/apache2ctl", "-D", "FOREGROUND" ]
+CMD [ "-k", "start" ]
--- a/143
+++ b/143
@ -3,60 +3,55 @@ INTRODUCTION

 This file describes the basic steps to install Roundcube Webmail on your
 web server. For additional information, please also consult the project's
-wiki page at https://github.com/roundcube/roundcubemail/wiki
+wiki page at http://trac.roundcube.net/wiki


 REQUIREMENTS
 ============

-* An IMAP, HTTP and SMTP server
+* The Apache, Lighttpd, Cherokee or Hiawatha web server
 * .htaccess support allowing overrides for DirectoryIndex
-* PHP Version 5.4 or greater including:
-   - PCRE, DOM, JSON, Session, Sockets, OpenSSL, Mbstring, Filter, Ctype (required)
+* PHP Version 5.3.7 or greater including:
+   - PCRE, DOM, JSON, Session, Sockets, OpenSSL, Mbstring (required)
   - PHP PDO with driver for either MySQL, PostgreSQL, SQL Server, Oracle or SQLite (required)
-   - Zip, Fileinfo, Intl, Exif (recommended)
+   - Libiconv, Zip, Fileinfo, Intl, Exif (recommended)
   - LDAP for LDAP addressbook support (optional)
-   - GD, Imagick (optional thumbnails generation, QR-code)
 * PEAR and PEAR packages distributed with Roundcube or external:
   - Mail_Mime 1.10.0 or newer
-   - Net_SMTP 1.8.1 or newer
+   - Net_SMTP 1.7.1 or newer
   - Net_Socket 1.0.12 or newer
   - Net_IDNA2 0.1.1 or newer
   - Auth_SASL 1.0.6 or newer
-   - Net_Sieve 1.4.3 or newer (for managesieve plugin)
-   - Crypt_GPG 1.6.3 or newer (for enigma plugin)
-   - Endroid/QrCode 1.6.0 or newer (https://github.com/endroid/QrCode)
-   - Kolab/Net_LDAP3 1.0.6 or newer (for LDAP addressbook)
-   - Masterminds/HTML5 2.5.x (optional HTML parser)
-* php.ini options:
-   - error_reporting E_ALL & ~E_NOTICE & ~E_STRICT
-   - memory_limit > 16MB
-   - file_uploads enabled (for uploading attachments and import files)
+   - Net_Sieve 1.3.2 or newer (for managesieve plugin)
+   - Crypt_GPG 1.4.3 or newer (for enigma plugin)
+* php.ini options (see .htaccess file):
+   - error_reporting E_ALL & ~E_NOTICE (or lower)
+   - memory_limit > 16MB (increase as suitable to support large attachments)
+   - file_uploads enabled (for attachment upload features)
   - session.auto_start disabled
   - suhosin.session.encrypt disabled
   - mbstring.func_overload disabled
-   - pcre.backtrack_limit >= 100000
-* A MySQL, PostgreSQL, MS SQL Server (2005 or newer), Oracle database
-  or SQLite support in PHP - with permission to create tables
+   - magic_quotes_runtime disabled
+   - magic_quotes_sybase disabled
+   - register_globals disabled (PHP < 5.4)
+* A MySQL (4.0.8 or newer), PostgreSQL, MS SQL Server (2005 or newer), Oracle
+  database or SQLite support in PHP
+* One of the above databases with permission to create tables
+* An SMTP server (recommended) or PHP configured for mail delivery
 * Composer installed either locally or globally (https://getcomposer.org)


 INSTALLATION
 ============

-1. Decompress and put this folder somewhere inside your document root.
-  Note: Make sure files have proper owner/group for your setup. If you use
-  tar command `--no-same-owner` option might be helpful.
-2. In case you don't use the so-called "complete" release package,
-  you have to install PHP and javascript dependencies.
-  2.1. Install PHP dependencies using composer:
-    - get composer from https://getcomposer.org/download/
-    - rename the composer.json-dist file into composer.json
-    - if you want to use LDAP address books, enable the LDAP libraries in your
-      composer.json file by moving the items from "suggest" to the "require"
-      section (remove the explanation texts after the version!).
-    - run `php composer.phar install --no-dev`
-  2.2. Install Javascript dependencies by executing `bin/install-jsdeps.sh` script.
+1. Decompress and put this folder somewhere inside your document root
+2. Install dependencies using composer:
+   - get composer from https://getcomposer.org/download/
+   - rename the composer.json-dist file into composer.json
+   - if you want to use LDAP address books, enable the LDAP libraries in your
+     composer.json file by moving the items from "suggest" to the "require"
+     section (remove the explanation texts after the version!).
+   - run `php composer.phar install --no-dev`
 3. Make sure that the following directories (and the files within)
   are writable by the webserver
   - /temp
@ -65,16 +60,7 @@ INSTALLATION
 5. Point your browser to http://url-to-roundcube/installer/
 6. Follow the instructions of the install script (or see MANUAL CONFIGURATION)
 7. After creating and testing the configuration, remove the installer directory
-   ------------------------------------------
-   IMPORTANT: REMOVE THE INSTALLER DIRECTORY!
-   ------------------------------------------
-8. If you use git sources compile css files for the Elastic skin (required
-   lessc >= 1.5.0):
-   $ cd skins/elastic
-   $ lessc -x styles/styles.less > styles/styles.css
-   $ lessc -x styles/print.less > styles/print.css
-   $ lessc -x styles/embed.less > styles/embed.css
-9. Check Known Issues section of this file
+8. Check Known Issues section of this file


 CONFIGURATION HINTS
@ -83,17 +69,15 @@ CONFIGURATION HINTS
 IMPORTANT! Read all comments in defaults.inc.php, understand them
 and configure your installation to be not surprised by default behaviour.

-Roundcube writes internal errors to the 'errors.log' log file located in the logs
+Roundcube writes internal errors to the 'errors' log file located in the logs
 directory which can be configured in config/config.inc.php. If you want ordinary
-PHP errors to be logged there as well, set error_log in php.ini or .htaccess file.
+PHP errors to be logged there as well, enable the 'php_value error_log' line
+in the .htaccess file and set the path to the log file accordingly.

-Roundcube forces display_errors=Off and log_errors=On.
-
-By default the session cookie settings of PHP are not modified by Roundcube.
+By default the session_path settings of PHP are not modified by Roundcube.
 However if you want to limit the session cookies to the directory where
-Roundcube resides you can set session.cookie_path in the php.ini or .htaccess file.
-
-More about PHP settings: https://github.com/roundcube/roundcubemail/wiki/Installation#php-configuration
+Roundcube resides you can uncomment and configure the according line
+in the .htaccess file.


 DATABASE SETUP
@ -109,9 +93,9 @@ importing the table layout and granting the proper permissions to the
 roundcube user. Here is an example of that procedure:

 # mysql
-> CREATE DATABASE roundcubemail CHARACTER SET utf8 COLLATE utf8_general_ci;
-> CREATE USER roundcube@localhost IDENTIFIED BY 'password';
-> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost;
+> CREATE DATABASE roundcubemail /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
+> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost
+    IDENTIFIED BY 'password';
 > quit

 # mysql roundcubemail < SQL/mysql.initial.sql
@ -120,11 +104,6 @@ Note 1: 'password' is the master password for the roundcube user. It is strongly
 recommended you replace this with a more secure password. Please keep in
 mind: You need to specify this password later in 'config/db.inc.php'.

-Note 2: When using MySQL < 5.7.7 or MariaDB < 10.2.2 it is required to configure
-the database engine with:
-    innodb_large_prefix=true
-    innodb_file_format=Barracuda
-

 * SQLite
 --------
@ -151,7 +130,7 @@ createuser and createdb commands.
 * Microsoft SQL Server
 ----------------------
 Language/locale of the database must be set to us_english (1033). More info
-on this at https://github.com/roundcube/roundcubemail/issues/4078.
+on this at http://trac.roundcube.net/ticket/1488918.


 Database cleaning
@ -169,12 +148,12 @@ to config/config.inc.php and make the necessary adjustments according to your
 environment and your needs. More configuration options can be copied from the
 config/defaults.inc.php file into your local config.inc.php file as needed.
 Read the comments above the individual configuration options to find out what
-they do or read https://github.com/roundcube/roundcubemail/wiki/Installation
-for even more guidance.
+they do or read http://trac.roundcube.net/wiki/Howto_Install for even more
+guidance.

-The maximum size of email attachments and other file uploads is controlled by
-PHP settings: upload_max_filesize and post_max_size. Read more about PHP
-settings at https://github.com/roundcube/roundcubemail/wiki/Installation#php-configuration.
+You can also modify the default .htaccess file. This is necessary to
+increase the allowed size of file attachments, for example:
+	php_value       upload_max_filesize     2M


 SECURE YOUR INSTALLATION
@ -197,14 +176,7 @@ NOTE: In Apache 2.4, support for .htaccess files has been disabled by
 default. Therefore you first need to enable this in your Apache main or
 virtual host config by with:

-  AllowOverride all
-
-For non-apache web servers add equivalent configuration parameters to deny
-direct access to these private resources.
-
-It is also recommended to change the document root to <install path>/public_html
-after installation if Roundcube runs at root of a dedicated virtual host. This
-will automatically keep sensitive files out of reach for http requests.
+ AllowOverride all


 UPGRADING
@ -255,6 +227,11 @@ To enable these features in apache the following modules need to be enabled:
 The optimisation is already included in the .htaccess file in the top 
 directory of your installation.

+If you are using Apache version 2.2.9 and later, in the .htaccess file
+change the 'append' word to 'merge' for a more correct response. Keeping
+as 'append' shouldn't cause any problems though changing to merge will 
+eliminate the possibility of duplicate 'public' headers in Cache-control.
+
 Lighttpd:
 ---------
 With Lightty the addition of Expire: tags by mod_expire is incompatible with
@ -291,25 +268,3 @@ KNOWN ISSUES

 Installations with uw-imap server should set imap_disabled_caps = array('ESEARCH')
 in main configuration file. ESEARCH implementation in this server is broken (#1489184).
-
-PHP >= 5.6 validates the ssl certificates by default. It means that
-if IMAP/SMTP certificates are self-signed or use wrong host name you'll get
-connection errors. A solution in such cases is to set imap_conn_options,
-smtp_conn_options and managesieve_conn_options in a way described in config/defaults.inc.php.
-
-If you have problems with temp files or non-working logs make sure temp and logs folders
-are writeable to the user used by http server. Access to them may also be blocked by
-SELINUX. Here's some sample commands for SELINUX:
-
-    $ semanage fcontext -a -t httpd_sys_rw_content_t "/path_to_roundcube/logs(/.*)?"
-    $ semanage fcontext -a -t httpd_sys_rw_content_t "/path_to_roundcube/temp(/.*)?"
-    $ restorecon -Rv /path_to_roundcube/
-
-Microsoft IIS Server by default does not support WOFF fonts used in Elastic skin. It might be
-needed to add following MIME Types definitions (via web.config or IIS Manager):
-
-    .woff   application/font-woff
-    .woff2  application/font-woff2
-
-When installing on Windows be aware we're using symbolic links which may need an additional
-attention. See https://github.com/roundcube/roundcubemail/issues/7151.
--- a/README.md
+++ b/README.md
@ -1,15 +1,6 @@
 Roundcube Webmail 
 =================
-[roundcube.net](https://roundcube.net)
-
-[![Build Status](https://api.travis-ci.org/roundcube/roundcubemail.svg?branch=master)](https://travis-ci.org/roundcube/roundcubemail)
-
-ATTENTION
---------
-This is just a snapshot from the GIT repository and is **NOT A STABLE
-version of Roundcube**. It's not recommended to replace an existing installation
-of Roundcube with this version. Also using a separate database for this
-installation is highly recommended.
+[roundcube.net](http://roundcube.net)


 INTRODUCTION
@ -19,11 +10,17 @@ application-like user interface. It provides full functionality you expect
 from an email client, including MIME support, address book, folder management,
 message searching and spell checking. Roundcube Webmail is written in PHP and
 requires the MySQL, PostgreSQL or SQLite database. With its plugin API it is
-easily extendable and the user interface is fully customizable using skins.
+easily extendable and the user interface is fully customizable using skins
+which are pure XHTML and CSS 2.
+
+The code is mainly written in PHP and is designed to run on a webserver.
+It includes other open-source classes/libraries from [PEAR][pear],
+an IMAP library derived from [IlohaMail][iloha] the [TinyMCE][tinymce] rich
+text editor, [Googiespell][googiespell] library for spell checking or
+the [WASHTML][washtml] sanitizer by Frederic Motte.

-The code designed to run on a webserver is mainly written in PHP and Javascript.
-It includes a custom framework with an IMAP library derived from [IlohaMail][iloha]
-and requires a set of external libraries (see composer.json and jsdeps.json files).
+The current default skin 'Larry' was kindly created by FLINT / Büro für
+Gestaltung, Berne, Switzerland.


 INSTALLATION
@ -35,19 +32,6 @@ If you're updating an older version of Roundcube please follow the steps
 described in the UPGRADING file.


-BROWSER SUPPORT
---------------
-Roundcube uses jQuery 3.x for its client and therefore inherits the browser
-support from there. This currently includes:
-
- Chrome: (Current - 1) and Current
- Edge: (Current - 1) and Current
- Firefox: (Current - 1) and Current, ESR
- Internet Explorer: 9+ (11+ for the Elastic skin)
- Safari: (Current - 1) and Current
- Opera: Current
-
-
 LICENSE
 -------
 This program is free software: you can redistribute it and/or modify
@ -96,9 +80,14 @@ You're always welcome to send a message to the project admin:
 hello(at)roundcube(dot)net


-[iloha]:        https://sourceforge.net/projects/ilohamail/
-[gpl]:          https://www.gnu.org/licenses/
-[license]:      https://roundcube.net/license
-[contrib]:      https://roundcube.net/contribute
-[support]:      https://roundcube.net/support
-[githubissues]: https://github.com/roundcube/roundcubemail/issues
+[pear]:         http://pear.php.net
+[iloha]:        http://sourceforge.net/projects/ilohamail/
+[tinymce]:      http://www.tinymce.com/
+[googiespell]:  http://orangoo.com/labs/GoogieSpell/
+[washtml]:      http://www.ubixis.com/washtml/
+[kmgerich]:     http://kmgerich.com/
+[gpl]:          http://www.gnu.org/licenses/
+[license]:      http://roundcube.net/license
+[contrib]:      http://roundcube.net/contribute
+[support]:      http://roundcube.net/support
+[githubissues]: https://github.com/roundcube/roundcubemail/issues
--- a/SQL/mssql.initial.sql
+++ b/SQL/mssql.initial.sql
@ -1,13 +1,15 @@
 CREATE TABLE [dbo].[cache] (
 	[user_id] [int] NOT NULL ,
-	[cache_key] [varchar] (128) COLLATE Latin1_General_CS_AS NOT NULL ,
+	[cache_key] [varchar] (128) COLLATE Latin1_General_CI_AI NOT NULL ,
+	[created] [datetime] NOT NULL ,
 	[expires] [datetime] NULL ,
 	[data] [text] COLLATE Latin1_General_CI_AI NOT NULL 
 ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
 GO

 CREATE TABLE [dbo].[cache_shared] (
-	[cache_key] [varchar] (255) COLLATE Latin1_General_CS_AS NOT NULL ,
+	[cache_key] [varchar] (255) COLLATE Latin1_General_CI_AI NOT NULL ,
+	[created] [datetime] NOT NULL ,
 	[expires] [datetime] NULL ,
 	[data] [text] COLLATE Latin1_General_CI_AI NOT NULL 
 ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
@ -15,7 +17,7 @@ GO

 CREATE TABLE [dbo].[cache_index] (
 	[user_id] [int] NOT NULL ,
-	[mailbox] [varchar] (128) COLLATE Latin1_General_CS_AS NOT NULL ,
+	[mailbox] [varchar] (128) COLLATE Latin1_General_CI_AI NOT NULL ,
 	[expires] [datetime] NULL ,
 	[valid] [char] (1) COLLATE Latin1_General_CI_AI NOT NULL ,
 	[data] [text] COLLATE Latin1_General_CI_AI NOT NULL 
@ -24,7 +26,7 @@ GO

 CREATE TABLE [dbo].[cache_thread] (
 	[user_id] [int] NOT NULL ,
-	[mailbox] [varchar] (128) COLLATE Latin1_General_CS_AS NOT NULL ,
+	[mailbox] [varchar] (128) COLLATE Latin1_General_CI_AI NOT NULL ,
 	[expires] [datetime] NULL ,
 	[data] [text] COLLATE Latin1_General_CI_AI NOT NULL 
 ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
@ -32,7 +34,7 @@ GO

 CREATE TABLE [dbo].[cache_messages] (
 	[user_id] [int] NOT NULL ,
-	[mailbox] [varchar] (128) COLLATE Latin1_General_CS_AS NOT NULL ,
+	[mailbox] [varchar] (128) COLLATE Latin1_General_CI_AI NOT NULL ,
 	[uid] [int] NOT NULL ,
 	[expires] [datetime] NULL ,
 	[data] [text] COLLATE Latin1_General_CI_AI NOT NULL ,
@ -88,6 +90,7 @@ GO

 CREATE TABLE [dbo].[session] (
 	[sess_id] [varchar] (128) COLLATE Latin1_General_CI_AI NOT NULL ,
+	[created] [datetime] NOT NULL ,
 	[changed] [datetime] NULL ,
 	[ip] [varchar] (40) COLLATE Latin1_General_CI_AI NOT NULL ,
 	[vars] [text] COLLATE Latin1_General_CI_AI NOT NULL 
@ -96,20 +99,20 @@ GO

 CREATE TABLE [dbo].[users] (
 	[user_id] [int] IDENTITY (1, 1) NOT NULL ,
-	[username] [varchar] (128) COLLATE Latin1_General_CS_AS NOT NULL ,
+	[username] [varchar] (128) COLLATE Latin1_General_CI_AI NOT NULL ,
 	[mail_host] [varchar] (128) COLLATE Latin1_General_CI_AI NOT NULL ,
 	[created] [datetime] NOT NULL ,
 	[last_login] [datetime] NULL ,
 	[failed_login] [datetime] NULL ,
 	[failed_login_counter] [int] NULL ,
-	[language] [varchar] (16) COLLATE Latin1_General_CI_AI NULL ,
+	[language] [varchar] (5) COLLATE Latin1_General_CI_AI NULL ,
 	[preferences] [text] COLLATE Latin1_General_CI_AI NULL 
 ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
 GO

 CREATE TABLE [dbo].[dictionary] (
 	[user_id] [int] ,
-	[language] [varchar] (16) COLLATE Latin1_General_CI_AI NOT NULL ,
+	[language] [varchar] (5) COLLATE Latin1_General_CI_AI NOT NULL ,
 	[data] [text] COLLATE Latin1_General_CI_AI NOT NULL 
 ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
 GO
@ -123,36 +126,12 @@ CREATE TABLE [dbo].[searches] (
 ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
 GO

-CREATE TABLE [dbo].[filestore] (
-	[file_id] [int] IDENTITY (1, 1) NOT NULL ,
-	[user_id] [int] NOT NULL ,
-	[context] [varchar] (32) COLLATE Latin1_General_CI_AI NOT NULL ,
-	[filename] [varchar] (128) COLLATE Latin1_General_CI_AI NOT NULL ,
-	[mtime] [int] NOT NULL ,
-	[data] [text] COLLATE Latin1_General_CI_AI NULL ,
-) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
-GO
-
 CREATE TABLE [dbo].[system] (
 	[name] [varchar] (64) COLLATE Latin1_General_CI_AI NOT NULL ,
 	[value] [text] COLLATE Latin1_General_CI_AI NOT NULL 
 ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
 GO

-ALTER TABLE [dbo].[cache] WITH NOCHECK ADD 
-	 PRIMARY KEY CLUSTERED 
-	(
-		[user_id],[cache_key]
-	) ON [PRIMARY] 
-GO
-
-ALTER TABLE [dbo].[cache_shared] WITH NOCHECK ADD 
-	 PRIMARY KEY CLUSTERED 
-	(
-		[cache_key]
-	) ON [PRIMARY] 
-GO
-
 ALTER TABLE [dbo].[cache_index] WITH NOCHECK ADD 
 	 PRIMARY KEY CLUSTERED 
 	(
@ -223,13 +202,6 @@ ALTER TABLE [dbo].[searches] WITH NOCHECK ADD
 	) ON [PRIMARY] 
 GO

-ALTER TABLE [dbo].[filestore] WITH NOCHECK ADD 
-	CONSTRAINT [PK_filestore_file_id] PRIMARY KEY  CLUSTERED 
-	(
-		[file_id]
-	) ON [PRIMARY] 
-GO
-
 ALTER TABLE [dbo].[system] WITH NOCHECK ADD 
 	CONSTRAINT [PK_system_name] PRIMARY KEY CLUSTERED 
 	(
@ -239,7 +211,12 @@ GO

 ALTER TABLE [dbo].[cache] ADD 
 	CONSTRAINT [DF_cache_user_id] DEFAULT ('0') FOR [user_id],
-	CONSTRAINT [DF_cache_cache_key] DEFAULT ('') FOR [cache_key]
+	CONSTRAINT [DF_cache_cache_key] DEFAULT ('') FOR [cache_key],
+	CONSTRAINT [DF_cache_created] DEFAULT (getdate()) FOR [created]
+GO
+
+ALTER TABLE [dbo].[cache_shared] ADD 
+	CONSTRAINT [DF_cache_shared_created] DEFAULT (getdate()) FOR [created]
 GO

 ALTER TABLE [dbo].[cache_index] ADD 
@ -250,6 +227,12 @@ ALTER TABLE [dbo].[cache_messages] ADD
 	CONSTRAINT [DF_cache_messages_flags] DEFAULT (0) FOR [flags]
 GO

+CREATE INDEX [IX_cache_user_id] ON [dbo].[cache]([user_id]) ON [PRIMARY]
+GO
+
+CREATE INDEX [IX_cache_cache_key] ON [dbo].[cache]([cache_key]) ON [PRIMARY]
+GO
+
 CREATE INDEX [IX_cache_shared_cache_key] ON [dbo].[cache_shared]([cache_key]) ON [PRIMARY]
 GO

@ -332,15 +315,13 @@ GO

 ALTER TABLE [dbo].[session] ADD 
 	CONSTRAINT [DF_session_sess_id] DEFAULT ('') FOR [sess_id],
+	CONSTRAINT [DF_session_created] DEFAULT (getdate()) FOR [created],
 	CONSTRAINT [DF_session_ip] DEFAULT ('') FOR [ip]
 GO

 CREATE INDEX [IX_session_changed] ON [dbo].[session]([changed]) ON [PRIMARY]
 GO

-CREATE INDEX [IX_filestore_user_id] ON [dbo].[filestore]([user_id]) ON [PRIMARY]
-GO
-
 ALTER TABLE [dbo].[users] ADD 
 	CONSTRAINT [DF_users_username] DEFAULT ('') FOR [username],
 	CONSTRAINT [DF_users_mail_host] DEFAULT ('') FOR [mail_host],
@ -361,9 +342,6 @@ GO
 CREATE UNIQUE INDEX [IX_searches_user_type_name] ON [dbo].[searches]([user_id],[type],[name]) ON [PRIMARY]
 GO

-CREATE UNIQUE INDEX [IX_filestore_user_id_context_filename] ON [dbo].[filestore]([user_id],[context],[filename]) ON [PRIMARY]
-GO
-
 ALTER TABLE [dbo].[identities] ADD CONSTRAINT [FK_identities_user_id] 
    FOREIGN KEY ([user_id]) REFERENCES [dbo].[users] ([user_id])
    ON DELETE CASCADE ON UPDATE CASCADE
@ -409,11 +387,6 @@ ALTER TABLE [dbo].[searches] ADD CONSTRAINT [FK_searches_user_id]
    ON DELETE CASCADE ON UPDATE CASCADE
 GO

-ALTER TABLE [dbo].[filestore] ADD CONSTRAINT [FK_filestore_user_id]
-    FOREIGN KEY ([user_id]) REFERENCES [dbo].[users] ([user_id])
-    ON DELETE CASCADE ON UPDATE CASCADE
-GO
-
 -- Use trigger instead of foreign key (#1487112)
 -- "Introducing FOREIGN KEY constraint ... may cause cycles or multiple cascade paths."
 CREATE TRIGGER [contact_delete_member] ON [dbo].[contacts]
@ -422,6 +395,6 @@ CREATE TRIGGER [contact_delete_member] ON [dbo].[contacts]
    WHERE [contact_id] IN (SELECT [contact_id] FROM deleted)
 GO

-INSERT INTO [dbo].[system] ([name], [value]) VALUES ('roundcube-version', '2020020101')
+INSERT INTO [dbo].[system] ([name], [value]) VALUES ('roundcube-version', '2015111100')
 GO

--- a/SQL/mssql/2016081200.sql
+++ b/SQL/mssql/2016081200.sql
@ -1,2 +0,0 @@
-ALTER TABLE [dbo].[session] DROP COLUMN [created]
-GO
--- a/SQL/mssql/2016100900.sql
+++ b/SQL/mssql/2016100900.sql
@ -1,2 +0,0 @@
-ALTER TABLE [dbo].[session] ALTER COLUMN [ip] [varchar] (40) COLLATE Latin1_General_CI_AI NOT NULL
-GO
--- a/SQL/mssql/2016112200.sql
+++ b/SQL/mssql/2016112200.sql
@ -1,36 +0,0 @@
-DROP TABLE [dbo].[cache]
-GO
-DROP TABLE [dbo].[cache_shared]
-GO
-
-CREATE TABLE [dbo].[cache] (
-  [user_id] [int] NOT NULL ,
-  [cache_key] [varchar] (128) COLLATE Latin1_General_CI_AI NOT NULL ,
-  [expires] [datetime] NULL ,
-  [data] [text] COLLATE Latin1_General_CI_AI NOT NULL 
-) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
-GO
-CREATE TABLE [dbo].[cache_shared] (
-  [cache_key] [varchar] (255) COLLATE Latin1_General_CI_AI NOT NULL ,
-  [expires] [datetime] NULL ,
-  [data] [text] COLLATE Latin1_General_CI_AI NOT NULL
-) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
-GO
-ALTER TABLE [dbo].[cache] ADD
-  CONSTRAINT [DF_cache_user_id] DEFAULT ('0') FOR [user_id],
-  CONSTRAINT [DF_cache_cache_key] DEFAULT ('') FOR [cache_key],
-GO
-CREATE INDEX [IX_cache_expires] ON [dbo].[cache]([expires]) ON [PRIMARY]
-GO
-CREATE INDEX [IX_cache_shared_expires] ON [dbo].[cache_shared]([expires]) ON [PRIMARY]
-GO
-ALTER TABLE [dbo].[cache] WITH NOCHECK ADD
-  PRIMARY KEY CLUSTERED (
-    [user_id],[cache_key]
-  ) ON [PRIMARY]
-GO
-ALTER TABLE [dbo].[cache_shared] WITH NOCHECK ADD
-  PRIMARY KEY CLUSTERED (
-    [cache_key]
-  ) ON [PRIMARY]
-GO
--- a/SQL/mssql/2018021600.sql
+++ b/SQL/mssql/2018021600.sql
@ -1,24 +0,0 @@
-CREATE TABLE [dbo].[filestore] (
-	[file_id] [int] IDENTITY (1, 1) NOT NULL ,
-	[user_id] [int] NOT NULL ,
-	[filename] [varchar] (128) COLLATE Latin1_General_CI_AI NOT NULL ,
-	[mtime] [int] NOT NULL ,
-	[data] [text] COLLATE Latin1_General_CI_AI NULL ,
-) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
-GO
-
-ALTER TABLE [dbo].[filestore] WITH NOCHECK ADD 
-	CONSTRAINT [PK_filestore_file_id] PRIMARY KEY  CLUSTERED 
-	(
-		[file_id]
-	) ON [PRIMARY] 
-GO
-
-CREATE INDEX [IX_filestore_user_id] ON [dbo].[filestore]([user_id]) ON [PRIMARY]
-GO
-
-ALTER TABLE [dbo].[filestore] ADD CONSTRAINT [FK_filestore_user_id]
-    FOREIGN KEY ([user_id]) REFERENCES [dbo].[users] ([user_id])
-    ON DELETE CASCADE ON UPDATE CASCADE
-GO
-
--- a/SQL/mssql/2018122300.sql
+++ b/SQL/mssql/2018122300.sql
@ -1,9 +0,0 @@
-ALTER TABLE [dbo].[filestore] ADD COLUMN [context] [varchar] (32) COLLATE Latin1_General_CI_AI NOT NULL
-GO
-
-UPDATE [dbo].[filestore] SET [dbo].[context] = 'enigma'
-GO
-
-CREATE UNIQUE INDEX [IX_filestore_user_id_context_filename] ON [dbo].[filestore]([user_id],[context],[filename]) ON [PRIMARY]
-GO
-
--- a/SQL/mssql/2019092900.sql
+++ b/SQL/mssql/2019092900.sql
@ -1,18 +0,0 @@
-ALTER TABLE [dbo].[cache] ALTER COLUMN
-	[cache_key] [varchar] (128) COLLATE Latin1_General_CS_AS NOT NULL
-GO
-ALTER TABLE [dbo].[cache_shared] ALTER COLUMN
-	[cache_key] [varchar] (255) COLLATE Latin1_General_CS_AS NOT NULL
-GO
-ALTER TABLE [dbo].[cache_index] ALTER COLUMN
-	[mailbox] [varchar] (128) COLLATE Latin1_General_CS_AS NOT NULL
-GO
-ALTER TABLE [dbo].[cache_messages] ALTER COLUMN
-	[mailbox] [varchar] (128) COLLATE Latin1_General_CS_AS NOT NULL
-GO
-ALTER TABLE [dbo].[cache_thread] ALTER COLUMN
-	[mailbox] [varchar] (128) COLLATE Latin1_General_CS_AS NOT NULL
-GO
-ALTER TABLE [dbo].[users] ALTER COLUMN
-	[username] [varchar] (128) COLLATE Latin1_General_CS_AS NOT NULL
-GO
--- a/SQL/mssql/2020020100.sql
+++ b/SQL/mssql/2020020100.sql
@ -1,4 +0,0 @@
-ALTER TABLE [dbo].[users] ALTER COLUMN [language] [varchar] (16) COLLATE Latin1_General_CI_AI NULL
-GO
-ALTER TABLE [dbo].[dictionary] ALTER COLUMN [language] [varchar] (16) COLLATE Latin1_General_CI_AI NOT NULL
-GO
--- a/SQL/mysql.initial.sql
+++ b/SQL/mysql.initial.sql
@ -7,12 +7,13 @@

 CREATE TABLE `session` (
 `sess_id` varchar(128) NOT NULL,
+ `created` datetime NOT NULL DEFAULT '1000-01-01 00:00:00',
 `changed` datetime NOT NULL DEFAULT '1000-01-01 00:00:00',
 `ip` varchar(40) NOT NULL,
 `vars` mediumtext NOT NULL,
 PRIMARY KEY(`sess_id`),
 INDEX `changed_index` (`changed`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;
+) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;


 -- Table structure for table `users`
@ -25,36 +26,38 @@ CREATE TABLE `users` (
 `last_login` datetime DEFAULT NULL,
 `failed_login` datetime DEFAULT NULL,
 `failed_login_counter` int(10) UNSIGNED DEFAULT NULL,
- `language` varchar(16),
+ `language` varchar(5),
 `preferences` longtext,
 PRIMARY KEY(`user_id`),
 UNIQUE `username` (`username`, `mail_host`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;
+) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;


