ö?v5$í@‰};`øÔÕ_e]©mPó6YòË¯Ç]µñô\áa æ.—DLÑ;ÃeŠA;£dZé«+Ùï
ÉIF­xÀñÝ£{ŒÕëeÑ´UR+mfLßVqœÍ‡Ê—.^nÃ¿ )ZˆÁf‚LçC£¤éäÐ>_­Æõ‰…Œ“}	º(§Ù%—Å¿±ŽCLM­$S€¤FBŠß°Ñ|ª{à%Ð7™paKÊC‡¨Xu"‚`¤14rrç‚¶øl0’f½1³ ¨À?¡¨¨ƒ¼\íByØ8;4uîéÖ~9pÝah‘îñ8¤TcœåÂÿÏø¦ùrÂ¥¹ÁRJG?>Ë:^Í°’X/2™:sÛ×Éeóõ*—Í¶ææ§ê‚-?k@³2Ö‚—(ïzßXÈ$¤â¾Oc˜Öxp®E4¼OÈ•1èË2àÁŠÜi¢üot	?EvSYÜáqñ$…Çgƒ»§¤˜{‘¸”Žgÿ).ø°YöUœ‚"Ds›ªÚžù°@ÇPé2%ŽæÍsÂâÎcL~ÍÃ¹®7‘6íOÅê.Zˆ)†e@¨ûœ´yæþ’Á¬i…ØmïBÑè»ô¸ª[¿"œ‹•WÉsŠÇØWz(9=bOÒMi›N›æ‡P9`ôˆ£jƒÚÂ'À˜‚cÕ=ŽèyÅØíMåí&©ªŒd8Y|É&_ê	õm¯ÅIÜéÊDG›Ø(l¿ßM#HµG>ý—¦žVñÄ.,šèÇÿ"ºg˜ wCêÔ‚Ÿó[-ÈF·È	œˆ”¹û´ÝF¥(Æá´=£Å©~Mú™Ú^î„'Fn®ö4–‚Ye:\§ËcwûÏL¸vÜIûWÕ(ŠMgº´²ò¶&ü@%*ØÒ¼üdn$WÃ;ÇØ§¤r×§Ð“ÜIÊ±P…-j10y½¾MÓúBÍRÕJe
„œ§†~°-˜ÄWrn”á£sdF·št¼°)HC…•Þf$Ã~Uà>ÂM£ý>nMÜo‚ïKÎº¬¡"‡×S,]Þôþ_=Æ[ßÚwšExJâë®OÁã¯ Íì—lr}f·8¸Ë“ÍÓÅw©!fgÁ½óIÎ® °nq1“H-uÃn…¼à„DYiS„n½Š@©z›Øÿo=ˆE¿I—®ÀË{‰s7-_*_k#jT3ªÈE,”d:h±^²¿aP”Øš)‡$LÉ_FT_Y5×
ÜÊ¨0qåI©Æ»y¥üñ€¼—YÞEé½-VMQ•ZŽSñö+ÚŸoŠ/ßiœlh±xB)¡?Ö”®×ms@¶x¾1W©@vpH¬á×à¼üzn+¯–û½a¥ˆØ÷Ó%&#E€Èõü©ûÊÏa77õ„³ŠD¨àô¾iØ}#Nªv¾èúÐûÁg¡”",t?Šôí)Ãì~Çäv¹ Ég$×¥fÃÅÕ—ÂZ°7¦Gâ&Ñ¿Œ»°m0¸Û¶=ªjÑã21­nÃ	‡ýwùçS5¼¤T=òøC®jöT®ŸÌ|Þ¿Ìžâ‹ü~,­qºxKLXåF÷ËÞ©_‚`$Òýò[Ï!ý½GoÝî‰~lÛ˜Ž×£²ÏNŸ\È›W±BöÌñmU —:Š…Í®Ô»‘›2ÝÉ<:ú;¸¤å»SYÞDŠŠ&îäbð¸˜£ä,nÏ3Ï¹íºYm’y,«Ù‰F3˜÷äO“V˜(ÔÈÏÕÀÇ®G­ç+*¬ƒ‘2ž…kÆ*‹»ß³Ê—4H5š(ü÷¶gÄ¿k0•·F$ysUt–~Ðéf†æy‹JÅ/['ì¢Ò0 ´)®«ñkKŠÖ<¿âŠ8–ÝvG¯{²qz@#«€¦Äð·-ràix
