Update packaging script

This is a workaround for some systems that requires this variable to be set explicitly for sending emails (thanks to falcon for the issue)

src/messenger/pack.pl

@@ -5,7 +5,7 @@
 ##################################################################
 
 $targetFolder = "deploy";
-$suffix = "165";
+$suffix = "167";
 
 ##################################################################
 # Copies tree into target folder, preprocess .phps
@@ -52,89 +52,12 @@ chdir "$targetFolder";
 
 chdir "locales";
 
-`zip -r ../../release$suffix/mibew${suffix}_cs.zip cs`;
+foreach $locale qw ( ar be bg ca cs da de el fa fi fr he hr hu id it ka lv nl pl pt-br pt-pt ro ru sp sv th tr ua zh-cn zh-tw ) {
-`rm -rf cs`;
 
-`zip -r ../../release$suffix/mibew${suffix}_fi.zip fi`;
+    `zip -r ../../release$suffix/mibew${suffix}_$locale.zip $locale`;
-`rm -rf fi`;
+    `rm -rf $locale`;
 
-`zip -r ../../release$suffix/mibew${suffix}_da.zip da`;
+}
-`rm -rf da`;
-
-`zip -r ../../release$suffix/mibew${suffix}_el.zip el`;
-`rm -rf el`;
-
-`zip -r ../../release$suffix/mibew${suffix}_lv.zip lv`;
-`rm -rf lv`;
-
-`zip -r ../../release$suffix/mibew${suffix}_fa.zip fa`;
-`rm -rf fa`;
-
-`zip -r ../../release$suffix/mibew${suffix}_nl.zip nl`;
-`rm -rf nl`;
-
-`zip -r ../../release$suffix/mibew${suffix}_th.zip th`;
-`rm -rf th`;
-
-`zip -r ../../release$suffix/mibew${suffix}_ar.zip ar`;
-`rm -rf ar`;
-
-`zip -r ../../release$suffix/mibew${suffix}_bg.zip bg`;
-`rm -rf bg`;
-
-`zip -r ../../release$suffix/mibew${suffix}_ca.zip ca`;
-`rm -rf ca`;
-
-`zip -r ../../release$suffix/mibew${suffix}_de.zip de`;
-`rm -rf de`;
-
-`zip -r ../../release$suffix/mibew${suffix}_ru.zip ru`;
-`rm -rf ru`;
-
-`zip -r ../../release$suffix/mibew${suffix}_ro.zip ro`;
-`rm -rf ro`;
-
-`zip -r ../../release$suffix/mibew${suffix}_hu.zip hu`;
-`rm -rf hu`;
-
-`zip -r ../../release$suffix/mibew${suffix}_fr.zip fr`;
-`rm -rf fr`;
-
-`zip -r ../../release$suffix/mibew${suffix}_it.zip it`;
-`rm -rf it`;
-
-`zip -r ../../release$suffix/mibew${suffix}_ka.zip ka`;
-`rm -rf ka`;
-
-`zip -r ../../release$suffix/mibew${suffix}_pl.zip pl`;
-`rm -rf pl`;
-
-`zip -r ../../release$suffix/mibew${suffix}_pt-br.zip pt-br`;
-`rm -rf pt-br`;
-
-`zip -r ../../release$suffix/mibew${suffix}_sp.zip sp`;
-`rm -rf sp`;
-
-`zip -r ../../release$suffix/mibew${suffix}_sv.zip sv`;
-`rm -rf sv`;
-
-`zip -r ../../release$suffix/mibew${suffix}_ua.zip ua`;
-`rm -rf ua`;
-
-`zip -r ../../release$suffix/mibew${suffix}_he.zip he`;
-`rm -rf he`;
-
-`zip -r ../../release$suffix/mibew${suffix}_hr.zip hr`;
-`rm -rf hr`;
-
-`zip -r ../../release$suffix/mibew${suffix}_tr.zip tr`;
-`rm -rf tr`;
-
-`zip -r ../../release$suffix/mibew${suffix}_zh-cn.zip zh-cn`;
-`rm -rf zh-cn`;
-
-`zip -r ../../release$suffix/mibew${suffix}_zh-tw.zip zh-tw`;
-`rm -rf zh-tw`;
 
 chdir "..";
 `zip -r ../release$suffix/mibew$suffix.zip * .htaccess`;

src/messenger/webim/README

@@ -9,33 +9,33 @@ REQUIREMENTS
 
 INSTALLATION
 
-1. Create folder with name 'webim' in the root of your website.
+1. Create folder with name 'mibew' in the root of your website.
 2. Upload all the files contained in this archive (retaining the directory structure) into created folder.
-   Be sure to chromo the webim folder to 755 and the install folder to 644.
+   Be sure to chromo the mibew folder to 755 and the install folder to 644.
-3. Add a MySQL database with the name 'webim'
+3. Add a MySQL database with the name 'mibew'
-4. Edit /webim/libs/config.php to the information needed to connect to the database
+4. Edit /mibew/libs/config.php to the information needed to connect to the database
-5. Using your web browser visit http://<yourdomain>/webim/install/ and
+5. Using your web browser visit http://<yourdomain>/mibew/install/ and
    hit 'Create tables'
-6. Remove /webim/install/ directory from your server
+6. Remove /mibew/install/ directory from your server
 7. Logon as
                   user: admin
                   password: <empty>
-7. Get button code and setup it on your site.
+8. Get button code and setup it on your site.
-8. Change your password and name.
+9. Change your password and name.
-9. Wait for your visitors on 'Pending users' page.
+10. Wait for your visitors on 'Pending users' page.
 
-On unix/linux platforms change the owner of /webim/images/avatar folder 
+On unix/linux platforms change the owner of /mibew/images/avatar folder 
 to the user, under which the web server is running (for instance, www).
-The owner should have all rights on the folder /webim/images/avatar 
+The owner should have all rights on the folder /mibew/images/avatar 
-(chmod 700 /webim/images/avatar).
+(chmod 700 /mibew/images/avatar).
 
 UPDATE
 
-1. Backup your /webim/libs/config.php
+1. Backup your /mibew/libs/config.php
-2. Backup your /webim/images/avatar folder.
+2. Backup your /mibew/images/avatar folder.
-3. Delete the items in the webim folder on the server.
+3. Delete the items in the mibew folder on the server.
-4. Upload all the files contained in the downloaded archive (retaining the directory structure) into webim folder.
+4. Upload all the files contained in the downloaded archive (retaining the directory structure) into mibew folder.
 5. Re-edit the MySQL database settings you config.php
-6. Visit http://<yourdomain>/webim/install/ and follow the instructions to update database (if needed).
+6. Visit http://<yourdomain>/mibew/install/ and follow the instructions to update database (if needed).
-7. Remove /webim/install/ directory from your server
+7. Remove /mibew/install/ directory from your server
-8. Restore contents of /webim/images/avatar folder.
+8. Restore contents of /mibew/images/avatar folder.

src/messenger/webim/VERSION

@@ -1 +1 @@
-Mibew/1.6.5
+Mibew/1.6.7

src/messenger/webim/b.php

@@ -25,19 +25,19 @@ if($referer && isset($_SESSION['threadid'])) {
 	$link = connect();
 	$thread = thread_by_id_($_SESSION['threadid'], $link);
     if ($thread && $thread['istate'] != $state_closed) {
-        $msg = getstring2_("chat.client.visited.page", array($referer), $thread['locale']);
+        $msg = getstring2_("chat.client.visited.page", array($referer), $thread['locale'], true);
         post_message_($thread['threadid'], $kind_for_agent,$msg,$link);
     }
     mysql_close($link);
 }
 
-$image = verifyparam(isset($_GET['image']) ? "image" : "i", "/^\w+$/", "webim");
+$image = verifyparam(isset($_GET['image']) ? "image" : "i", "/^\w+$/", "mibew");
 $lang = verifyparam(isset($_GET['language']) ? "language" : "lang", "/^[\w-]{2,5}$/", "");
-if(!$lang || !locale_exists($lang)) {
+if(!$lang || !locale_pattern_check($lang) || !locale_exists($lang)) {
 	$lang = $current_locale;
 }
 
-$groupid = verifyparam( "group", "/^\d{1,8}$/", "");
+$groupid = verifyparam( "group", "/^\d{1,10}$/", "");
 if($groupid) {
 	loadsettings();
 	if($settings['enablegroups'] == '1') {
@@ -51,9 +51,11 @@ if($groupid) {
 }
 