 -- Table structure for table `cache`

 CREATE TABLE `cache` (
 `user_id` int(10) UNSIGNED NOT NULL,
- `cache_key` varchar(128) BINARY NOT NULL,
+ `cache_key` varchar(128) /*!40101 CHARACTER SET ascii COLLATE ascii_general_ci */ NOT NULL,
+ `created` datetime NOT NULL DEFAULT '1000-01-01 00:00:00',
 `expires` datetime DEFAULT NULL,
 `data` longtext NOT NULL,
- PRIMARY KEY (`user_id`, `cache_key`),
 CONSTRAINT `user_id_fk_cache` FOREIGN KEY (`user_id`)
   REFERENCES `users`(`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
- INDEX `expires_index` (`expires`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;
+ INDEX `expires_index` (`expires`),
+ INDEX `user_cache_index` (`user_id`,`cache_key`)
+) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;


 -- Table structure for table `cache_shared`

 CREATE TABLE `cache_shared` (
- `cache_key` varchar(255) BINARY NOT NULL,
+ `cache_key` varchar(255) /*!40101 CHARACTER SET ascii COLLATE ascii_general_ci */ NOT NULL,
+ `created` datetime NOT NULL DEFAULT '1000-01-01 00:00:00',
 `expires` datetime DEFAULT NULL,
 `data` longtext NOT NULL,
- PRIMARY KEY (`cache_key`),
- INDEX `expires_index` (`expires`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;
+ INDEX `expires_index` (`expires`),
+ INDEX `cache_key_index` (`cache_key`)
+) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;


 -- Table structure for table `cache_index`
@ -69,7 +72,7 @@ CREATE TABLE `cache_index` (
   REFERENCES `users`(`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
 INDEX `expires_index` (`expires`),
 PRIMARY KEY (`user_id`, `mailbox`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;
+) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;


 -- Table structure for table `cache_thread`
@ -83,7 +86,7 @@ CREATE TABLE `cache_thread` (
   REFERENCES `users`(`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
 INDEX `expires_index` (`expires`),
 PRIMARY KEY (`user_id`, `mailbox`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;
+) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;


 -- Table structure for table `cache_messages`
@ -99,7 +102,7 @@ CREATE TABLE `cache_messages` (
   REFERENCES `users`(`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
 INDEX `expires_index` (`expires`),
 PRIMARY KEY (`user_id`, `mailbox`, `uid`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;
+) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;


 -- Table structure for table `contacts`
@ -119,7 +122,7 @@ CREATE TABLE `contacts` (
 CONSTRAINT `user_id_fk_contacts` FOREIGN KEY (`user_id`)
   REFERENCES `users`(`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
 INDEX `user_contacts_index` (`user_id`,`del`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;
+) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;

 -- Table structure for table `contactgroups`

@ -133,7 +136,7 @@ CREATE TABLE `contactgroups` (
  CONSTRAINT `user_id_fk_contactgroups` FOREIGN KEY (`user_id`)
    REFERENCES `users`(`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
  INDEX `contactgroups_user_index` (`user_id`,`del`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;
+) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;

 CREATE TABLE `contactgroupmembers` (
  `contactgroup_id` int(10) UNSIGNED NOT NULL,
@ -168,20 +171,19 @@ CREATE TABLE `identities` (
   REFERENCES `users`(`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
 INDEX `user_identities_index` (`user_id`, `del`),
 INDEX `email_identities_index` (`email`, `del`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;
+) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;


 -- Table structure for table `dictionary`

 CREATE TABLE `dictionary` (
-  `id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, -- redundant, for compat. with Galera Cluster
-  `user_id` int(10) UNSIGNED DEFAULT NULL, -- NULL here is for "shared dictionaries"
-  `language` varchar(16) NOT NULL,
+  `user_id` int(10) UNSIGNED DEFAULT NULL,
+  `language` varchar(5) NOT NULL,
  `data` longtext NOT NULL,
  CONSTRAINT `user_id_fk_dictionary` FOREIGN KEY (`user_id`)
    REFERENCES `users`(`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
  UNIQUE `uniqueness` (`user_id`, `language`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;
+) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;


 -- Table structure for table `searches`
@ -196,22 +198,8 @@ CREATE TABLE `searches` (
 CONSTRAINT `user_id_fk_searches` FOREIGN KEY (`user_id`)
   REFERENCES `users`(`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
 UNIQUE `uniqueness` (`user_id`, `type`, `name`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;
-
-- Table structure for table `filestore`
+) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;

-CREATE TABLE `filestore` (
- `file_id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
- `user_id` int(10) UNSIGNED NOT NULL,
- `context` varchar(32) NOT NULL,
- `filename` varchar(128) NOT NULL,
- `mtime` int(10) NOT NULL,
- `data` longtext NOT NULL,
- PRIMARY KEY (`file_id`),
- CONSTRAINT `user_id_fk_filestore` FOREIGN KEY (`user_id`)
-   REFERENCES `users` (`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
- UNIQUE `uniqueness` (`user_id`, `context`, `filename`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;

 -- Table structure for table `system`

@ -219,8 +207,8 @@ CREATE TABLE `system` (
 `name` varchar(64) NOT NULL,
 `value` mediumtext,
 PRIMARY KEY(`name`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;
+) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;

 /*!40014 SET FOREIGN_KEY_CHECKS=1 */;

-INSERT INTO `system` (`name`, `value`) VALUES ('roundcube-version', '2020020101');
+INSERT INTO system (name, value) VALUES ('roundcube-version', '2015111100');
--- a/SQL/mysql/2016081200.sql
+++ b/SQL/mysql/2016081200.sql
@ -1 +0,0 @@
-ALTER TABLE `session` DROP COLUMN `created`;
--- a/SQL/mysql/2016100900.sql
+++ b/SQL/mysql/2016100900.sql
@ -1 +0,0 @@
-ALTER TABLE `session` MODIFY `ip` varchar(40) NOT NULL;
--- a/SQL/mysql/2016112200.sql
+++ b/SQL/mysql/2016112200.sql
@ -1,24 +0,0 @@
-ALTER TABLE `dictionary` ADD COLUMN `id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST; -- redundant, for compat. with Galera Cluster
-
-DROP TABLE `cache`;
-DROP TABLE `cache_shared`;
-
-CREATE TABLE `cache` (
- `user_id` int(10) UNSIGNED NOT NULL,
- `cache_key` varchar(128) /*!40101 CHARACTER SET ascii COLLATE ascii_general_ci */ NOT NULL,
- `expires` datetime DEFAULT NULL,
- `data` longtext NOT NULL,
- PRIMARY KEY (`user_id`, `cache_key`),
- CONSTRAINT `user_id_fk_cache` FOREIGN KEY (`user_id`)
-   REFERENCES `users`(`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
- INDEX `expires_index` (`expires`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
-
-
-CREATE TABLE `cache_shared` (
- `cache_key` varchar(255) /*!40101 CHARACTER SET ascii COLLATE ascii_general_ci */ NOT NULL,
- `expires` datetime DEFAULT NULL,
- `data` longtext NOT NULL,
- PRIMARY KEY (`cache_key`),
- INDEX `expires_index` (`expires`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
--- a/SQL/mysql/2018021600.sql
+++ b/SQL/mysql/2018021600.sql
@ -1,11 +0,0 @@
-CREATE TABLE `filestore` (
-    `file_id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
-    `user_id` int(10) UNSIGNED NOT NULL,
-    `filename` varchar(128) NOT NULL,
-    `mtime` int(10) NOT NULL,
-    `data` longtext NOT NULL,
-    PRIMARY KEY (`file_id`),
-    CONSTRAINT `user_id_fk_filestore` FOREIGN KEY (`user_id`)
-        REFERENCES `users` (`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
-    UNIQUE `uniqueness` (`user_id`, `filename`)
-) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
--- a/SQL/mysql/2018122300.sql
+++ b/SQL/mysql/2018122300.sql
@ -1,7 +0,0 @@
-ALTER TABLE `filestore` ADD COLUMN `context` varchar(32) NOT NULL;
-UPDATE `filestore` SET `context` = 'enigma';
-ALTER TABLE `filestore` DROP FOREIGN KEY `user_id_fk_filestore`;
-ALTER TABLE `filestore` DROP INDEX `uniqueness`;
-ALTER TABLE `filestore` ADD UNIQUE INDEX `uniqueness` (`user_id`, `context`, `filename`);
-ALTER TABLE `filestore` ADD CONSTRAINT `user_id_fk_filestore` FOREIGN KEY (`user_id`)
-    REFERENCES `users` (`user_id`) ON DELETE CASCADE ON UPDATE CASCADE;
--- a/SQL/mysql/2019092900.sql
+++ b/SQL/mysql/2019092900.sql
@ -1,2 +0,0 @@
-ALTER TABLE `cache` CHANGE `cache_key` `cache_key` varchar(128) BINARY NOT NULL;
-ALTER TABLE `cache_shared` CHANGE `cache_key` `cache_key` varchar(255) BINARY NOT NULL;
--- a/SQL/mysql/2020020100.sql
+++ b/SQL/mysql/2020020100.sql
@ -1,2 +0,0 @@
-ALTER TABLE `users` MODIFY `language` varchar(16);
-ALTER TABLE `dictionary` MODIFY `language` varchar(16) NOT NULL;
--- a/SQL/mysql/2020020101.sql
+++ b/SQL/mysql/2020020101.sql
@ -1,21 +0,0 @@
-ALTER TABLE `session` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-ALTER TABLE `users` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-ALTER TABLE `cache` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-ALTER TABLE `cache_shared` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-ALTER TABLE `cache_index` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-ALTER TABLE `cache_thread` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-ALTER TABLE `cache_messages` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-ALTER TABLE `contacts` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-ALTER TABLE `contactgroups` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-ALTER TABLE `identities` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-ALTER TABLE `dictionary` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-ALTER TABLE `searches` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-ALTER TABLE `filestore` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-ALTER TABLE `system` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-
-ALTER TABLE `users` CHANGE `username` `username` varchar(128) BINARY NOT NULL;
-ALTER TABLE `cache` CHANGE `cache_key` `cache_key` varchar(128) BINARY NOT NULL;
-ALTER TABLE `cache_shared` CHANGE `cache_key` `cache_key` varchar(255) BINARY NOT NULL;
-ALTER TABLE `cache_index` CHANGE `mailbox` `mailbox` varchar(255) BINARY NOT NULL;
-ALTER TABLE `cache_thread` CHANGE `mailbox` `mailbox` varchar(255) BINARY NOT NULL;
-ALTER TABLE `cache_messages` CHANGE `mailbox` `mailbox` varchar(255) BINARY NOT NULL;
--- a/SQL/oracle.initial.sql
+++ b/SQL/oracle.initial.sql
@ -9,7 +9,7 @@ CREATE TABLE "users" (
    "last_login" timestamp with time zone DEFAULT NULL,
    "failed_login" timestamp with time zone DEFAULT NULL,
    "failed_login_counter" integer DEFAULT NULL,
-    "language" varchar(16),
+    "language" varchar(5),
    "preferences" long DEFAULT NULL,
    CONSTRAINT "users_username_key" UNIQUE ("username", "mail_host")
 );
@ -26,6 +26,7 @@ END;

 CREATE TABLE "session" (
    "sess_id" varchar(128) NOT NULL PRIMARY KEY,
+    "created" timestamp with time zone DEFAULT current_timestamp NOT NULL,
    "changed" timestamp with time zone DEFAULT current_timestamp NOT NULL,
    "ip" varchar(41) NOT NULL,
    "vars" long NOT NULL
@ -126,21 +127,23 @@ CREATE TABLE "cache" (
    "user_id" integer NOT NULL
        REFERENCES "users" ("user_id") ON DELETE CASCADE,
    "cache_key" varchar(128) NOT NULL,
+    "created" timestamp with time zone DEFAULT current_timestamp NOT NULL,
    "expires" timestamp with time zone DEFAULT NULL,
-    "data" long NOT NULL,
-    PRIMARY KEY ("user_id", "cache_key")
+    "data" long NOT NULL
 );

+CREATE INDEX "cache_user_id_idx" ON "cache" ("user_id", "cache_key");
 CREATE INDEX "cache_expires_idx" ON "cache" ("expires");


 CREATE TABLE "cache_shared" (
    "cache_key" varchar(255) NOT NULL,
+    "created" timestamp with time zone DEFAULT current_timestamp NOT NULL,
    "expires" timestamp with time zone DEFAULT NULL,
-    "data" long NOT NULL,
-    PRIMARY KEY ("cache_key")
+    "data" long NOT NULL
 );

+CREATE INDEX "cache_shared_cache_key_idx" ON "cache_shared" ("cache_key");
 CREATE INDEX "cache_shared_expires_idx" ON "cache_shared" ("expires");


@ -186,7 +189,7 @@ CREATE INDEX "cache_messages_expires_idx" ON "cache_messages" ("expires");
 CREATE TABLE "dictionary" (
    "user_id" integer DEFAULT NULL
        REFERENCES "users" ("user_id") ON DELETE CASCADE,
-    "language" varchar(16) NOT NULL,
+    "language" varchar(5) NOT NULL,
    "data" long DEFAULT NULL,
    CONSTRAINT "dictionary_user_id_lang_key" UNIQUE ("user_id", "language")
 );
@ -212,30 +215,9 @@ BEGIN
 END;
 /

-CREATE TABLE "filestore" (
-    "file_id" integer PRIMARY KEY,
-    "user_id" integer NOT NULL
-        REFERENCES "users" ("user_id") ON DELETE CASCADE ON UPDATE CASCADE,
-    "context" varchar(32) NOT NULL,
-    "filename" varchar(128) NOT NULL,
-    "mtime" integer NOT NULL,
-    "data" long,
-    CONSTRAINT "filestore_user_id_key" UNIQUE ("user_id", "context", "filename")
-);
-
-CREATE SEQUENCE "filestore_seq"
-    START WITH 1 INCREMENT BY 1 NOMAXVALUE;
-
-CREATE TRIGGER "filestore_seq_trig"
-BEFORE INSERT ON "filestore" FOR EACH ROW
-BEGIN
-    :NEW."user_id" := "filestore_seq".nextval;
-END;
-/
-
 CREATE TABLE "system" (
    "name" varchar(64) NOT NULL PRIMARY KEY,
    "value" long
 );

-INSERT INTO "system" ("name", "value") VALUES ('roundcube-version', '2020020101');
+INSERT INTO "system" ("name", "value") VALUES ('roundcube-version', '2015111100');
--- a/SQL/oracle/2016081200.sql
+++ b/SQL/oracle/2016081200.sql
@ -1 +0,0 @@
-ALTER TABLE "session" DROP COLUMN "created";
--- a/SQL/oracle/2016100900.sql
+++ b/SQL/oracle/2016100900.sql
@ -1 +0,0 @@
-ALTER TABLE "session" MODIFY "ip" varchar(41) NOT NULL;
--- a/SQL/oracle/2016112200.sql
+++ b/SQL/oracle/2016112200.sql
@ -1,23 +0,0 @@
-DROP TABLE "cache";
-DROP TABLE "cache_shared";
-
-CREATE TABLE "cache" (
-    "user_id" integer NOT NULL
-        REFERENCES "users" ("user_id") ON DELETE CASCADE,
-    "cache_key" varchar(128) NOT NULL,
-    "expires" timestamp with time zone DEFAULT NULL,
-    "data" long NOT NULL,
-    PRIMARY KEY ("user_id", "cache_key")
-);
-
-CREATE INDEX "cache_expires_idx" ON "cache" ("expires");
-
-
-CREATE TABLE "cache_shared" (
-    "cache_key" varchar(255) NOT NULL,
-    "expires" timestamp with time zone DEFAULT NULL,
-    "data" long NOT NULL,
-    PRIMARY KEY ("cache_key")
-);
-
-CREATE INDEX "cache_shared_expires_idx" ON "cache_shared" ("expires");
--- a/SQL/oracle/2018021600.sql
+++ b/SQL/oracle/2018021600.sql
@ -1,19 +0,0 @@
-CREATE TABLE "filestore" (
-    "file_id" integer PRIMARY KEY,
-    "user_id" integer NOT NULL
-        REFERENCES "users" ("user_id") ON DELETE CASCADE ON UPDATE CASCADE,
-    "filename" varchar(128) NOT NULL,
-    "mtime" integer NOT NULL,
-    "data" long,
-    CONSTRAINT "filestore_user_id_key" UNIQUE ("user_id", "filename")
-);
-
-CREATE SEQUENCE "filestore_seq"
-    START WITH 1 INCREMENT BY 1 NOMAXVALUE;
-
-CREATE TRIGGER "filestore_seq_trig"
-BEFORE INSERT ON "filestore" FOR EACH ROW
-BEGIN
-    :NEW."user_id" := "filestore_seq".nextval;
-END;
-/
--- a/SQL/oracle/2018122300.sql
+++ b/SQL/oracle/2018122300.sql
@ -1,4 +0,0 @@
-ALTER TABLE "filestore" ADD COLUMN "context" varchar(32) NOT NULL;
-UPDATE "filestore" SET "context" = 'enigma';
-ALTER TABLE "filestore" DROP CONSTRAINT "filestore_user_id_key";
-ALTER TABLE "filestore" ADD CONSTRAINT "filestore_user_id_key" UNIQUE ("user_id", "context", "filename");
--- a/SQL/oracle/2019092900.sql
+++ b/SQL/oracle/2019092900.sql
@ -1 +0,0 @@
-- empty
--- a/SQL/oracle/2020020100.sql
+++ b/SQL/oracle/2020020100.sql
@ -1,2 +0,0 @@
-ALTER TABLE "users" MODIFY "language" varchar(16) NOT NULL;
-ALTER TABLE "dictionary" MODIFY "language" varchar(16);
--- a/SQL/oracle/2020020101.sql
+++ b/SQL/oracle/2020020101.sql
@ -1 +0,0 @@
-- empty
--- a/SQL/postgres.initial.sql
+++ b/SQL/postgres.initial.sql
@ -24,7 +24,7 @@ CREATE TABLE users (
    last_login timestamp with time zone DEFAULT NULL,
    failed_login timestamp with time zone DEFAULT NULL,
    failed_login_counter integer DEFAULT NULL,
-    "language" varchar(16),
+    "language" varchar(5),
    preferences text DEFAULT ''::text NOT NULL,
    CONSTRAINT users_username_key UNIQUE (username, mail_host)
 );
@ -37,6 +37,7 @@ CREATE TABLE users (

 CREATE TABLE "session" (
    sess_id varchar(128) DEFAULT '' PRIMARY KEY,
+    created timestamp with time zone DEFAULT now() NOT NULL,
    changed timestamp with time zone DEFAULT now() NOT NULL,
    ip varchar(41) NOT NULL,
    vars text NOT NULL
@ -167,11 +168,12 @@ CREATE TABLE "cache" (
    user_id integer NOT NULL
        REFERENCES users (user_id) ON DELETE CASCADE ON UPDATE CASCADE,
    cache_key varchar(128) DEFAULT '' NOT NULL,
+    created timestamp with time zone DEFAULT now() NOT NULL,
    expires timestamp with time zone DEFAULT NULL,
-    data text NOT NULL,
-    PRIMARY KEY (user_id, cache_key)
+    data text NOT NULL
 );

+CREATE INDEX cache_user_id_idx ON "cache" (user_id, cache_key);
 CREATE INDEX cache_expires_idx ON "cache" (expires);

 --
@ -180,11 +182,13 @@ CREATE INDEX cache_expires_idx ON "cache" (expires);
 --

 CREATE TABLE "cache_shared" (
-    cache_key varchar(255) NOT NULL PRIMARY KEY,
+    cache_key varchar(255) NOT NULL,
+    created timestamp with time zone DEFAULT now() NOT NULL,
    expires timestamp with time zone DEFAULT NULL,
    data text NOT NULL
 );

+CREATE INDEX cache_shared_cache_key_idx ON "cache_shared" (cache_key);
 CREATE INDEX cache_shared_expires_idx ON "cache_shared" (expires);

 --
@ -246,7 +250,7 @@ CREATE INDEX cache_messages_expires_idx ON cache_messages (expires);
 CREATE TABLE dictionary (
    user_id integer DEFAULT NULL
        REFERENCES users (user_id) ON DELETE CASCADE ON UPDATE CASCADE,
-   "language" varchar(16) NOT NULL,
+   "language" varchar(5) NOT NULL,
    data text NOT NULL,
    CONSTRAINT dictionary_user_id_language_key UNIQUE (user_id, "language")
 );
@ -277,32 +281,6 @@ CREATE TABLE searches (
    CONSTRAINT searches_user_id_key UNIQUE (user_id, "type", name)
 );

--
-- Sequence "filestore_seq"
-- Name: filestore_seq; Type: SEQUENCE; Schema: public; Owner: postgres
--
-
-CREATE SEQUENCE "filestore_seq"
-    INCREMENT BY 1
-    NO MAXVALUE
-    NO MINVALUE
-    CACHE 1;
-
--
-- Table "filestore"
-- Name: filestore; Type: TABLE; Schema: public; Owner: postgres
--
-
-CREATE TABLE "filestore" (
-    file_id integer DEFAULT nextval('filestore_seq'::text) PRIMARY KEY,
-    user_id integer NOT NULL
-        REFERENCES users (user_id) ON DELETE CASCADE ON UPDATE CASCADE,
-    context varchar(32) NOT NULL,
-    filename varchar(128) NOT NULL,
-    mtime integer NOT NULL,
-    data text NOT NULL,
-    CONSTRAINT filestore_user_id_filename UNIQUE (user_id, context, filename)
-);

 --
 -- Table "system"
@ -314,4 +292,4 @@ CREATE TABLE "system" (
    value text
 );

-INSERT INTO "system" (name, value) VALUES ('roundcube-version', '2020020101');
+INSERT INTO system (name, value) VALUES ('roundcube-version', '2015111100');
--- a/SQL/postgres/2016081200.sql
+++ b/SQL/postgres/2016081200.sql
@ -1 +0,0 @@
-ALTER TABLE "session" DROP COLUMN created;
--- a/SQL/postgres/2016100900.sql
+++ b/SQL/postgres/2016100900.sql
@ -1 +0,0 @@
-ALTER TABLE session ALTER COLUMN ip TYPE character varying(41);
--- a/SQL/postgres/2016112200.sql
+++ b/SQL/postgres/2016112200.sql
@ -1,21 +0,0 @@
-DROP TABLE "cache";
-DROP TABLE "cache_shared";
-
-CREATE TABLE "cache" (
-    user_id integer NOT NULL
-        REFERENCES users (user_id) ON DELETE CASCADE ON UPDATE CASCADE,
-    cache_key varchar(128) DEFAULT '' NOT NULL,
-    expires timestamp with time zone DEFAULT NULL,
-    data text NOT NULL,
-    PRIMARY KEY (user_id, cache_key)
-);
-
-CREATE INDEX cache_expires_idx ON "cache" (expires);
-
-CREATE TABLE "cache_shared" (
-    cache_key varchar(255) NOT NULL PRIMARY KEY,
-    expires timestamp with time zone DEFAULT NULL,
-    data text NOT NULL
-);
-
-CREATE INDEX cache_shared_expires_idx ON "cache_shared" (expires);
--- a/SQL/postgres/2018021600.sql
+++ b/SQL/postgres/2018021600.sql
@ -1,15 +0,0 @@
-CREATE SEQUENCE "filestore_seq"
-    INCREMENT BY 1
-    NO MAXVALUE
-    NO MINVALUE
-    CACHE 1;
-
-CREATE TABLE "filestore" (
-    file_id integer DEFAULT nextval('filestore_seq'::text) PRIMARY KEY,
-    user_id integer NOT NULL
-        REFERENCES users (user_id) ON DELETE CASCADE ON UPDATE CASCADE,
-    filename varchar(128) NOT NULL,
-    mtime integer NOT NULL,
-    data text NOT NULL,
-    CONSTRAINT filestore_user_id_filename UNIQUE (user_id, filename)
-);
--- a/SQL/postgres/2018122300.sql
+++ b/SQL/postgres/2018122300.sql
@ -1,4 +0,0 @@
-ALTER TABLE "filestore" ADD COLUMN context varchar(32) NOT NULL;
-UPDATE "filestore" SET context = 'enigma';
-ALTER TABLE "filestore" DROP CONSTRAINT "filestore_user_id_filename";
-ALTER TABLE "filestore" ADD CONSTRAINT "filestore_user_id_context_filename" UNIQUE (user_id, context, filename);
--- a/SQL/postgres/2019092900.sql
+++ b/SQL/postgres/2019092900.sql
@ -1 +0,0 @@
-- empty
--- a/SQL/postgres/2020020100.sql
+++ b/SQL/postgres/2020020100.sql
@ -1,2 +0,0 @@
-ALTER TABLE "dictionary" ALTER COLUMN "language" TYPE varchar(16);
-ALTER TABLE "users" ALTER COLUMN "language" TYPE varchar(16);
--- a/SQL/postgres/2020020101.sql
+++ b/SQL/postgres/2020020101.sql
@ -1 +0,0 @@
-- empty
--- a/SQL/sqlite.initial.sql
+++ b/SQL/sqlite.initial.sql
@ -74,7 +74,7 @@ CREATE TABLE users (
  last_login datetime DEFAULT NULL,
  failed_login datetime DEFAULT NULL,
  failed_login_counter integer DEFAULT NULL,
-  language varchar(16),
+  language varchar(5),
  preferences text NOT NULL default ''
 );

@ -86,6 +86,7 @@ CREATE UNIQUE INDEX ix_users_username ON users(username, mail_host);

 CREATE TABLE session (
  sess_id varchar(128) NOT NULL PRIMARY KEY,
+  created datetime NOT NULL default '0000-00-00 00:00:00',
  changed datetime NOT NULL default '0000-00-00 00:00:00',
  ip varchar(40) NOT NULL default '',
  vars text NOT NULL
@ -99,11 +100,11 @@ CREATE INDEX ix_session_changed ON session (changed);

 CREATE TABLE dictionary (
    user_id integer DEFAULT NULL,
-   language varchar(16) NOT NULL,
+   "language" varchar(5) NOT NULL,
    data text NOT NULL
 );

-CREATE UNIQUE INDEX ix_dictionary_user_language ON dictionary (user_id, language);
+CREATE UNIQUE INDEX ix_dictionary_user_language ON dictionary (user_id, "language");

 --
 -- Table structure for table searches
@ -126,11 +127,12 @@ CREATE UNIQUE INDEX ix_searches_user_type_name ON searches (user_id, type, name)
 CREATE TABLE cache (
  user_id integer NOT NULL default 0,
  cache_key varchar(128) NOT NULL default '',
+  created datetime NOT NULL default '0000-00-00 00:00:00',
  expires datetime DEFAULT NULL,
-  data text NOT NULL,
-  PRIMARY KEY (user_id, cache_key)
+  data text NOT NULL
 );

+CREATE INDEX ix_cache_user_cache_key ON cache(user_id, cache_key);
 CREATE INDEX ix_cache_expires ON cache(expires);

 -- 
@ -139,11 +141,12 @@ CREATE INDEX ix_cache_expires ON cache(expires);

 CREATE TABLE cache_shared (
  cache_key varchar(255) NOT NULL,
+  created datetime NOT NULL default '0000-00-00 00:00:00',
  expires datetime DEFAULT NULL,
-  data text NOT NULL,
-  PRIMARY KEY (cache_key)
+  data text NOT NULL
 );

+CREATE INDEX ix_cache_shared_cache_key ON cache_shared(cache_key);
 CREATE INDEX ix_cache_shared_expires ON cache_shared(expires);

 --
@ -191,21 +194,6 @@ CREATE TABLE cache_messages (

 CREATE INDEX ix_cache_messages_expires ON cache_messages (expires);

--
-- Table structure for table filestore
--
-
-CREATE TABLE filestore (
-    file_id integer NOT NULL PRIMARY KEY,
-    user_id integer NOT NULL,
-    context varchar(32) NOT NULL,
-    filename varchar(128) NOT NULL,
-    mtime integer NOT NULL,
-    data text NOT NULL
-);
-
-CREATE UNIQUE INDEX ix_filestore_user_id ON filestore(user_id, context, filename);
-
 --
 -- Table structure for table system
 --
@ -215,4 +203,4 @@ CREATE TABLE system (
  value text NOT NULL
 );

-INSERT INTO system (name, value) VALUES ('roundcube-version', '2020020101');
+INSERT INTO system (name, value) VALUES ('roundcube-version', '2015111100');
--- a/SQL/sqlite/2016081200.sql
+++ b/SQL/sqlite/2016081200.sql
@ -1,9 +0,0 @@
-DROP TABLE session;
-CREATE TABLE session (
-  sess_id varchar(128) NOT NULL PRIMARY KEY,
-  changed datetime NOT NULL default '0000-00-00 00:00:00',
-  ip varchar(40) NOT NULL default '',
-  vars text NOT NULL
-);
-
-CREATE INDEX ix_session_changed ON session (changed);
--- a/SQL/sqlite/2016112200.sql
+++ b/SQL/sqlite/2016112200.sql
@ -1,21 +0,0 @@
-DROP TABLE cache;
-DROP TABLE cache_shared;
-
-CREATE TABLE cache (
-  user_id integer NOT NULL default 0,
-  cache_key varchar(128) NOT NULL default '',
-  expires datetime DEFAULT NULL,
-  data text NOT NULL,
-  PRIMARY KEY (user_id, cache_key)
-);
-
-CREATE INDEX ix_cache_expires ON cache(expires);
-
-CREATE TABLE cache_shared (
-  cache_key varchar(255) NOT NULL,
-  expires datetime DEFAULT NULL,
-  data text NOT NULL,
-  PRIMARY KEY (cache_key)
-);
-
-CREATE INDEX ix_cache_shared_expires ON cache_shared(expires);
--- a/SQL/sqlite/2018021600.sql
+++ b/SQL/sqlite/2018021600.sql
@ -1,9 +0,0 @@
-CREATE TABLE filestore (
-    file_id integer PRIMARY KEY,
-    user_id integer NOT NULL,
-    filename varchar(128) NOT NULL,
-    mtime integer NOT NULL,
-    data text NOT NULL
-);
-
-CREATE UNIQUE INDEX ix_filestore_user_id ON filestore(user_id, filename);
--- a/SQL/sqlite/2018122300.sql
+++ b/SQL/sqlite/2018122300.sql
@ -1,29 +0,0 @@
-CREATE TABLE tmp_filestore (
-    file_id integer PRIMARY KEY,
-    user_id integer NOT NULL,
-    filename varchar(128) NOT NULL,
-    mtime integer NOT NULL,
-    data text NOT NULL
-);
-
-INSERT INTO tmp_filestore (file_id, user_id, filename, mtime, data)
-    SELECT file_id, user_id, filename, mtime, data FROM filestore;
-
-DROP TABLE filestore;
-
-CREATE TABLE filestore (
-    file_id integer NOT NULL PRIMARY KEY,
-    user_id integer NOT NULL,
-    context varchar(32) NOT NULL,
-    filename varchar(128) NOT NULL,
-    mtime integer NOT NULL,
-    data text NOT NULL
-);
-
-INSERT INTO filestore (file_id, user_id, filename, mtime, data, context)
-    SELECT file_id, user_id, filename, mtime, data, 'enigma' FROM tmp_filestore;
-
-CREATE UNIQUE INDEX ix_filestore_user_id ON filestore(user_id, context, filename);
-
-DROP TABLE tmp_filestore;
-
--- a/SQL/sqlite/2019092900.sql
+++ b/SQL/sqlite/2019092900.sql
@ -1 +0,0 @@
-- empty
--- a/SQL/sqlite/2020020100.sql
+++ b/SQL/sqlite/2020020100.sql
@ -1,57 +0,0 @@
-CREATE TABLE tmp_users (
-  user_id integer NOT NULL PRIMARY KEY,
-  username varchar(128) NOT NULL default '',
-  mail_host varchar(128) NOT NULL default '',
-  created datetime NOT NULL default '0000-00-00 00:00:00',
-  last_login datetime DEFAULT NULL,
-  failed_login datetime DEFAULT NULL,
-  failed_login_counter integer DEFAULT NULL,
-  language varchar(16),
-  preferences text NOT NULL default ''
-);
-
-INSERT INTO tmp_users (user_id, username, mail_host, created, last_login, failed_login, failed_login_counter, language, preferences)
-    SELECT user_id, username, mail_host, created, last_login, failed_login, failed_login_counter, language, preferences FROM users;
-
-DROP TABLE users;
-
-CREATE TABLE users (
-  user_id integer NOT NULL PRIMARY KEY,
-  username varchar(128) NOT NULL default '',
-  mail_host varchar(128) NOT NULL default '',
-  created datetime NOT NULL default '0000-00-00 00:00:00',
-  last_login datetime DEFAULT NULL,
-  failed_login datetime DEFAULT NULL,
-  failed_login_counter integer DEFAULT NULL,
-  language varchar(16),
-  preferences text NOT NULL default ''
-);
-
-INSERT INTO users (user_id, username, mail_host, created, last_login, failed_login, failed_login_counter, language, preferences)
-    SELECT user_id, username, mail_host, created, last_login, failed_login, failed_login_counter, language, preferences FROM tmp_users;
-
-CREATE UNIQUE INDEX ix_users_username ON users(username, mail_host);
-
-DROP TABLE tmp_users;
-
-DROP TABLE users;
-
-CREATE TABLE tmp_dictionary (
-    user_id integer DEFAULT NULL,
-   language varchar(16) NOT NULL,
-    data text NOT NULL
-);
-
-INSERT INTO tmp_dictionary (user_id, language, data) SELECT user_id, language, data FROM dictionary;
-
-CREATE TABLE dictionary (
-    user_id integer DEFAULT NULL,
-   language varchar(16) NOT NULL,
-    data text NOT NULL
-);
-
-INSERT INTO dictionary (user_id, language, data) SELECT user_id, language, data FROM tmp_dictionary;
-
-CREATE UNIQUE INDEX ix_dictionary_user_language ON dictionary (user_id, language);
-
-DROP TABLE tmp_dictionary;
--- a/SQL/sqlite/2020020101.sql
+++ b/SQL/sqlite/2020020101.sql
@ -1 +0,0 @@
-- empty
--- a/32
+++ b/32
@ -14,23 +14,18 @@ and cd into that directory. From there, run the following command in a shell:

  ./bin/installto.sh <TARGET-FOLDER>

-For <TARGET-FOLDER> you specify the path to the Roundcube installation
-which should be updated. The update script will then copy all new files to the
+For <TARGET-FOLDER> you specify the path to the Roundcube installation 
+which should be updated. The update script will then copy all new files to the 
 target location and check and update the configuration and database schema.
-After all is done, the temporary folder with the new Roundcube files can be
+After all is done, the temporary folder with the new Roundcube files can be 
 removed again.