EýdÙì`TåË˜*RyVŠçÿ³I3lùóêc-ÉµY|3Ù¢Í!~h,Õ{´ùŠø9b’"‹›]0ÏäÑ¡\=ï”¶mßšáÍ}òFíÎž]¾î)òõÝ×A@Ä!ÒÃµÂÔ%Ž"!0$Ü]à¶àúÔÍ´†eZ½Ê}¥ä#õõÉQè!Ï¦ ÷JÙ(ÏYX«øEø#iãú]€¹ûìk†àÛp_QSôPÒ§(ê½2¼åáVçÈ}L3vDå5  }m?£~Hyn}¼2yÑMÔ[%–|YÎ“ÿ¿Ûˆ1c´(#ÂX\¸{|HQnõ†7ñ3kÚïLúâÆßþL˜÷à„ÓË!X ácýG™0(¹P>³*ùõZòð“KÔ"ÙmOœæü.,ÓÖÍ€E/%þ:Œò÷cúõ1jJR³G‘Îý£‘#ÞÞ^í7ë:y¸ä&G½Æò(,ÁžeMè–aô§jUê£S»Ú!Q- ¿sþƒ,âWn"0Fû™«³dÈ ë@ÆsÈ&ûÑýùðfžvPc½SLF¶¹ì::Ô…zkˆÔ½.S/›Oï¬¬ÔŒTÕrªg‡Ø\dy`ôùÉóDî6ð‰~§½Ékö|{è})Ò4EHšêd–½3**óŸÃç,l;Z¯•äaè£š'njµ›aÍúóÝ´‘å¢mÜ¬}ë†”„¥êÚm3Ð5*£ªøò#"JÜùIäÅRF´®€>ÿ,Çù¤ýØNi¸G|¹rÌÜ&Ud¶c€ËŠm/ÐŒ}ÿùq>ß| ±:ód÷¬ã(^ >R@'½„s3ì«FÄB¡Éu÷n°i6©0Æù‰aÒ¬hˆÍÞ9Í¨EoŸ8LºíÿTü)ƒâÀäÂ"6JÞ¸(Ó
™£*f+ïB„iZBÚñvžóæ»
íÉÉnŸ£S‹þÂ¶eAÜEÕÝw_ËN+|Ue¹üø1ÞØ¢tD¼ðàNÉå:ZË¿²D²T~é;ê[w¶:"Ø±{=—Ä£ |--1b{Ñ¹¡Lt’ÊŒÃ­áÈˆm`¦ýS
»;ÔÐETF§Z¨ë3Æü-_ïç¹ bj¸O;Mø…ÄñØ-ÒK‡fµf³žtHóbÇkc—AËjü'À%O|]®8ì§L‡õ•ö„˜lgÐOf9>¸$R1Kößº"Z¼žQÉÈã­í·ñßHõË4ÃrWŽùˆ=;Ã&gè1´}9 ýèWUøl=³Ï«†lŠc”Q#YFó¼/¦ÝR:¿;šCN0¯~6ÇÃ`Ét|LÔÝeÄuM¨zÃè-P£é(s7„ÇÊ‹ÂíëÎ½YÖ‘SJi–)ÇÅyê(š2GÿþßOúB­IUš¢.ÓGì$÷¢?:úø©?ý1T¥ë<ªÓôï~éi˜‚øz¼Ú—\‚ÝhU¿ ðŒß·óaŽìTz€ÖþìŠ8mHeNnDÙcd@Ë÷DÈuÂÝäW¥èVL ŽaÎ÷ÎØaîe„Ôç£›ÃI¾“Ý\Ós•Sâéóá`ò×”¾1Ÿ|û¯„ÚÈ5¼Îc}±¾´JÎä¦ùÿ9Ìð¸Î°ZÚC¢¿²aÕEßkQÛN×¨Ú