 $image_postfix = has_online_operators($groupid) ? "on" : "off";
-$filename = "locales/${lang}/button/${image}_${image_postfix}.gif";
+$filename = dirname(__FILE__) . "/locales/${lang}/button/${image}_${image_postfix}.gif";
-
+if (!file_exists($filename)) {
-$fp = fopen($filename, 'rb') or die("no image");
+	die("no image");
+}
+$fp = fopen($filename, 'rb') or die("unable to get image");
 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
 header("Cache-Control: no-store, no-cache, must-revalidate");
 header("Pragma: no-cache");

src/messenger/webim/client.php

@@ -21,6 +21,7 @@ require_once('libs/operator.php');
 require_once('libs/groups.php');
 require_once('libs/expand.php');
 require_once('libs/captcha.php');
+require_once('libs/notify.php');
 
 loadsettings();
 if($settings['enablessl'] == "1" && $settings['forcessl'] == "1") {
@@ -46,7 +47,7 @@ if( !isset($_GET['token']) || !isset($_GET['thread']) ) {
 		$groupid = "";
 		$groupname = "";
 		if($settings['enablegroups'] == '1') {
-			$groupid = verifyparam( "group", "/^\d{1,8}$/", "");
+			$groupid = verifyparam( "group", "/^\d{1,10}$/", "");
 			if($groupid) {
 				$group = group_by_id($groupid);
 				if(!$group) {
@@ -64,11 +65,21 @@ if( !isset($_GET['token']) || !isset($_GET['thread']) ) {
 			$info = getparam("info");
 			$email = getparam("email");
 			$referrer = urldecode(getparam("referrer"));
+			if ($settings["surveyaskcaptcha"] == "1") {
+				$captcha = getparam('captcha');
+				$original = isset($_SESSION["mibew_captcha"])
+					? $_SESSION["mibew_captcha"]
+					: "";
+				$survey_captcha_failed = empty($original)
+					|| empty($captcha)
+					|| $captcha != $original;
+				unset($_SESSION['mibew_captcha']);
+			}
 
 			if($settings['usercanchangename'] == "1" && isset($_POST['name'])) {
 				$newname = getparam("name");
 				if($newname != $visitor['name']) {
-					$data = strtr(base64_encode(myiconv($webim_encoding,"utf-8",$newname)), '+/=', '-_,');
+					$data = strtr(base64_encode(myiconv($mibew_encoding,"utf-8",$newname)), '+/=', '-_,');
 					setcookie($namecookie, $data, time()+60*60*24*365);
 					$visitor['name'] = $newname;
 				}
@@ -92,10 +103,18 @@ if( !isset($_GET['token']) || !isset($_GET['thread']) ) {
 			exit;
 		}
 
-		if($settings['enablepresurvey'] == '1' && !(isset($_POST['survey']) && $_POST['survey'] == 'on')) {
+		$show_survey = $settings['enablepresurvey'] == '1'
+			&& (
+			    !(isset($_POST['survey']) && $_POST['survey'] == 'on')
+			    || ($settings["surveyaskcaptcha"] == "1" && !empty($survey_captcha_failed))
+			);
+		if($show_survey) {
 			$page = array();
 			setup_logo();
-			setup_survey($visitor['name'], $email, $groupid, $info, $referrer);
+			if (!empty($survey_captcha_failed)) {
+			    $errors[] = getlocal('errors.captcha');
+			}
+			setup_survey($visitor['name'], $email, $groupid, $info, $referrer, can_show_captcha());
 			expand("styles", getchatstyle(), "survey.tpl");
 			exit;
 		}
@@ -112,31 +131,32 @@ if( !isset($_GET['token']) || !isset($_GET['thread']) ) {
 		$_SESSION['threadid'] = $thread['threadid'];
 		
 		if( $referrer ) {
-			post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.came.from',array($referrer)),$link);
+			post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.came.from',array($referrer),true),$link);
 		}
-		post_message_($thread['threadid'],$kind_info,getstring('chat.wait'),$link);
+		post_message_($thread['threadid'],$kind_info,getstring('chat.wait', true),$link);
 		if($email) {
-			post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.email',array($email)),$link);
+			post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.email',array($email),true),$link);
 		}
 		if($info) {
-			post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.info',array($info)),$link);
+			post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.info',array($info),true),$link);
 		}
 		if($firstmessage) {
 			$postedid = post_message_($thread['threadid'],$kind_user,$firstmessage,$link,$visitor['name']);
-			commit_thread( $thread['threadid'], array('shownmessageid' => $postedid), $link);
+			commit_thread( $thread['threadid'], array('shownmessageid' => intval($postedid)), $link);
 		}
+		notify_operators($thread, $firstmessage, $link);
 		mysql_close($link);
 	}
 	$threadid = $thread['threadid'];
 	$token = $thread['ltoken'];
 	$level = get_remote_level($_SERVER['HTTP_USER_AGENT']);
 	$chatstyle = verifyparam( "style", "/^\w+$/", "");
-	header("Location: $webimroot/client.php?thread=$threadid&token=$token&level=$level".($chatstyle ? "&style=$chatstyle" : ""));
+	header("Location: $mibewroot/client.php?thread=$threadid&token=$token&level=$level".($chatstyle ? "&style=$chatstyle" : ""));
 	exit;
 }
 
-$token = verifyparam( "token", "/^\d{1,8}$/");
+$token = verifyparam( "token", "/^\d{1,10}$/");
-$threadid = verifyparam( "thread", "/^\d{1,8}$/");
+$threadid = verifyparam( "thread", "/^\d{1,10}$/");
 $level = verifyparam( "level", "/^(ajaxed|simple|old)$/");
 
 $thread = thread_by_id($threadid);

src/messenger/webim/default.css

@@ -249,6 +249,7 @@ img.left {
 
 .tabs {
 	float: right;
+	margin-left: 15px;
 	display: inline;
 	margin-right: 15px;
 }
@@ -297,6 +298,10 @@ img.left {
 	margin-bottom:8px;
 }
 
+.packedFormField select {
+	min-width: 130px;
+}
+
 div.errinfo {
 	color: #c13030;
 }	
@@ -490,6 +495,16 @@ table.list td a.man {
 	padding-left: 15px;
 }
 
+table.list td a.mail {
+	background: url(images/mail.png) no-repeat left center;
+	padding-left: 24px;
+}
+
+table.list td a.xmpp {
+	background: url(images/xmpp.png) no-repeat left center;
+	padding-left: 24px;
+}
+
 table.list tbody tr:hover td, table.list tbody tr:hover td a, table.statistics tbody tr:hover td {
 	color: #1D485E;
 }
@@ -728,6 +743,8 @@ table.awaiting td.visitor {
 .dashitem img, #dashlocalesPopup h2 img {
 	float: left;
 	padding-right:10px;
+	width: 24px;
+	height: 24px;
 }
 
 #dashlocalesPopup h2 img {

src/messenger/webim/install/dbinfo.php

@@ -72,6 +72,7 @@ $dbtables = array(
 		"vcavatar" => "varchar(255)",
 		"vcjabbername" => "varchar(255)",
 		"iperm" => "int DEFAULT 65535",
+		"inotify" => "int DEFAULT 0", /* 0 - none, 1 - jabber */
 		"dtmrestore" => "datetime DEFAULT 0",
 		"vcrestoretoken" => "varchar(64)",
 	),
@@ -105,7 +106,18 @@ $dbtables = array(
 		"locale" => "varchar(8)",
 		"groupid" => "int references ${mysqlprefix}chatgroup(groupid)",
 		"vcvalue" => "varchar(1024) NOT NULL",
-	)
+	),
+
+	"${mysqlprefix}chatnotification" => array(
+		"id" => "INT NOT NULL auto_increment PRIMARY KEY",
+		"locale" => "varchar(8)",
+		"vckind" => "varchar(16)",
+		"vcto" => "varchar(256)",
+		"dtmcreated" => "datetime DEFAULT 0",
+		"vcsubject" => "varchar(256)",
+		"tmessage" => "text NOT NULL",
+		"refoperator" => "int NOT NULL references ${mysqlprefix}chatoperator(operatorid)",
+	),
 );
 
 $dbtables_indexes = array(
@@ -119,19 +131,20 @@ $memtables = array();
 $dbtables_can_update = array(
 	"${mysqlprefix}chatthread" => array("agentId", "userTyping", "agentTyping", "messageCount", "nextagent", "shownmessageid", "userid", "userAgent", "groupid"),
 	"${mysqlprefix}chatmessage" => array("agentId"),
-	"${mysqlprefix}chatoperator" => array("vcavatar", "vcjabbername", "iperm", "istatus", "vcemail", "dtmrestore", "vcrestoretoken"),
+	"${mysqlprefix}chatoperator" => array("vcavatar", "vcjabbername", "iperm", "istatus", "vcemail", "dtmrestore", "vcrestoretoken", "inotify"),
 	"${mysqlprefix}chatban" => array(),
 	"${mysqlprefix}chatgroup" => array("vcemail"),
 	"${mysqlprefix}chatgroupoperator" => array(),
 	"${mysqlprefix}chatresponses" => array(),
+	"${mysqlprefix}chatnotification" => array(),
 );
 
 function show_install_err($text)
 {
-	global $page, $version, $errors, $webimroot;
+	global $page, $version, $errors, $mibewroot;
 	$page = array(
 		'version' => $version,
-		'localeLinks' => get_locale_links("$webimroot/install/index.php")
+		'localeLinks' => get_locale_links("$mibewroot/install/index.php")
 	);
 	$errors = array($text);
 	start_html_output();
@@ -171,7 +184,7 @@ function create_table($id, $link)
 	mysql_query($query, $link) or show_install_err(' Query failed: ' . mysql_error($link));
 