-WARNING: Make sure files have proper owner/group for your setup. If you use
-         tar to extract the package, `--no-same-owner` option might be helpful.
 WARNING: See Post-Upgrade Activities section below.
-WARNING: If you use MySQL < 5.7.7 or MariaDB < 10.2.2 make sure to configure it with:
-            innodb_large_prefix=true
-            innodb_file_format=Barracuda


 Updating manually
 -----------------
-If you don't have shell access to the Roundcube installation or if not running
+If you don't have shell access to the Roundcube installation or if not running 
 it on a unix system, you need to do the following operations by hand:

 1. Replace index.php and all files in
@ -46,24 +41,15 @@ it on a unix system, you need to do the following operations by hand:
   ./skins/
   ./plugins/
   ./vendor/
-4. Update dependencies:
 4a. If you previously installed plugins through composer, update dependencies
-   by running `php composer.phar update --no-dev`.
+   by running `php composer.phar update --no-dev`
 4b. Install/update dependencies using composer:
   - get composer from https://getcomposer.org/download/
   - rename the composer.json-dist file into composer.json
   - if you want to use LDAP address books, enable the LDAP libraries in your
     composer.json file by moving the items from "suggest" to the "require"
     section (remove the explanation texts after the version!).
-   - run `php composer.phar install --no-dev`.
-4c. If you use git sources or the release package without dependencies
-   update javascript dependencies by executing `bin/install-jsdeps.sh` script.
-4d. If you use git sources compile css files for the Elastic skin (required
-   lessc >= 1.5.0):
-   $ cd skins/elastic
-   $ lessc -x styles/styles.less > styles/styles.css
-   $ lessc -x styles/print.less > styles/print.css
-   $ lessc -x styles/embed.less > styles/embed.css
+   - run `php composer.phar install --no-dev`
 5. Run `./bin/update.sh` from the commandline OR
   open http://url-to-roundcube/installer/ in a browser and choose "3 Test config".
   To enable the latter one, you have to temporary set 'enable_installer'
@ -77,14 +63,12 @@ it on a unix system, you need to do the following operations by hand:

 Post-Upgrade Activities
 -----------------------
-1. Check system requirements in INSTALL file.
+1. Check .htaccess settings (some php settings could become required)
 2. If you're using build-in addressbook, run indexing script /bin/indexcontacts.sh.
 3. When upgrading from version older than 0.6-beta you should make sure
   your folder settings contain namespace prefix. For example Courier users
   should add INBOX. prefix to folder names in main configuration file.
-4. When upgrading from version older than 1.4.0 make sure old files
-   in configured temp_dir are removed. Since this version we use constant filename
-   prefix and do not remove files not starting with "RCMTEMP".
+4. Check system requirements in INSTALL file.

 SQLite database upgrade
 -----------------------
--- a/bin/cleandb.sh
+++ b/bin/cleandb.sh
@ -2,9 +2,10 @@
 <?php
 /*
 +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
+ | bin/cleandb.sh                                                        |
 |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2010-2015, The Roundcube Dev Team                       |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
@ -12,6 +13,7 @@
 |                                                                       |
 | PURPOSE:                                                              |
 |   Finally remove all db records marked as deleted some time ago       |
+ |                                                                       |
 +-----------------------------------------------------------------------+
 | Author: Thomas Bruederli <roundcube@gmail.com>                        |
 +-----------------------------------------------------------------------+
@ -27,3 +29,5 @@ else
    $days = 7;

 rcmail_utils::db_clean($days);
+
+?>
--- a/bin/cssshrink.sh
+++ b/bin/cssshrink.sh
@ -5,42 +5,42 @@ VERSION='2.4.8'
 COMPILER_URL="https://github.com/yui/yuicompressor/releases/download/v${VERSION}/yuicompressor-${VERSION}.zip"

 do_shrink() {
-    rm -f "$2"
-    java -jar $JAR_DIR/yuicompressor.jar -v -o "$2" "$1"
+	rm -f "$2"
+	java -jar $JAR_DIR/yuicompressor.jar -v -o "$2" "$1"
 }

 if [ ! -w "$JAR_DIR" ]; then
-    JAR_DIR=$PWD
+	JAR_DIR=$PWD
 fi

 if java -version >/dev/null 2>&1; then
-    :
+	:
 else
-    echo "Java not found. Please ensure that the 'java' program is in your PATH."
-    exit 1
+	echo "Java not found. Please ensure that the 'java' program is in your PATH."
+	exit 1
 fi

 if [ ! -r "$JAR_DIR/yuicompressor.jar" ]; then
-    if which wget >/dev/null 2>&1 && which unzip >/dev/null 2>&1; then
-        wget "$COMPILER_URL" -O "/tmp/$$.zip"
-    elif which curl >/dev/null 2>&1 && which unzip >/dev/null 2>&1; then
-        curl -L "$COMPILER_URL" -o "/tmp/$$.zip"
-    else
-        echo "Please download $COMPILER_URL and extract compiler.jar to $JAR_DIR/."
-        exit 1
-    fi
-    (cd $JAR_DIR && unzip "/tmp/$$.zip" && mv "yuicompressor-${VERSION}.jar" "yuicompressor.jar")
-    rm -f "/tmp/$$.zip"
+	if which wget >/dev/null 2>&1 && which unzip >/dev/null 2>&1; then
+		wget "$COMPILER_URL" -O "/tmp/$$.zip"
+	elif which curl >/dev/null 2>&1 && which unzip >/dev/null 2>&1; then
+		curl "$COMPILER_URL" -o "/tmp/$$.zip"
+	else
+		echo "Please download $COMPILER_URL and extract compiler.jar to $JAR_DIR/."
+		exit 1
+	fi
+	(cd $JAR_DIR && unzip "/tmp/$$.zip" && mv "yuicompressor-${VERSION}.jar" "yuicompressor.jar")
+	rm -f "/tmp/$$.zip"
 fi

 # compress single file from argument
 if [ $# -gt 0 ]; then
-    CSS_FILE="$1"
+	CSS_FILE="$1"

-    echo "Shrinking $CSS_FILE"
+	echo "Shrinking $CSS_FILE"
    minfile=`echo $CSS_FILE | sed -e 's/\.css$/\.min\.css/'`
-    do_shrink "$CSS_FILE" "$minfile"
-    exit
+	do_shrink "$CSS_FILE" "$minfile"
+	exit
 fi

 DIRS="$PWD/../skins/* $PWD/../plugins/* $PWD/../plugins/*/skins/*"
--- a/bin/decrypt.sh
+++ b/bin/decrypt.sh
@ -2,9 +2,10 @@
 <?php
 /*
 +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
+ | bin/decrypt.sh                                                        |
 |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2005-2009, The Roundcube Dev Team                       |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
@ -12,6 +13,7 @@
 |                                                                       |
 | PURPOSE:                                                              |
 |   Decrypt the encrypted parts of the HTTP Received: headers           |
+ |                                                                       |
 +-----------------------------------------------------------------------+
 | Author: Tomas Tevesz <ice@extreme.hu>                                 |
 +-----------------------------------------------------------------------+
@ -55,11 +57,11 @@ define('INSTALL_PATH', realpath(__DIR__ .'/..') . '/');
 require INSTALL_PATH . 'program/include/clisetup.php';

 if ($argc < 2) {
-    die("Usage: " . basename($argv[0]) . " encrypted-hdr-part [encrypted-hdr-part ...]\n");
+	die("Usage: " . basename($argv[0]) . " encrypted-hdr-part [encrypted-hdr-part ...]\n");
 }

 $RCMAIL = rcube::get_instance();

 for ($i = 1; $i < $argc; $i++) {
-    printf("%s\n", $RCMAIL->decrypt($argv[$i]));
+	printf("%s\n", $RCMAIL->decrypt($argv[$i]));
 };
--- a/bin/deluser.sh
+++ b/bin/deluser.sh
@ -3,9 +3,10 @@

 /*
 +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
+ | bin/deluser.sh                                                        |
 |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2014, The Roundcube Dev Team                            |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
@ -25,15 +26,13 @@ require_once INSTALL_PATH . 'program/include/clisetup.php';

 function print_usage()
 {
-    print "Usage: deluser.sh [--host=HOST][--age=DAYS][--dry-run] [username]\n";
+    print "Usage: deluser.sh [--host=mail_host] username\n";
    print "--host=HOST  The IMAP hostname or IP the given user is related to\n";
-    print "--age=DAYS   Delete all users who have not logged in for more than X days\n";
-    print "--dry-run    List users but do not delete them (for use with --age)\n";
 }

 function _die($msg, $usage=false)
 {
-    fwrite(STDERR, $msg . "\n");
+    fputs(STDERR, $msg . "\n");
    if ($usage) print_usage();
    exit(1);
 }
@ -41,28 +40,9 @@ function _die($msg, $usage=false)
 $rcmail = rcube::get_instance();

 // get arguments
-$args = rcube_utils::get_opt(array('h' => 'host', 'a' => 'age', 'd' => 'dry-run:bool'));
-
-if (!empty($args['age']) && ($age = intval($args['age']))) {
-    $db = $rcmail->get_dbh();
-    $db->db_connect('r');
-
-    $query = $db->query("SELECT `username`, `mail_host` FROM " . $db->table_name('users', true)
-        . " WHERE `last_login` < " . $db->now($age * -1 * 86400)
-        . ($args['host'] ? " AND `mail_host` = " . $db->quote($args['host']) : '')
-    );
-
-    while ($user = $db->fetch_assoc($query)) {
-        if (!empty($args['dry-run'])) {
-            printf("%s (%s)\n", $user['username'], $user['mail_host']);
-            continue;
-        }
-        system(sprintf("php %s/deluser.sh --host=%s %s", INSTALL_PATH . 'bin', $user['mail_host'], $user['username']));
-    }
-    exit(1);
-}
-
+$args     = rcube_utils::get_opt(array('h' => 'host'));
 $username = trim($args[0]);
+
 if (empty($username)) {
    _die("Missing required parameters", true);
 }
@ -95,7 +75,7 @@ if (!$db->is_connected() || $db->is_error()) {
    _die("No DB connection\n" . $db->is_error());
 }

-// find user in local database
+// find user in loca database
 $user = rcube_user::query($username, $args['host']);

 if (!$user) {
@ -142,3 +122,4 @@ else {
        echo "Successfully deleted user $user->ID\n";
    }
 }
+
--- a/bin/dumpschema.sh
+++ b/bin/dumpschema.sh
@ -0,0 +1,97 @@
+#!/usr/bin/env php
+<?php
+/*
+ +-----------------------------------------------------------------------+
+ | bin/dumpschema.sh                                                     |
+ |                                                                       |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2005-2009, The Roundcube Dev Team                       |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
+ |                                                                       |
+ | PURPOSE:                                                              |
+ |   Dumps database schema in XML format using MDB2_Schema               |
+ |                                                                       |
+ +-----------------------------------------------------------------------+
+ | Author: Thomas Bruederli <roundcube@gmail.com>                        |
+ +-----------------------------------------------------------------------+
+*/
+
+define('INSTALL_PATH', realpath(__DIR__ . '/..') . '/' );
+
+require INSTALL_PATH.'program/include/clisetup.php';
+
+/** callback function for schema dump **/
+function print_schema($dump)
+{
+	foreach ((array)$dump as $part)
+		echo $dump . "\n";
+}
+
+$config = new rcube_config();
+
+// don't allow public access if not in devel_mode
+if (!$config->get('devel_mode') && $_SERVER['REMOTE_ADDR']) {
+	header("HTTP/1.0 401 Access denied");
+	die("Access denied!");
+}
+
+$options = array(
+	'use_transactions' => false,
+	'log_line_break' => "\n",
+	'idxname_format' => '%s',
+	'debug' => false,
+	'quote_identifier' => true,
+	'force_defaults' => false,
+	'portability' => false,
+);
+
+$dsnw = $config->get('db_dsnw');
+$dsn_array = MDB2::parseDSN($dsnw);
+
+// set options for postgres databases
+if ($dsn_array['phptype'] == 'pgsql') {
+	$options['disable_smart_seqname'] = true;
+	$options['seqname_format'] = '%s';
+}
+
+$schema =& MDB2_Schema::factory($dsnw, $options);
+$schema->db->supported['transactions'] = false;
+
+
+// send as text/xml when opened in browser
+if ($_SERVER['REMOTE_ADDR'])
+	header('Content-Type: text/xml');
+
+
+if (PEAR::isError($schema)) {
+	$error = $schema->getMessage() . ' ' . $schema->getUserInfo();
+}
+else {
+	$dump_config = array(
+		// 'output_mode' => 'file',
+		'output' => 'print_schema',
+	);
+	
+	$definition = $schema->getDefinitionFromDatabase();
+	$definition['charset'] = 'utf8';
+
+	if (PEAR::isError($definition)) {
+		$error = $definition->getMessage() . ' ' . $definition->getUserInfo();
+	}
+	else {
+		$operation = $schema->dumpDatabase($definition, $dump_config, MDB2_SCHEMA_DUMP_STRUCTURE);
+		if (PEAR::isError($operation)) {
+			$error = $operation->getMessage() . ' ' . $operation->getUserInfo();
+		}
+	}
+}
+
+$schema->disconnect();
+
+if ($error && !$_SERVER['REMOTE_ADDR'])
+	fputs(STDERR, $error);
+
+?>
--- a/bin/exportgettext.sh
+++ b/bin/exportgettext.sh
@ -0,0 +1,233 @@
+#!/usr/bin/env php
+<?php
+/*
+ +-----------------------------------------------------------------------+
+ | bin/exportgettext.sh                                                  |
+ |                                                                       |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2011, The Roundcube Dev Team                            |
+ | Licensed under the GNU General Public License                         |
+ |                                                                       |
+ | PURPOSE:                                                              |
+ |   Export PHP-based localization files to PO files for gettext         |
+ +-----------------------------------------------------------------------+
+ | Author: Thomas Bruederli <roundcube@gmail.com>                        |
+ +-----------------------------------------------------------------------+
+*/
+
+define('INSTALL_PATH', realpath(__DIR__ . '/..') . '/' );
+require INSTALL_PATH.'program/include/clisetup.php';
+
+if ($argc < 2) {
+	die("Usage: " . basename($argv[0]) . " SRCDIR DESTDIR\n");
+}
+
+$srcdir = unslashify(realpath($argv[1]));
+$destdir = unslashify($argv[2]);
+$layout = 'launchpad';  # or 'narro';
+$langcode_map = array(
+	'hy_AM' => 'hy',
+	'ar_SA' => 'ar',
+	'az_AZ' => 'az',
+	'bg_BG' => 'bg',
+	'bs_BA' => 'bs',
+	'ca_ES' => 'ca',
+	'cs_CZ' => 'cs',
+	'cy_GB' => 'cy',
+	'da_DK' => 'da',
+	'et_EE' => 'et',
+	'el_GR' => 'el',
+	'eu_ES' => 'eu',
+	'fa_IR' => 'fa',
+	'ga_IE' => 'ga',
+	'ka_GE' => 'ka',
+	'gl_ES' => 'gl',
+	'he_IL' => 'he',
+	'hi_IN' => 'hi',
+	'hr_HR' => 'hr',
+	'ja_JP' => 'ja',
+	'ko_KR' => 'ko',
+	'km_KH' => 'km',
+	'ms_MY' => 'ms',
+	'mr_IN' => 'mr',
+	'ml_IN' => 'ml',
+	'pl_PL' => 'pl',
+	'si_LK' => 'si',
+	'sl_SI' => 'sl',
+	'sq_AL' => 'sq',
+	'sr_CS' => 'sr',
+	'sv_SE' => 'sv',
+	'uk_UA' => 'uk',
+	'vi_VN' => 'vi',
+);
+
+
+// converting roundcube localization dir
+if (is_dir($srcdir.'/en_US')) {
+	load_en_US($srcdir.'/en_US');
+	
+	foreach (glob($srcdir.'/*') as $locdir) {
+		if (is_dir($locdir)) {
+			$lang = basename($locdir);
+			//echo "$locdir => $destdir$lang\n";
+			convert_dir($locdir, $destdir . ($layout != 'launchpad' ? $lang : ''));
+		}
+	}
+}
+// converting single localization directory
+else if (is_dir($srcdir)) {
+	if (is_file($srcdir.'/en_US.inc'))  // plugin localization
+		load_en_US($srcdir.'/en_US.inc');
+	else
+		load_en_US(realpath($srcdir.'/../en_US'));  // single language
+	convert_dir($srcdir, $destdir);
+}
+// converting a single file
+else if (is_file($srcdir)) {
+	//load_en_US();
+	convert_file($srcdir, $destdir);
+}
+
+
+/**
+ * Load en_US localization which is used to build msgids
+ */
+function load_en_US($fn)
+{
+	$texts = array();
+	
+	if (is_dir($fn)) {
+		foreach (glob($fn.'/*.inc') as $ifn) {
+			include($ifn);
+			$texts = array_merge($texts, (array)$labels, (array)$messages);
+		}
+	}
+	else if (is_file($fn)) {
+		include($fn);
+		$texts = array_merge($texts, (array)$labels, (array)$messages);
+	}
+	
+	$GLOBALS['en_US'] = $texts;
+}
+
+/**
+ * Convert all .inc files in the given src directory
+ */
+function convert_dir($indir, $outdir)
+{
+	global $layout;
+	
+	if (!is_dir($outdir))  // attempt to create destination dir
+		mkdir($outdir, 0777, true);
+
+	foreach (glob($indir.'/*.inc') as $fn) {
+		$filename = basename($fn);
+
+		// create subdir for each template (launchpad rules)
+		if ($layout == 'launchpad' && preg_match('/^(labels|messages)/', $filename, $m)) {
+			$lang = end(explode('/', $indir));
+			$destdir = $outdir . '/' . $m[1];
+			if (!is_dir($destdir))
+				mkdir($destdir, 0777, true);
+			$outfn = $destdir . '/' . $lang . '.po';
+		}
+		else {
+			$outfn = $outdir . '/' . preg_replace('/\.[a-z0-9]+$/i', '', basename($fn)) . '.po';
+		}
+
+		convert_file($fn, $outfn);
+	}
+}
+
+/**
+ * Convert the given Roundcube localization file into a gettext .po file
+ */
+function convert_file($fn, $outfn)
+{
+	global $layout, $langcode_map;
+
+	$basename =  basename($fn);
+	$srcname = str_replace(INSTALL_PATH, '', $fn);
+	$product = preg_match('!plugins/(\w+)!', $srcname, $m) ? 'roundcube-plugin-' . $m[1] : 'roundcubemail';
+	$lang = preg_match('!/([a-z]{2}(_[A-Z]{2})?)[./]!', $outfn, $m) ? $m[1] : '';
+	$labels = $messages = $seen = array();
+
+	if (is_dir($outfn))
+		$outfn .= '/' . $basename . '.po';
+
+	// launchpad requires the template file to have the same name as the directory
+	if (strstr($outfn, '/en_US') && $layout == 'launchpad') {
+		$a = explode('/', $outfn);
+		array_pop($a);
+		$templ = end($a);
+		$a[] = $templ . '.pot';
+		$outfn = join('/', $a);
+		$is_pot = true;
+	}
+	// launchpad is very picky about file names
+	else if ($layout == 'launchpad' && preg_match($regex = '!/([a-z]{2})_([A-Z]{2})!', $outfn, $m)) {
+		if ($shortlang = $langcode_map[$lang])
+			$outfn = preg_replace($regex, '/'.$shortlang, $outfn);
+		else if ($m[1] == strtolower($m[2]))
+			$outfn = preg_replace($regex, '/\1', $outfn);
+	}
+
+	include($fn);
+	$texts = array_merge($labels, $messages);
+	
+	// write header
+	$header = <<<EOF
+# Converted from Roundcube PHP localization files
+# Copyright (C) 2011 The Roundcube Dev Team
+# This file is distributed under the same license as the Roundcube package.
+#
+#: %s
+msgid ""
+msgstr ""
+"Project-Id-Version: %s\\n"
+"Report-Msgid-Bugs-To: \\n"
+"%s: %s\\n"
+"Last-Translator: \\n"
+"Language-Team: Translations <hello@roundcube.net>\\n"
+"Language: %s\\n"
+"Content-Type: text/plain; charset=UTF-8\\n"
+"Content-Transfer-Encoding: 8bit\\n"
+EOF;
+	
+	$out = sprintf($header, $srcname, $product, $is_pot ? "POT-Creation-Date" : "PO-Revision-Date", date('c'), $shortlang ? $shortlang : $lang);
+	$out .= "\n";
+	
+	$messages = array();
+	foreach ((array)$texts as $label => $msgstr) {
+		$msgid = $is_pot ? $msgstr : ($GLOBALS['en_US'][$label] ?: $label);
+		$messages[$msgid][] = $label;
+	}
+
+	foreach ($messages as $msgid => $labels) {
+		$out .= "\n";
+		foreach ($labels as $label)
+			$out .= "#: $srcname:$label\n";
+		$msgstr = $texts[$label];
+		$out .= 'msgid ' . gettext_quote($msgid) . "\n";
+		$out .= 'msgstr ' . gettext_quote(!$is_pot ? $msgstr : '') . "\n";
+	}
+
+	if ($outfn == '-')
+		echo $out;
+	else {
+		echo "$fn\t=>\t$outfn\n";
+		file_put_contents($outfn, $out);
+	}
+}
+
+function gettext_quote($str)
+{
+	$out = "";
+	$lines = explode("\n", wordwrap(stripslashes($str)));
+	$last = count($lines) - 1;
+	foreach ($lines as $i => $line)
+		$out .= '"' . addcslashes($line, '"') . ($i < $last ? ' ' : '') . "\"\n";
+	return rtrim($out);
+}
+
+?>
--- a/bin/gc.sh
+++ b/bin/gc.sh
@ -2,9 +2,10 @@
 <?php
 /*
 +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
+ | bin/gc.sh                                                             |
 |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2013, The Roundcube Dev Team                            |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
@ -12,6 +13,7 @@
 |                                                                       |
 | PURPOSE:                                                              |
 |   Trigger garbage collecting routines manually (e.g. via cronjob)     |
+ |                                                                       |
 +-----------------------------------------------------------------------+
 | Author: Thomas Bruederli <roundcube@gmail.com>                        |
 +-----------------------------------------------------------------------+
--- a/bin/importgettext.sh
+++ b/bin/importgettext.sh
@ -0,0 +1,196 @@
+#!/usr/bin/env php
+<?php
+/*
+ +-----------------------------------------------------------------------+
+ | bin/importgettext.sh                                                  |
+ |                                                                       |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2011, The Roundcube Dev Team                            |
+ | Licensed under the GNU General Public License                         |
+ |                                                                       |
+ | PURPOSE:                                                              |
+ |   Import localizations from gettext PO format                         |
+ +-----------------------------------------------------------------------+
+ | Author: Thomas Bruederli <roundcube@gmail.com>                        |
+ +-----------------------------------------------------------------------+
+*/
+
+define('INSTALL_PATH', realpath(__DIR__ . '/..') . '/' );
+require INSTALL_PATH.'program/include/clisetup.php';
+
+if ($argc < 2) {
+	die("Usage: " . basename($argv[0]) . " SRCDIR\n");
+}
+
+$srcdir = unslashify(realpath($argv[1]));
+
+if (is_dir($srcdir)) {
+	$out = import_dir($srcdir);
+}
+else if (is_file($srcdir)) {
+	$out = import_file($srcdir);
+}
+
+// write output files
+foreach ($out as $outfn => $texts) {
+	$lang = preg_match('!/([a-z]{2}(_[A-Z]{2})?)[./]!', $outfn, $m) ? $m[1] : '';
+	$varname = strpos($outfn, 'messages.inc') !== false ? 'messages' : 'labels';
+
+	$header = <<<EOF
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | localization/%s/%-51s|
+ |                                                                       |
+ | Language file of the Roundcube Webmail client                         |
+ | Copyright (C) %s, The Roundcube Dev Team                            |
+ | Licensed under the GNU General Public License                         |
+ |                                                                       |
+ +-----------------------------------------------------------------------+
+ | Author: %-62s|
+ +-----------------------------------------------------------------------+
+*/
+
+$%s = array();
+
+EOF;
+
+	$author = preg_replace('/\s*<Unknown>/i', '', $texts['_translator']);
+	$output = sprintf($header, $lang, $varname.'.inc', date('Y'), $author, $varname);
+
+	foreach ($texts as $label => $value) {
+		if (is_array($value)) { var_dump($outfn, $label, $value); exit; }
+		if ($label[0] != '_' && strlen($value))
+			$output .= sprintf("\$%s['%s'] = '%s';\n", $varname, $label, strtr(addcslashes($value, "'"), array("\r" => '', "\n" => '\n')));
+	}
+
+	$output .= "\n";
+	$dir = dirname($outfn);
+	@mkdir($dir, 0755, true);
+	if (file_put_contents($outfn, $output))
+		echo "-> $outfn\n";
+}
+
+
+/**
+ * Convert all .po files in the given src directory
+ */
+function import_dir($indir)
+{
+	$out = array();
+	foreach (glob($indir.'/*.po') as $fn) {
+		$out = array_merge_recursive($out, import_file($fn));
+	}
+	return $out;
+}
+
+/**
+ * Convert the given .po file into a Roundcube localization array
+ */
+function import_file($fn)
+{
+	$out = array();
+	$lines = file($fn);
+	$language = '';
+	$translator = '';
+
+	// get language code from file name
+	if (preg_match('/-([a-z_]+).po$/i', $fn, $m))
+	  $language = expand_langcode($m[1]);
+
+	$is_header = true;
+	$msgid = null;
+	$msgstr = '';
+	$dests = array();
+	foreach ($lines as $i => $line) {
+		$line = trim($line);
+
+		// parse header
+		if ($is_header && $line[0] == '"') {
+			list($key, $val) = explode(": ", preg_replace('/\\\n$/', '', trim($line, '"')), 2);
+			switch (strtolower($key)) {
+				case 'language':
+					$language = expand_langcode($val);
+					break;
+				case 'last-translator':
+					$translator = $val;
+					break;
+			}
+		}
+
+		// empty line
+		if ($line == '') {
+			if ($msgid && $dests) {
+				foreach ($dests as $dest) {
+					list($file, $label) = explode(':', $dest);
+					$out[$file][$label] = $msgstr;
+					$out[$file]['_translator'] = $translator;
+				}
+			}
+
+			$msgid = null;
+			$msgstr = '';
+			$dests = array();
+		}
+
+		// meta line
+		if ($line[0] == '#') {
+			$value = trim(substr($line, 2));
+			if ($line[1] == ':')
+				$dests[] = str_replace('en_US', $language, $value);
+		}
+		else if (strpos($line, 'msgid') === 0) {
+			$msgid = gettext_decode(substr($line, 6));
+
+			if (!empty($msgid))
+				$is_header = false;
+		}
+		else if (strpos($line, 'msgstr') === 0) {
+			$msgstr = gettext_decode(substr($line, 7));
+		}
+		else if ($msgid && $line[0] == '"') {
+			$msgstr .= gettext_decode($line);
+		}
+		else if ($msgid !== null && $line[0] == '"') {
+			$msgid .= gettext_decode($line);
+		}
+	}
+
+	if ($msgid && $dests) {
+		foreach ($dests as $dest) {
+			list($file, $label) = explode(':', $dest);
+			$out[$file][$label] = $msgstr;
+			$out[$file]['_translator'] = $translator;
+		}
+	}
+
+	return $language ? $out : array();
+}
+
+
+function gettext_decode($str)
+{
+	return stripslashes(trim($str, '"'));
+}
+
+/**
+ * Translate two-chars language codes to our internally used language identifiers
+ */
+function expand_langcode($lang)
+{
+	static $rcube_language_aliases, $rcube_languages;
+
+	if (!$rcube_language_aliases)
+		include(INSTALL_PATH . 'program/localization/index.inc');
+
+	if ($rcube_language_aliases[$lang])
+		return $rcube_language_aliases[$lang];
+	else if (strlen($lang) == 2 && !isset($rcube_languages[$lang]))
+		return strtolower($lang) . '_' . strtoupper($lang);
+	else
+		return $lang;
+}
+
+
+?>
--- a/bin/indexcontacts.sh
+++ b/bin/indexcontacts.sh
@ -2,9 +2,10 @@
 <?php
 /*
 +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
+ | bin/indexcontacts.sh                                                  |
 |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2011, The Roundcube Dev Team                            |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
@ -24,3 +25,5 @@ require_once INSTALL_PATH.'program/include/clisetup.php';
 ini_set('memory_limit', -1);