'ð›^»ç‚HŽnQIŒ7¤àÌˆÉ03¸ÄÛ` ërÀŸÁÒ]mét¡ÿ9Ìð¸Î°ZÚC¢¿²aœà~ãéûv,2[¢	æ¹æ{÷(l	â%å8éAü.BK—SA¯Ö¡\TÎˆ©Ä‹üI×å˜ÝÕ—F¤ì´	~yLÉÖ³ÍHýžÙbCVpN».ü g}Ùø¤Ú,™ÞúV0¿N¬Ql›ÅÈù uû£G±6@‘'ž øºo´µ	Vx¥Kî’²nð¤•ùZBQVjbœ¿Ð^õ›ð y"ån¹P_‚¬èŠ+J¯#´s3(.IW4ƒñ2PýßÓÐDá1‡ÛaŠ#!X).U!BwÕÏüPÆ(Ô;uú~5jöŸTÐCœw9çåË´‹D07ùhé{ˆ¬Õyá¹Kr³¯óÄ¤Xñ#`Ýˆ’ðzÝ¤þ nÑÈëOè#¾WÈ‘%~ªA»G!~ØQuáâ±T†Ì§Ðì½žŠ¨Î‚¡3AÂ¹|0"F¸Ò‚RŒ‹P0Ý¡ï4¸RËÙBáJ²ÇýIkFQ]d;•!ÃÓËÈà•%²¦UÚ‰t#Á×CÚ1Û ‹Gi»…ÉáJ²ÇýIkFQ]d;•!ÃU0Û4É¦Ó~qb¼3™<ÛdNö¥?Y.8ùãÏ«¤oê I–Gx¼ÀcØ3¤˜%8“F!}¾8Ôð]‚¼ :V¥´I·S‰æPæ‚à(8myS‘v/S5g_”kÚ Lžüý1Š“k¼Ox‡áÔÆÖ?Vêà¹”¾Ø’ÞÄ»ìõ=ÄÚ¦Y)hrž}ŠŽkÕ‡|æÊ°1•ÇÎ×tU¨ÕÝºAÙÿ=qd©ýóókïß¨Ì6¾ºAÍþ·tÉ“yïÒ;®V}«íþ×Yq
¶£EŒÅvßWÍ}òFíÎž]¾î)òõÝ×n<]6·ÑB!'ÿ¶3ð3‚¨M“~t²âºãYMR…ÕþbÂºAå¶ì¸þÛä¢ÞOçy;8æ¤ó
µËXê \„†?ÊÍ¯´ËKöýù_¶5‡-¥Üòs“wç]oyM07Ëÿ‚ö|EËÀHè¾¡ûï;¡5T»4³ªY}#<$ÀAÈÜ,,1f•öñÖ§µ™3ù1Jä¬ƒ^@#jmä1NJR“¶Xaý
ÕÌóÚ‡¢JKçA7:—äç<÷|ýy^X×ÔŸE“‰²mà^¯ÓsiÃ?¤¯þÿ_°ŠwZƒÆsö:=r¶Mj Œ¨³ýZààà¡·%KMÕ°ÇK§šMÛ.{(£¡1Ÿã	£”¹è–Ä'â×Á	¾g E¾åF 8ý„‚éâ½§7	¾8ÕfåSÉNY³ÍP?8r:áíŽ¤ìEÆêÀUj×òQ”<Dš¨=h˜‡ZC˜kÿ‰Å`’Ù/vT{¼*?y]6èÁ T¹)=X~iw¿lÕßø˜³ówëìŠvYUÙ³I§QB˜•?´¤üÍN"$™g~ÝŠæÈ£&©¾„„EËÎ‰›e“	´~F¤ôePèèð‚kp+†BBÒž£™ŠDrˆ¹°Ÿ½ÜÊ>¿Þ¯Î%éÛ ‹V]-ñ0p	Õ&î]Às]8ù¿aW äøgqvâÎXu£%ïÞ¨1Ü›sÏ 2 ì1ÇvÉþ‹Ü”^@í•ÄÙ+j£€Ä°¡Yˆþžªi¬ì$?Õ-¼š¼ONÉn¤ jˆIž›Î]„¦¸¼*9”x2>îkDä¯ÔúÐÑçÓËÈà•%²¦UÚ‰t#his->file_id();
        $args['status'] = true;