 	if ($id == "${mysqlprefix}chatoperator") {
-		create_operator_("admin", "", "", "Administrator", "Administrator", "", $link);
+		create_operator_("admin", "", "", "", "Administrator", "Administrator", 0, "", $link);
 	} else if ($id == "${mysqlprefix}chatrevision") {
 		perform_query("INSERT INTO ${mysqlprefix}chatrevision VALUES (1)", $link);
 	}

src/messenger/webim/install/dbperform.php

@@ -38,7 +38,8 @@ if ($act == "silentcreateall") {
 } else if ($act == "createdb") {
 	mysql_query("CREATE DATABASE $mysqldb", $link) or show_install_err(' Query failed: ' . mysql_error($link));
 } else {
-	mysql_select_db($mysqldb, $link) or show_install_err('Could not select database');
+	mysql_select_db($mysqldb, $link)
+	or show_install_err('Could not select database');
 	if ($force_charset_in_connection) {
 		mysql_query("SET character set $dbencoding", $link);
 	}
@@ -118,6 +119,10 @@ if ($act == "silentcreateall") {
 			runsql("ALTER TABLE ${mysqlprefix}chatoperator ADD istatus int DEFAULT 0", $link);
 		}
 
+		if (in_array("${mysqlprefix}chatoperator.inotify", $absent)) {
+			runsql("ALTER TABLE ${mysqlprefix}chatoperator ADD inotify int DEFAULT 0", $link);
+		}
+
 		if (in_array("${mysqlprefix}chatoperator.vcavatar", $absent)) {
 			runsql("ALTER TABLE ${mysqlprefix}chatoperator ADD vcavatar varchar(255)", $link);
 		}
@@ -158,6 +163,6 @@ if ($act == "silentcreateall") {
 }
 
 mysql_close($link);
-header("Location: $webimroot/install/index.php");
+header("Location: $mibewroot/install/index.php");
 exit;
 ?>

src/messenger/webim/install/index.php

@@ -21,7 +21,7 @@ require_once('dbinfo.php');
 
 $page = array(
 	'version' => $version,
-	'localeLinks' => get_locale_links("$webimroot/install/index.php")
+	'localeLinks' => get_locale_links("$mibewroot/install/index.php")
 );
 
 $page['done'] = array();
@@ -30,9 +30,9 @@ $page['nextnotice'] = false;
 $page['soundcheck'] = false;
 $errors = array();
 
-function check_webimroot()
+function check_mibewroot()
 {
-	global $page, $errors, $webimroot;
+	global $page, $errors, $mibewroot;
 	$requestUri = $_SERVER["REQUEST_URI"];
 	if (!preg_match('/^(.*)\\/install(\\/[^\\/\\\\]*)?$/', $requestUri, $matches)) {
 		$errors[] = "Cannot detect application location: $requestUri";
@@ -40,9 +40,9 @@ function check_webimroot()
 	}
 	$applocation = $matches[1];
 
-	if ($applocation != $webimroot) {
+	if ($applocation != $mibewroot) {
-		$errors[] = "Please, check file ${applocation}/libs/config.php<br/>Wrong value of \$webimroot variable, should be \"$applocation\"";
+		$errors[] = "Please, check file ${applocation}/libs/config.php<br/>Wrong value of \$mibewroot variable, should be \"$applocation\"";
-		$webimroot = $applocation;
+		$mibewroot = $applocation;
 		return false;
 	}
 
@@ -87,12 +87,12 @@ function fpermissions($file)
 
 function check_files()
 {
-	global $page, $errors, $webimroot;
+	global $page, $errors, $mibewroot;
 
 	$packageFile = dirname(__FILE__) . "/package";
 	$fp = @fopen($packageFile, "r");
 	if ($fp === FALSE) {
-		$errors[] = getlocal2("install.cannot_read", array("$webimroot/install/package"));
+		$errors[] = getlocal2("install.cannot_read", array("$mibewroot/install/package"));
 		if (file_exists($packageFile)) {
 			$errors[] = getlocal2("install.check_permissions", array(fpermissions($packageFile)));
 		}
@@ -113,10 +113,10 @@ function check_files()
 		$relativeName = dirname(__FILE__) . "/../$file";
 		if (!is_readable($relativeName)) {
 			if (file_exists($relativeName)) {
-				$errors[] = getlocal2("install.cannot_read", array("$webimroot/$file"));
+				$errors[] = getlocal2("install.cannot_read", array("$mibewroot/$file"));
 				$errors[] = getlocal2("install.check_permissions", array(fpermissions($relativeName)));
 			} else {
-				$errors[] = getlocal2("install.no_file", array("$webimroot/$file"));
+				$errors[] = getlocal2("install.no_file", array("$mibewroot/$file"));
 			}
 			return false;
 		}
@@ -127,7 +127,7 @@ function check_files()
 				$result = md5(str_replace("\r", "", file_get_contents($relativeName)));
 			}
 			if ($result != $sum) {
-				$errors[] = getlocal2("install.bad_checksum", array("$webimroot/$file"));
+				$errors[] = getlocal2("install.bad_checksum", array("$mibewroot/$file"));
 				$errors[] = getlocal("install.check_files");
 				return false;
 			}
@@ -140,7 +140,7 @@ function check_files()
 
 function check_connection()
 {
-	global $mysqlhost, $mysqllogin, $mysqlpass, $page, $errors, $webimroot;
+	global $mysqlhost, $mysqllogin, $mysqlpass, $page, $errors, $mibewroot;
 	$link = @mysql_connect($mysqlhost, $mysqllogin, $mysqlpass);
 	if ($link) {
 		$result = mysql_query("SELECT VERSION() as c", $link);
@@ -161,7 +161,7 @@ function check_connection()
 
 function check_database($link)
 {
-	global $mysqldb, $force_charset_in_connection, $dbencoding, $page, $webimroot;
+	global $mysqldb, $force_charset_in_connection, $dbencoding, $page, $mibewroot;
 	if (mysql_select_db($mysqldb, $link)) {
 		$page['done'][] = getlocal2("install.2.db_exists", array($mysqldb));
 		if ($force_charset_in_connection) {
@@ -171,14 +171,14 @@ function check_database($link)
 	} else {
 		$page['nextstep'] = getlocal2("install.2.create", array($mysqldb));
 		$page['nextnotice'] = getlocal("install.2.notice");
-		$page['nextstepurl'] = "$webimroot/install/dbperform.php?act=createdb";
+		$page['nextstepurl'] = "$mibewroot/install/dbperform.php?act=createdb";
 	}
 	return false;
 }
 
 function check_tables($link)
 {
-	global $dbtables, $page, $webimroot;
+	global $dbtables, $page, $mibewroot;
 	$curr_tables = get_tables($link);
 	if ($curr_tables !== false) {
 		$tocreate = array_diff(array_keys($dbtables), $curr_tables);
@@ -187,7 +187,7 @@ function check_tables($link)
 			return true;
 		} else {
 			$page['nextstep'] = getlocal("install.3.create");
-			$page['nextstepurl'] = "$webimroot/install/dbperform.php?act=ct";
+			$page['nextstepurl'] = "$mibewroot/install/dbperform.php?act=ct";
 		}
 	}
 	return false;
@@ -195,7 +195,7 @@ function check_tables($link)
 
 function check_columns($link)
 {
-	global $dbtables, $dbtables_can_update, $errors, $page, $webimroot;
+	global $dbtables, $dbtables_can_update, $errors, $page, $mibewroot;
 
 	$need_to_create_columns = false;
 	foreach ($dbtables as $id => $columns) {
@@ -209,7 +209,7 @@ function check_columns($link)
 			if (count($cannot_update) != 0) {
 				$errors[] = "Key columns are absent in table `$id'. Unable to continue installation.";
 				$page['nextstep'] = getlocal("install.kill_tables");
-				$page['nextstepurl'] = "$webimroot/install/dbperform.php?act=dt";
+				$page['nextstepurl'] = "$mibewroot/install/dbperform.php?act=dt";
 				$page['nextnotice'] = getlocal("install.kill_tables.notice");
 				return false;
 			}
@@ -219,7 +219,7 @@ function check_columns($link)
 
 	if ($need_to_create_columns) {
 		$page['nextstep'] = getlocal("install.4.create");
-		$page['nextstepurl'] = "$webimroot/install/dbperform.php?act=addcolumns";
+		$page['nextstepurl'] = "$mibewroot/install/dbperform.php?act=addcolumns";
 		$page['nextnotice'] = getlocal("install.4.notice");
 		return false;
 	}
@@ -234,8 +234,8 @@ function check_sound()
 