 rcmail_utils::indexcontacts();
+
+?>
--- a/bin/initdb.sh
+++ b/bin/initdb.sh
@ -2,10 +2,11 @@
 <?php
 /*
 +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
+ | bin/initdb.sh                                                         |
 |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
- | Copyright (C) Kolab Systems AG                                        |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2010-2015, The Roundcube Dev Team                       |
+ | Copyright (C) 2010-2015, Kolab Systems AG                             |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
@ -37,3 +38,5 @@ if (!file_exists($opts['dir'])) {
 }

 rcmail_utils::db_init($opts['dir']);
+
+?>
--- a/bin/install-jsdeps.sh
+++ b/bin/install-jsdeps.sh
@ -1,385 +0,0 @@
-#!/usr/bin/env php
-<?php
-/*
- +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
- |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
- |                                                                       |
- | Licensed under the GNU General Public License version 3 or            |
- | any later version with exceptions for skins & plugins.                |
- | See the README file for a full license statement.                     |
- |                                                                       |
- | PURPOSE:                                                              |
- |   Utility script to fetch and install all 3rd party javascript        |
- |   libraries used in Roundcube from source.                            |
- +-----------------------------------------------------------------------+
- | Author: Thomas Bruederli <thomas@roundcube.net>                       |
- +-----------------------------------------------------------------------+
-*/
-
-define('INSTALL_PATH', realpath(__DIR__ . '/..') . '/' );
-
-require_once INSTALL_PATH . 'program/include/clisetup.php';
-
-if (!function_exists('exec')) {
-    rcube::raise_error("PHP exec() function is required. Check disable_functions in php.ini.", false, true);
-}
-
-$cfgfile = INSTALL_PATH . 'jsdeps.json';
-$SOURCES = json_decode(file_get_contents($cfgfile), true);
-
-if (empty($SOURCES['dependencies'])) {
-    rcube::raise_error("Failed to read dependencies list from $cfgfile", false, true);
-}
-
-$CURL     = trim(`which curl`);
-$WGET     = trim(`which wget`);
-$UNZIP    = trim(`which unzip`);
-
-if (($CACHEDIR = getenv("CACHEDIR")) && is_writeable($CACHEDIR)) {
-    // use $CACHEDIR
-}
-else if (is_writeable(INSTALL_PATH . 'temp/js_cache') || @mkdir(INSTALL_PATH . 'temp/js_cache', 0774, true)) {
-    $CACHEDIR = INSTALL_PATH . 'temp/js_cache';
-}
-else {
-    $CACHEDIR = sys_get_temp_dir();
-}
-
-
-//////////////// License definitions
-
-$LICENSES = array();
-$LICENSES['MIT'] = <<<EOM
- * Licensed under the MIT licenses
- *
- * Permission is hereby granted, free of charge, to any person obtaining
- * a copy of this software and associated documentation files (the
- * "Software"), to deal in the Software without restriction, including
- * without limitation the rights to use, copy, modify, merge, publish,
- * distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to
- * the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
- * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
- * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
- * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-EOM;
-
-$LICENSES['GPLv3'] = <<<EOG
- * The JavaScript code in this page is free software: you can
- * redistribute it and/or modify it under the terms of the GNU
- * General Public License (GNU GPL) as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option)
- * any later version.  The code is distributed WITHOUT ANY WARRANTY;
- * without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE.  See the GNU GPL for more details.
- *
- * As additional permission under GNU GPL version 3 section 7, you
- * may distribute non-source (e.g., minimized or compacted) forms of
- * that code without the copy of the GNU GPL normally required by
- * section 4, provided you include this license notice and a URL
- * through which recipients can access the Corresponding Source.
-
-EOG;
-
-$LICENSES['LGPL'] = <<<EOL
- * The JavaScript code in this page is free software: you can
- * redistribute it and/or modify it under the terms of the GNU
- * Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option)
- * any later version.
-
-EOL;
-
-
-//////////////// Functions
-
-/**
- * Fetch package file from source
- */
-function fetch_from_source($package, $useCache = true, &$filetype = null)
-{
-    global $CURL, $WGET;
-
-    $cache_file = extract_filetype($package, $filetype);
-
-    if (!is_readable($cache_file) || !$useCache) {
-        if (empty($CURL) && empty($WGET)) {
-            rcube::raise_error("Required 'wget' or 'curl' program not found.", false, true);
-        }
-
-        $url = str_replace('$v', $package['version'], $package['url']);
-
-        echo "Fetching $url\n";
-
-        if ($CURL)
-            exec(sprintf('%s -L -s %s -o %s', $CURL, escapeshellarg($url), $cache_file), $out, $retval);
-        else
-            exec(sprintf('%s -q %s -O %s', $WGET, escapeshellarg($url), $cache_file), $out, $retval);
-
-        // Try Github API as a fallback (#6248)
-        if ($retval !== 0 && $package['api_url']) {
-            $url    = str_replace('$v', $package['version'], $package['api_url']);
-            $header = 'Accept:application/vnd.github.v3.raw';
-
-            rcube::raise_error("Fetching failed. Using Github API on $url");
-
-            if ($CURL)
-                exec(sprintf('%s -L -H %s -s %s -o %s', $CURL, escapeshellarg($header), escapeshellarg($url), $cache_file), $out, $retval);
-            else
-                exec(sprintf('%s --header %s -q %s -O %s', $WGET, escapeshellarg($header), escapeshellarg($url), $cache_file), $out, $retval);
-        }
-
-        if ($retval !== 0) {
-            rcube::raise_error("Failed to download source file from $url", false, true);
-        }
-    }
-
-    return $cache_file;
-}
-
-/**
- * Returns package source file location and type
- */
-function extract_filetype($package, &$filetype = null)
-{
-    global $CACHEDIR;
-
-    $filetype   = pathinfo($package['url'], PATHINFO_EXTENSION) ?: 'tmp';
-    $cache_file = $CACHEDIR . '/' . $package['lib'] . '-' . $package['version'] . '.' . $filetype;
-
-    // Make sure it is a zip file
-    if (file_exists($cache_file)) {
-        $magic = file_get_contents($cache_file, false, null, 0, 4);
-        if ($magic === "PK\003\004") {
-            $filetype = 'zip';
-        }
-    }
-
-    return $cache_file;
-}
-
-/**
- * Create a destination javascript file with copyright and license header
- */
-function compose_destfile($package, $srcfile)
-{
-    global $LICENSES;
-
-    $header = sprintf("/**\n * %s - v%s\n *\n", $package['name'], $package['version']);
-
-    if (!empty($package['source'])) {
-        $header .= " * @source " . str_replace('$v', $package['version'], $package['source']) . "\n";
-        $header .= " *\n";
-    }
-
-    if (!empty($package['license']) && isset($LICENSES[$package['license']])) {
-        $header .= " * @licstart  The following is the entire license notice for the\n";
-        $header .= " * JavaScript code in this file.\n";
-        $header .= " *\n";
-        if (!empty($package['copyright'])) {
-            $header .= " * " . $package['copyright'] . "\n";
-            $header .= " *\n";
-        }
-
-        $header .= $LICENSES[$package['license']];
-        $header .= " *\n";
-        $header .= " * @licend  The above is the entire license notice\n";
-        $header .= " * for the JavaScript code in this file.\n";
-    }
-
-    $header .= " */\n";
-
-    if (file_put_contents(INSTALL_PATH . $package['dest'], $header . file_get_contents($srcfile))) {
-        echo "Wrote file " . INSTALL_PATH . $package['dest'] . "\n";
-    }
-    else {
-        rcube::raise_error("Failed to write destination file " . INSTALL_PATH . $package['dest'], false, true);
-    }
-}
-
-/**
- * Extract a Zip archive into the destination specified by the package config
- */
-function extract_zipfile($package, $srcfile)
-{
-    global $UNZIP, $CACHEDIR;
-
-    if (empty($UNZIP)) {
-        rcube::raise_error("Required 'unzip' program not found.", false, true);
-    }
-
-    $destdir = INSTALL_PATH . $package['dest'];
-    if (!is_dir($destdir)) {
-        mkdir($destdir, 0775, true);
-    }
-
-    if (!is_writeable($destdir)) {
-        rcube::raise_error("Cannot write to destination directory: $destdir", false, true);
-    }
-
-    // pick files from zip archive
-    if (!empty($package['pick'])) {
-        foreach ($package['pick'] as $pattern) {
-            echo "Extracting files $pattern into $destdir\n";
-            exec(sprintf('%s -o %s %s -d %s', $UNZIP, escapeshellarg($srcfile), escapeshellarg($pattern), $destdir), $out, $retval);
-            if ($retval !== 0) {
-                rcube::raise_error("Failed to unpack $pattern; " . implode('; ' . $out));
-            }
-        }
-    }
-    // unzip the archive and map source to dest files/directories
-    else if (!empty($package['map'])) {
-        $extract = $CACHEDIR . '/' . $package['lib'] . '-extract';
-        if (!is_dir($extract)) {
-            mkdir($extract, 0774, true);
-        }
-
-        $zip_command = '%s -' . ($package['flat'] ? 'j' : 'o') . ' %s -d %s';
-        exec(sprintf($zip_command, $UNZIP, escapeshellarg($srcfile), $extract), $out, $retval);
-
-        // get the root folder of the extracted package
-        $extract_tree = glob("$extract/*", GLOB_ONLYDIR);
-        $sourcedir    = count($extract_tree) ? $extract_tree[0] : $extract;
-
-        foreach ($package['map'] as $src => $dest) {
-            echo "Installing $sourcedir/$src into $destdir/$dest\n";
-
-            $dest_file = $destdir . '/' . $dest;
-            $src_file = $sourcedir . '/' . $src;
-
-            // make sure the destination's parent directory exists
-            if (strpos($dest, '/') !== false) {
-                $parentdir = dirname($dest_file);
-                if (!is_dir($parentdir)) {
-                    mkdir($parentdir, 0775, true);
-                }
-            }
-
-            // avoid copying source directory as a child into destination
-            if (is_dir($src_file) && is_dir($dest_file)) {
-                exec(sprintf('rm -rf %s', $dest_file));
-            }
-
-            exec(sprintf('mv -f %s %s', $src_file, $dest_file), $out, $retval);
-            if ($retval !== 0) {
-                rcube::raise_error("Failed to move $src into $dest_file; " . implode('; ' . $out));
-            }
-            // Remove sourceMappingURL
-            else if (isset($package['sourcemap']) && $package['sourcemap'] === false) {
-                if ($content = file($dest_file)) {
-                    $index = count($content);
-                    if (preg_match('|sourceMappingURL=|', $content[$index-1])) {
-                        array_pop($content);
-                        file_put_contents($dest_file, implode('', $content));
-                    }
-                }
-            }
-        }
-
-        // remove temp extraction dir
-        exec('rm -rf ' . $extract);
-    }
-    // extract the archive into the destination directory
-    else {
-        echo "Extracting zip archive into $destdir\n";
-        exec(sprintf('%s -o %s -d %s', $UNZIP, escapeshellarg($srcfile), $destdir), $out, $retval);
-        if ($retval !== 0) {
-            rcube::raise_error("Failed to unzip $srcfile; " . implode('; ' . $out));
-        }
-    }
-
-    // remove some files from the destination
-    if (!empty($package['omit'])) {
-        foreach ((array)$package['omit'] as $glob) {
-            exec(sprintf('rm -rf %s/%s', $destdir, escapeshellarg($glob)));
-        }
-    }
-
-    // prepend license header to extracted files
-    if (!empty($package['addlicense'])) {
-        foreach ((array)$package['addlicense'] as $filename) {
-            $pkg = $package;
-            $pkg['dest'] = $package['dest'] . '/' . $filename;
-            compose_destfile($pkg, $destdir . '/' . $filename);
-        }
-    }
-}
-
-/**
- * Delete the package destination file/dir
- */
-function delete_destfile($package)
-{
-    $destdir = INSTALL_PATH . ($package['rm'] ?: $package['dest']);
-
-    if (file_exists($destdir)) {
-        if (PHP_OS === 'Windows') {
-            exec(sprintf("rd /s /q %s", escapeshellarg($destdir)));
-        }
-        else {
-            exec(sprintf("rm -rf %s", escapeshellarg($destdir)));
-        }
-    }
-}
-
-
-//////////////// Execution
-
-$args = rcube_utils::get_opt(array('f' => 'force:bool', 'd' => 'delete:bool', 'g' => 'get:bool', 'e' => 'extract:bool'))
-        + array('force' => false, 'delete' => false, 'get' => false, 'extract' => false);
-$WHAT = $args[0];
-$useCache = !$args['force'] && !$args['get'];
-
-if (!$args['get'] && !$args['extract'] && !$args['delete']) {
-    $args['get'] = $args['extract'] = 1;
-}
-
-foreach ($SOURCES['dependencies'] as $package) {
-    if (!isset($package['name'])) {
-        $package['name'] = $package['lib'];
-    }
-
-    if ($WHAT && $package['lib'] !== $WHAT) {
-        continue;
-    }
-
-    if ($args['delete']) {
-        delete_destfile($package);
-        continue;
-    }
-
-    if ($args['get']) {
-        $srcfile = fetch_from_source($package, $useCache, $filetype);
-    }
-    else {
-        $srcfile = extract_filetype($package, $filetype);
-    }
-
-    if (!empty($package['sha1']) && ($sum = sha1_file($srcfile)) !== $package['sha1']) {
-        rcube::raise_error("Incorrect sha1 sum of $srcfile. Expected: {$package['sha1']}, got: $sum", false, true);
-    }
-
-    if ($args['extract']) {
-        echo "Installing {$package['name']}...\n";
-
-        if ($filetype === 'zip') {
-            extract_zipfile($package, $srcfile);
-        }
-        else {
-            compose_destfile($package, $srcfile);
-        }
-
-        echo "Done.\n";
-    }
-}
--- a/bin/installto.sh
+++ b/bin/installto.sh
@ -2,9 +2,10 @@
 <?php
 /*
 +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
+ | bin/installto.sh                                                      |
 |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2014-2016, The Roundcube Dev Team                       |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
@ -22,127 +23,84 @@ define('INSTALL_PATH', realpath(__DIR__ . '/..') . '/' );

 require_once INSTALL_PATH . 'program/include/clisetup.php';

-if (!function_exists('system')) {
-    rcube::raise_error("PHP system() function is required. Check disable_functions in php.ini.", false, true);
-}
-
-$target_dir = unslashify(end($_SERVER['argv']));
-$accept = in_array('-y', $_SERVER['argv']) ? 'y' : null;
+$target_dir = unslashify($_SERVER['argv'][1]);

 if (empty($target_dir) || !is_dir(realpath($target_dir)))
-    rcube::raise_error("Invalid target: not a directory\nUsage: installto.sh [-y] <TARGET>", false, true);
+  rcube::raise_error("Invalid target: not a directory\nUsage: installto.sh <TARGET>", false, true);

 // read version from iniset.php
 $iniset = @file_get_contents($target_dir . '/program/include/iniset.php');
-if (!preg_match('/define\(.RCMAIL_VERSION.,\s*.([0-9.]+[a-z0-9-]*)/', $iniset, $m))
-    rcube::raise_error("No valid Roundcube installation found at $target_dir", false, true);
+if (!preg_match('/define\(.RCMAIL_VERSION.,\s*.([0-9.]+[a-z-]*)/', $iniset, $m))
+  rcube::raise_error("No valid Roundcube installation found at $target_dir", false, true);

 $oldversion = $m[1];

-if (version_compare(version_parse($oldversion), version_parse(RCMAIL_VERSION), '>'))
-    rcube::raise_error("Target installation already in version $oldversion.", false, true);
+if (version_compare(version_parse($oldversion), version_parse(RCMAIL_VERSION), '>='))
+  rcube::raise_error("Installation at target location is up-to-date!", false, true);

-if (version_compare(version_parse($oldversion), version_parse(RCMAIL_VERSION), '==')) {
-    echo "Target installation already in version $oldversion. Do you want to update again? (y/N)\n";
-}
-else {
-    echo "Upgrading from $oldversion. Do you want to continue? (y/N)\n";
-}
-
-$input = $accept ?: trim(fgets(STDIN));
+echo "Upgrading from $oldversion. Do you want to continue? (y/N)\n";
+$input = trim(fgets(STDIN));

 if (strtolower($input) == 'y') {
-    echo "Copying files to target location...";
-
-    $adds = array();
-    $dirs = array('bin','SQL','plugins','skins','program');
-
-    if (is_dir(INSTALL_PATH . 'vendor') && !is_file("$target_dir/composer.json")) {
-        $dirs[] = 'vendor';
-    }
-    if (file_exists("$target_dir/installer")) {
-        $dirs[] = 'installer';
-    }
-
-    foreach ($dirs as $dir) {
-        // @FIXME: should we use --delete for all directories?
-        $delete  = in_array($dir, array('program', 'vendor', 'installer')) ? '--delete ' : '';
-        $command = "rsync -aC --out-format=%n " . $delete . INSTALL_PATH . "$dir/ $target_dir/$dir/";
-
-        if (system($command, $ret) === false || $ret > 0) {
-            rcube::raise_error("Failed to execute command: $command", false, true);
-        }
+  echo "Copying files to target location...";
+
+  // Save a copy of original .htaccess file (#1490623)
+  if (file_exists("$target_dir/.htaccess")) {
+    $htaccess_copied = copy("$target_dir/.htaccess", "$target_dir/.htaccess.orig");
+  }
+
+  $dirs = array('program','installer','bin','SQL','plugins','skins');
+  if (is_dir(INSTALL_PATH . 'vendor') && !is_file(INSTALL_PATH . 'composer.json')) {
+    $dirs[] = 'vendor';
+  }
+  foreach ($dirs as $dir) {
+    // @FIXME: should we use --delete for all directories?
+    $delete  = in_array($dir, array('program', 'installer')) ? '--delete ' : '';
+    $command = "rsync -aC --out-format \"%n\" " . $delete . INSTALL_PATH . "$dir/* $target_dir/$dir/";
+    if (!system($command, $ret) || $ret > 0) {
+      rcube::raise_error("Failed to execute command: $command", false, true);
    }
-
-    foreach (array('index.php','config/defaults.inc.php','composer.json-dist','jsdeps.json','CHANGELOG','README.md','UPGRADING','LICENSE','INSTALL') as $file) {
-        $command = "rsync -a --out-format=%n " . INSTALL_PATH . "$file $target_dir/$file";
-
-        if (file_exists(INSTALL_PATH . $file) && (system($command, $ret) === false || $ret > 0)) {
-            rcube::raise_error("Failed to execute command: $command", false, true);
-        }
+  }
+  foreach (array('index.php','.htaccess','config/defaults.inc.php','composer.json-dist','CHANGELOG','README.md','UPGRADING','LICENSE','INSTALL') as $file) {
+    $command = "rsync -a --out-format \"%n\" " . INSTALL_PATH . "$file $target_dir/$file";
+    if (file_exists(INSTALL_PATH . $file) && (!system($command, $ret) || $ret > 0)) {
+      rcube::raise_error("Failed to execute command: $command", false, true);
    }
+  }

-    // Copy .htaccess or .user.ini if needed
-    foreach (array('.htaccess','.user.ini') as $file) {
-        if (file_exists(INSTALL_PATH . $file)) {
-            if (!file_exists("$target_dir/$file") || file_get_contents(INSTALL_PATH . $file) != file_get_contents("$target_dir/$file")) {
-                if (copy(INSTALL_PATH . $file, "$target_dir/$file.new")) {
-                    echo "$file.new\n";
-                    $adds[] = "NOTICE: New $file file saved as $file.new.";
-                }
-            }
-        }
-    }
+  // remove old (<1.0) .htaccess file
+  @unlink("$target_dir/program/.htaccess");
+  echo "done.";

-    // remove old (<1.0) .htaccess file
-    @unlink("$target_dir/program/.htaccess");
-    echo "done.\n\n";
-
-    if (is_dir("$target_dir/skins/default")) {
-        echo "Removing old default skin...";
-        system("rm -rf $target_dir/skins/default $target_dir/plugins/jqueryui/themes/default");
-        foreach (glob(INSTALL_PATH . "plugins/*/skins") as $plugin_skin_dir) {
-            $plugin_skin_dir = preg_replace('!^.*' . INSTALL_PATH . '!', '', $plugin_skin_dir);
-            if (is_dir("$target_dir/$plugin_skin_dir/classic")) {
-                system("rm -rf $target_dir/$plugin_skin_dir/default");
-            }
-        }
-        echo "done.\n\n";
-    }
-
-    // Warn about situation when using "complete" package to update "custom" installation (#7087)
-    // Note: "Complete" package do not include jsdeps.json nor install-jsdeps.sh
-    if (file_exists("$target_dir/jsdeps.json") && !file_exists(INSTALL_PATH . "jsdeps.json")) {
-        $adds[] = "WARNING: JavaScript dependencies update skipped.";
-    }
-    // check if js-deps are up-to-date
-    else if (file_exists("$target_dir/jsdeps.json") && file_exists("$target_dir/bin/install-jsdeps.sh")) {
-        $jsdeps    = json_decode(file_get_contents("$target_dir/jsdeps.json"));
-        $package   = $jsdeps->dependencies[0];
-        $dest_file = $target_dir . '/' . $package->dest;
-
-        if (!file_exists($dest_file) || sha1_file($dest_file) !== $package->sha1) {
-            echo "Installing JavaScript dependencies...";
-            system("cd $target_dir && bin/install-jsdeps.sh");
-            echo "done.\n\n";
-        }
+  // Inform the user about .htaccess change
+  if (!empty($htaccess_copied)) {
+    if (file_get_contents("$target_dir/.htaccess") != file_get_contents("$target_dir/.htaccess.orig")) {
+      echo "\n!! Old .htaccess file saved as .htaccess.orig !!";
    }
    else {
-        $adds[] = "NOTICE: JavaScript dependencies installation skipped.";
+      @unlink("$target_dir/.htaccess.orig");
    }
-
-    if (file_exists("$target_dir/installer")) {
-        $adds[] = "NOTICE: The 'installer' directory still exists. You should remove it after the upgrade.";
-    }
-
-    if (!empty($adds)) {
-        echo implode("\n", $adds) . "\n\n";
-    }
-
-    echo "Running update script at target...\n";
-    system("cd $target_dir && php bin/update.sh --version=$oldversion" . ($accept ? ' -y' : ''));
-    echo "All done.\n";
+  }
+
+  echo "\n\n";
+
+  if (is_dir("$target_dir/skins/default")) {
+      echo "Removing old default skin...";
+      system("rm -rf $target_dir/skins/default $target_dir/plugins/jqueryui/themes/default");
+      foreach (glob(INSTALL_PATH . "plugins/*/skins") as $plugin_skin_dir) {
+          $plugin_skin_dir = preg_replace('!^.*' . INSTALL_PATH . '!', '', $plugin_skin_dir);
+          if (is_dir("$target_dir/$plugin_skin_dir/classic"))
+            system("rm -rf $target_dir/$plugin_skin_dir/default");
+      }
+      echo "done.\n\n";
+  }
+
+  echo "Running update script at target...\n";
+  system("cd $target_dir && php bin/update.sh --version=$oldversion");
+  echo "All done.\n";
 }
 else {
-    echo "Update cancelled. See ya!\n";
+  echo "Update cancelled. See ya!\n";
 }
+
+?>
--- a/bin/jsshrink.sh
+++ b/bin/jsshrink.sh
@ -2,61 +2,63 @@
 PWD=`dirname "$0"`
 JS_DIR="$PWD/../program/js"
 JAR_DIR='/tmp'
-LANG_IN='ECMASCRIPT5'
-CLOSURE_COMPILER_URL='http://dl.google.com/closure-compiler/compiler-latest.zip'
+LANG_IN='ECMASCRIPT3'
+# latest version requires Java 7, we'll use an older one
+#CLOSURE_COMPILER_URL='http://dl.google.com/closure-compiler/compiler-latest.zip'
+CLOSURE_COMPILER_URL='http://dl.google.com/closure-compiler/compiler-20131014.zip'

 do_shrink() {
-    rm -f "$2"
-    # copy the first comment block with license information for LibreJS
-    grep -q '@lic' $1 && sed -n '/\/\*/,/\*\// { p; /\*\//q; }' $1 > $2
-    java -jar $JAR_DIR/compiler.jar --compilation_level=SIMPLE_OPTIMIZATIONS --js="$1" --language_in="$3" >> $2
+	rm -f "$2"
+	# copy the first comment block with license information for LibreJS
+	grep -q '@lic' $1 && sed -n '/\/\*/,/\*\// { p; /\*\//q; }' $1 > $2
+	java -jar $JAR_DIR/compiler.jar --compilation_level=SIMPLE_OPTIMIZATIONS --js="$1" --language_in="$3" >> $2
 }

 if [ ! -d "$JS_DIR" ]; then
-    echo "Directory $JS_DIR not found."
-    exit 1
+	echo "Directory $JS_DIR not found."
+	exit 1
 fi

 if [ ! -w "$JAR_DIR" ]; then
-    JAR_DIR=$PWD
+	JAR_DIR=$PWD
 fi

 if java -version >/dev/null 2>&1; then
-    :
+	:
 else
-    echo "Java not found. Please ensure that the 'java' program is in your PATH."
-    exit 1
+	echo "Java not found. Please ensure that the 'java' program is in your PATH."
+	exit 1
 fi

 if [ ! -r "$JAR_DIR/compiler.jar" ]; then
-    if which wget >/dev/null 2>&1 && which unzip >/dev/null 2>&1; then
-        wget "$CLOSURE_COMPILER_URL" -O "/tmp/$$.zip"
-    elif which curl >/dev/null 2>&1 && which unzip >/dev/null 2>&1; then
-        curl "$CLOSURE_COMPILER_URL" -o "/tmp/$$.zip"
-    else
-        echo "Please download $CLOSURE_COMPILER_URL and extract compiler.jar to $JAR_DIR/."
-        exit 1
-    fi
-    unzip -p "/tmp/$$.zip" "*.jar" > "$JAR_DIR/compiler.jar"
-    rm -f "/tmp/$$.zip"
+	if which wget >/dev/null 2>&1 && which unzip >/dev/null 2>&1; then
+		wget "$CLOSURE_COMPILER_URL" -O "/tmp/$$.zip"
+	elif which curl >/dev/null 2>&1 && which unzip >/dev/null 2>&1; then
+		curl "$CLOSURE_COMPILER_URL" -o "/tmp/$$.zip"
+	else
+		echo "Please download $CLOSURE_COMPILER_URL and extract compiler.jar to $JAR_DIR/."
+		exit 1
+	fi
+	(cd $JAR_DIR && unzip "/tmp/$$.zip" "compiler.jar")
+	rm -f "/tmp/$$.zip"
 fi

 # compress single file from argument
 if [ $# -gt 0 ]; then
-    JS_DIR=`dirname "$1"`
-    JS_FILE="$1"
+	JS_DIR=`dirname "$1"`
+	JS_FILE="$1"

-    if [ $# -gt 1 ]; then
-        LANG_IN="$2"
-    fi
+	if [ $# -gt 1 ]; then
+		LANG_IN="$2"
+	fi

-    echo "Shrinking $JS_FILE"
+	echo "Shrinking $JS_FILE"
    minfile=`echo $JS_FILE | sed -e 's/\.js$/\.min\.js/'`
-    do_shrink "$JS_FILE" "$minfile" "$LANG_IN"
-    exit
+	do_shrink "$JS_FILE" "$minfile" "$LANG_IN"
+	exit
 fi

-DIRS="$PWD/../program/js $PWD/../skins/* $PWD/../plugins/* $PWD/../plugins/*/skins/* $PWD/../plugins/managesieve/codemirror/lib"
+DIRS="$PWD/../program/js $PWD/../skins/* $PWD/../plugins/* $PWD/../plugins/*/skins/*"
 # default: compress application scripts
 for dir in $DIRS; do
    for file in $dir/*.js; do
--- a/bin/makedoc.sh
+++ b/bin/makedoc.sh
@ -19,5 +19,6 @@ OUTPUTFORMAT=HTML
 TEMPLATE=responsive-twig

 # make documentation
-$BIN_PHPDOC -d $PATH_PROJECT,$PATH_FRAMEWORK -t $PATH_DOCS --title "$TITLE" \
-    --defaultpackagename $PACKAGES --template=$TEMPLATE
+$BIN_PHPDOC -d $PATH_PROJECT,$PATH_FRAMEWORK -t $PATH_DOCS --title "$TITLE" --defaultpackagename $PACKAGES \
+	--template=$TEMPLATE
+
--- a/bin/moduserprefs.sh
+++ b/bin/moduserprefs.sh
@ -2,9 +2,10 @@
 <?php
 /*
 +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
+ | bin/moduserprefs.sh                                                   |
 |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2012-2015, The Roundcube Dev Team                       |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
@ -63,3 +64,5 @@ if ($args['config']) {
 }

 rcmail_utils::mod_pref($pref_name, $pref_value, $args['user'], $args['type']);
+
+?>
--- a/bin/msgexport.sh
+++ b/bin/msgexport.sh
@ -1,18 +1,5 @@
 #!/usr/bin/env php
 <?php
-/*
- +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
- |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
- |                                                                       |
- | Licensed under the GNU General Public License version 3 or            |
- | any later version with exceptions for skins & plugins.                |
- | See the README file for a full license statement.                     |
- +-----------------------------------------------------------------------+
- | Author: Thomas Bruederli <thomas@roundcube.net>                       |
- +-----------------------------------------------------------------------+
-*/

 define('INSTALL_PATH', realpath(__DIR__ . '/..') . '/' );
 ini_set('memory_limit', -1);
@ -21,84 +8,89 @@ require_once INSTALL_PATH.'program/include/clisetup.php';

 function print_usage()
 {
-    print "Usage:  msgexport -h imap-host -u user-name -m mailbox name\n";
-    print "--host   IMAP host\n";
-    print "--user   IMAP user name\n";
-    print "--mbox   Folder name, set to '*' for all\n";
-    print "--file   Output file\n";
+	print "Usage:  msgexport -h imap-host -u user-name -m mailbox name\n";
+	print "--host   IMAP host\n";
+	print "--user   IMAP user name\n";
+	print "--mbox   Folder name, set to '*' for all\n";
+	print "--file   Output file\n";
 }

 function vputs($str)
 {
-    $out = $GLOBALS['args']['file'] ? STDOUT : STDERR;
-    fwrite($out, $str);
+	$out = $GLOBALS['args']['file'] ? STDOUT : STDERR;
+	fwrite($out, $str);
 }

 function progress_update($pos, $max)
 {
-    $percent = round(100 * $pos / $max);
-    vputs(sprintf("%3d%% [%-51s] %d/%d\033[K\r", $percent, @str_repeat('=', $percent / 2) . '>', $pos, $max));
+	$percent = round(100 * $pos / $max);
+	vputs(sprintf("%3d%% [%-51s] %d/%d\033[K\r", $percent, @str_repeat('=', $percent / 2) . '>', $pos, $max));
 }

 function export_mailbox($mbox, $filename)
 {
-    global $IMAP;
+	global $IMAP;

-    $IMAP->set_folder($mbox);
+	$IMAP->set_folder($mbox);

    $index = $IMAP->index($mbox, null, 'ASC');
    $count = $index->count();
    $index = $index->get();