        // Note the file for later cleanup
        $_SESSION['plugins']['filesystem_attachments'][$group][$args['id']] = $args['path'];

        return $args;
    }

    /**
     * Remove an attachment from storage
     * This is triggered by the remove attachment button on the compose screen
     */
    function remove($args)
    {
        $args['status'] = $this->verify_path($args['path']) && @unlink($args['path']);
        return $args;
    }

    /**
     * When composing an html message, image attachments may be shown
     * For this plugin, the file is already in place, just check for
     * the existence of the proper metadata
     */
    function display($args)
    {
        $args['status'] = $this->verify_path($args['path']) && file_exists($args['path']);
        return $args;
    }

    /**
     * This attachment plugin doesn't require any steps to put the file
     * on disk for use.  This stub function is kept here to make this 
     * class handy as a parent class for other plugins which may need it.
     */
    function get($args)
    {
        if (!$this->verify_path($args['path'])) {
            $args['path'] = null;
        }

        return $args;
    }

    /**
     * Delete all temp files associated with this user
     */
    function cleanup($args)
    {
        // $_SESSION['compose']['attachments'] is not a complete record of
        // temporary files because loading a draft or starting a forward copies
        // the file to disk, but does not make an entry in that array
        if (!empty($_SESSION['plugins']['filesystem_attachments'])) {
            foreach ($_SESSION['plugins']['filesystem_attachments'] as $group => $files) {
                if (!empty($args['group']) && $args['group'] != $group) {
                    continue;
                }

                foreach ((array) $files as $filename) {
                    if (file_exists($filename)) {
                        unlink($filename);
                    }
                }

                unset($_SESSION['plugins']['filesystem_attachments'][$group]);
            }
        }

        return $args;
    }

    protected static function file_id()
    {
        $userid = rcube::get_instance()->user->ID;
        list($usec, $sec) = explode(' ', microtime());
        $id = preg_replace('/[^0-9]/', '', $userid . $sec . $usec);

        // make sure the ID is really unique (#1489546)
        while (self::find_file_by_id($id)) {
            // increment last four characters
            $x  = substr($id, -4) + 1;
            $id = substr($id, 0, -4) . sprintf('%04d', ($x > 9999 ? $x - 9999 : $x));
        }

        return $id;
    }

    private static function find_file_by_id($id)
    {
        if (!empty($_SESSION['plugins']['filesystem_attachments'])) {
            foreach ((array) $_SESSION['plugins']['filesystem_attachments'] as $files) {
                if (isset($files[$id])) {
                    return true;
                }
            }
        }
    }

    /**
     * For security we'll always verify the file path stored in session,
     * as session entries can be faked in various ways e.g. #6026.
     * We allow only files in Roundcube temp dir
     */
    protected static function verify_path($path)
    {
        if (empty($path)) {
            return false;
        }

        $rcmail    = rcube::get_instance();
        $temp_dir  = $rcmail->config->get('temp_dir');
        $file_path = pathinfo($path, PATHINFO_DIRNAME);

        if ($temp_dir !== $file_path) {
            // When the configured directory is not writable, or out of open_basedir path
            // tempnam() fallbacks to system temp without a warning.
            // We allow that, but we'll let to know the user about the misconfiguration.
            if ($file_path == sys_get_temp_dir()) {
                rcube::raise_error([
                        'file'    => __FILE__,
                        'line'    => __LINE__,
                        'message' => "Detected 'temp_dir' change. "
                            . "Access to '$temp_dir' restricted by filesystem permissions or open_basedir",
                    ], true, false
                );

                return true;
            }

            rcube::raise_error([
                    'file'    => __FILE__,
                    'line'    => __LINE__,
                    'message' => sprintf("%s can't read %s (not in temp_dir)",
                        $rcmail->get_user_name(), substr($path, 0, 512))
                ], true, false
            );

            return false;
        }

        return true;
    }
}