 	$page['soundcheck'] = true;
 	$page['done'][] = getlocal2("install.5.text", array(
-													   "<a id='check-nv' href='javascript:void(0)'>" . getlocal("install.5.newvisitor") . "</a>",
+													   "<a id=\"check-nv\" href=\"javascript:void(0)\">" . getlocal("install.5.newvisitor") . "</a>",
-													   "<a id='check-nm' href='javascript:void(0)'>" . getlocal("install.5.newmessage") . "</a>"
+													   "<a id=\"check-nm\" href=\"javascript:void(0)\">" . getlocal("install.5.newmessage") . "</a>"
 												  ));
 }
 
@@ -254,11 +254,11 @@ function check_admin($link)
 
 function check_status()
 {
-	global $page, $webimroot, $settings, $dbversion;
+	global $page, $mibewroot, $settings, $dbversion;
 
 	$page['done'][] = getlocal2("install.0.php", array(phpversion()));
 
-	if (!check_webimroot()) {
+	if (!check_mibewroot()) {
 		return;
 	}
 
@@ -292,8 +292,8 @@ function check_status()
 
 	if (!check_admin($link)) {
 		$page['nextstep'] = getlocal("installed.login_link");
-		$page['nextnotice'] = getlocal2("installed.notice", array("${webimroot}/install/"));
+		$page['nextnotice'] = getlocal2("installed.notice", array("${mibewroot}/install/"));
-		$page['nextstepurl'] = "$webimroot/operator/login.php?login=admin";
+		$page['nextstepurl'] = "$mibewroot/operator/login.php?login=admin";
 	}
 
 	$page['show_small_login'] = true;

src/messenger/webim/install/whatsnew.txt

@@ -1,7 +1,30 @@
+  1.6.7
+  -----
+  [+] add https links highlighting (thanks to falcon)
+  [!] fix several bugs related to specific environments
+
+  1.6.6
+  -----
+  [+] add captcha image to pre-chat survey
+  [+] improve localization (add new constants)
+  [!] completely abandon old application name (i.e. webim)
+  [!] switch to more safe hashing alrgorithms for passwords and tokens
+  [!] switch to more safe generation of user IDs
+  [!] make important cookies more safe
+  [!] multiple XSS fixes
+  [!] multiple SQL Injection fixes
+  [!] multiple file path manipulation fixes
+  [!] CSRF fixes
+
   1.6.5
   -----
   [+] Apache 2 license
-  [!] csrf fixes
+  [+] switched to google closure compiler for Javascript compression, jQuery 1.4.2
+  [+] improve database schema (add indexes, fix compatibility with MySQL 5.5)
+  [+] silver skin (thanks to Alekin Pavel)
+  [+] informational banner on empty password of administrator
+  [!] CSRF fixes
+  [!] close old threads by timeout
 
   1.6.4
   -----

src/messenger/webim/js/164/brws.js

@@ -1 +0,0 @@
-var myAgent="",myVer=0,myRealAgent="";function detectAgent(){for(var a=["opera","msie","safari","firefox","netscape","mozilla"],b=navigator.userAgent.toLowerCase(),c=0;c<a.length;c++){var d=a[c];if(b.indexOf(d)!=-1){myAgent=d;if(!window.RegExp)break;RegExp(d+"[ /]?([0-9]+(.[0-9]+)?)").exec(b)!=null&&(myVer=parseFloat(RegExp.$1));break}}myRealAgent=myAgent;navigator.product=="Gecko"&&(myAgent="moz")}detectAgent();function getEl(a){return document.getElementById(a)};

src/messenger/webim/js/164/chat.js

@@ -1,24 +0,0 @@
-/*
- This file is part of Mibew Messenger project.
- http://mibew.org
-
- Copyright (c) 2005-2011 Mibew Messenger Community
- License: http://mibew.org/license.php
-*/
-var FrameUtils={getDocument:function(a){return a.contentDocument?a.contentDocument:a.contentWindow?a.contentWindow.document:a.document?a.document:null},initFrame:function(a){var b=this.getDocument(a);b.open();b.write("<html><head>");b.write('<link rel="stylesheet" type="text/css" media="all" href="'+Chat.cssfile+'">');b.write("</head><body bgcolor='#FFFFFF' text='#000000' link='#C28400' vlink='#C28400' alink='#C28400'>");b.write("<table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td valign='top' class='message' id='content'></td></tr></table><a id='bottom' name='bottom'></a>");
-b.write("</body></html>");b.close();a.onload=function(){a.myHtml&&(FrameUtils.getDocument(a).getElementById("content").innerHTML+=a.myHtml,FrameUtils.scrollDown(a))}},insertIntoFrame:function(a,b){var c=this.getDocument(a).getElementById("content");if(c==null){if(!a.myHtml)a.myHtml="";a.myHtml+=b}else c.innerHTML+=b},scrollDown:function(a){var b=this.getDocument(a).getElementById("bottom");if(myAgent=="opera")try{a.contentWindow.scrollTo(0,this.getDocument(a).getElementById("content").clientHeight)}catch(c){}b&&
-b.scrollIntoView(!1)}};Ajax.ChatThreadUpdater=Class.create();
-Class.inherit(Ajax.ChatThreadUpdater,Ajax.Base,{initialize:function(a){this.setOptions(a);this._options.onComplete=this.requestComplete.bind(this);this._options.onException=this.handleException.bind(this);this._options.onTimeout=this.handleTimeout.bind(this);this._options.timeout=5E3;this.updater={};this.frequency=this._options.frequency||2;this.lastupdate=0;this.focused=this.skipNextsound=this.cansend=!0;this.ownThread=this._options.message!=null;FrameUtils.initFrame(this._options.container);if(this._options.message)this._options.message.onkeydown=
-this.handleKeyDown.bind(this),this._options.message.onfocus=function(){this.focused=!0}.bind(this),this._options.message.onblur=function(){this.focused=!1}.bind(this);this.update()},handleException:function(){this.setStatus("offline, reconnecting");this.stopUpdate();this.timer=setTimeout(this.update.bind(this),1E3)},handleTimeout:function(){this.setStatus("timeout, reconnecting");this.stopUpdate();this.timer=setTimeout(this.update.bind(this),1E3)},updateOptions:function(a){this._options.parameters=
-"act="+a+"&thread="+(this._options.threadid||0)+"&token="+(this._options.token||0)+"&lastid="+(this._options.lastid||0);this._options.user&&(this._options.parameters+="&user=true");a=="refresh"&&this._options.message&&this._options.message.value!=""&&(this._options.parameters+="&typed=1")},enableInput:function(a){if(this._options.message)this._options.message.disabled=!a},stopUpdate:function(){this.enableInput(!0);if(this.updater._options)this.updater._options.onComplete=void 0;clearTimeout(this.timer)},
-update:function(){this.updateOptions("refresh");this.updater=new Ajax.Request(this._options.servl,this._options)},requestComplete:function(a){try{this.enableInput(!0);this.cansend=!0;var b=Ajax.getXml(a);b&&b.tagName=="thread"?this.updateContent(b):this.handleError(a,b,"refresh messages failed")}catch(c){}this.skipNextsound=!1;this.timer=setTimeout(this.update.bind(this),this.frequency*1E3)},postMessage:function(a){if(a!=""&&this.cansend){this.cansend=!1;this.stopUpdate();this.skipNextsound=!0;this.updateOptions("post");
-var b={}.extend(this._options);b.parameters+="&message="+encodeURIComponent(a);b.onComplete=function(a){this.requestComplete(a);if(this._options.message)this._options.message.value="",this._options.message.focus()}.bind(this);myRealAgent!="opera"&&this.enableInput(!1);this.updater=new Ajax.Request(this._options.servl,b)}},changeName:function(a){this.skipNextsound=!0;new Ajax.Request(this._options.servl,{parameters:"act=rename&thread="+(this._options.threadid||0)+"&token="+(this._options.token||0)+
-"&name="+encodeURIComponent(a)})},onThreadClosed:function(a){var b=Ajax.getXml(a);b&&b.tagName=="closed"?setTimeout("window.close()",2E3):this.handleError(a,b,"cannot close")},closeThread:function(){var a="act=close&thread="+(this._options.threadid||0)+"&token="+(this._options.token||0);this._options.user&&(a+="&user=true");new Ajax.Request(this._options.servl,{parameters:a,onComplete:this.onThreadClosed.bind(this)})},processMessage:function(a,b){var c=NodeUtils.getNodeText(b);FrameUtils.insertIntoFrame(a,
-c)},showTyping:function(a){if($("typingdiv"))$("typingdiv").style.display=a?"inline":"none"},setupAvatar:function(a){a=NodeUtils.getNodeText(a);if(this._options.avatar&&this._options.user)this._options.avatar.innerHTML=a!=""?'<img src="'+Chat.webimRoot+'/images/free.gif" width="7" height="1" border="0" alt="" /><img src="'+a+'" border="0" alt=""/>':""},updateContent:function(a){var b=!1,c=this._options.container,d=NodeUtils.getAttrValue(a,"lastid");if(d)this._options.lastid=d;(d=NodeUtils.getAttrValue(a,
-"typing"))&&this.showTyping(d=="1");if((d=NodeUtils.getAttrValue(a,"canpost"))&&(d=="1"&&!this.ownThread||this.ownThread&&d!="1"))window.location.href=window.location.href;for(d=0;d<a.childNodes.length;d++){var e=a.childNodes[d];e.tagName=="message"?(b=!0,this.processMessage(c,e)):e.tagName=="avatar"&&this.setupAvatar(e)}window.location.search.indexOf("trace=on")>=0?(a="updated",this.lastupdate>0&&(c=((new Date).getTime()-this.lastupdate)/1E3,a=a+", "+c+" secs",c>10&&alert(a)),this.lastupdate=(new Date).getTime(),
-this.setStatus(a)):this.clearStatus();b&&(FrameUtils.scrollDown(this._options.container),this.skipNextsound||(b=$("soundimg"),(b==null||b.className.match(/\bisound\b/))&&playSound(Chat.webimRoot+"/sounds/new_message.wav")),this.focused||window.focus())},isSendkey:function(a,b){return b==13&&(a||this._options.ignorectrl)||b==10},handleKeyDown:function(a){a?(ctrl=a.ctrlKey,a=a.which):(a=event.keyCode,ctrl=event.ctrlKey);if(this._options.message&&this.isSendkey(ctrl,a))return a=this._options.message.value,
-this._options.ignorectrl&&(a=a.replace(/[\r\n]+$/,"")),this.postMessage(a),!1;return!0},handleError:function(a,b){b&&b.tagName=="error"?this.setStatus(NodeUtils.getNodeValue(b,"descr")):this.setStatus("reconnecting")},showStatusDiv:function(a){if($("engineinfo"))$("engineinfo").style.display="inline",$("engineinfo").innerHTML=a},setStatus:function(a){this.statusTimeout&&clearTimeout(this.statusTimeout);this.showStatusDiv(a);this.statusTimeout=setTimeout(this.clearStatus.bind(this),4E3)},clearStatus:function(){$("engineinfo").style.display=
-"none"}});var Chat={threadUpdater:{},applyName:function(){Chat.threadUpdater.changeName($("uname").value);$("changename1").style.display="none";$("changename2").style.display="inline";$("unamelink").innerHTML=htmlescape($("uname").value)},showNameField:function(){$("changename1").style.display="inline";$("changename2").style.display="none"}};
-Behaviour.register({"#postmessage a":function(a){a.onclick=function(){var a=$("msgwnd");a&&Chat.threadUpdater.postMessage(a.value)}},"select#predefined":function(a){a.onchange=function(){var a=$("msgwnd");if(this.selectedIndex!=0)a.value=this.options[this.selectedIndex].innerText||this.options[this.selectedIndex].innerHTML;this.selectedIndex=0;a.focus()}},"div#changename2 a":function(a){a.onclick=function(){Chat.showNameField();return!1}},"div#changename1 a":function(a){a.onclick=function(){Chat.applyName();
-return!1}},"div#changename1 input#uname":function(a){a.onkeydown=function(a){(a||event).keyCode==13&&Chat.applyName()}},"a#refresh":function(a){a.onclick=function(){Chat.threadUpdater.stopUpdate();Chat.threadUpdater.update()}},"a#togglesound":function(a){a.onclick=function(){var a=$("soundimg");if(a)a.className=a.className.match(/\bisound\b/)?"tplimage inosound":"tplimage isound",(a=$("msgwnd"))&&a.focus()}},"a.closethread":function(a){a.onclick=function(){Chat.threadUpdater.closeThread()}}});
-EventHelper.register(window,"onload",function(){Chat.webimRoot=threadParams.wroot;Chat.cssfile=threadParams.cssfile;Chat.threadUpdater=new Ajax.ChatThreadUpdater({ignorectrl:-1,container:myRealAgent=="safari"?self.frames[0]:$("chatwnd"),avatar:$("avatarwnd"),message:$("msgwnd")}.extend(threadParams||{}))});