-    vputs("Getting message list of {$mbox}...");
-    vputs("$count messages\n");
-
-    if ($filename) {
-        if (!($out = fopen($filename, 'w'))) {
-            vputs("Cannot write to output file\n");
-            return;
-        }
-        vputs("Writing to $filename\n");
-    }
-    else {
-        $out = STDOUT;
-    }
-
-    for ($i = 0; $i < $count; $i++) {
-        $headers = $IMAP->get_message_headers($index[$i]);
-        $from = current(rcube_mime::decode_address_list($headers->from, 1, false));
-
-        fwrite($out, sprintf("From %s %s UID %d\n", $from['mailto'], $headers->date, $headers->uid));
-        $IMAP->get_raw_body($headers->uid, $out);
-        fwrite($out, "\n\n\n");
-
-        progress_update($i+1, $count);
-    }
-    vputs("\ncomplete.\n");
-
-    if ($filename) {
-        fclose($out);
-    }
+	vputs("Getting message list of {$mbox}...");
+	vputs("$count messages\n");
+
+	if ($filename)
+	{
+		if (!($out = fopen($filename, 'w')))
+		{
+			vputs("Cannot write to output file\n");
+			return;
+		}
+		vputs("Writing to $filename\n");
+	}
+	else
+		$out = STDOUT;
+
+	for ($i = 0; $i < $count; $i++)
+	{
+		$headers = $IMAP->get_message_headers($index[$i]);
+		$from = current(rcube_mime::decode_address_list($headers->from, 1, false));
+
+		fwrite($out, sprintf("From %s %s UID %d\n", $from['mailto'], $headers->date, $headers->uid));
+		$IMAP->get_raw_body($headers->uid, $out);
+		fwrite($out, "\n\n\n");
+
+		progress_update($i+1, $count);
+	}
+	vputs("\ncomplete.\n");
+
+	if ($filename)
+		fclose($out);
 }

+
 // get arguments
 $opts = array('h' => 'host', 'u' => 'user', 'p' => 'pass', 'm' => 'mbox', 'f' => 'file');
 $args = rcube_utils::get_opt($opts) + array('host' => 'localhost', 'mbox' => 'INBOX');

-if ($_SERVER['argv'][1] == 'help') {
-    print_usage();
-    exit;
+if ($_SERVER['argv'][1] == 'help')
+{
+	print_usage();
+	exit;
 }
-else if (!$args['host']) {
-    vputs("Missing required parameters.\n");
-    print_usage();
-    exit;
+else if (!$args['host'])
+{
+	vputs("Missing required parameters.\n");
+	print_usage();
+	exit;
 }

 // prompt for username if not set
-if (empty($args['user'])) {
-    vputs("IMAP user: ");
-    $args['user'] = trim(fgets(STDIN));
+if (empty($args['user']))
+{
+	vputs("IMAP user: ");
+	$args['user'] = trim(fgets(STDIN));
 }

 // prompt for password
@ -107,39 +99,45 @@ $args['pass'] = rcube_utils::prompt_silent("Password: ");

 // parse $host URL
 $a_host = parse_url($args['host']);
-if ($a_host['host']) {
-    $host      = $a_host['host'];
-    $imap_ssl  = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? TRUE : FALSE;
-    $imap_port = isset($a_host['port']) ? $a_host['port'] : ($imap_ssl ? 993 : 143);
+if ($a_host['host'])
+{
+	$host = $a_host['host'];
+	$imap_ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? TRUE : FALSE;
+	$imap_port = isset($a_host['port']) ? $a_host['port'] : ($imap_ssl ? 993 : 143);
 }
-else {
-    $host = $args['host'];
-    $imap_port = 143;
+else
+{
+	$host = $args['host'];
+	$imap_port = 143;
 }

 // instantiate IMAP class
 $IMAP = new rcube_imap(null);

 // try to connect to IMAP server
-if ($IMAP->connect($host, $args['user'], $args['pass'], $imap_port, $imap_ssl)) {
-    vputs("IMAP login successful.\n");
+if ($IMAP->connect($host, $args['user'], $args['pass'], $imap_port, $imap_ssl))
+{
+	vputs("IMAP login successful.\n");

-    $filename  = null;
-    $mailboxes = $args['mbox'] == '*' ? $IMAP->list_folders(null) : array($args['mbox']);
+	$filename = null;
+	$mailboxes = $args['mbox'] == '*' ? $IMAP->list_folders(null) : array($args['mbox']);

-    foreach ($mailboxes as $mbox) {
-        if ($args['file'])
-            $filename = preg_replace('/\.[a-z0-9]{3,4}$/i', '', $args['file']) . asciiwords($mbox) . '.mbox';
-        else if ($args['mbox'] == '*')
-            $filename = asciiwords($mbox) . '.mbox';
+	foreach ($mailboxes as $mbox)
+	{
+		if ($args['file'])
+			$filename = preg_replace('/\.[a-z0-9]{3,4}$/i', '', $args['file']) . asciiwords($mbox) . '.mbox';
+		else if ($args['mbox'] == '*')
+			$filename = asciiwords($mbox) . '.mbox';

-        if ($args['mbox'] == '*' && in_array(strtolower($mbox), array('junk','spam','trash'))) {
-            continue;
-        }
+		if ($args['mbox'] == '*' && in_array(strtolower($mbox), array('junk','spam','trash')))
+			continue;

-        export_mailbox($mbox, $filename);
-    }
+		export_mailbox($mbox, $filename);
+	}
 }
-else {
-    vputs("IMAP login failed.\n");
+else
+{
+	vputs("IMAP login failed.\n");
 }
+
+?>
--- a/bin/msgimport.sh
+++ b/bin/msgimport.sh
@ -1,18 +1,5 @@
 #!/usr/bin/env php
 <?php
-/*
- +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
- |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
- |                                                                       |
- | Licensed under the GNU General Public License version 3 or            |
- | any later version with exceptions for skins & plugins.                |
- | See the README file for a full license statement.                     |
- +-----------------------------------------------------------------------+
- | Author: Thomas Bruederli <thomas@roundcube.net>                       |
- +-----------------------------------------------------------------------+
-*/

 define('INSTALL_PATH', realpath(__DIR__ . '/..') . '/' );
 ini_set('memory_limit', -1);
@ -21,11 +8,11 @@ require_once INSTALL_PATH.'program/include/clisetup.php';

 function print_usage()
 {
-    print "Usage:  msgimport -h imap-host -u user-name -m mailbox -f message-file\n";
-    print "--host   IMAP host\n";
-    print "--user   IMAP user name\n";
-    print "--mbox   Target mailbox\n";
-    print "--file   Message file to upload\n";
+	print "Usage:  msgimport -h imap-host -u user-name -m mailbox -f message-file\n";
+	print "--host   IMAP host\n";
+	print "--user   IMAP user name\n";
+	print "--mbox   Target mailbox\n";
+	print "--file   Message file to upload\n";
 }


@ -33,80 +20,94 @@ function print_usage()
 $opts = array('h' => 'host', 'u' => 'user', 'p' => 'pass', 'm' => 'mbox', 'f' => 'file');
 $args = rcube_utils::get_opt($opts) + array('host' => 'localhost', 'mbox' => 'INBOX');

-if ($_SERVER['argv'][1] == 'help') {
-    print_usage();
-    exit;
+if ($_SERVER['argv'][1] == 'help')
+{
+	print_usage();
+	exit;
 }
-else if (!($args['host'] && $args['file'])) {
-    print "Missing required parameters.\n";
-    print_usage();
-    exit;
+else if (!($args['host'] && $args['file']))
+{
+	print "Missing required parameters.\n";
+	print_usage();
+	exit;
 }
-else if (!is_file($args['file'])) {
-    rcube::raise_error("Cannot read message file.", false, true);
+else if (!is_file($args['file']))
+{
+	rcube::raise_error("Cannot read message file.", false, true);
 }

 // prompt for username if not set
-if (empty($args['user'])) {
-    //fwrite(STDOUT, "Please enter your name\n");
-    echo "IMAP user: ";
-    $args['user'] = trim(fgets(STDIN));
+if (empty($args['user']))
+{
+	//fwrite(STDOUT, "Please enter your name\n");
+	echo "IMAP user: ";
+	$args['user'] = trim(fgets(STDIN));
 }

 // prompt for password
-if (empty($args['pass'])) {
-    $args['pass'] = rcube_utils::prompt_silent("Password: ");
+if (empty($args['pass']))
+{
+	$args['pass'] = rcube_utils::prompt_silent("Password: ");
 }

 // parse $host URL
 $a_host = parse_url($args['host']);
-if ($a_host['host']) {
-    $host      = $a_host['host'];
-    $imap_ssl  = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? TRUE : FALSE;
-    $imap_port = isset($a_host['port']) ? $a_host['port'] : ($imap_ssl ? 993 : 143);
+if ($a_host['host'])
+{
+	$host = $a_host['host'];
+	$imap_ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? TRUE : FALSE;
+	$imap_port = isset($a_host['port']) ? $a_host['port'] : ($imap_ssl ? 993 : 143);
 }
-else {
-    $host = $args['host'];
-    $imap_port = 143;
+else
+{
+	$host = $args['host'];
+	$imap_port = 143;
 }

 // instantiate IMAP class
 $IMAP = new rcube_imap(null);

 // try to connect to IMAP server
-if ($IMAP->connect($host, $args['user'], $args['pass'], $imap_port, $imap_ssl)) {
-    print "IMAP login successful.\n";
-    print "Uploading messages...\n";
-
-    $count   = 0;
-    $message = $lastline = '';
-
-    $fp = fopen($args['file'], 'r');
-    while (($line = fgets($fp)) !== false) {
-        if (preg_match('/^From\s+-/', $line) && $lastline == '') {
-            if (!empty($message)) {
-                if ($IMAP->save_message($args['mbox'], rtrim($message)))
-                    $count++;
-                else
-                    rcube::raise_error("Failed to save message to {$args['mbox']}", false, true);
-                $message = '';
-            }
-            continue;
-        }
-
-        $message .= $line;
-        $lastline = rtrim($line);
-    }
-
-    if (!empty($message) && $IMAP->save_message($args['mbox'], rtrim($message)))
-        $count++;
-
-    // upload message from file
-    if ($count)
-        print "$count messages successfully added to {$args['mbox']}.\n";
-    else
-        print "Adding messages failed!\n";
+if ($IMAP->connect($host, $args['user'], $args['pass'], $imap_port, $imap_ssl))
+{
+	print "IMAP login successful.\n";
+	print "Uploading messages...\n";
+	
+	$count = 0;
+	$message = $lastline = '';
+	
+	$fp = fopen($args['file'], 'r');
+	while (($line = fgets($fp)) !== false)
+	{
+		if (preg_match('/^From\s+-/', $line) && $lastline == '')
+		{
+			if (!empty($message))
+			{
+				if ($IMAP->save_message($args['mbox'], rtrim($message)))
+					$count++;
+				else
+					rcube::raise_error("Failed to save message to {$args['mbox']}", false, true);
+				$message = '';
+			}
+			continue;
+		}
+
+		$message .= $line;
+		$lastline = rtrim($line);
+	}
+
+	if (!empty($message) && $IMAP->save_message($args['mbox'], rtrim($message)))
+		$count++;
+
+	// upload message from file
+	if ($count)
+		print "$count messages successfully added to {$args['mbox']}.\n";
+	else
+		print "Adding messages failed!\n";
 }
-else {
-    rcube::raise_error("IMAP login failed.", false, true);
+else
+{
+	rcube::raise_error("IMAP login failed.", false, true);
 }
+
+?>
--- a/bin/package2composer.sh
+++ b/bin/package2composer.sh
@ -2,9 +2,10 @@
 <?php
 /*
 +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
+ | bin/package2composer.sh                                               |
 |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2013, The Roundcube Dev Team                            |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
@ -12,6 +13,7 @@
 |                                                                       |
 | PURPOSE:                                                              |
 |  Convert a plugin's package.xml file into a composer.json description |
+ |                                                                       |
 +-----------------------------------------------------------------------+
 | Author: Thomas Bruederli <thomas@roundcube.net>                       |
 +-----------------------------------------------------------------------+
@ -40,7 +42,7 @@ $data = array(
    'version' => strval($package->version->release),
    'authors' => array(),
    'repositories' => array(
-        array('type' => 'composer', 'url' => 'https://plugins.roundcube.net'),
+        array('type' => 'composer', 'url' => 'http://plugins.roundcube.net'),
    ),
    'require' => array(
        'php' => '>=5.3.0',
@ -95,7 +97,7 @@ else if (defined('JSON_PRETTY_PRINT')) {
    echo json_encode($data, $flags);
 }
 else {
-    fwrite(STDERR,
+    fputs(STDERR,
 "FAILED! composer.phar not found in current directory.

 Please download it from http://getcomposer.org/download/ or with
@ -104,3 +106,4 @@ Please download it from http://getcomposer.org/download/ or with
 }

 echo "\n";
+
--- a/bin/transifexpull.sh
+++ b/bin/transifexpull.sh
@ -39,6 +39,6 @@ done

 # remove empty localization files
 for file in $PWD/../program/localization/*/labels.inc; do grep -q -E '\$labels' $file || rm $file; done
-for file in $PWD/../program/localization/*/timezones.inc; do grep -q -E '\$labels' $file || rm $file; done
 for file in $PWD/../program/localization/*/messages.inc; do grep -q -E '\$messages' $file || rm $file; done
 for file in $PWD/../plugins/*/localization/*.inc; do grep -q -E '\$(labels|messages)' $file || rm $file; done
+
--- a/bin/update.sh
+++ b/bin/update.sh
@ -2,9 +2,10 @@
 <?php
 /*
 +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
+ | bin/update.sh                                                         |
 |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2010-2015, The Roundcube Dev Team                       |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
@ -27,267 +28,244 @@ $opts = rcube_utils::get_opt(array('v' => 'version', 'y' => 'accept:bool'));

 // ask user if no version is specified
 if (!$opts['version']) {
-    echo "What version are you upgrading from? Type '?' if you don't know.\n";
-
-    if (($input = trim(fgets(STDIN))) && preg_match('/^[0-9.]+[a-z0-9-]*$/', $input)) {
-        $opts['version'] = $input;
-    }
-    else {
-        $opts['version'] = RCMAIL_VERSION;
-    }
+  echo "What version are you upgrading from? Type '?' if you don't know.\n";
+  if (($input = trim(fgets(STDIN))) && preg_match('/^[0-9.]+[a-z-]*$/', $input))
+    $opts['version'] = $input;
+  else
+    $opts['version'] = RCMAIL_VERSION;
 }

 $RCI = rcmail_install::get_instance();
 $RCI->load_config();

 if ($RCI->configured) {
-    $success = true;
-
-    if (($messages = $RCI->check_config($opts['version'])) || $RCI->legacy_config) {
-        $success = false;
-        $err = 0;
+  $success = true;
+
+  if (($messages = $RCI->check_config()) || $RCI->legacy_config) {
+    $success = false;
+    $err = 0;
+
+    // list old/replaced config options
+    if (is_array($messages['replaced'])) {
+      echo "WARNING: Replaced config options:\n";
+      echo "(These config options have been replaced or renamed)\n";
+
+      foreach ($messages['replaced'] as $msg) {
+        echo "- '" . $msg['prop'] . "' was replaced by '" . $msg['replacement'] . "'\n";
+        $err++;
+      }
+      echo "\n";
+    }

-        // list old/replaced config options
-        if (is_array($messages['replaced'])) {
-            echo "WARNING: Replaced config options:\n";
-            echo "(These config options have been replaced or renamed)\n";
+    // list obsolete config options (just a notice)
+    if (is_array($messages['obsolete'])) {
+      echo "NOTICE: Obsolete config options:\n";
+      echo "(You still have some obsolete or inexistent properties set. This isn't a problem but should be noticed)\n";

-            foreach ($messages['replaced'] as $msg) {
-                echo "- '" . $msg['prop'] . "' was replaced by '" . $msg['replacement'] . "'\n";
-                $err++;
-            }
-        }
+      foreach ($messages['obsolete'] as $msg) {
+        echo "- '" . $msg['prop'] . ($msg['name'] ? "': " . $msg['name'] : "'") . "\n";
+        $err++;
+      }
+      echo "\n";
+    }

-        // list obsolete config options (just a notice)
-        if (is_array($messages['obsolete'])) {
-            echo "NOTICE: Obsolete config options:\n";
-            echo "(You still have some obsolete or inexistent properties set."
-                . " This isn't a problem but should be noticed)\n";
+    if (!$err && $RCI->legacy_config) {
+      echo "WARNING: Your configuration needs to be migrated!\n";
+      echo "We changed the configuration files structure and your two config files main.inc.php and db.inc.php have to be merged into one single file.\n";
+      $err++;
+    }

-            foreach ($messages['obsolete'] as $msg) {
-                echo "- '" . $msg['prop'] . ($msg['name'] ? "': " . $msg['name'] : "'") . "\n";
-                $err++;
-            }
-        }
+    // ask user to update config files
+    if ($err) {
+      if (!$opts['accept']) {
+        echo "Do you want me to fix your local configuration? (y/N)\n";
+        $input = trim(fgets(STDIN));
+      }

-        if (!$err && $RCI->legacy_config) {
-            echo "WARNING: Your configuration needs to be migrated!\n";
-            echo "We changed the configuration files structure and your two config files "
-                . "main.inc.php and db.inc.php have to be merged into one single file.\n";
-            $err++;
-        }
+      // positive: let's merge the local config with the defaults
+      if ($opts['accept'] || strtolower($input) == 'y') {
+        $error = $written = false;

-        // ask user to update config files
-        if ($err) {
-            if (!$opts['accept']) {
-                echo "Do you want me to fix your local configuration? (y/N)\n";
-                $input = trim(fgets(STDIN));
-            }
+        // backup current config
+        echo ". backing up the current config file(s)...\n";

-            // positive: merge the local config with the defaults
-            if ($opts['accept'] || strtolower($input) == 'y') {
-                $error = $written = false;
-
-                echo ". backing up the current config file(s)...\n";
-
-                foreach (array('config', 'main', 'db') as $file) {
-                    if (file_exists(RCMAIL_CONFIG_DIR . '/' . $file . '.inc.php')) {
-                        if (!copy(RCMAIL_CONFIG_DIR . '/' . $file . '.inc.php', RCMAIL_CONFIG_DIR . '/' . $file . '.old.php')) {
-                            $error = true;
-                        }
-                    }
-                }
-
-                if (!$error) {
-                    $RCI->merge_config();
-                    echo ". writing " . RCMAIL_CONFIG_DIR . "/config.inc.php...\n";
-                    $written = $RCI->save_configfile($RCI->create_config());
-                }
-
-                // Success!
-                if ($written) {
-                    echo "Done.\n";
-                    echo "Your configuration files are now up-to-date!\n";
-
-                    if ($messages['missing']) {
-                        echo "But you still need to add the following missing options:\n";
-                        foreach ($messages['missing'] as $msg) {
-                            echo "- '" . $msg['prop'] . ($msg['name'] ? "': " . $msg['name'] : "'") . "\n";
-                        }
-                    }
-
-                    if ($RCI->legacy_config) {
-                        foreach (array('main', 'db') as $file) {
-                            @unlink(RCMAIL_CONFIG_DIR . '/' . $file . '.inc.php');
-                        }
-                    }
-                }
-                else {
-                    echo "Failed to write config file(s)!\n";
-                    echo "Grant write privileges to the current user or update the files manually "
-                        . "according to the above messages.\n";
-                }
-            }
-            else {
-                echo "Please update your config files manually according to the above messages.\n";
+        foreach (array('config', 'main', 'db') as $file) {
+          if (file_exists(RCMAIL_CONFIG_DIR . '/' . $file . '.inc.php')) {
+            if (!copy(RCMAIL_CONFIG_DIR . '/' . $file . '.inc.php', RCMAIL_CONFIG_DIR . '/' . $file . '.old.php')) {
+              $error = true;
            }
+          }
        }

-        // list of config options with changed default (just a notice)
-        if (!empty($messages['defaults'])) {
-            echo "WARNING: Changed defaults (These config options have new default values):\n";
-
-            foreach ($messages['defaults'] as $opt) {
-                echo "- '{$opt}'\n";
-            }
+        if (!$error) {
+          $RCI->merge_config();
+          echo ". writing " . RCMAIL_CONFIG_DIR . "/config.inc.php...\n";
+          $written = $RCI->save_configfile($RCI->create_config());
        }

-        // check dependencies based on the current configuration
-        if (is_array($messages['dependencies'])) {
-            echo "WARNING: Dependency check failed!\n";
-            echo "(Some of your configuration settings require other options to be configured "
-                . "or additional PHP modules to be installed)\n";
+        // Success!
+        if ($written) {
+          echo "Done.\n";
+          echo "Your configuration files are now up-to-date!\n";

-            foreach ($messages['dependencies'] as $msg) {
-                echo "- " . $msg['prop'] . ': ' . $msg['explain'] . "\n";
-            }
+          if ($messages['missing']) {
+            echo "But you still need to add the following missing options:\n";
+            foreach ($messages['missing'] as $msg)
+              echo "- '" . $msg['prop'] . ($msg['name'] ? "': " . $msg['name'] : "'") . "\n";
+          }

-            echo "Please fix your config files and run this script again!\n";
-            echo "See ya.\n";
+          if ($RCI->legacy_config) {
+            foreach (array('main', 'db') as $file) {
+              @unlink(RCMAIL_CONFIG_DIR . '/' . $file . '.inc.php');
+            }
+          }
+        }
+        else {
+          echo "Failed to write config file(s)!\n";
+          echo "Grant write privileges to the current user or update the files manually according to the above messages.\n";
        }
+      }
+      else {
+        echo "Please update your config files manually according to the above messages.\n";
+      }
    }

-    // check file type detection
-    if ($RCI->check_mime_detection()) {
-        echo "WARNING: File type detection doesn't work properly!\n";
-        echo "Please check the 'mime_magic' config option or the finfo functions of PHP and run this script again.\n";
-    }
-    if ($RCI->check_mime_extensions()) {
-        echo "WARNING: Mimetype to file extension mapping doesn't work properly!\n";
-        echo "Please check the 'mime_types' config option and run this script again.\n";
-    }
+    // check dependencies based on the current configuration
+    if (is_array($messages['dependencies'])) {
+      echo "WARNING: Dependency check failed!\n";
+      echo "(Some of your configuration settings require other options to be configured or additional PHP modules to be installed)\n";

-    // check database schema
-    if ($RCI->config['db_dsnw']) {
-        echo "Executing database schema update.\n";
-        $success = rcmail_utils::db_update(INSTALL_PATH . 'SQL', 'roundcube', $opts['version'],
-            array('errors' => true));
+      foreach ($messages['dependencies'] as $msg) {
+        echo "- " . $msg['prop'] . ': ' . $msg['explain'] . "\n";
+      }
+      echo "Please fix your config files and run this script again!\n";
+      echo "See ya.\n";
    }
-
-    // update composer dependencies
-    if (is_file(INSTALL_PATH . 'composer.json') && is_readable(INSTALL_PATH . 'composer.json-dist')) {
-        $composer_data     = json_decode(file_get_contents(INSTALL_PATH . 'composer.json'), true);
-        $composer_template = json_decode(file_get_contents(INSTALL_PATH . 'composer.json-dist'), true);
-        $comsposer_json    = null;
-
-        // update the require section with the new dependencies
-        if (is_array($composer_data['require']) && is_array($composer_template['require'])) {
-            $composer_data['require'] = array_merge($composer_data['require'], $composer_template['require']);
-
-            // remove obsolete packages
-            $old_packages = array(
-                'pear-pear.php.net/net_socket',
-                'pear-pear.php.net/auth_sasl',
-                'pear-pear.php.net/net_idna2',
-                'pear-pear.php.net/mail_mime',
-                'pear-pear.php.net/net_smtp',
-                'pear-pear.php.net/crypt_gpg',
-                'pear-pear.php.net/net_sieve',
-                'pear/mail_mime-decode',
-                'roundcube/net_sieve',
-                'endroid/qrcode',
-            );
-
-            foreach ($old_packages as $pkg) {
-                if (array_key_exists($pkg, $composer_data['require'])) {
-                    unset($composer_data['require'][$pkg]);
-                }
-            }
-        }
-
-        // update the repositories section with the new dependencies
-        if (is_array($composer_template['repositories'])) {
-            if (!is_array($composer_data['repositories'])) {
-                $composer_data['repositories'] = array();
-            }
-
-            foreach ($composer_template['repositories'] as $repo) {
-                $rkey = $repo['type'] . preg_replace('/^https?:/', '', $repo['url']) . $repo['package']['name'];
-                $existing = false;
-
-                foreach ($composer_data['repositories'] as $k =>  $_repo) {
-                    if ($rkey == $_repo['type'] . preg_replace('/^https?:/', '', $_repo['url']) . $_repo['package']['name']) {
-                        // switch to https://
-                        if (isset($_repo['url']) && strpos($_repo['url'], 'http://') === 0) {
-                            $composer_data['repositories'][$k]['url'] = 'https:' . substr($_repo['url'], 5);
-                        }
-
-                        $existing = true;
-                        break;
-                    }
-                    // remove old repos
-                    if (strpos($_repo['url'], 'git://git.kolab.org') === 0) {
-                        unset($composer_data['repositories'][$k]);
-                    }
-                    else if ($_repo['type'] == 'package' && $_repo['package']['name'] == 'Net_SMTP') {
-                        unset($composer_data['repositories'][$k]);
-                    }
-                }
-
-                if (!$existing) {
-                    $composer_data['repositories'][] = $repo;
-                }
-            }
-
-            $composer_data['repositories'] = array_values($composer_data['repositories']);
+  }
+
+  // check file type detection
+  if ($RCI->check_mime_detection()) {
+    echo "WARNING: File type detection doesn't work properly!\n";
+    echo "Please check the 'mime_magic' config option or the finfo functions of PHP and run this script again.\n";
+  }
+  if ($RCI->check_mime_extensions()) {
+    echo "WARNING: Mimetype to file extension mapping doesn't work properly!\n";
+    echo "Please check the 'mime_types' config option and run this script again.\n";
+  }
+
+  // check database schema
+  if ($RCI->config['db_dsnw']) {
+    echo "Executing database schema update.\n";
+    $success = rcmail_utils::db_update(INSTALL_PATH . 'SQL', 'roundcube', $opts['version'],
+        array('errors' => true));
+  }
+
+  // update composer dependencies
+  if (is_file(INSTALL_PATH . 'composer.json') && is_readable(INSTALL_PATH . 'composer.json-dist')) {
+    $composer_data = json_decode(file_get_contents(INSTALL_PATH . 'composer.json'), true);
+    $composer_template = json_decode(file_get_contents(INSTALL_PATH . 'composer.json-dist'), true);
+    $comsposer_json = null;
+
+    // update the require section with the new dependencies
+    if (is_array($composer_data['require']) && is_array($composer_template['require'])) {
+      $composer_data['require'] = array_merge($composer_data['require'], $composer_template['require']);
+
+      // remove obsolete packages
+      $old_packages = array(
+        'pear/mail_mime',
+        'pear/mail_mime-decode',
+        'pear/net_smtp',
+        'pear/net_sieve',
+        'pear-pear.php.net/net_sieve',
+      );
+      foreach ($old_packages as $pkg) {
+        if (array_key_exists($pkg, $composer_data['require'])) {
+          unset($composer_data['require'][$pkg]);
        }
+      }
+    }

-        // use the JSON encoder from the Composer package
-        if (is_file('composer.phar')) {
-            include 'phar://composer.phar/src/Composer/Json/JsonFile.php';
-            $comsposer_json = \Composer\Json\JsonFile::encode($composer_data);
-        }
-        // PHP 5.4's json_encode() does the job, too
-        else if (defined('JSON_PRETTY_PRINT')) {
-            $comsposer_json = json_encode($composer_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
-        }
-        else {
-            $success        = false;
-            $comsposer_json = null;
+    // update the repositories section with the new dependencies
+    if (is_array($composer_template['repositories'])) {
+      if (!is_array($composer_data['repositories'])) {
+        $composer_data['repositories'] = array();
+      }
+
+      foreach ($composer_template['repositories'] as $repo) {
+        $rkey = $repo['type'] . preg_replace('/^https?:/', '', $repo['url']) . $repo['package']['name'];
+        $existing = false;
+        foreach ($composer_data['repositories'] as $k =>  $_repo) {
+          if ($rkey == $_repo['type'] . preg_replace('/^https?:/', '', $_repo['url']) . $_repo['package']['name']) {
+            // switch to https://
+            if (isset($_repo['url']) && strpos($_repo['url'], 'http://') === 0)
+              $composer_data['repositories'][$k]['url'] = 'https:' . substr($_repo['url'], 5);
+            $existing = true;
+            break;
+          }
+          // remove old repos
+          else if (strpos($_repo['url'], 'git://git.kolab.org') === 0) {
+            unset($composer_data['repositories'][$k]);
+          }
+          else if ($_repo['type'] == 'package' && $_repo['package']['name'] == 'Net_SMTP') {
+            unset($composer_data['repositories'][$k]);
+          }
        }
-
-        // write updated composer.json back to disk
-        if ($comsposer_json && is_writeable(INSTALL_PATH . 'composer.json')) {
-            $success &= (bool)file_put_contents(INSTALL_PATH . 'composer.json', $comsposer_json);
+        if (!$existing) {
+          $composer_data['repositories'][] = $repo;
        }
-        else {
-            echo "WARNING: unable to update composer.json!\n";
-            echo "Please replace the 'require' section in your composer.json with the following:\n";
+      }

-            $require_json = '';
-            foreach ($composer_data['require'] as $pkg => $ver) {
-                $require_json .= sprintf('        "%s": "%s",'."\n", $pkg, $ver);
-            }
-
-            echo '    "require": {'."\n";
-            echo rtrim($require_json, ",\n");
-            echo "\n    }\n\n";
-        }
+      $composer_data['repositories'] = array_values($composer_data['repositories']);
+    }

-        echo "NOTICE: Update dependencies by running `php composer.phar update --no-dev`\n";
+    // use the JSON encoder from the Composer package
+    if (is_file('composer.phar')) {
+      include 'phar://composer.phar/src/Composer/Json/JsonFile.php';
+      $comsposer_json = \Composer\Json\JsonFile::encode($composer_data);
+    }
+    // PHP 5.4's json_encode() does the job, too
+    else if (defined('JSON_PRETTY_PRINT')) {
+      $comsposer_json = json_encode($composer_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
+    }
+    else {
+      $success = false;
+      $comsposer_json = null;
    }

-    // index contacts for fulltext searching
-    if ($opts['version'] && version_compare(version_parse($opts['version']), '0.6.0', '<')) {
-        rcmail_utils::indexcontacts();
+    // write updated composer.json back to disk
+    if ($comsposer_json && is_writeable(INSTALL_PATH . 'composer.json')) {
+      $success &= (bool)file_put_contents(INSTALL_PATH . 'composer.json', $comsposer_json);
    }
+    else {
+      echo "WARNING: unable to update composer.json!\n";
+      echo "Please replace the 'require' section in your composer.json with the following:\n";
+
+      $require_json = '';
+      foreach ($composer_data['require'] as $pkg => $ver) {
+        $require_json .= sprintf('        "%s": "%s",'."\n", $pkg, $ver);
+      }

-    if ($success) {
-        echo "This instance of Roundcube is up-to-date.\n";
-        echo "Have fun!\n";
+      echo '    "require": {'."\n";
+      echo rtrim($require_json, ",\n");
+      echo "\n    }\n\n";
    }
+
+    echo "NOTE: Update dependencies by running `php composer.phar update --no-dev`\n";
+  }
+
+  // index contacts for fulltext searching
+  if ($opts['version'] && version_compare(version_parse($opts['version']), '0.6.0', '<')) {
+    rcmail_utils::indexcontacts();
+  }
+
+  if ($success) {
+    echo "This instance of Roundcube is up-to-date.\n";
+    echo "Have fun!\n";
+  }
 }
 else {
-    echo "This instance of Roundcube is not yet configured!\n";
-    echo "Open http://url-to-roundcube/installer/ in your browser and follow the instuctions.\n";
+  echo "This instance of Roundcube is not yet configured!\n";
+  echo "Open http://url-to-roundcube/installer/ in your browser and follow the instuctions.\n";
 }
+
+?>
--- a/bin/updatecss.sh
+++ b/bin/updatecss.sh
@ -2,9 +2,10 @@
 <?php
 /*
 +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
+ | bin/updatecss.sh                                                      |
 |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2010-2013, The Roundcube Dev Team                       |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
@ -117,3 +118,5 @@ function get_files($dir)

    return $files;
 }
+
+?>
--- a/bin/updatedb.sh
+++ b/bin/updatedb.sh
@ -2,10 +2,11 @@
 <?php
 /*
 +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
+ | bin/updatedb.sh                                                       |
 |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
- | Copyright (C) Kolab Systems AG                                        |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2010-2012, The Roundcube Dev Team                       |
+ | Copyright (C) 2010-2012, Kolab Systems AG                             |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
@ -37,3 +38,5 @@ if (empty($opts['package'])) {
 }

 rcmail_utils::db_update($opts['dir'], $opts['package'], $opts['version'], array('errors' => true));
+
+?>
--- a/composer.json-dist
+++ b/composer.json-dist
@ -3,29 +3,41 @@
    "description": "The Roundcube Webmail suite",
    "license": "GPL-3.0+",
    "repositories": [
+        {
+            "type": "pear",
+            "url": "https://pear.php.net/"
+        },
        {
            "type": "composer",
-            "url": "https://plugins.roundcube.net"
+            "url": "https://plugins.roundcube.net/"
+        },
+        {
+            "type": "vcs",
+            "url": "https://github.com/roundcube/Net_Sieve.git"
+        },
+        {
+            "type": "vcs",
+            "url": "https://git.kolab.org/diffusion/PNL/php-net_ldap.git"
        }
    ],
    "require": {
-        "php": ">=5.4.0",
+        "php": ">=5.3.7",
        "pear/pear-core-minimal": "~1.10.1",
-        "pear/auth_sasl": "~1.1.0",
-        "pear/net_idna2": "~0.2.0",
-        "pear/mail_mime": "~1.10.0",
-        "pear/net_smtp": "~1.8.1",
-        "pear/crypt_gpg": "~1.6.3",
-        "pear/net_sieve": "~1.4.3",
        "roundcube/plugin-installer": "~0.1.6",
-        "masterminds/html5": "~2.5.0",
-        "endroid/qr-code": "~1.6.5"
+        "pear-pear.php.net/net_socket": "~1.0.12",
+        "pear-pear.php.net/auth_sasl": "~1.0.6",
+        "pear-pear.php.net/net_idna2": "~0.1.1",
+        "pear-pear.php.net/mail_mime": "~1.10.0",
+        "pear-pear.php.net/net_smtp": "~1.7.1",
+        "pear-pear.php.net/crypt_gpg": "~1.4.2",
+        "roundcube/net_sieve": "~1.5.0"
    },
    "require-dev": {
-        "phpunit/phpunit": "^4.8.36 || ^5.7.21 || ^6 || ^7"
+        "phpunit/phpunit": "*"
    },
    "suggest": {
-        "kolab/net_ldap3": "~1.1.1 required for connecting to LDAP",
-        "mkopinsky/zxcvbn-php": "^4.4.2 required for Zxcvbn password strength driver"
-    }
+        "pear-pear.php.net/net_ldap2": "~2.2.0 required for connecting to LDAP address books",
+        "kolab/Net_LDAP3": "dev-master required for connecting to LDAP address books"
+    },
+    "minimum-stability": "dev"
 }
--- a/config/config.inc.php.sample
+++ b/config/config.inc.php.sample
@ -9,7 +9,7 @@
 | from defaults.inc.php to this file to override the defaults.          |
 |                                                                       |
 | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) The Roundcube Dev Team                                  |
+ | Copyright (C) 2005-2013, The Roundcube Dev Team                       |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
@ -27,11 +27,10 @@ $config = array();
 //       or (Windows): 'sqlite:///C:/full/path/to/sqlite.db'
 $config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail';

-// The IMAP host chosen to perform the log-in.
+// The mail host chosen to perform the log-in.
 // Leave blank to show a textbox at login, give a list of hosts
 // to display a pulldown menu or set one host as string.
-// Enter hostname with prefix ssl:// to use Implicit TLS, or use
-// prefix tls:// to use STARTTLS.
+// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
 // Supported replacement variables:
 // %n - hostname ($_SERVER['SERVER_NAME'])
 // %t - hostname without the first part
@ -41,8 +40,8 @@ $config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail';
 $config['default_host'] = 'localhost';

 // SMTP server host (for sending mails).
-// Enter hostname with prefix ssl:// to use Implicit TLS, or use
-// prefix tls:// to use STARTTLS.
+// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
+// If left blank, the PHP mail() function is used
 // Supported replacement variables:
 // %h - user's IMAP hostname
 // %n - hostname ($_SERVER['SERVER_NAME'])
@ -50,20 +49,19 @@ $config['default_host'] = 'localhost';
 // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
 // %z - IMAP domain (IMAP hostname without the first part)
 // For example %n = mail.domain.tld, %t = domain.tld
-// To specify differnt SMTP servers for different IMAP hosts provide an array
-// of IMAP host (no prefix or port) and SMTP server e.g. array('imap.example.com' => 'smtp.example.net')
-$config['smtp_server'] = 'localhost';
+$config['smtp_server'] = '';

-// SMTP port. Use 25 for cleartext, 465 for Implicit TLS, or 587 for STARTTLS (default)
-$config['smtp_port'] = 587;
+// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
+// deprecated SSL over SMTP (aka SMTPS))
+$config['smtp_port'] = 25;

 // SMTP username (if required) if you use %u as the username Roundcube
 // will use the current username for login
-$config['smtp_user'] = '%u';
+$config['smtp_user'] = '';

 // SMTP password (if required) if you use %p as the password Roundcube
 // will use the current user's password for login
-$config['smtp_pass'] = '%p';
+$config['smtp_pass'] = '';

 // provide an URL where a user can get support for this Roundcube installation
 // PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
@ -72,9 +70,9 @@ $config['support_url'] = '';
 // Name your service. This is displayed on the login screen and in the window title
 $config['product_name'] = 'Roundcube Webmail';

-// This key is used to encrypt the users imap password which is stored
-// in the session record. For the default cipher method it must be
-// exactly 24 characters long.
+// this key is used to encrypt the users imap password which is stored
+// in the session record (and the client cookie if remember password is enabled).
+// please provide a string of exactly 24 chars.
 // YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
 $config['des_key'] = 'rcmail-!24ByteDESkey*Str';

@ -85,4 +83,4 @@ $config['plugins'] = array(
 );

 // skin name: folder from skins/
-$config['skin'] = 'elastic';
+$config['skin'] = 'larry';
--- a/config/defaults.inc.php
+++ b/config/defaults.inc.php
@ -1,15 +1,11 @@
 <?php

-// ---------------------------------------------------------------------
-// WARNING: Do not edit this file! Copy configuration to config.inc.php.
-// ---------------------------------------------------------------------
-
 /*
 +-----------------------------------------------------------------------+
- | Default settings for all configuration options                        |
+ | Main configuration file with default settings                         |
 |                                                                       |
 | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) The Roundcube Dev Team                                  |
+ | Copyright (C) 2005-2013, The Roundcube Dev Team                       |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
@ -27,12 +23,8 @@ $config = array();
 // Format (compatible with PEAR MDB2): db_provider://user:password@host/database
 // Currently supported db_providers: mysql, pgsql, sqlite, mssql, sqlsrv, oracle
 // For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
-// Note: for SQLite use absolute path (Linux): 'sqlite:////full/path/to/sqlite.db?mode=0646'
+// NOTE: for SQLite use absolute path (Linux): 'sqlite:////full/path/to/sqlite.db?mode=0646'
 //       or (Windows): 'sqlite:///C:/full/path/to/sqlite.db'
-// Note: Various drivers support various additional arguments for connection,
-//       for Mysql: key, cipher, cert, capath, ca, verify_server_cert,
-//       for Postgres: application_name, sslmode, sslcert, sslkey, sslrootcert, sslcrl, sslcompression, service.
-//       e.g. 'mysql://roundcube:@localhost/roundcubemail?verify_server_cert=false'
 $config['db_dsnw'] = 'mysql://roundcube:@localhost/roundcubemail';

 // Database DSN for read-only operations (if empty write database will be used)
@ -71,7 +63,10 @@ $config['db_max_allowed_packet'] = null;
 // LOGGING/DEBUGGING
 // ----------------------------------

-// log driver:  'syslog', 'stdout' or 'file'.
+// system error reporting, sum of: 1 = log; 4 = show
+$config['debug_level'] = 1;
+
+// log driver:  'syslog' or 'file'.
 $config['log_driver'] = 'file';

 // date format for log entries
@ -82,9 +77,6 @@ $config['log_date_format'] = 'd-M-Y H:i:s O';
 // set to 0 to avoid session IDs being logged.
 $config['log_session_id'] = 8;

-// Default extension used for log file name
-$config['log_file_ext'] = '.log';
-
 // Syslog ident string to use, if using the 'syslog' log driver.
 $config['syslog_id'] = 'roundcube';

@ -93,49 +85,45 @@ $config['syslog_id'] = 'roundcube';
 $config['syslog_facility'] = LOG_USER;

 // Activate this option if logs should be written to per-user directories.
-// Data will only be logged if a directory <log_dir>/<username>/ exists and is writable.
+// Data will only be logged if a directry <log_dir>/<username>/ exists and is writable.
 $config['per_user_logging'] = false;

-// Log sent messages to <log_dir>/sendmail.log or to syslog
+// Log sent messages to <log_dir>/sendmail or to syslog
 $config['smtp_log'] = true;

-// Log successful/failed logins to <log_dir>/userlogins.log or to syslog
+// Log successful/failed logins to <log_dir>/userlogins or to syslog
 $config['log_logins'] = false;

-// Log session debug information/authentication errors to <log_dir>/session.log or to syslog
-$config['session_debug'] = false;
+// Log session authentication errors to <log_dir>/session or to syslog
+$config['log_session'] = false;

-// Log SQL queries to <log_dir>/sql.log or to syslog
+// Log SQL queries to <log_dir>/sql or to syslog
 $config['sql_debug'] = false;

-// Log IMAP conversation to <log_dir>/imap.log or to syslog
+// Log IMAP conversation to <log_dir>/imap or to syslog
 $config['imap_debug'] = false;

-// Log LDAP conversation to <log_dir>/ldap.log or to syslog
+// Log LDAP conversation to <log_dir>/ldap or to syslog
 $config['ldap_debug'] = false;

-// Log SMTP conversation to <log_dir>/smtp.log or to syslog
+// Log SMTP conversation to <log_dir>/smtp or to syslog
 $config['smtp_debug'] = false;

-// Log Memcache conversation to <log_dir>/memcache.log or to syslog
+// Log Memcache conversation to <log_dir>/memcache or to syslog
 $config['memcache_debug'] = false;

-// Log APC conversation to <log_dir>/apc.log or to syslog
+// Log APC conversation to <log_dir>/apc or to syslog
 $config['apc_debug'] = false;

-// Log Redis conversation to <log_dir>/redis.log or to syslog
-$config['redis_debug'] = false;
-

 // ----------------------------------
 // IMAP
 // ----------------------------------

-// The IMAP host chosen to perform the log-in.
+// The mail host chosen to perform the log-in.
 // Leave blank to show a textbox at login, give a list of hosts
 // to display a pulldown menu or set one host as string.
-// Enter hostname with prefix ssl:// to use Implicit TLS, or use
-// prefix tls:// to use STARTTLS.
+// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
 // Supported replacement variables:
 // %n - hostname ($_SERVER['SERVER_NAME'])
 // %t - hostname without the first part
@ -149,9 +137,8 @@ $config['default_host'] = 'localhost';
 // TCP port used for IMAP connections
 $config['default_port'] = 143;

-// IMAP authentication method (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or null).
-// Use 'IMAP' to authenticate with IMAP LOGIN command.
-// By default the most secure method (from supported) will be selected.
+// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or null to use
+// best server supported one)
 $config['imap_auth_type'] = null;

 // IMAP socket context options
@ -164,7 +151,6 @@ $config['imap_auth_type'] = null;
 //     'cafile'       => '/etc/openssl/certs/ca.crt',
 //   ),
 // );
-// Note: These can be also specified as an array of options indexed by hostname
 $config['imap_conn_options'] = null;

 // IMAP connection timeout, in seconds. Default: 0 (use default_socket_timeout)
@ -182,16 +168,15 @@ $config['imap_delimiter'] = null;

 // If you know your imap's folder vendor, you can specify it here.
 // Otherwise it will be determined automatically. Use lower-case
-// identifiers, e.g. 'dovecot', 'cyrus', 'gimap', 'hmail', 'uw-imap'.
+// identifiers, e.g. 'dovecot', 'cyrus', 'gmail', 'hmail', 'uw-imap'.
 $config['imap_vendor'] = null;

 // If IMAP server doesn't support NAMESPACE extension, but you're
 // using shared folders or personal root folder is non-empty, you'll need to
 // set these options. All can be strings or arrays of strings.
-// Note: Folders need to be ended with directory separator, e.g. "INBOX."
-//       (special directory "~" is an exception to this rule)
-// Note: These can be used also to overwrite server's namespaces
-// Note: Set these to FALSE to disable access to specified namespace
+// Folders need to be ended with directory separator, e.g. "INBOX."
+// (special directory "~" is an exception to this rule)
+// These can be used also to overwrite server's namespaces
 $config['imap_ns_personal'] = null;
 $config['imap_ns_other']    = null;
 $config['imap_ns_shared']   = null;
@ -203,7 +188,7 @@ $config['imap_force_caps'] = false;

 // By default list of subscribed folders is determined using LIST-EXTENDED
 // extension if available. Some servers (dovecot 1.x) returns wrong results
-// for shared namespaces in this case. https://github.com/roundcube/roundcubemail/issues/2474
+// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225
 // Enable this option to force LSUB command usage instead.
 // Deprecated: Use imap_disabled_caps = array('LIST-EXTENDED')
 $config['imap_force_lsub'] = false;
@ -217,11 +202,6 @@ $config['imap_force_ns'] = false;
 // Enable this option to hide them and disable possibility to create such.
 $config['imap_skip_hidden_folders'] = false;

-// Some servers do not support folders with both folders and messages inside
-// If your server supports that use true, if it does not, use false.
-// By default it will be determined automatically (once per user session).
-$config['imap_dual_use_folders'] = null;
-
 // List of disabled imap extensions.
 // Use if your IMAP server has broken implementation of some feature
 // and you can't remove it from CAPABILITY string on server-side.
@ -229,11 +209,11 @@ $config['imap_dual_use_folders'] = null;
 // Note: Because the list is cached, re-login is required after change.
 $config['imap_disabled_caps'] = array();

-// Log IMAP session identifiers after each IMAP login.
+// Log IMAP session identifers after each IMAP login.
 // This is used to relate IMAP session with Roundcube user sessions
 $config['imap_log_session'] = false;

-// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache' or 'memcached'.
+// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'.
 $config['imap_cache'] = null;

 // Enables messages cache. Only 'db' cache is supported.
@ -258,8 +238,8 @@ $config['messages_cache_threshold'] = 50;
 // ----------------------------------

 // SMTP server host (for sending mails).
-// Enter hostname with prefix ssl:// to use Implicit TLS, or use
-// prefix tls:// to use STARTTLS.
+// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
+// If left blank, the PHP mail() function is used
 // Supported replacement variables:
 // %h - user's IMAP hostname
 // %n - hostname ($_SERVER['SERVER_NAME'])
@ -267,24 +247,23 @@ $config['messages_cache_threshold'] = 50;
 // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
 // %z - IMAP domain (IMAP hostname without the first part)
 // For example %n = mail.domain.tld, %t = domain.tld
-// To specify differnt SMTP servers for different IMAP hosts provide an array
-// of IMAP host (no prefix or port) and SMTP server e.g. array('imap.example.com' => 'smtp.example.net')
-$config['smtp_server'] = 'localhost';
+$config['smtp_server'] = '';

-// SMTP port. Use 25 for cleartext, 465 for Implicit TLS, or 587 for STARTTLS (default)
-$config['smtp_port'] = 587;
+// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
+// deprecated SSL over SMTP (aka SMTPS))
+$config['smtp_port'] = 25;

 // SMTP username (if required) if you use %u as the username Roundcube
 // will use the current username for login
-$config['smtp_user'] = '%u';
+$config['smtp_user'] = '';

 // SMTP password (if required) if you use %p as the password Roundcube
 // will use the current user's password for login
-$config['smtp_pass'] = '%p';
+$config['smtp_pass'] = '';

 // SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
 // best server supported one)
-$config['smtp_auth_type'] = null;
+$config['smtp_auth_type'] = '';

 // Optional SMTP authentication identifier to be used as authorization proxy
 $config['smtp_auth_cid'] = null;
@ -314,7 +293,6 @@ $config['smtp_timeout'] = 0;
 //     'cafile'       => '/etc/openssl/certs/ca.crt',
 //   ),
 // );
-// Note: These can be also specified as an array of options indexed by hostname
 $config['smtp_conn_options'] = null;


@ -322,7 +300,7 @@ $config['smtp_conn_options'] = null;
 // LDAP
 // ----------------------------------

-// Type of LDAP cache. Supported values: 'db', 'apc' and 'memcache' or 'memcached'.
+// Type of LDAP cache. Supported values: 'db', 'apc' and 'memcache'.
 $config['ldap_cache'] = 'db';

 // Lifetime of LDAP cache. Possible units: s, m, h, d, w
@ -335,8 +313,7 @@ $config['ldap_cache_ttl'] = '10m';

 // Use these hosts for accessing memcached
 // Define any number of hosts in the form of hostname:port or unix:///path/to/socket.file
-// Example: array('localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock');
-$config['memcache_hosts'] = null;
+$config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' );

 // Controls the use of a persistent connections to memcache servers
 // See http://php.net/manual/en/memcache.addserver.php
@ -351,15 +328,11 @@ $config['memcache_timeout'] = 1;
 // See http://php.net/manual/en/memcache.addserver.php
 $config['memcache_retry_interval'] = 15;

-// Use these hosts for accessing Redis.
-// Currently only one host is supported. Cluster support may come in a future release.
-// You can pass 4 fields, host, port (optional), database (optional) and password (optional).
-// Unset fields will be set to the default values host=127.0.0.1, port=6379.
-// Examples:
-//     array('localhost:6379');
-//     array('192.168.1.1:6379:1:secret');
-//     array('unix:///var/run/redis/redis-server.sock:1:secret');
-$config['redis_hosts'] = null;
+// use these hosts for accessing Redis.
+// Currently only one host is supported. cluster support may come in a future release.
+// You can pass 4 fields, host, port, database and password.
+// Unset fields will be set to the default values host=127.0.0.1, port=6379, database=0, password=  (empty)
+$config['redis_hosts'] = null; // e.g. array( 'localhost:6379' );  array( '192.168.1.1:6379:1:secret' );

 // Maximum size of an object in memcache (in bytes). Default: 2MB
 $config['memcache_max_allowed_packet'] = '2M';
@ -367,9 +340,6 @@ $config['memcache_max_allowed_packet'] = '2M';
 // Maximum size of an object in APC cache (in bytes). Default: 2MB
 $config['apc_max_allowed_packet'] = '2M';

-// Maximum size of an object in Redis cache (in bytes). Default: 2MB
-$config['redis_max_allowed_packet'] = '2M';
-

 // ----------------------------------
 // SYSTEM
@ -379,7 +349,7 @@ $config['redis_max_allowed_packet'] = '2M';
 // ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING!
 $config['enable_installer'] = false;

-// don't allow these settings to be overridden by the user
+// don't allow these settings to be overriden by the user
 $config['dont_override'] = array();

 // List of disabled UI elements/actions
@ -393,37 +363,10 @@ $config['advanced_prefs'] = array();
 // PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
 $config['support_url'] = '';

-// Logo image replacement. Specifies location of the image as:
-// - URL relative to the document root of this Roundcube installation
-// - full URL with http:// or https:// prefix
-// - URL relative to the current skin folder (when starts with a '/')
-//
-// An array can be used to specify different logos for specific template files
-// The array key specifies the place(s) the logo should be applied to and
-// is made up of (up to) 3 parts:
-// - skin name prefix (always with colon, can be replaced with *)
-// - template name (or * for all templates)
-// - logo type - it is used for logos used on multiple templates
-//   the available types include '[favicon]' for favicon, '[print]' for logo on all print
-//   templates (e.g. messageprint, contactprint) and '[small]' for small screen logo in supported skins
-//
-// Example config for skin_logo
-/*
-   array(
-     // show the image /images/logo_login_small.png for the Login screen in the Elastic skin on small screens
-     "elastic:login[small]" => "/images/logo_login_small.png",
-     // show the image /images/logo_login.png for the Login screen in the Elastic skin
-     "elastic:login" => "/images/logo_login.png",
-     // show the image /images/logo_small.png in the Elastic skin
-     "elastic:*[small]" => "/images/logo_small.png",
-     // show the image /images/larry.png in the Larry skin
-     "larry:*" => "/images/larry.png",
-     // show the image /images/logo_login.png on the login template in all skins
-     "login" => "/images/logo_login.png",
-     // show the image /images/logo_print.png for all print type logos in all skins
-     "[print]" => "/images/logo_print.png",
-   );
-*/
+// replace Roundcube logo with this image
+// specify an URL relative to the document root of this Roundcube installation
+// an array can be used to specify different logos for specific template files, '*' for default logo
+// for example array("*" => "/images/roundcube_logo.png", "messageprint" => "/images/roundcube_logo_print.png")
 $config['skin_logo'] = null;

 // automatically create a new Roundcube user when log-in the first time.
@ -447,10 +390,9 @@ $config['temp_dir'] = RCUBE_INSTALL_PATH . 'temp/';
 // possible units: s, m, h, d, w
 $config['temp_dir_ttl'] = '48h';

-// Enforce connections over https
-// With this option enabled, all non-secure connections will be redirected.
-// It can be also a port number, hostname or hostname:port if they are
-// different than default HTTP_HOST:443
+// enforce connections over https
+// with this option enabled, all non-secure connections will be redirected.
+// set the port for the ssl connection as value of this option if it differs from the default 443
 $config['force_https'] = false;

 // tell PHP that it should work as under secure connection
@ -485,9 +427,8 @@ $config['login_rate_limit'] = 3;
 // Includes should be interpreted as PHP files
 $config['skin_include_php'] = false;

-// display product name and software version on login screen
-// 0 - hide product name and version number, 1 - show product name only, 2 - show product name and version number
-$config['display_product_info'] = 1;
+// display software version on login screen
+$config['display_version'] = false;

 // Session lifetime in minutes
 $config['session_lifetime'] = 10;
@ -504,50 +445,37 @@ $config['session_auth_name'] = null;
 // Session path. Defaults to PHP session.cookie_path setting.
 $config['session_path'] = null;

-// Session samesite. Defaults to PHP session.cookie_samesite setting.
-// Requires PHP >= 7.3.0, see https://wiki.php.net/rfc/same-site-cookie for more info
-// Possible values: null (default), 'Lax', or 'Strict'
-$config['session_samesite'] = null;
-
 // Backend to use for session storage. Can either be 'db' (default), 'redis', 'memcache', or 'php'
 //
-// If set to 'memcache' or 'memcached', a list of servers need to be specified in 'memcache_hosts'
-// Make sure the Memcache extension (https://pecl.php.net/package/memcache) version >= 2.0.0
-// or the Memcached extension (https://pecl.php.net/package/memcached) version >= 2.0.0 is installed.
+// If set to 'memcache', a list of servers need to be specified in 'memcache_hosts'
+// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed
 //
 // If set to 'redis', a server needs to be specified in 'redis_hosts'
-// Make sure the Redis extension (https://pecl.php.net/package/redis) version >= 2.0.0 is installed.
+// Make sure the Redis extension (http://pecl.php.net/package/redis) version >= 2.0.0 is installed
 //
 // Setting this value to 'php' will use the default session save handler configured in PHP
 $config['session_storage'] = 'db';

+// check client IP in session authorization
+$config['ip_check'] = false;
+
 // List of trusted proxies
 // X_FORWARDED_* and X_REAL_IP headers are only accepted from these IPs
 $config['proxy_whitelist'] = array();

-// List of trusted host names
-// Attackers can modify Host header of the HTTP request causing $_SERVER['SERVER_NAME']
-// or $_SERVER['HTTP_HOST'] variables pointing to a different host, that could be used
-// to collect user names and passwords. Some server configurations prevent that, but not all.
-// An empty list accepts any host name. The list can contain host names
-// or PCRE patterns (without // delimiters, that will be added automatically).
-$config['trusted_host_patterns'] = array();
-
-// check client IP in session authorization
-$config['ip_check'] = false;
+// check referer of incoming requests
+$config['referer_check'] = false;

 // X-Frame-Options HTTP header value sent to prevent from Clickjacking.
-// Possible values: sameorigin|deny|allow-from <uri>.
-// Set to false in order to disable sending the header.
+// Possible values: sameorigin|deny. Set to false in order to disable sending them
 $config['x_frame_options'] = 'sameorigin';

 // This key is used for encrypting purposes, like storing of imap password
 // in the session. For historical reasons it's called DES_key, but it's used
 // with any configured cipher_method (see below).
-// For the default cipher_method a required key length is 24 characters.
 $config['des_key'] = 'rcmail-!24ByteDESkey*Str';

-// Encryption algorithm. You can use any method supported by OpenSSL.
+// Encryption algorithm. You can use any method supported by openssl.
 // Default is set for backward compatibility to DES-EDE3-CBC,
 // but you can choose e.g. AES-256-CBC which we consider a better choice.
 $config['cipher_method'] = 'DES-EDE3-CBC';
@ -578,40 +506,30 @@ $config['username_domain_forced'] = false;
 // For example %n = mail.domain.tld, %t = domain.tld
 $config['mail_domain'] = '';

-// Password character set, to change the password for user
-// authentication or for password change operations
-$config['password_charset'] = 'UTF-8';
+// Password character set.
+// If your authentication backend supports it, use "UTF-8".
+// Otherwise, use the appropriate character set.
+// Defaults to ISO-8859-1 for backward compatibility.
+$config['password_charset'] = 'ISO-8859-1';

 // How many seconds must pass between emails sent by a user
 $config['sendmail_delay'] = 0;

-// Message size limit. Note that SMTP server(s) may use a different value.
-// This limit is verified when user attaches files to a composed message.
-// Size in bytes (possible unit suffix: K, M, G)
-$config['max_message_size'] = '100M';
-
-// Maximum number of recipients per message (including To, Cc, Bcc).
-// Default: 0 (no limit)
-$config['max_recipients'] = 0;
-
-// Maximum number of recipients per message exluding Bcc header.
-// This is a soft limit, which means we only display a warning to the user.
-// Default: 5
-$config['max_disclosed_recipients'] = 5;
+// Maximum number of recipients per message. Default: 0 (no limit)
+$config['max_recipients'] = 0; 

 // Maximum allowed number of members of an address group. Default: 0 (no limit)
 // If 'max_recipients' is set this value should be less or equal
-$config['max_group_members'] = 0;
+$config['max_group_members'] = 0; 

 // Name your service. This is displayed on the login screen and in the window title
 $config['product_name'] = 'Roundcube Webmail';

 // Add this user-agent to message headers when sending
-$config['useragent'] = 'Roundcube Webmail/'.RCUBE_VERSION;
+$config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION;

 // try to load host-specific configuration
-// see https://github.com/roundcube/roundcubemail/wiki/Configuration:-Multi-Domain-Setup
-// for more details
+// see http://trac.roundcube.net/wiki/Howto_Config for more details
 $config['include_host_config'] = false;

 // path to a text file which will be added to each sent message
@ -631,6 +549,10 @@ $config['http_received_header'] = false;
 // when tracking down issues.
 $config['http_received_header_encrypt'] = false;

+// This string is used as a delimiter for message headers when sending
+// a message via mail() function. Leave empty for auto-detection
+$config['mail_header_delimiter'] = NULL;
+
 // number of chars allowed for line when wrapping text.
 // text wrapping is done when composing/sending messages
 $config['line_length'] = 72;
@ -655,12 +577,9 @@ $config['identities_level'] = 0;
 $config['identity_image_size'] = 64;

 // Mimetypes supported by the browser.
-// Attachments of these types will open in a preview window.
-// Either a comma-separated list or an array. Default list includes:
-//     text/plain,text/html,
-//     image/jpeg,image/gif,image/png,image/bmp,image/tiff,image/webp,
-//     application/x-javascript,application/pdf,application/x-shockwave-flash
-$config['client_mimetypes'] = null;
+// attachments of these types will open in a preview window
+// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf'
+$config['client_mimetypes'] = null;  # null == default

 // Path to a local mime magic database file for PHPs finfo extension.
 // Set to null if the default path should be used.
@ -696,7 +615,7 @@ $config['no_save_sent_messages'] = false;
 // Improve system security by using special URL with security token.
 // This can be set to a number defining token length. Default: 16.
 // Warning: This requires http server configuration. Sample:
-//    RewriteRule ^/roundcubemail/[a-zA-Z0-9]{16}/(.*) /roundcubemail/$1 [PT]
+//    RewriteRule ^/roundcubemail/[a-f0-9]{16}/(.*) /roundcubemail/$1 [PT]
 //    Alias /roundcubemail /var/www/roundcubemail/
 // Note: Use assets_path to not prevent the browser from caching assets
 $config['use_secure_urls'] = false;
@ -734,7 +653,7 @@ $config['message_sort_col'] = '';
 $config['message_sort_order'] = 'DESC';

 // These cols are shown in the message list. Available cols are:
-// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, priority
+// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority'
 $config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment');

 // the default locale setting (leave empty for auto-detection)
@ -829,6 +748,9 @@ $config['spellcheck_ignore_nums'] = false;
 // Makes that words with symbols will be ignored (e.g. g@@gle)
 $config['spellcheck_ignore_syms'] = false;

+// Use this char/string to separate recipients when composing a new message
+$config['recipients_separator'] = ',';
+
 // Number of lines at the end of a message considered to contain the signature.
 // Increase this value if signatures are not properly detected and colored
 $config['sig_max_lines'] = 15;
@ -839,6 +761,11 @@ $config['max_pagesize'] = 200;
 // Minimal value of user's 'refresh_interval' setting (in seconds)
 $config['min_refresh_interval'] = 60;

+// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option.
+// By default refresh time is set to 1 second. You can set this value to true
+// or any integer value indicating number of seconds.
+$config['upload_progress'] = false;
+
 // Specifies for how many seconds the Undo button will be available
 // after object delete action. Currently used with supporting address book sources.
 // Setting it to 0, disables the feature.
@ -850,19 +777,17 @@ $config['compose_responses_static'] = array(
 //  array('name' => 'Canned Response 2', 'text' => 'Static Response Two'),
 );

-// List of HKP key servers for PGP public key lookups in Enigma/Mailvelope
-// Note: Lookup is client-side, so the server must support Cross-Origin Resource Sharing
-$config['keyservers'] = array('keys.openpgp.org');
-
 // ----------------------------------
 // ADDRESSBOOK SETTINGS
 // ----------------------------------

 // This indicates which type of address book to use. Possible choises:
-// 'sql' - built-in sql addressbook enabled (default),
-// ''    - built-in sql addressbook disabled.
-//         Still LDAP or plugin-added addressbooks will be available.
-//         BC Note: The value can actually be anything except 'sql', it does not matter.
+// 'sql' (default), 'ldap' and ''.
+// If set to 'ldap' then it will look at using the first writable LDAP
+// address book as the primary address book and it will not display the
+// SQL address book in the 'Address Book' view.
+// If set to '' then no address book will be displayed or only the
+// addressbook which is created by a plugin (like CardDAV).
 $config['address_book_type'] = 'sql';

 // In order to enable public ldap search, configure an array like the Verisign
@ -895,7 +820,6 @@ $config['ldap_public']['Verisign'] = array(
  // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
  // %z - IMAP domain (IMAP hostname without the first part)
  // For example %n = mail.domain.tld, %t = domain.tld
-  // Note: Host can also be a full URI e.g. ldaps://hostname.local:636 (for SSL)
  'hosts'         => array('directory.verisign.com'),
  'port'          => 389,
  'use_tls'       => false,
@ -1007,9 +931,9 @@ $config['ldap_public']['Verisign'] = array(
                                    // Used where addressbook contains aliases to objects elsewhere in the LDAP tree.