src/messenger/webim/js/164/common.js

@@ -1,25 +0,0 @@
-/*
- This file is part of Mibew Messenger project.
- http://mibew.org
-
- Copyright (c) 2005-2011 Mibew Messenger Community
- License: http://mibew.org/license.php
-*/
-var Class={create:function(){return function(){this.initialize.apply(this,arguments)}},inherit:function(a,b,c){Object.extend(Object.extend(a.prototype,b.prototype),c)}};Object.extend=function(a,b){for(property in b)a[property]=b[property];return a};Object.prototype.extend=function(a){return Object.extend.apply(this,[this,a])};Function.prototype.bind=function(a){var b=this;return function(){return b.apply(a,arguments)}};
-Function.prototype.bindAsEventListener=function(a){var b=this;return function(c){b.call(a,c||window.event)}};Number.prototype.toColorPart=function(){var a=this.toString(16);if(this<16)return"0"+a;return a};var Try={these:function(){for(var a,b=0;b<arguments.length;b++){var c=arguments[b];try{a=c();break}catch(d){}}return a}},PeriodicalExecuter=Class.create();
-PeriodicalExecuter.prototype={initialize:function(a,b){this.callback=a;this.frequency=b;this.currentlyExecuting=!1;this.registerCallback()},registerCallback:function(){setInterval(this.onTimerEvent.bind(this),this.frequency*1E3)},onTimerEvent:function(){if(!this.currentlyExecuting)try{this.currentlyExecuting=!0,this.callback()}finally{this.currentlyExecuting=!1}}};
-function findObj(a){var b;if(!(b=document[a])&&document.all)b=document.all[a];!b&&document.getElementById&&(b=document.getElementById(a));if(!b&&!document.all&&document.getElementsByName){b=document.getElementsByName(a);if(b.length==0)return null;if(b.length==1)return b[0]}return b}if(!Array.prototype.push)Array.prototype.push=function(){for(var a=this.length,b=0;b<arguments.length;b++)this[a+b]=arguments[b];return this.length};
-function $(){for(var a=[],b=0;b<arguments.length;b++){var c=arguments[b];typeof c=="string"&&(c=findObj(c));if(arguments.length==1)return c;a.push(c)}return a}
-var Ajax={getTransport:function(){return Try.these(function(){return new ActiveXObject("Msxml2.XMLHTTP")},function(){return new ActiveXObject("Microsoft.XMLHTTP")},function(){return new XMLHttpRequest})||!1},getXml:function(a){if(a&&a.status>=200&&a.status<300&&(a=a.responseXML)&&a.documentElement)return a.documentElement;return null},getError:function(a){return a.statusText||"connection error N"+a.status},emptyFunction:function(){},Base:function(){}};
-Ajax.Base.prototype={setOptions:function(a){this._options={_method:"post",asynchronous:!0,parameters:""}.extend(a||{})},getStatus:function(){try{return this.transport.status||0}catch(a){return 0}},responseIsSuccess:function(){var a=this.getStatus();return!a||a>=200&&a<300},responseIsFailure:function(){return!this.responseIsSuccess()}};Ajax.Request=Class.create();Ajax.Request.Events=["Uninitialized","Loading","Loaded","Interactive","Complete"];
-Class.inherit(Ajax.Request,Ajax.Base,{initialize:function(a,b){this.transport=Ajax.getTransport();this.setOptions(b);this.transportTimer={};this.finished=!1;this.request(a)},request:function(a){var b=this._options.parameters||"";b.length>0&&(b+="&_=");try{this._options._method=="get"&&b.length>0&&(a+="?"+b);this.transport.open(this._options._method.toUpperCase(),a,this._options.asynchronous);if(this._options.asynchronous&&(this.transport.onreadystatechange=this.onStateChange.bind(this),this._options.timeout))this.transportTimer=
-setTimeout(this.handleTimeout.bind(this),this._options.timeout);this.setRequestHeaders();var c=this._options.postBody?this._options.postBody:b;this.transport.send(this._options._method=="post"?c:null)}catch(d){this.dispatchException(d)}},setRequestHeaders:function(){var a=["X-Requested-With","XMLHttpRequest"];this._options._method=="post"&&(a.push("Content-type","application/x-www-form-urlencoded"),this.transport.overrideMimeType&&(navigator.userAgent.match("/Gecko/(d{4})/")||[0,2005])[1]<2005&&a.push("Connection",
-"close"));this._options.requestHeaders&&a.push.apply(a,this._options.requestHeaders);for(var b=0;b<a.length;b+=2)this.transport.setRequestHeader(a[b],a[b+1])},onStateChange:function(){this.transport.readyState!=1&&this.respondToReadyState(this.transport.readyState)},handleTimeout:function(){if(!this.finished)this.finished=!0,(this._options.onTimeout||Ajax.emptyFunction)(this)},respondToReadyState:function(a){if(Ajax.Request.Events[a]=="Complete"){try{if(!this.finished)this.finished=!0,this._options.timeout&&
-clearTimeout(this.transportTimer),(this._options.onComplete||Ajax.emptyFunction)(this.transport)}catch(b){this.dispatchException(b)}this.transport.onreadystatechange=Ajax.emptyFunction}},dispatchException:function(a){(this._options.onException||Ajax.emptyFunction)(this,a)}});
-var EventHelper={register:function(a,b,c){var d=a[b];a[b]=typeof d!="function"?c:function(){d();c()}}},Behaviour={list:[],register:function(a){Behaviour.list.push(a)},init:function(){EventHelper.register(window,"onload",function(){Behaviour.apply()})},apply:function(){for(h=0;sheet=Behaviour.list[h];h++)for(selector in sheet)if(list=document.getElementsBySelector(selector))for(i=0;element=list[i];i++)sheet[selector](element)}};Behaviour.init();
-function getAllChildren(a){return a.all?a.all:a.getElementsByTagName("*")}
-document.getElementsBySelector=function(a){if(!document.getElementsByTagName)return[];for(var a=a.split(" "),b=Array(document),c=0;c<a.length;c++)if(token=a[c].replace(/^\s+/,"").replace(/\s+$/,""),token.indexOf("#")>-1){var d=token.split("#"),e=d[0],b=document.getElementById(d[1]);if(b==null||e&&b.nodeName.toLowerCase()!=e)return[];b=Array(b)}else if(token.indexOf(".")>-1){d=token.split(".");e=d[0];d=d[1];e||(e="*");for(var l=[],j=0,n=0;n<b.length;n++){var g;g=e=="*"?getAllChildren(b[n]):b[n].getElementsByTagName(e);
-if(g!=null)for(var o=0;o<g.length;o++)l[j++]=g[o]}b=[];for(j=e=0;j<l.length;j++)l[j].className&&l[j].className.match(RegExp("\\b"+d+"\\b"))&&(b[e++]=l[j])}else{if(!b[0])return;e=token;l=[];for(n=j=0;n<b.length;n++){g=b[n].getElementsByTagName(e);for(o=0;o<g.length;o++)l[j++]=g[o]}b=l}return b};
-var NodeUtils={getNodeValue:function(a,b){var c=a.getElementsByTagName(b);if(c.length==0)return"";var c=c[0].childNodes,d="";for(i=0;i<c.length;i++)d+=c[i].nodeValue;return d},getNodeText:function(a){var a=a.childNodes,b="";for(i=0;i<a.length;i++)b+=a[i].nodeValue;return b},getAttrValue:function(a,b){for(k=0;k<a.attributes.length;k++)if(a.attributes[k].nodeName==b)return a.attributes[k].nodeValue;return null}},CommonUtils={getRow:function(a,b){var c=b.rows[a];if(c!=null)return c;if(b.rows.head!=null)return null;
-for(k=0;k<b.rows.length;k++)if(b.rows[k].id==a)return b.rows[k];return null},getCell:function(a,b,c){var d=b.cells[a];if(d!=null)return d;if(c.rows.head!=null)return null;for(k=0;k<b.cells.length;k++)if(b.cells[k].id==a)return b.cells[k];return null},insertCell:function(a,b,c,d,e,l){a=a.insertCell(-1);a.id=b;if(d)a.align=d;a.className=c;if(e)a.height=e;a.innerHTML=l}};
-function playSound(a){var b=document.createElement("div");if(navigator.userAgent.toLowerCase().indexOf("opera")!=-1)b.style="position: absolute; left: 0px; top: -200px;";document.body.appendChild(b);b.innerHTML='<audio autoplay src="'+a+'"><embed src="'+a+'" hidden="true" autostart="true" loop="false"></audio>'}function htmlescape(a){return a.replace("&","&amp;").replace("<","&lt;").replace(">","&gt;").replace('"',"&quot;")};

src/messenger/webim/js/164/update.js

@@ -1,33 +0,0 @@
-function loadNews() {
-	if (typeof(window.webimNews) == "undefined" || typeof(window.webimNews.length) == "undefined")
-		return;
-	
-	var str = "<div>";
-	for (var i = 0; i < window.webimNews.length; i++) {
-		str += "<div class=\"newstitle\"><a hre" + "f=\"" + window.webimNews[i].link + "\">" + window.webimNews[i].title + "</a>, <span class=\"small\">" + window.webimNews[i].date + "</span></div>";
-		str += "<div class=\"newstext\">" + window.webimNews[i].message+"</div>";
-	}
-	$("#news").html(str + "</div>");
-}
-
-function loadVersion() {
-	if(typeof(window.webimLatest) == "undefined" || typeof(window.webimLatest.version) == "undefined")
-		return;
-	
-	var current = $("#cver").html();
-
-	if(current != window.webimLatest.version) {
-		if(current < window.webimLatest.version) {
-			$("#cver").css("color","red");
-		}
-		$("#lver").html(window.webimLatest.version+", Download <a href=\""+window.webimLatest.download+"\">"+window.webimLatest.title+"</a>");
-	} else {
-		$("#cver").css("color","green");
-		$("#lver").html(window.webimLatest.version);
-	}
-}
-
-$(function(){
-	loadNews();
-	loadVersion();
-});