  // definition for contact groups (uncomment if no groups are supported)
-  // for the groups base_dn, the user replacements %fu, %u, %d and %dc work as for base_dn (see above)
+  // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above)
  // if the groups base_dn is empty, the contact base_dn is used for the groups as well
-  // -> in this case, assure that groups and contacts are separated due to the concernig filters!
+  // -> in this case, assure that groups and contacts are separated due to the concernig filters! 
  'groups'  => array(
    'base_dn'           => '',
    'scope'             => 'sub',       // Search mode: sub|base|list
@ -1092,12 +1016,8 @@ $config['contact_search_name'] = '{name} <{email}>';
 // Use this charset as fallback for message decoding
 $config['default_charset'] = 'ISO-8859-1';

-// Skin name: folder from skins/
-$config['skin'] = 'elastic';
-
-// Limit skins available for the user.
-// Note: When not empty, it should include the default skin set in 'skin' option.
-$config['skins_allowed'] = array();
+// skin name: folder from skins/
+$config['skin'] = 'larry';

 // Enables using standard browser windows (that can be handled as tabs)
 // instead of popup windows
@ -1120,17 +1040,17 @@ $config['addressbook_sort_col'] = 'surname';
 $config['addressbook_name_listing'] = 0;

 // use this timezone to display date/time
-// valid timezone identifiers are listed here: php.net/manual/en/timezones.php
+// valid timezone identifers are listed here: php.net/manual/en/timezones.php
 // 'auto' will use the browser's timezone settings
 $config['timezone'] = 'auto';

 // prefer displaying HTML messages
 $config['prefer_html'] = true;

-// display remote resources (inline images, styles)
+// display remote inline images
 // 0 - Never, always ask
 // 1 - Ask if sender is not in address book
-// 2 - Always allow
+// 2 - Always show inline images
 $config['show_images'] = 0;

 // open messages in new window
@ -1157,15 +1077,12 @@ $config['prettydate'] = true;
 // save compose message every 300 seconds (5min)
 $config['draft_autosave'] = 300;

-// Interface layout. Default: 'widescreen'.
-//  'widescreen' - three columns
-//  'desktop'    - two columns, preview on bottom
-//  'list'       - two columns, no preview
-$config['layout'] = 'widescreen';
+// default setting if preview pane is enabled
+$config['preview_pane'] = false;

-// Mark as read when viewing a message (delay in seconds)
-// Set to -1 if messages should not be marked as read
-$config['mail_read_time'] = 0;
+// Mark as read when viewed in preview pane (delay in seconds)
+// Set to -1 if messages in preview pane should not be marked as read
+$config['preview_pane_mark_read'] = 0;

 // Clear Trash on logout
 $config['logout_purge'] = false;
@ -1202,7 +1119,7 @@ $config['refresh_interval'] = 60;
 // If true all folders will be checked for recent messages
 $config['check_all_folders'] = false;

-// If true, after message/contact delete/move, the next message/contact will be displayed
+// If true, after message delete/move, the next message will be displayed
 $config['display_next'] = true;

 // Default messages listing mode. One of 'threads' or 'list'.
@ -1217,7 +1134,6 @@ $config['autoexpand_threads'] = 0;
 // -1 - don't cite the original message
 // 0  - place cursor below the original message
 // 1  - place cursor above original message (top posting)
-// 2  - place cursor above original message (top posting), but do not indent the quote
 $config['reply_mode'] = 0;

 // When replying strip original signature from message
@ -1250,6 +1166,12 @@ $config['search_mods'] = null;  // Example: array('*' => array('subject'=>1, 'fr
 // Defaults of the addressbook search field configuration.
 $config['addressbook_search_mods'] = null;  // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1);

+// 'Delete always'
+// This setting reflects if mail should be always deleted
+// when moving to Trash fails. This is necessary in some setups
+// when user is over quota and Trash is included in the quota.
+$config['delete_always'] = false;
+
 // Directly delete messages in Junk instead of moving to Trash
 $config['delete_junk'] = false;

--- a/index-test.php
+++ b/index-test.php
@ -0,0 +1,27 @@
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | Roundcube Webmail Selenium Tests Entry Point                          |
+ |                                                                       |
+ | Copyright (C) 2005-2014, The Roundcube Dev Team                       |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
+ |                                                                       |
+ | PURPOSE:                                                              |
+ |   This is the public entry point for all HTTP requests to the         |
+ |   Roundcube webmail application loading the 'tests' environment.      |
+ +-----------------------------------------------------------------------+
+ | Author: Thomas Bruederli <thomas@roundcube.net>                       |
+ +-----------------------------------------------------------------------+
+*/
+
+define('INSTALL_PATH', realpath(__DIR__) . '/');
+
+$GLOBALS['env'] = 'test';
+
+// include index.php from application root directory
+include INSTALL_PATH . 'index.php';
+
--- a/index.php
+++ b/index.php
@ -2,9 +2,9 @@
 /**
 +-------------------------------------------------------------------------+
 | Roundcube Webmail IMAP Client                                           |
- | Version 1.5-git                                                         |
+ | Version 1.2.10                                                          |
 |                                                                         |
- | Copyright (C) The Roundcube Dev Team                                    |
+ | Copyright (C) 2005-2017, The Roundcube Dev Team                         |
 |                                                                         |
 | This program is free software: you can redistribute it and/or modify    |
 | it under the terms of the GNU General Public License (with exceptions   |
@ -44,7 +44,7 @@ $RCMAIL = rcmail::get_instance(0, $GLOBALS['env']);

 // Make the whole PHP output non-cacheable (#1487797)
 $RCMAIL->output->nocacheing_headers();
-$RCMAIL->output->common_headers(!empty($_SESSION['user_id']));
+$RCMAIL->output->common_headers();

 // turn on output buffering
 ob_start();
@ -72,23 +72,11 @@ if ($RCMAIL->action == 'error' && !empty($_GET['_code'])) {

 // check if https is required (for login) and redirect if necessary
 if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
-    // force_https can be true, <hostname>, <hostname>:<port>, <port>
-    if (!is_bool($force_https)) {
-        list($host, $port) = explode(':', $force_https);
+    $https_port = is_bool($force_https) ? 443 : $force_https;

-        if (is_numeric($host) && empty($port)) {
-            $port = $host;
-            $host = '';
-        }
-    }
-
-    if (!rcube_utils::https_check($port ?: 443)) {
-        if (empty($host)) {
-            $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
-        }
-        if ($port && $port != 443) {
-            $host .= ':' . $port;
-        }
+    if (!rcube_utils::https_check($https_port)) {
+        $host  = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
+        $host .= ($https_port != 443 ? ':' . $https_port : '');

        header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
        exit;
@ -103,7 +91,6 @@ $RCMAIL->action = $startup['action'];
 // try to log in
 if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
    $request_valid = $_SESSION['temp'] && $RCMAIL->check_request();
-    $pass_charset  = $RCMAIL->config->get('password_charset', 'UTF-8');

    // purge the session in case of new login when a session already exists
    if ($request_valid) {
@ -111,11 +98,12 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
    }

    $auth = $RCMAIL->plugins->exec_hook('authenticate', array(
-            'host'  => $RCMAIL->autoselect_host(),
-            'user'  => trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)),
-            'pass'  => rcube_utils::get_input_value('_pass', rcube_utils::INPUT_POST, true, $pass_charset),
-            'valid' => $request_valid,
-            'cookiecheck' => true,
+        'host' => $RCMAIL->autoselect_host(),
+        'user' => trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)),
+        'pass' => rcube_utils::get_input_value('_pass', rcube_utils::INPUT_POST, true,
+            $RCMAIL->config->get('password_charset', 'ISO-8859-1')),
+        'cookiecheck' => true,
+        'valid'       => $request_valid,
    ));

    // Login
@ -158,18 +146,18 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
    }
    else {
        if (!$auth['valid']) {
-            $error_code = rcmail::ERROR_INVALID_REQUEST;
+            $error_code = RCMAIL::ERROR_INVALID_REQUEST;
        }
        else {
            $error_code = is_numeric($auth['error']) ? $auth['error'] : $RCMAIL->login_error();
        }

        $error_labels = array(
-            rcmail::ERROR_STORAGE          => 'storageerror',
-            rcmail::ERROR_COOKIES_DISABLED => 'cookiesdisabled',
-            rcmail::ERROR_INVALID_REQUEST  => 'invalidrequest',
-            rcmail::ERROR_INVALID_HOST     => 'invalidhost',
-            rcmail::ERROR_RATE_LIMIT       => 'accountlocked',
+            RCMAIL::ERROR_STORAGE          => 'storageerror',
+            RCMAIL::ERROR_COOKIES_DISABLED => 'cookiesdisabled',
+            RCMAIL::ERROR_INVALID_REQUEST  => 'invalidrequest',
+            RCMAIL::ERROR_INVALID_HOST     => 'invalidhost',
+            RCMAIL::ERROR_RATE_LIMIT       => 'accountlocked',
        );

        $error_message = !empty($auth['error']) && !is_numeric($auth['error']) ? $auth['error'] : ($error_labels[$error_code] ?: 'loginfailed');
@ -209,14 +197,24 @@ else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])) {
 else if ($RCMAIL->task != 'login' && $_SESSION['user_id']) {
    if (!$RCMAIL->session->check_auth()) {
        $RCMAIL->kill_session();
-        $session_error = 'sessionerror';
+        $session_error = true;
    }
 }

 // not logged in -> show login page
 if (empty($RCMAIL->user->ID)) {
-    if ($session_error || $_REQUEST['_err'] === 'session' || ($session_error = $RCMAIL->session_error())) {
-        $OUTPUT->show_message($session_error ?: 'sessionerror', 'error', null, true, -1);
+    // log session failures
+    $task = rcube_utils::get_input_value('_task', rcube_utils::INPUT_GPC);
+
+    if ($task && !in_array($task, array('login','logout'))
+        && !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])
+    ) {
+        $RCMAIL->session->log("Aborted session $sess_id; no valid session data found");
+        $session_error = true;
+    }
+
+    if ($session_error || $_REQUEST['_err'] == 'session') {
+        $OUTPUT->show_message('sessionerror', 'error', null, true, -1);
    }

    if ($OUTPUT->ajax_call || $OUTPUT->get_env('framed')) {
@ -226,28 +224,19 @@ if (empty($RCMAIL->user->ID)) {

    // check if installer is still active
    if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
-        $OUTPUT->add_footer(html::div(array('id' => 'login-addon', 'style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
+        $OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
            html::tag('h2', array('style' => "margin-top:0.2em"), "Installer script is still accessible") .
            html::p(null, "The install script of your Roundcube installation is still stored in its default location!") .
-            html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because
+            html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because .
                these files may expose sensitive configuration data like server passwords and encryption keys
                to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.")
        ));
    }

-    $plugin = $RCMAIL->plugins->exec_hook('unauthenticated', array(
-            'task'      => 'login',
-            'error'     => $session_error,
-            // Return 401 only on failed logins (#7010)
-            'http_code' => empty($session_error) && !empty($error_message) ? 401 : 200
-    ));
+    $plugin = $RCMAIL->plugins->exec_hook('unauthenticated', array('task' => 'login', 'error' => $session_error));

    $RCMAIL->set_task($plugin['task']);

-    if ($plugin['http_code'] == 401) {
-        header('HTTP/1.0 401 Unauthorized');
-    }
-
    $OUTPUT->send($plugin['task']);
 }
 else {
@ -285,7 +274,7 @@ if (is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/func.inc'
 }

 // allow 5 "redirects" to another action
-$redirects = 0;
+$redirects = 0; $incstep = null;
 while ($redirects < 5) {
    // execute a plugin action
    if (preg_match('/^plugin\./', $RCMAIL->action)) {
--- a/installer/check.php
+++ b/installer/check.php
@ -1,19 +1,5 @@
 <?php

-/**
- +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
- |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
- |                                                                       |
- | Licensed under the GNU General Public License version 3 or            |
- | any later version with exceptions for skins & plugins.                |
- | See the README file for a full license statement.                     |
- +-----------------------------------------------------------------------+
- | Author: Thomas Bruederli <roundcube@gmail.com>                        |
- +-----------------------------------------------------------------------+
-*/
-
 if (!class_exists('rcmail_install', false) || !is_object($RCI)) {
    die("Not allowed! Please open installer/index.php instead.");
 }
@ -31,18 +17,14 @@ $required_php_exts = array(
    'PDO'       => 'PDO',
    'Multibyte' => 'mbstring',
    'OpenSSL'   => 'openssl',
-    'Filter'    => 'filter',
-    'Ctype'     => 'ctype',
 );

 $optional_php_exts = array(
    'FileInfo'  => 'fileinfo',
+    'Libiconv'  => 'iconv',
    'Intl'      => 'intl',
    'Exif'      => 'exif',
    'LDAP'      => 'ldap',
-    'GD'        => 'gd',
-    'Imagick'   => 'imagick',
-    'Zip'       => 'zip',
 );

 $required_libs = array(
@ -62,12 +44,15 @@ $ini_checks = array(
    'session.auto_start'            => 0,
    'mbstring.func_overload'        => 0,
    'suhosin.session.encrypt'       => 0,
+    'magic_quotes_runtime'          => 0,
+    'magic_quotes_sybase'           => 0,
 );

 $optional_checks = array(
    // required for utils/modcss.inc, should we require this?
    'allow_url_fopen'  => 1,
    'date.timezone'    => '-VALID-',
+    'register_globals' => 0, // #1489157
 );

 $source_urls = array(
@ -75,6 +60,7 @@ $source_urls = array(
    'Session'   => 'http://www.php.net/manual/en/book.session.php',
    'PCRE'      => 'http://www.php.net/manual/en/book.pcre.php',
    'FileInfo'  => 'http://www.php.net/manual/en/book.fileinfo.php',
+    'Libiconv'  => 'http://www.php.net/manual/en/book.iconv.php',
    'Multibyte' => 'http://www.php.net/manual/en/book.mbstring.php',
    'OpenSSL'   => 'http://www.php.net/manual/en/book.openssl.php',
    'JSON'      => 'http://www.php.net/manual/en/book.json.php',
@ -84,11 +70,6 @@ $source_urls = array(
    'oci8'      => 'http://www.php.net/manual/en/book.oci8.php',
    'PDO'       => 'http://www.php.net/manual/en/book.pdo.php',
    'LDAP'      => 'http://www.php.net/manual/en/book.ldap.php',
-    'GD'        => 'http://www.php.net/manual/en/book.image.php',
-    'Imagick'   => 'http://www.php.net/manual/en/book.imagick.php',
-    'Zip'       => 'http://www.php.net/manual/en/book.zip.php',
-    'Filter'    => 'http://www.php.net/manual/en/book.filter.php',
-    'Ctype'     => 'http://www.php.net/manual/en/book.ctype.php',
    'pdo_mysql'   => 'http://www.php.net/manual/en/ref.pdo-mysql.php',
    'pdo_pgsql'   => 'http://www.php.net/manual/en/ref.pdo-pgsql.php',
    'pdo_sqlite'  => 'http://www.php.net/manual/en/ref.pdo-sqlite.php',
@ -108,7 +89,7 @@ echo '<input type="hidden" name="_step" value="' . ($RCI->configured ? 3 : 2) .
 <h3>Checking PHP version</h3>
 <?php

-define('MIN_PHP_VERSION', '5.4.0');
+define('MIN_PHP_VERSION', '5.3.7');
 if (version_compare(PHP_VERSION, MIN_PHP_VERSION, '>=')) {
    $RCI->pass('Version', 'PHP ' . PHP_VERSION . ' detected');
 } else {
--- a/installer/client.js
+++ b/installer/client.js
@ -1,13 +1,14 @@
 /*
 +-----------------------------------------------------------------------+
- | Roundcube installer client function                                   |
+ | Roundcube installer cleint function                                   |
 |                                                                       |
- | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) The Roundcube Dev Team                                  |
+ | This file is part of the Roundcube web development suite              |
+ | Copyright (C) 2009-2012, The Roundcube Dev Team                       |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
 | See the README file for a full license statement.                     |
+ |                                                                       |
 +-----------------------------------------------------------------------+
 | Author: Thomas Bruederli <roundcube@gmail.com>                        |
 +-----------------------------------------------------------------------+
@ -16,7 +17,7 @@
 function toggleblock(id, link)
 {
  var block = document.getElementById(id);
-
+  
  return false;
 }

@ -27,14 +28,14 @@ function addhostfield()
  var row = document.createElement('div');
  var input = document.createElement('input');
  var link = document.createElement('a');
-
+  
  input.name = '_default_host[]';
  input.size = '30';
  link.href = '#';
  link.onclick = function() { removehostfield(this.parentNode); return false };
  link.className = 'removelink';
  link.innerHTML = 'remove';
-
+  
  row.appendChild(input);
  row.appendChild(link);
  container.appendChild(row);
--- a/installer/config.php
+++ b/installer/config.php
@ -1,19 +1,5 @@
 <?php

-/**
- +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
- |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
- |                                                                       |
- | Licensed under the GNU General Public License version 3 or            |
- | any later version with exceptions for skins & plugins.                |
- | See the README file for a full license statement.                     |
- +-----------------------------------------------------------------------+
- | Author: Thomas Bruederli <roundcube@gmail.com>                        |
- +-----------------------------------------------------------------------+
-*/
-
 if (!class_exists('rcmail_install', false) || !is_object($RCI)) {
    die("Not allowed! Please open installer/index.php instead.");
 }
@ -25,6 +11,8 @@ $RCI->bool_config_props = array(
  'auto_create_user' => 1,
  'smtp_log' => 1,
  'prefer_html' => 1,
+  'preview_pane' => 1,
+  'debug_level' => 1,
 );

 // allow the current user to get to the next step
@ -69,7 +57,7 @@ if (!empty($_POST['submit'])) {
  }

  echo '<p class="hint">Of course there are more options to configure.
-    Have a look at the defaults.inc.php file or visit <a href="https://github.com/roundcube/roundcubemail/wiki/Configuration" target="_blank">Howto_Config</a> to find out.</p>';
+    Have a look at the defaults.inc.php file or visit <a href="http://trac.roundcube.net/wiki/Howto_Config" target="_blank">Howto_Config</a> to find out.</p>';

  echo '<p><input type="button" onclick="location.href=\'./index.php?_step=3\'" value="CONTINUE" /></p>';

@ -104,7 +92,7 @@ $input_support = new html_inputfield(array('name' => '_support_url', 'size' => 5
 echo $input_support->show($RCI->getprop('support_url'));

 ?>
-<div>Provide a URL where a user can get support for this Roundcube installation.<br/>PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!</div>
+<div>Provide an URL where a user can get support for this Roundcube installation.<br/>PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!</div>
 <p class="hint">Enter an absolute URL (including http://) to a support page/form or a mailto: link.</p>
 </dd>

@ -209,16 +197,31 @@ echo $input_ilevel->show($RCI->getprop('identities_level'), 0);
 <legend>Logging & Debugging</legend>
 <dl class="loggingblock">

+<dt class="propname">debug_level</dt>
+<dd>
+<?php
+
+$value = $RCI->getprop('debug_level');
+$check_debug = new html_checkbox(array('name' => '_debug_level[]'));
+echo $check_debug->show(($value & 1) ? 1 : 0 , array('value' => 1, 'id' => 'cfgdebug1'));
+echo '<label for="cfgdebug1">Log errors</label><br />';
+
+echo $check_debug->show(($value & 4) ? 4 : 0, array('value' => 4, 'id' => 'cfgdebug4'));
+echo '<label for="cfgdebug4">Print errors (to the browser)</label><br />';
+
+?>
+</dd>
+
 <dt class="propname">log_driver</dt>
 <dd>
 <?php

 $select_log_driver = new html_select(array('name' => '_log_driver', 'id' => "cfglogdriver"));
-$select_log_driver->add(array('file', 'syslog', 'stdout'), array('file', 'syslog', 'stdout'));
+$select_log_driver->add(array('file', 'syslog'), array('file', 'syslog'));
 echo $select_log_driver->show($RCI->getprop('log_driver', 'file'));

 ?>
-<div>How to do logging? 'file' - write to files in the log directory, 'syslog' - use the syslog facility, 'stdout' writes to the process' STDOUT file descriptor.</div>
+<div>How to do logging? 'file' - write to files in the log directory, 'syslog' - use the syslog facility.</div>
 </dd>

 <dt class="propname">log_dir</dt>
@ -458,12 +461,12 @@ echo $text_junkmbox->show($RCI->getprop('junk_mbox'));
 <?php

 $text_smtphost = new html_inputfield(array('name' => '_smtp_server', 'size' => 30, 'id' => "cfgsmtphost"));
-echo $text_smtphost->show($RCI->getprop('smtp_server', 'localhost'));
+echo $text_smtphost->show($RCI->getprop('smtp_server'));

 ?>
 <div>Use this host for sending mails</div>

-<p class="hint">To use SSL connection, set ssl://smtp.host.com.</p>
+<p class="hint">To use SSL connection, set ssl://smtp.host.com. If left blank, the PHP mail() function is used</p>
 </dd>

 <dt class="propname">smtp_port</dt>
@ -474,7 +477,7 @@ $text_smtpport = new html_inputfield(array('name' => '_smtp_port', 'size' => 6,
 echo $text_smtpport->show($RCI->getprop('smtp_port'));

 ?>
-<div>SMTP port (default is 587)</div>
+<div>SMTP port (default is 25; 465 for SSL; 587 for submission)</div>
 </dd>

 <dt class="propname">smtp_user/smtp_pass</dt>
@ -595,6 +598,17 @@ echo $check_htmlview->show(intval($RCI->getprop('prefer_html')));
 <label for="cfghtmlview">Prefer displaying HTML messages</label><br />
 </dd>

+<dt class="propname">preview_pane <span class="userconf">*</span></dt>
+<dd>
+<?php
+
+$check_prevpane = new html_checkbox(array('name' => '_preview_pane', 'id' => "cfgprevpane", 'value' => 1));
+echo $check_prevpane->show(intval($RCI->getprop('preview_pane')));
+
+?>
+<label for="cfgprevpane">If preview pane is enabled</label><br />
+</dd>
+
 <dt class="propname">htmleditor <span class="userconf">*</span></dt>
 <dd>
 <label for="cfghtmlcompose">Compose HTML formatted messages</label>
@ -671,7 +685,8 @@ echo $select_param_folding->show(strval($RCI->getprop('mime_param_folding')));

 <?php
 $plugins = $RCI->list_plugins();
-foreach ($plugins as $p) {
+foreach($plugins as $p) 
+{
    $p_check = new html_checkbox(array('name' => '_plugins_'.$p['name'], 'id' => 'cfgplugin_'.$p['name'], 'value' => $p['name']));
    echo '<dt class="propname"><label>';
    echo $p_check->show($p['enabled'] ? $p['name'] : 0);
--- a/installer/images/add.png
+++ b/installer/images/add.png
--- a/installer/images/delete.png
+++ b/installer/images/delete.png
--- a/installer/images/error.png
+++ b/installer/images/error.png
--- a/installer/images/roundcube_logo.png
+++ b/installer/images/roundcube_logo.png
--- a/installer/index.php
+++ b/installer/index.php
@ -3,9 +3,9 @@
 /**
 +-------------------------------------------------------------------------+
 | Roundcube Webmail setup tool                                            |
- | Version 1.5-git                                                         |
+ | Version 1.2.10                                                          |
 |                                                                         |
- | Copyright (C) The Roundcube Dev Team                                    |
+ | Copyright (C) 2009-2017, The Roundcube Dev Team                         |
 |                                                                         |
 | This program is free software: you can redistribute it and/or modify    |
 | it under the terms of the GNU General Public License (with exceptions   |
@ -36,11 +36,27 @@
 +-------------------------------------------------------------------------+
 */

+ini_set('error_reporting', E_ALL &~ (E_NOTICE | E_STRICT));
 ini_set('display_errors', 1);

 define('INSTALL_PATH', realpath(__DIR__ . '/../').'/');
+define('RCUBE_INSTALL_PATH', INSTALL_PATH);
+define('RCUBE_CONFIG_DIR', INSTALL_PATH . 'config/');

-require INSTALL_PATH . 'program/include/iniset.php';
+$include_path  = INSTALL_PATH . 'program/lib' . PATH_SEPARATOR;
+$include_path .= INSTALL_PATH . 'program/include' . PATH_SEPARATOR;
+$include_path .= ini_get('include_path');
+
+set_include_path($include_path);
+
+// include composer autoloader (if available)
+if (@file_exists(INSTALL_PATH . 'vendor/autoload.php')) {
+    require INSTALL_PATH . 'vendor/autoload.php';
+}
+
+require_once 'Roundcube/bootstrap.php';
+// deprecated aliases (to be removed)
+require_once 'bc.php';

 if (function_exists('session_start'))
  session_start();
@ -106,7 +122,7 @@ if ($RCI->configured && empty($_REQUEST['_step'])) {
 </div>

 <div id="topnav">
-  <a href="https://github.com/roundcube/roundcubemail/wiki/Installation">How-to Wiki</a>
+  <a href="http://trac.roundcube.net/wiki/Howto_Install">How-to Wiki</a>
 </div>

 <div id="content">
--- a/installer/styles.css
+++ b/installer/styles.css
@ -141,11 +141,6 @@ th {
  text-align: left;
 }

-td > label {
-    min-width: 6em;
-    display: inline-block;
-}
-
 ul li {
  margin: 0.3em 0 0.4em -1em;
 }
--- a/installer/test.php
+++ b/installer/test.php
@ -1,17 +1,4 @@
 <?php
-/*
- +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client                     |
- |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
- |                                                                       |
- | Licensed under the GNU General Public License version 3 or            |
- | any later version with exceptions for skins & plugins.                |
- | See the README file for a full license statement.                     |
- +-----------------------------------------------------------------------+
- | Author: Thomas Bruederli <roundcube@gmail.com>                        |
- +-----------------------------------------------------------------------+
-*/

 if (!class_exists('rcmail_install', false) || !is_object($RCI)) {
    die("Not allowed! Please open installer/index.php instead.");
@ -139,7 +126,7 @@ if ($RCI->configured) {
        else {
            $RCI->fail('DSN (write)', $db_error_msg);
            echo '<p class="hint">Make sure that the configured database exists and that the user has write privileges<br />';
-            echo 'DSN: ' . rcube::Q($RCI->config['db_dsnw']) . '</p>';
+            echo 'DSN: ' . $RCI->config['db_dsnw'] . '</p>';
        }
    }
    else {
@ -152,15 +139,15 @@ else {

 // initialize db with schema found in /SQL/*
 if ($db_working && $_POST['initdb']) {
-    if (!$RCI->init_db($DB)) {
+    if (!($success = $RCI->init_db($DB))) {
        $db_working = false;
        echo '<p class="warning">Please try to inizialize the database manually as described in the INSTALL guide.
-            Make sure that the configured database extists and that the user as write privileges</p>';
+          Make sure that the configured database extists and that the user as write privileges</p>';
    }
 }

 else if ($db_working && $_POST['updatedb']) {
-    if (!$RCI->update_db($_POST['version'])) {
+    if (!($success = $RCI->update_db($_POST['version']))) {
        echo '<p class="warning">Database schema update failed.</p>';
    }
 }
@ -178,7 +165,7 @@ if ($db_working) {
        echo '<ul style="margin:0"><li>' . join("</li>\n<li>", $err) . "</li></ul>";
        $select = $RCI->versions_select(array('name' => 'version'));
        $select->add('0.9 or newer', '');
-        echo '<p class="suggestion">You should run the update queries to get the schema fixed.<br/><br/>Version to update from: ' . $select->show('') . '&nbsp;<input type="submit" name="updatedb" value="Update" /></p>';
+        echo '<p class="suggestion">You should run the update queries to get the schema fixed.<br/><br/>Version to update from: ' . $select->show() . '&nbsp;<input type="submit" name="updatedb" value="Update" /></p>';
        $db_working = false;
    }
    else {
@ -189,15 +176,10 @@ if ($db_working) {

 // more database tests
 if ($db_working) {
-    // Using transactions to workaround SQLite bug (#7064)
-    if ($DB->db_provider == 'sqlite') {
-        $DB->startTransaction();
-    }
-
    // write test
    $insert_id = md5(uniqid());
    $db_write = $DB->query("INSERT INTO " . $DB->quote_identifier($RCI->config['db_prefix'] . 'session')
-        . " (`sess_id`, `changed`, `ip`, `vars`) VALUES (?, ".$DB->now().", '127.0.0.1', 'foo')", $insert_id);
+        . " (`sess_id`, `created`, `ip`, `vars`) VALUES (?, ".$DB->now().", '127.0.0.1', 'foo')", $insert_id);

    if ($db_write) {
      $RCI->pass('DB Write');
@ -209,11 +191,6 @@ if ($db_working) {
    }
    echo '<br />';

-    // Transaction end
-    if ($DB->db_provider == 'sqlite') {
-        $DB->rollbackTransaction();
-    }
-
    // check timezone settings
    $tz_db = 'SELECT ' . $DB->unixtimestamp($DB->now()) . ' AS tz_db';
    $tz_db = $DB->query($tz_db);
@ -263,74 +240,48 @@ else {
  echo "<br/>";
 }

-$smtp_hosts = $RCI->get_hostlist('smtp_server');
-if (!empty($smtp_hosts)) {
-  $smtp_host_field = new html_select(array('name' => '_smtp_host', 'id' => 'smtp_server'));
-  $smtp_host_field->add($smtp_hosts);
-}
-else {
-  $smtp_host_field = new html_inputfield(array('name' => '_smtp_host', 'id' => 'smtp_server'));
-}
+?>
+
+
+<h3>Test SMTP config</h3>
+
+<p>
+Server: <?php echo rcube_utils::parse_host($RCI->getprop('smtp_server', 'PHP mail()')); ?><br />
+Port: <?php echo $RCI->getprop('smtp_port'); ?><br />

-$user = $RCI->getprop('smtp_user', '(none)');
-$pass = $RCI->getprop('smtp_pass', '(none)');
+<?php

-if ($user == '%u') {
-    $user_field = new html_inputfield(array('name' => '_smtp_user', 'id' => 'smtp_user'));
+if ($RCI->getprop('smtp_server')) {
+  $user = $RCI->getprop('smtp_user', '(none)');
+  $pass = $RCI->getprop('smtp_pass', '(none)');
+  
+  if ($user == '%u') {
+    $user_field = new html_inputfield(array('name' => '_smtp_user'));
    $user = $user_field->show($_POST['_smtp_user']);
-}
-else {
-    $user = html::quote($user);
-}
-if ($pass == '%p') {
-    $pass_field = new html_passwordfield(array('name' => '_smtp_pass', 'id' => 'smtp_pass'));
+  }
+  if ($pass == '%p') {
+    $pass_field = new html_passwordfield(array('name' => '_smtp_pass'));
    $pass = $pass_field->show();
-}
-else {
-    $pass = html::quote($pass);
+  }
+  
+  echo "User: $user<br />";
+  echo "Password: $pass<br />";
 }