src/messenger/webim/js/164/users.js

@@ -1,27 +0,0 @@
-/*
- This file is part of Mibew Messenger project.
- http://mibew.org
-
- Copyright (c) 2005-2011 Mibew Messenger Community
- License: http://mibew.org/license.php
-*/
-Ajax.PeriodicalUpdater=Class.create();
-Class.inherit(Ajax.PeriodicalUpdater,Ajax.Base,{initialize:function(a){this.setOptions(a);this._options.onComplete=this.requestComplete.bind(this);this._options.onException=this.handleException.bind(this);this._options.onTimeout=this.handleTimeout.bind(this);this._options.timeout=5E3;this.frequency=this._options.frequency||2;this.updater={};this.update()},handleException:function(){this._options.handleError&&this._options.handleError("offline, reconnecting");this.stopUpdate();this.timer=setTimeout(this.update.bind(this),
-1E3)},handleTimeout:function(){this._options.handleError&&this._options.handleError("timeout, reconnecting");this.stopUpdate();this.timer=setTimeout(this.update.bind(this),1E3)},stopUpdate:function(){if(this.updater._options)this.updater._options.onComplete=void 0;clearTimeout(this.timer)},update:function(){if(this._options.updateParams)this._options.parameters=this._options.updateParams();this.updater=new Ajax.Request(this._options.url,this._options)},requestComplete:function(a){try{var b=Ajax.getXml(a);
-b?(this._options.updateContent||Ajax.emptyFunction)(b):this._options.handleError&&this._options.handleError("reconnecting")}catch(c){}this.timer=setTimeout(this.update.bind(this),this.frequency*1E3)}});
-var HtmlGenerationUtils={popupLink:function(a,b,c,d,e,l,j){return'<a href="'+a+'"'+(j!=null?' class="'+j+'"':"")+' target="_blank" title="'+b+'" onclick="this.newWindow = window.open(\''+a+"', '"+c+"', 'toolbar=0,scrollbars=0,location=0,status=1,menubar=0,width="+e+",height="+l+",resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;\">"+d+"</a>"},generateOneRowTable:function(a){return'<table class="inner"><tr>'+a+"</tr></table>"},viewOpenCell:function(a,b,c,d,e,l,j,n){var l=
-2,b=b+"?thread="+c,g="<td>";g+=e||d?HtmlGenerationUtils.popupLink(n||!d?b:b+"&viewonly=true",localized[e?0:1],"ImCenter"+c,a,640,480,null):'<a href="#">'+a+"</a>";g+="</td>";e&&(g+='<td class="icon">',g+=HtmlGenerationUtils.popupLink(b,localized[0],"ImCenter"+c,'<img src="'+webimRoot+'/images/tbliclspeak.gif" width="15" height="15" border="0" alt="'+localized[0]+'">',640,480,null),g+="</td>",l++);d&&(g+='<td class="icon">',g+=HtmlGenerationUtils.popupLink(b+"&viewonly=true",localized[1],"ImCenter"+
-c,'<img src="'+webimRoot+'/images/tbliclread.gif" width="15" height="15" border="0" alt="'+localized[1]+'">',640,480,null),g+="</td>",l++);j!=""&&(g+='</tr><tr><td class="firstmessage" colspan="'+l+'"><a href="javascript:void(0)" title="'+j+'" onclick="alert(this.title);return false;">',g+=j.length>30?j.substring(0,30)+"...":j,g+="</a></td>");return HtmlGenerationUtils.generateOneRowTable(g)},banCell:function(a,b){return'<td class="icon">'+HtmlGenerationUtils.popupLink(webimRoot+"/operator/ban.php?"+
-(b?"id="+b:"thread="+a),localized[2],"ban"+a,'<img src="'+webimRoot+'/images/ban.gif" width="15" height="15" border="0" alt="'+localized[2]+'">',720,480,null)+"</td>"}};Ajax.ThreadListUpdater=Class.create();
-Class.inherit(Ajax.ThreadListUpdater,Ajax.Base,{initialize:function(a){this.setOptions(a);this._options.updateParams=this.updateParams.bind(this);this._options.handleError=this.handleError.bind(this);this._options.updateContent=this.updateContent.bind(this);this._options.lastrevision=0;this.threadTimers={};this.delta=0;this.t=this._options.table;this.periodicalUpdater=new Ajax.PeriodicalUpdater(this._options)},updateParams:function(){return"since="+this._options.lastrevision+"&status="+this._options.istatus+
-(this._options.showonline?"&showonline=1":"")},setStatus:function(a){this._options.status.innerHTML=a},handleError:function(a){this.setStatus(a)},updateThread:function(a){function b(a,b,c,d){if(a=CommonUtils.getCell(c,b,a))a.innerHTML=d}for(var c,d,e,l=!1,j=!1,n=!1,g=null,o=null,f=0;f<a.attributes.length;f++){var m=a.attributes[f];if(m.nodeName=="id")c=m.nodeValue;else if(m.nodeName=="stateid")d=m.nodeValue;else if(m.nodeName=="state")e=m.nodeValue;else if(m.nodeName=="canopen")j=!0;else if(m.nodeName==
-"canview")l=!0;else if(m.nodeName=="canban")n=!0;else if(m.nodeName=="ban")g=m.nodeValue;else if(m.nodeName=="banid")o=m.nodeValue}f=CommonUtils.getRow("thr"+c,this.t);if(d=="closed")f&&this.t.deleteRow(f.rowIndex),this.threadTimers[c]=null;else{var m=NodeUtils.getNodeValue(a,"name"),s=NodeUtils.getNodeValue(a,"addr"),q=NodeUtils.getNodeValue(a,"time"),t=NodeUtils.getNodeValue(a,"agent"),r=NodeUtils.getNodeValue(a,"modified"),u=NodeUtils.getNodeValue(a,"message"),p="<td>"+NodeUtils.getNodeValue(a,
-"useragent")+"</td>";g!=null&&(p="<td>"+NodeUtils.getNodeValue(a,"reason")+"</td>");n&&(p+=HtmlGenerationUtils.banCell(c,o));p=HtmlGenerationUtils.generateOneRowTable(p);a=CommonUtils.getRow("t"+d,this.t);n=CommonUtils.getRow("t"+d+"end",this.t);if(f!=null&&(f.rowIndex<=a.rowIndex||f.rowIndex>=n.rowIndex))this.t.deleteRow(f.rowIndex),f=this.threadTimers[c]=null;if(f==null){if(f=this.t.insertRow(a.rowIndex+1),f.className=g=="blocked"&&d!="chat"?"ban":"in"+d,f.id="thr"+c,this.threadTimers[c]=[q,r,d],
-CommonUtils.insertCell(f,"name","visitor",null,null,HtmlGenerationUtils.viewOpenCell(m,this._options.agentservl,c,l,j,g,u,d!="chat")),CommonUtils.insertCell(f,"contid","visitor","center",null,s),CommonUtils.insertCell(f,"state","visitor","center",null,e),CommonUtils.insertCell(f,"op","visitor","center",null,t),CommonUtils.insertCell(f,"time","visitor","center",null,this.getTimeSince(q)),CommonUtils.insertCell(f,"wait","visitor","center",null,d!="chat"?this.getTimeSince(r):"-"),CommonUtils.insertCell(f,
-"etc","visitor","center",null,p),d=="wait"||d=="prio")return!0}else this.threadTimers[c]=[q,r,d],f.className=g=="blocked"&&d!="chat"?"ban":"in"+d,b(this.t,f,"name",HtmlGenerationUtils.viewOpenCell(m,this._options.agentservl,c,l,j,g,u,d!="chat")),b(this.t,f,"contid",s),b(this.t,f,"state",e),b(this.t,f,"op",t),b(this.t,f,"time",this.getTimeSince(q)),b(this.t,f,"wait",d!="chat"?this.getTimeSince(r):"-"),b(this.t,f,"etc",p);return!1}},updateQueueMessages:function(){function a(a,b){var c=$(b),j=$(b+"end");
-if(c==null||j==null)return!1;return c.rowIndex+1<j.rowIndex}var b=$("statustd");if(b){var c=a(this.t,"twait")||a(this.t,"tprio")||a(this.t,"tchat");b.innerHTML=c?"":this._options.noclients;b.height=c?5:30}},getTimeSince:function(a){var a=Math.floor(((new Date).getTime()-a-this.delta)/1E3),b=Math.floor(a/60),c="";a%=60;a<10&&(a="0"+a);b>=60&&(c=Math.floor(b/60),b%=60,b<10&&(b="0"+b),c+=":");return c+b+":"+a},updateTimers:function(){for(var a in this.threadTimers)if(this.threadTimers[a]!=null){var b=
-this.threadTimers[a],c=CommonUtils.getRow("thr"+a,this.t);if(c!=null){var d=function(a,b,c,d){if(a=CommonUtils.getCell(c,b,a))a.innerHTML=d};d(this.t,c,"time",this.getTimeSince(b[0]));d(this.t,c,"wait",b[2]!="chat"?this.getTimeSince(b[1]):"-")}}},updateThreads:function(a){var b=!1,c=NodeUtils.getAttrValue(a,"time"),d=NodeUtils.getAttrValue(a,"revision");if(c)this.delta=(new Date).getTime()-c;if(d)this._options.lastrevision=d;for(c=0;c<a.childNodes.length;c++)d=a.childNodes[c],d.tagName=="thread"&&
-this.updateThread(d)&&(b=!0);this.updateQueueMessages();this.updateTimers();this.setStatus(this._options.istatus?"Away":"Up to date");b&&(playSound(webimRoot+"/sounds/new_user.wav"),window.focus(),updaterOptions.showpopup&&alert(localized[5]))},updateOperators:function(a){var b=$("onlineoperators");if(b){for(var c=[],d=0;d<a.childNodes.length;d++){var e=a.childNodes[d];if(e.tagName=="operator"){var l=NodeUtils.getAttrValue(e,"name"),e=NodeUtils.getAttrValue(e,"away")!=null;c[c.length]='<img src="'+
-webimRoot+"/images/op"+(e?"away":"online")+'.gif" width="12" height="12" border="0" alt="'+localized[1]+'"> '+l}}b.innerHTML=c.join(", ")}},updateContent:function(a){if(a.tagName=="update")for(var b=0;b<a.childNodes.length;b++){var c=a.childNodes[b];c.tagName=="threads"?this.updateThreads(c):c.tagName=="operators"&&this.updateOperators(c)}else a.tagName=="error"?this.setStatus(NodeUtils.getNodeValue(a,"descr")):this.setStatus("reconnecting")}});
-function togglemenu(){if($("sidebar")&&$("wcontent")&&$("togglemenu"))$("wcontent").className=="contentnomenu"?($("sidebar").style.display="block",$("wcontent").className="contentinner",$("togglemenu").innerHTML=localized[4]):($("sidebar").style.display="none",$("wcontent").className="contentnomenu",$("togglemenu").innerHTML=localized[3])}var webimRoot="";Behaviour.register({"#togglemenu":function(a){a.onclick=function(){togglemenu()}}});
-EventHelper.register(window,"onload",function(){webimRoot=updaterOptions.wroot;new Ajax.ThreadListUpdater({table:$("threadlist"),status:$("connstatus"),istatus:0}.extend(updaterOptions||{}));updaterOptions.havemenu||togglemenu()});

src/messenger/webim/js/167/brws.js

@@ -0,0 +1 @@
+var myAgent="",myVer=0,myRealAgent="";function detectAgent(){for(var a="opera msie safari firefox netscape mozilla".split(" "),b=navigator.userAgent.toLowerCase(),c=0;c<a.length;c++){var d=a[c];if(-1!=b.indexOf(d)){myAgent=d;if(!window.RegExp)break;null!=RegExp(d+"[ /]?([0-9]+(.[0-9]+)?)").exec(b)&&(myVer=parseFloat(RegExp.$1));break}}myRealAgent=myAgent;"Gecko"==navigator.product&&(myAgent="moz")}detectAgent();function getEl(a){return document.getElementById(a)};