-?>
-
-<h3>Test SMTP config</h3>
+$from_field = new html_inputfield(array('name' => '_from', 'id' => 'sendmailfrom'));
+$to_field = new html_inputfield(array('name' => '_to', 'id' => 'sendmailto'));

-<p>
-<table>
-<tbody>
-  <tr>
-    <td><label for="smtp_server">Server</label></td>
-    <td><?php echo $smtp_host_field->show($_POST['_smtp_host']); ?></td>
-  </tr>
-  <tr>
-    <td><label for="smtp_port">Port</label></td>
-    <td><?php echo rcube::Q($RCI->getprop('smtp_port')); ?></td>
-  </tr>
-  <tr>
-    <td><label for="smtp_user">Username</label></td>
-    <td><?php echo $user; ?></td>
-  </tr>
-  <tr>
-    <td><label for="smtp_pass">Password</label></td>
-    <td><?php echo $pass; ?></td>
-  </tr>
-</tbody>
-</table>
+?>
 </p>

 <?php

-$from_field = new html_inputfield(array('name' => '_from', 'id' => 'sendmailfrom'));
-$to_field   = new html_inputfield(array('name' => '_to', 'id' => 'sendmailto'));
-
 if (isset($_POST['sendmail'])) {

  echo '<p>Trying to send email...<br />';

-  $smtp_host = trim($_POST['_smtp_host']);
-  $smtp_port = $RCI->getprop('smtp_port');
-
-  $from = rcube_utils::idn_to_ascii(trim($_POST['_from']));
-  $to   = rcube_utils::idn_to_ascii(trim($_POST['_to']));
+  $from = idn_to_ascii(trim($_POST['_from']));
+  $to   = idn_to_ascii(trim($_POST['_to']));

  if (preg_match('/^' . $RCI->email_pattern . '$/i', $from) &&
      preg_match('/^' . $RCI->email_pattern . '$/i', $to)
@ -342,26 +293,42 @@ if (isset($_POST['sendmail'])) {
    );

    $body = 'This is a test to confirm that Roundcube can send email.';
+    $smtp_response = array();

    // send mail using configured SMTP server
-    $CONFIG = $RCI->config;
+    if ($RCI->getprop('smtp_server')) {
+      $CONFIG = $RCI->config;

-    if (!empty($_POST['_smtp_user'])) {
-      $CONFIG['smtp_user'] = $_POST['_smtp_user'];
-    }
-    if (!empty($_POST['_smtp_pass'])) {
-      $CONFIG['smtp_pass'] = $_POST['_smtp_pass'];
-    }
+      if (!empty($_POST['_smtp_user'])) {
+        $CONFIG['smtp_user'] = $_POST['_smtp_user'];
+      }
+      if (!empty($_POST['_smtp_pass'])) {
+        $CONFIG['smtp_pass'] = $_POST['_smtp_pass'];
+      }
+
+      $mail_object  = new Mail_mime();
+      $send_headers = $mail_object->headers($headers);

-    $mail_object  = new Mail_mime();
-    $send_headers = $mail_object->headers($headers);
-    $head         = $mail_object->txtHeaders($send_headers);
+      $SMTP = new rcube_smtp();
+      $SMTP->connect(rcube_utils::parse_host($RCI->getprop('smtp_server')),
+        $RCI->getprop('smtp_port'), $CONFIG['smtp_user'], $CONFIG['smtp_pass']);

-    $SMTP = new rcube_smtp();
-    $SMTP->connect($smtp_host, $smtp_port, $CONFIG['smtp_user'], $CONFIG['smtp_pass']);
+      $status = $SMTP->send_mail($headers['From'], $headers['To'],
+          ($foo = $mail_object->txtHeaders($send_headers)), $body);

-    $status        = $SMTP->send_mail($headers['From'], $headers['To'], $head, $body);
-    $smtp_response = $SMTP->get_response();
+      $smtp_response = $SMTP->get_response();
+    }
+    else {    // use mail()
+      $header_str = 'From: ' . $headers['From'];
+      
+      if (ini_get('safe_mode'))
+        $status = mail($headers['To'], $headers['Subject'], $body, $header_str);
+      else
+        $status = mail($headers['To'], $headers['Subject'], $body, $header_str, '-f'.$headers['From']);
+
+      if (!$status)
+        $smtp_response[] = 'Mail delivery with mail() failed. Check your error logs for details';
+    }

    if ($status) {
        $RCI->pass('SMTP send');
@ -453,8 +420,8 @@ if (isset($_POST['imaptest']) && !empty($_POST['_host']) && !empty($_POST['_user
      $imap_port = 993;
  }

-  $imap_host = rcube_utils::idn_to_ascii($imap_host);
-  $imap_user = rcube_utils::idn_to_ascii($_POST['_user']);
+  $imap_host = idn_to_ascii($imap_host);
+  $imap_user = idn_to_ascii($_POST['_user']);

  $imap = new rcube_imap(null);
  $imap->set_options(array(
--- a/jsdeps.json
+++ b/jsdeps.json
@ -1,115 +0,0 @@
-{
-  "dependencies": [
-    {
-      "lib": "jquery",
-      "name": "jQuery",
-      "version": "3.4.1",
-      "url": "https://code.jquery.com/jquery-$v.min.js",
-      "dest": "program/js/jquery.min.js",
-      "sha1": "88523924351bac0b5d560fe0c5781e2556e7693d",
-      "license": "MIT",
-      "copyright": "Copyright JS Foundation and other contributors",
-      "source": "https://github.com/jquery/jquery/tree/$v"
-    },
-    {
-      "lib": "jstz",
-      "name": "jsTimezoneDetect",
-      "version": "1.0.6",
-      "url": "https://bitbucket.org/pellepim/jstimezonedetect/raw/6c427658686c664da52c6a87cd62ec910baab276/dist/jstz.min.js",
-      "dest": "program/js/jstz.min.js",
-      "sha1": "4291cd3b259d2060460c2a6ab99f428d3c0c9537",
-      "license": "MIT",
-      "copyright": "Copyright (c) Jon Nylander",
-      "source": "https://bitbucket.org/pellepim/jstimezonedetect/raw/6c427658686c664da52c6a87cd62ec910baab276/dist/jstz.js"
-    },
-    {
-      "lib": "publickey",
-      "name": "PublicKey.js",
-      "version": "0e011cb1",
-      "url": "https://raw.githubusercontent.com/diafygi/publickeyjs/$v/publickey.js",
-      "api_url": "https://api.github.com/repos/diafygi/publickeyjs/contents/publickey.js?ref=$v",
-      "dest": "program/js/publickey.js",
-      "sha1": "d0920e190754e024c4be76ad5bbc7e76b2e37a4d",
-      "license": "GPLv3",
-      "copyright": "Copyright (c) 2015 Daniel Roesler",
-      "source": "https://github.com/diafygi/publickeyjs/blob/master/publickey.js"
-    },
-    {
-      "lib": "tinymce",
-      "version": "4.8.2",
-      "url": "https://download.tiny.cloud/tinymce/community/tinymce_$v.zip",
-      "dest": "program/js",
-      "sha1": "d7fced05acdeeb78299585ea9909b0de2b3d759d",
-      "license": "LGPL",
-      "copyright": "Copyright (c) 1999-2015 Ephox Corp. All rights reserved",
-      "rm": "program/js/tinymce",
-      "map": {
-        "js/tinymce": "tinymce"
-      },
-      "omit": [
-        "tinymce/license.txt",
-        "tinymce/jquery.tinymce.min.js"
-      ],
-      "addlicense": [
-        "tinymce/tinymce.min.js"
-      ]
-    },
-    {
-      "lib": "tinymce-langs",
-      "version": "4.8.2",
-      "url": "https://www.tiny.cloud/docs-4x/language/tinymce4x_languages.zip",
-      "dest": "program/js/tinymce"
-    },
-    {
-      "lib": "openpgp",
-      "name": "OpenPGP.js",
-      "version": "4.4.6",
-      "url": "https://raw.githubusercontent.com/openpgpjs/openpgpjs/v$v/dist/openpgp.min.js",
-      "api_url": "https://api.github.com/repos/openpgpjs/openpgpjs/contents/dist/openpgp.min.js?ref=v$v",
-      "dest": "plugins/enigma/openpgp.min.js",
-      "sha1": "e142168db8e666a40fcb4c48ef89c9d774134f8b",
-      "license": "LGPL",
-      "copyright": "Copyright (c) OpenPGP Development Team",
-      "source": "https://github.com/openpgpjs/openpgpjs/blob/v$v/dist/openpgp.js"
-    },
-    {
-      "lib": "codemirror",
-      "version": "5.46.0",
-      "url": "https://codemirror.net/codemirror-$v.zip",
-      "dest": "plugins/managesieve/codemirror",
-      "sha1": "c11fcb9b63cee2b276e3b9f24a8ad6d7c374c624",
-      "license": "MIT",
-      "map": {
-        "lib": "lib",
-        "addon/selection": "addon/selection",
-        "mode/sieve": "mode/sieve"
-      }
-    },
-    {
-      "lib": "bootstrap",
-      "name": "Bootstrap",
-      "version": "4.3.1",
-      "url": "https://github.com/twbs/bootstrap/releases/download/v$v/bootstrap-$v-dist.zip",
-      "dest": "skins/elastic/deps",
-      "sha1": "ee9e9d6bbbb6181dc519778af2b38804a6aa62a4",
-      "license": "MIT",
-      "flat": true,
-      "sourcemap": false,
-      "map": {
-        "bootstrap.bundle.min.js": "bootstrap.bundle.min.js",
-        "bootstrap.min.css": "bootstrap.min.css"
-      }
-    },
-    {
-      "lib": "less",
-      "name": "LessJS",
-      "version": "2.7.3",
-      "url": "https://raw.githubusercontent.com/less/less.js/v$v/dist/less.min.js",
-      "api_url": "https://api.github.com/repos/less/less.js/contents/dist/less.min.js?ref=v$v",
-      "dest": "skins/elastic/deps/less.min.js",
-      "sha1": "45ea4f9fed6c0568ec11faba048c3e3cb7612e9e",
-      "license": "Apache-2.0",
-      "source": "https://raw.githubusercontent.com/less/less.js/v$v/dist/less.js"
-    }
-  ]
-}
--- a/plugins/acl/acl.js
+++ b/plugins/acl/acl.js
@ -1,18 +1,8 @@
 /**
 * ACL plugin script
 *
- * @licstart  The following is the entire license notice for the
- * JavaScript code in this file.
- *
- * Copyright (c) The Roundcube Dev Team
- *
- * The JavaScript code in this page is free software: you can redistribute it
- * and/or modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation, either version 3 of
- * the License, or (at your option) any later version.
- *
- * @licend  The above is the entire license notice
- * for the JavaScript code in this file.
+ * @version @package_version@
+ * @author Aleksander Machniak <alec@alec.pl>
 */

 if (window.rcmail) {
@ -43,7 +33,7 @@ if (window.rcmail) {
        rcmail.enable_command('acl-delete', 'acl-edit', false);

        if (rcmail.env.acl_advanced)
-            $('#acl-switch').addClass('selected').find('input').prop('checked', true);
+            $('#acl-switch').addClass('selected');
    });
 }

@ -67,14 +57,13 @@ rcube_webmail.prototype.acl_delete = function()
 {
    var users = this.acl_get_usernames();

-    if (users && users.length) {
-        this.confirm_dialog(this.get_label('acl.deleteconfirm'), 'delete', function(e, ref) {
-            ref.http_post('settings/plugin.acl', {
+    if (users && users.length && confirm(this.get_label('acl.deleteconfirm'))) {
+        this.http_post('settings/plugin.acl', {
                _act: 'delete',
                _user: users.join(','),
-                _mbox: rcmail.env.mailbox
-            }, ref.set_busy(true, 'acl.deleting'));
-        });
+                _mbox: this.env.mailbox
+            },
+            this.set_busy(true, 'acl.deleting'));
    }
 }

@ -94,11 +83,11 @@ rcube_webmail.prototype.acl_save = function()
    }

    if (!user) {
-        this.alert_dialog(this.get_label('acl.nouser'));
+        alert(this.get_label('acl.nouser'));
        return;
    }
    if (!rights) {
-        this.alert_dialog(this.get_label('acl.norights'));
+        alert(this.get_label('acl.norights'));
        return;
    }

@ -171,8 +160,8 @@ rcube_webmail.prototype.acl_list_init = function()
 // ACL table row selection handler
 rcube_webmail.prototype.acl_list_select = function(list)
 {
-    rcmail.enable_command('acl-delete', list.get_selection().length > 0);
-    rcmail.enable_command('acl-edit', list.get_selection().length == 1);
+    rcmail.enable_command('acl-delete', list.selection.length > 0);
+    rcmail.enable_command('acl-edit', list.selection.length == 1);
    list.focus();
 }

@ -202,7 +191,7 @@ rcube_webmail.prototype.acl_list_update = function(html)
 // Returns names of users in selected rows
 rcube_webmail.prototype.acl_get_usernames = function()
 {
-    var users = [], n, len, id, row,
+    var users = [], n, len, cell, row,
        list = this.acl_list,
        selection = list.get_selection();

@ -210,8 +199,10 @@ rcube_webmail.prototype.acl_get_usernames = function()
        if (this.env.acl_specials.length && $.inArray(selection[n], this.env.acl_specials) >= 0) {
            users.push(selection[n]);
        }
-        else if ((row = list.rows[selection[n]]) && (id = $(row.obj).data('userid'))) {
-            users.push(id);
+        else if (row = list.rows[selection[n]]) {
+            cell = $('td.user', row.obj);
+            if (cell.length == 1)
+                users.push(cell.text());
        }
    }

@ -230,8 +221,8 @@ rcube_webmail.prototype.acl_remove_row = function(id)
    $('#rcmrow'+id).remove();
    this.env.acl[id] = null;

-    this.enable_command('acl-delete', list.get_selection().length > 0);
-    this.enable_command('acl-edit', list.get_selection().length == 1);
+    this.enable_command('acl-delete', list.selection.length > 0);
+    this.enable_command('acl-edit', list.selection.length == 1);
 }

 // Adds ACL table row
@ -255,14 +246,15 @@ rcube_webmail.prototype.acl_add_row = function(o, sel)
            cl = items[cl];

        if (cl == 'user')
-            td.addClass(cl).attr('title', o.title).append($('<a>').text(o.display));
+            td.addClass(cl).append($('<a>').text(o.username));
        else
-            td.addClass(this.className + ' ' + rcmail.acl_class(o.acl, cl)).html('<span/>');
+            td.addClass(this.className + ' ' + rcmail.acl_class(o.acl, cl)).text('');

        $(this).replaceWith(td);
    });

-    row = row.attr({id: 'rcmrow' + id, 'data-userid': o.username}).get(0);
+    row.attr('id', 'rcmrow'+id);
+    row = row.get(0);

    this.env.acl[id] = o.acl;

@ -336,7 +328,7 @@ rcube_webmail.prototype.acl_init_form = function(id)
        });

        if (!this.env.acl_specials.length || $.inArray(id, this.env.acl_specials) < 0)
-            val = $(row).data('userid');
+            val = $('td.user', row).text();
        else
            type = id;
    }
@ -361,7 +353,7 @@ rcube_webmail.prototype.acl_init_form = function(id)
        id ? this.get_label('acl.editperms') : this.get_label('acl.newuser'),
        buttons,
        {
-            button_classes: ['mainaction submit', 'cancel'],
+            button_classes: ['mainaction'],
            modal: true,
            closeOnEscape: true,
            close: function(e, ui) {
@ -379,7 +371,7 @@ rcube_webmail.prototype.acl_init_form = function(id)
        $('input:checked', type_list).focus();
 }

-// Returns class name according to ACL comparison result
+// Returns class name according to ACL comparision result
 rcube_webmail.prototype.acl_class = function(acl1, acl2)
 {
    var i, len, found = 0;
--- a/plugins/acl/acl.php
+++ b/plugins/acl/acl.php
@ -3,9 +3,11 @@
 /**
 * Folders Access Control Lists Management (RFC4314, RFC2086)
 *
+ * @version @package_version@
 * @author Aleksander Machniak <alec@alec.pl>
 *
- * Copyright (C) Kolab Systems AG
+ *
+ * Copyright (C) 2011-2012, Kolab Systems AG
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -23,7 +25,7 @@

 class acl extends rcube_plugin
 {
-    public $task = 'settings';
+    public $task = 'settings|addressbook|calendar';

    private $rc;
    private $supported = null;
@ -40,7 +42,9 @@ class acl extends rcube_plugin

        // Register hooks
        $this->add_hook('folder_form', array($this, 'folder_form'));
-
+        // kolab_addressbook plugin
+        $this->add_hook('addressbook_form', array($this, 'folder_form'));
+        $this->add_hook('calendar_form_kolab', array($this, 'folder_form'));
        // Plugin actions
        $this->register_action('plugin.acl', array($this, 'acl_actions'));
        $this->register_action('plugin.acl-autocomplete', array($this, 'acl_autocomplete'));
@ -175,7 +179,7 @@ class acl extends rcube_plugin
        $this->rc->output->add_label('save', 'cancel');
        $this->include_script('acl.js');
        $this->rc->output->include_script('list.js');
-        $this->include_stylesheet($this->local_skin_path() . '/acl.css');
+        $this->include_stylesheet($this->local_skin_path().'/acl.css');

        // add Info fieldset if it doesn't exist
        if (!isset($args['form']['props']['fieldsets']['info']))
@ -313,15 +317,11 @@ class acl extends rcube_plugin
    {
        // Create username input
        $attrib['name'] = 'acluser';
-        $class = $attrib['class'];
-        unset($attrib['class']);

        $textfield = new html_inputfield($attrib);

-        $fields['user'] = html::div('input-group',
-            html::span('input-group-prepend',
-                html::label(array('for' => $attrib['id'], 'class' => 'input-group-text'), $this->gettext('username')))
-            . ' ' . $textfield->show());
+        $fields['user'] = html::label(array('for' => $attrib['id']), $this->gettext('username'))
+            . ' ' . $textfield->show();

        // Add special entries
        if (!empty($this->specials)) {
@ -342,11 +342,11 @@ class acl extends rcube_plugin
                    . $val);
            }

-            $out = html::tag('ul', array('id' => 'usertype', 'class' => $class), $ul, html::$common_attrib);
+            $out = html::tag('ul', array('id' => 'usertype', 'class' => $attrib['class']), $ul, html::$common_attrib);
        }
        // Display text input alone
        else {
-            $out = html::div($class, $fields['user']);
+            $out = $fields['user'];
        }

        return $out;
@ -407,10 +407,10 @@ class acl extends rcube_plugin
        }
        else {
            $items = array(
-                'read'   => 'lrs',
-                'write'  => 'wi',
+                'read' => 'lrs',
+                'write' => 'wi',
                'delete' => $deleteright,
-                'other'  => preg_replace('/[lrswi'.$deleteright.']/', '', implode($supported)),
+                'other' => preg_replace('/[lrswi'.$deleteright.']/', '', implode($supported)),
            );

            // give plugins the opportunity to adjust this list
@ -438,19 +438,14 @@ class acl extends rcube_plugin

            // filter out virtual rights (c or d) the server may return
            $userrights = array_intersect($rights, $supported);
-            $userid     = rcube_utils::html_identifier($user);
-            $title      = null;
+            $userid = rcube_utils::html_identifier($user);

            if (!empty($this->specials) && in_array($user, $this->specials)) {
-                $username = $this->gettext($user);
-            }
-            else {
-                $username = $this->resolve_acl_identifier($user, $title);
+                $user = $this->gettext($user);
            }

-            $table->add_row(array('id' => 'rcmrow' . $userid, 'data-userid' => $user));
-            $table->add(array('class' => 'user text-nowrap', 'title' => $title),
-                html::a(array('id' => 'rcmlinkrow' . $userid), rcube::Q($username)));
+            $table->add_row(array('id' => 'rcmrow'.$userid));
+            $table->add('user', html::a(array('id' => 'rcmlinkrow'.$userid), rcube::Q($user)));

            foreach ($items as $key => $right) {
                $in = $this->acl_compare($userrights, $right);
@ -459,7 +454,7 @@ class acl extends rcube_plugin
                    case 1: $class = 'partial'; break;
                    default: $class = 'disabled'; break;
                }
-                $table->add('acl' . $key . ' ' . $class, '<span></span>');
+                $table->add('acl' . $key . ' ' . $class, '');
            }

            $js_table[$userid] = implode($userrights);
@ -501,13 +496,6 @@ class acl extends rcube_plugin
                if (!strpos($user, '@') && ($realm = $this->get_realm())) {
                    $user .= '@' . rcube_utils::idn_to_ascii(preg_replace('/^@/', '', $realm));
                }
-
-                // Make sure it's valid email address to prevent from "disappearing folder"
-                // issue in Cyrus IMAP e.g. when the acl user identifier contains spaces inside.
-                if (strpos($user, '@') && !rcube_utils::check_email($user, false)) {
-                    $user = null;
-                }
-
                $username = $user;
            }

@ -520,15 +508,9 @@ class acl extends rcube_plugin

            if ($user != $_SESSION['username'] && $username != $_SESSION['username']) {
                if ($this->rc->storage->set_acl($mbox, $user, $acl)) {
-                    $display = $this->resolve_acl_identifier($username, $title);
-                    $this->rc->output->command('acl_update', array(
-                            'id'       => rcube_utils::html_identifier($user),
-                            'username' => $username,
-                            'title'    => $title,
-                            'display'  => $display,
-                            'acl'      => implode($acl),
-                            'old'      => $oldid
-                    ));
+                    $ret = array('id' => rcube_utils::html_identifier($user),
+                         'username' => $username, 'acl' => implode($acl), 'old' => $oldid);
+                    $this->rc->output->command('acl_update', $ret);
                    $result++;
                }
            }
@ -619,9 +601,8 @@ class acl extends rcube_plugin
            }
        }

-        if (count($list) == count($supported)) {
+        if (count($list) == count($supported))
            return rcube::Q($this->gettext('aclfull'));
-        }

        return html::tag('ul', $attrib, implode("\n", $list));
    }
@ -632,7 +613,7 @@ class acl extends rcube_plugin
     * @param array $acl1 ACL rights array (or string)
     * @param array $acl2 ACL rights array (or string)
     *
-     * @param int Comparison result, 2 - full match, 1 - partial match, 0 - no match
+     * @param int Comparision result, 2 - full match, 1 - partial match, 0 - no match
     */
    function acl_compare($acl1, $acl2)
    {
@ -648,15 +629,12 @@ class acl extends rcube_plugin
        $cnt1 = count($res);
        $cnt2 = count($acl2);

-        if ($cnt1 == $cnt2) {
+        if ($cnt1 == $cnt2)
            return 2;
-        }
-
-        if ($cnt1) {
+        else if ($cnt1)
            return 1;
-        }
-
-        return 0;
+        else
+            return 0;
    }

    /**
@ -802,51 +780,4 @@ class acl extends rcube_plugin

        return $user;
    }
-
-    /**
-     * Resolve acl identifier to user/group name
-     */
-    protected function resolve_acl_identifier($id, &$title = null)
-    {
-        if ($this->init_ldap()) {
-            $groups      = $this->rc->config->get('acl_groups');
-            $prefix      = $this->rc->config->get('acl_group_prefix');
-            $group_field = $this->rc->config->get('acl_group_field', 'name');
-
-            // Unfortunately this works only if group_field=name,
-            // list_groups() allows searching by group name only
-            if ($groups && $prefix && $group_field === 'name' && strpos($id, $prefix) === 0) {
-                $gid    = substr($id, strlen($prefix));
-                $result = $this->ldap->list_groups($gid, rcube_addressbook::SEARCH_STRICT);
-
-                if (count($result) === 1 && ($record = $result[0])) {
-                    if ($record[$group_field] === $gid) {
-                        $display = $record['name'];
-                        if ($display != $gid) {
-                            $title = sprintf('%s (%s)', $display, $gid);
-                        }
-
-                        return $display;
-                    }
-                }
-
-                return $id;
-            }
-
-            $this->ldap->set_pagesize('2');
-            // Note: 'uid' works here because we overwrite fieldmap in init_ldap() above
-            $result = $this->ldap->search('uid', $id, rcube_addressbook::SEARCH_STRICT);
-
-            if ($result->count === 1 && ($record = $result->first())) {
-                if ($record['uid'] === $id) {
-                    $title   = rcube_addressbook::compose_search_name($record);
-                    $display = rcube_addressbook::compose_list_name($record);
-
-                    return $display;
-                }
-            }
-        }
-
-        return $id;
-    }
 }
--- a/plugins/acl/composer.json
+++ b/plugins/acl/composer.json
@ -3,7 +3,7 @@
    "type": "roundcube-plugin",
    "description": "IMAP Folders Access Control Lists Management (RFC4314, RFC2086).",
    "license": "GPLv3+",
-    "version": "1.8",
+    "version": "1.6",
    "authors": [
        {
            "name": "Aleksander Machniak",
@ -14,7 +14,7 @@
    "repositories": [
        {
            "type": "composer",
-            "url": "https://plugins.roundcube.net"
+            "url": "http://plugins.roundcube.net"
        }
    ],
    "require": {
--- a/plugins/acl/localization/ar.inc
+++ b/plugins/acl/localization/ar.inc
@ -1,31 +0,0 @@
-<?php
-
-/*
- +-----------------------------------------------------------------------+
- | Localization file of the Roundcube Webmail ACL plugin                 |
- |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
- |                                                                       |
- | Licensed under the GNU General Public License version 3 or            |
- | any later version with exceptions for skins & plugins.                |
- | See the README file for a full license statement.                     |
- +-----------------------------------------------------------------------+
-
- For translation see https://www.transifex.com/projects/p/roundcube-webmail/resource/plugin-acl/
-*/
-
-$labels['username'] = 'المستخدم :';
-$labels['advanced'] = 'الوضع المتقدم';
-$labels['add'] = 'إضافة';
-$labels['acld'] = 'حذف الرسائل';
-$labels['aclt'] = 'حذف الرسائل';
-$labels['aclx'] = 'حذف المجلد';
-$labels['aclother'] = 'آخر';
-$labels['acldelete'] = 'حذف';
-$labels['shortaclc'] = 'أنشئ';
-$labels['shortaclk'] = 'أنشئ';
-$labels['shortacld'] = 'حذف';
-$labels['shortaclt'] = 'حذف';
-$labels['shortaclother'] = 'آخر';
-$labels['shortacldelete'] = 'حذف';
-?>
--- a/plugins/acl/localization/ar_SA.inc
+++ b/plugins/acl/localization/ar_SA.inc
@ -2,23 +2,23 @@

 /*
 +-----------------------------------------------------------------------+
- | Localization file of the Roundcube Webmail ACL plugin                 |
+ | plugins/acl/localization/<lang>.inc                                   |
 |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
+ | Localization file of the Roundcube Webmail ACL plugin                 |
+ | Copyright (C) 2012-2013, The Roundcube Dev Team                       |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
 | See the README file for a full license statement.                     |
+ |                                                                       |
 +-----------------------------------------------------------------------+

 For translation see https://www.transifex.com/projects/p/roundcube-webmail/resource/plugin-acl/
 */
-
 $labels['sharing'] = 'مشاركة';
 $labels['myrights'] = 'حقوق الوصول';
 $labels['username'] = 'مستخدم:';
 $labels['advanced'] = 'وضع متقدم';
-$labels['add'] = 'إضافة';
 $labels['newuser'] = 'اضافة مدخل';
 $labels['editperms'] = 'تعديل الصلاحيات';
 $labels['actions'] = 'اجراءات حقوق الوصول...';
@ -38,7 +38,6 @@ $labels['aclt'] = 'حذف الرسائل';
 $labels['acle'] = 'حُذف';
 $labels['aclx'] = 'حذف المجلد';
 $labels['acla'] = 'ادارة';
-$labels['acln'] = 'التعليق على الرسائل';
 $labels['aclfull'] = 'تحكم كامل';
 $labels['aclother'] = 'اخرى';
 $labels['aclread'] = 'قراءة ';
@ -57,7 +56,6 @@ $labels['shortaclt'] = 'حذف';
 $labels['shortacle'] = 'حُذف';
 $labels['shortaclx'] = 'حذف المجلد';
 $labels['shortacla'] = 'ادارة';
-$labels['shortacln'] = 'كتابة تعليق';
 $labels['shortaclother'] = 'اخرى';
 $labels['shortaclread'] = 'قراءة ';
 $labels['shortaclwrite'] = 'كتابة';
@ -75,14 +73,10 @@ $labels['longaclt'] = 'حذف وسم الرسائل من الممكن تغيير
 $labels['longacle'] = 'بالامكان شطب الرسائل';
 $labels['longaclx'] = 'هذا المجلد بالامكان حذفة او اعادة تسميته';
 $labels['longacla'] = 'حقوق الوصول لهذا المجلد بالامكان تغييره';
-$labels['longacln'] = 'يمكن تغيير البيانات الوصفية (التعليقات) المشتركة بين الرسائل';
 $labels['longaclfull'] = 'التحكم الكامل يتضمن ادارة المجلدات';
 $labels['longaclread'] = 'من الممكن فتح المجلد للقراءة';
 $labels['longaclwrite'] = 'لا يمكن وضع علامة على الرسائل, كتبت او نسخة الى هذا المجلد';
 $labels['longacldelete'] = 'لا يمكن حذف الرسائل';
-$labels['longaclother'] = 'حقوق الوصول الأخرى';
-$labels['ariasummaryacltable'] = 'قائمة حقوق الوصول';
-$labels['arialabelaclform'] = 'نموذج حقوق الوصول';
 $messages['deleting'] = 'جاري حذف حقوق الوصول...';
 $messages['saving'] = 'جاري حفظ حقوق الوصول...';
 $messages['updatesuccess'] = 'تم تغيير حقوق الوصول بنجاح';
--- a/plugins/acl/localization/ast.inc
+++ b/plugins/acl/localization/ast.inc
@ -2,23 +2,23 @@

 /*
 +-----------------------------------------------------------------------+
- | Localization file of the Roundcube Webmail ACL plugin                 |
+ | plugins/acl/localization/<lang>.inc                                   |
 |                                                                       |
- | Copyright (C) The Roundcube Dev Team                                  |
+ | Localization file of the Roundcube Webmail ACL plugin                 |
+ | Copyright (C) 2012-2013, The Roundcube Dev Team                       |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
 | See the README file for a full license statement.                     |
+ |                                                                       |
 +-----------------------------------------------------------------------+

 For translation see https://www.transifex.com/projects/p/roundcube-webmail/resource/plugin-acl/
 */
-
 $labels['sharing'] = 'Compartición';
 $labels['myrights'] = 'Drechos d\'accesu';
 $labels['username'] = 'Usuariu:';
 $labels['advanced'] = 'Mou avanzáu';
-$labels['add'] = 'Amestar';
 $labels['newuser'] = 'Amestar entrada';
 $labels['editperms'] = 'Editar permisos';
 $labels['actions'] = 'Aición de drechos d\'accesu...';
--- a/Show More
+++ b/Show More
				`@ -1 +0,0 @@`
				ALTER TABLE `session` MODIFY `ip` varchar(40) NOT NULL;
				`@ -1 +0,0 @@`
				`ALTER TABLE "session" DROP COLUMN "created";`
				`@ -1 +0,0 @@`
				`ALTER TABLE "session" MODIFY "ip" varchar(41) NOT NULL;`
				`@ -1 +0,0 @@`
				`ALTER TABLE session ALTER COLUMN ip TYPE character varying(41);`