src/messenger/webim/js/167/chat.js

@@ -0,0 +1,24 @@
+/*
+ This file is part of Mibew Messenger project.
+ http://mibew.org
+
+ Copyright (c) 2005-2013 Mibew Messenger Community
+ License: http://mibew.org/license.php
+*/
+var FrameUtils={getDocument:function(a){return a.contentDocument?a.contentDocument:a.contentWindow?a.contentWindow.document:a.document?a.document:null},initFrame:function(a){var b=this.getDocument(a);b.open();b.write("<html><head>");b.write('<link rel="stylesheet" type="text/css" media="all" href="'+Chat.cssfile+'">');b.write('</head><body bgcolor="#FFFFFF" text=#000000" link="#C28400" vlink="#C28400" alink="#C28400">');b.write('<table width="100%" cellspacing="0" cellpadding="0" border="0"><tr><td valign="top" class="message" id="content"></td></tr></table><a id="bottom" name="bottom"></a>');
+b.write("</body></html>");b.close();a.onload=function(){a.myHtml&&(FrameUtils.getDocument(a).getElementById("content").innerHTML+=a.myHtml,FrameUtils.scrollDown(a))}},insertIntoFrame:function(a,b){var c=this.getDocument(a).getElementById("content");null==c?(a.myHtml||(a.myHtml=""),a.myHtml+=b):c.innerHTML+=b},scrollDown:function(a){var b=this.getDocument(a).getElementById("bottom");if("opera"==myAgent)try{a.contentWindow.scrollTo(0,this.getDocument(a).getElementById("content").clientHeight)}catch(c){}b&&
+b.scrollIntoView(!1)}};Ajax.ChatThreadUpdater=Class.create();
+Class.inherit(Ajax.ChatThreadUpdater,Ajax.Base,{initialize:function(a){this.setOptions(a);this._options.onComplete=this.requestComplete.bind(this);this._options.onException=this.handleException.bind(this);this._options.onTimeout=this.handleTimeout.bind(this);this._options.timeout=5E3;this.updater={};this.frequency=this._options.frequency||2;this.lastupdate=0;this.focused=this.skipNextsound=this.cansend=!0;this.ownThread=null!=this._options.message;FrameUtils.initFrame(this._options.container);this._options.message&&
+(this._options.message.onkeydown=this.handleKeyDown.bind(this),this._options.message.onfocus=function(){this.focused=!0}.bind(this),this._options.message.onblur=function(){this.focused=!1}.bind(this));this.update()},handleException:function(a,b){this.setStatus("offline, reconnecting");this.stopUpdate();this.timer=setTimeout(this.update.bind(this),1E3)},handleTimeout:function(a){this.setStatus("timeout, reconnecting");this.stopUpdate();this.timer=setTimeout(this.update.bind(this),1E3)},updateOptions:function(a){this._options.parameters=
+"act="+a+"&thread="+(this._options.threadid||0)+"&token="+(this._options.token||0)+"&lastid="+(this._options.lastid||0);this._options.user&&(this._options.parameters+="&user=true");"refresh"==a&&(this._options.message&&""!=this._options.message.value)&&(this._options.parameters+="&typed=1")},enableInput:function(a){this._options.message&&(this._options.message.disabled=!a)},stopUpdate:function(){this.enableInput(!0);this.updater._options&&(this.updater._options.onComplete=void 0);clearTimeout(this.timer)},
+update:function(){this.updateOptions("refresh");this.updater=new Ajax.Request(this._options.servl,this._options)},requestComplete:function(a){try{this.enableInput(!0);this.cansend=!0;var b=Ajax.getXml(a);b&&"thread"==b.tagName?this.updateContent(b):this.handleError(a,b,"refresh messages failed")}catch(c){}this.skipNextsound=!1;this.timer=setTimeout(this.update.bind(this),1E3*this.frequency)},postMessage:function(a){if(""!=a&&this.cansend){this.cansend=!1;this.stopUpdate();this.skipNextsound=!0;this.updateOptions("post");
+var b={}.extend(this._options);b.parameters+="&message="+encodeURIComponent(a);b.onComplete=function(a){this.requestComplete(a);this._options.message&&(this._options.message.value="",this._options.message.focus())}.bind(this);"opera"!=myRealAgent&&this.enableInput(!1);this.updater=new Ajax.Request(this._options.servl,b)}},changeName:function(a){this.skipNextsound=!0;new Ajax.Request(this._options.servl,{parameters:"act=rename&thread="+(this._options.threadid||0)+"&token="+(this._options.token||0)+
+"&name="+encodeURIComponent(a)})},onThreadClosed:function(a){var b=Ajax.getXml(a);b&&"closed"==b.tagName?setTimeout("window.close()",2E3):this.handleError(a,b,"cannot close")},closeThread:function(){var a="act=close&thread="+(this._options.threadid||0)+"&token="+(this._options.token||0);this._options.user&&(a+="&user=true");new Ajax.Request(this._options.servl,{parameters:a,onComplete:this.onThreadClosed.bind(this)})},processMessage:function(a,b){var c=NodeUtils.getNodeText(b);FrameUtils.insertIntoFrame(a,
+c)},showTyping:function(a){$("typingdiv")&&($("typingdiv").style.display=a?"inline":"none")},setupAvatar:function(a){a=NodeUtils.getNodeText(a);this._options.avatar&&this._options.user&&(this._options.avatar.innerHTML=""!=a?'<img src="'+Chat.mibewRoot+'/images/free.gif" width="7" height="1" border="0" alt="" /><img src="'+a+'" border="0" alt=""/>':"")},updateContent:function(a){var b=!1,c=this._options.container,d=NodeUtils.getAttrValue(a,"lastid");d&&(this._options.lastid=d);(d=NodeUtils.getAttrValue(a,
+"typing"))&&this.showTyping("1"==d);(d=NodeUtils.getAttrValue(a,"canpost"))&&("1"==d&&!this.ownThread||this.ownThread&&"1"!=d)&&(window.location.href=window.location.href);for(d=0;d<a.childNodes.length;d++){var e=a.childNodes[d];"message"==e.tagName?(b=!0,this.processMessage(c,e)):"avatar"==e.tagName&&this.setupAvatar(e)}0<=window.location.search.indexOf("trace=on")?(a="updated",0<this.lastupdate&&(c=((new Date).getTime()-this.lastupdate)/1E3,a=a+", "+c+" secs",10<c&&alert(a)),this.lastupdate=(new Date).getTime(),
+this.setStatus(a)):this.clearStatus();b&&(FrameUtils.scrollDown(this._options.container),this.skipNextsound||(b=$("soundimg"),(null==b||b.className.match(/\bisound\b/))&&playSound(Chat.mibewRoot+"/sounds/new_message.wav")),this.focused||window.focus())},isSendkey:function(a,b){return 13==b&&(a||this._options.ignorectrl)||10==b},handleKeyDown:function(a){a?(ctrl=a.ctrlKey,a=a.which):(a=event.keyCode,ctrl=event.ctrlKey);return this._options.message&&this.isSendkey(ctrl,a)?(a=this._options.message.value,
+this._options.ignorectrl&&(a=a.replace(/[\r\n]+$/,"")),this.postMessage(a),!1):!0},handleError:function(a,b,c){b&&"error"==b.tagName?this.setStatus(NodeUtils.getNodeValue(b,"descr")):this.setStatus("reconnecting")},showStatusDiv:function(a){$("engineinfo")&&($("engineinfo").style.display="inline",$("engineinfo").innerHTML=a)},setStatus:function(a){this.statusTimeout&&clearTimeout(this.statusTimeout);this.showStatusDiv(a);this.statusTimeout=setTimeout(this.clearStatus.bind(this),4E3)},clearStatus:function(){$("engineinfo").style.display=
+"none"}});var Chat={threadUpdater:{},applyName:function(){$("uname").value.match(/^\s*$/)||(Chat.threadUpdater.changeName($("uname").value),$("changename1").style.display="none",$("changename2").style.display="inline",$("unamelink").innerHTML=htmlescape($("uname").value))},showNameField:function(){$("changename1").style.display="inline";$("changename2").style.display="none"}};
+Behaviour.register({"#postmessage a":function(a){a.onclick=function(){var a=$("msgwnd");a&&Chat.threadUpdater.postMessage(a.value)}},"select#predefined":function(a){a.onchange=function(){var a=$("msgwnd");0!=this.selectedIndex&&(a.value=this.options[this.selectedIndex].innerText||this.options[this.selectedIndex].innerHTML);this.selectedIndex=0;a.focus()}},"div#changename2 a":function(a){a.onclick=function(){Chat.showNameField();return!1}},"div#changename1 a":function(a){a.onclick=function(){Chat.applyName();
+return!1}},"div#changename1 input#uname":function(a){a.onkeydown=function(a){13==(a||event).keyCode&&Chat.applyName()}},"a#refresh":function(a){a.onclick=function(){Chat.threadUpdater.stopUpdate();Chat.threadUpdater.update()}},"a#togglesound":function(a){a.onclick=function(){var a=$("soundimg");a&&(a.className.match(/\bisound\b/)?a.className="tplimage inosound":a.className="tplimage isound",(a=$("msgwnd"))&&a.focus())}},"a.closethread":function(a){a.onclick=function(){Chat.threadUpdater.closeThread()}}});
+EventHelper.register(window,"onload",function(){Chat.mibewRoot=threadParams.wroot;Chat.cssfile=threadParams.cssfile;Chat.threadUpdater=new Ajax.ChatThreadUpdater({ignorectrl:-1,container:"safari"==myRealAgent?self.frames[0]:$("chatwnd"),avatar:$("avatarwnd"),message:$("msgwnd")}.extend(threadParams||{}))});

src/messenger/webim/js/167/common.js

@@ -0,0 +1,25 @@
+/*
+ This file is part of Mibew Messenger project.
+ http://mibew.org
+
+ Copyright (c) 2005-2013 Mibew Messenger Community
+ License: http://mibew.org/license.php
+*/
+var Class={create:function(){return function(){this.initialize.apply(this,arguments)}},inherit:function(a,b,c){Object.extend(Object.extend(a.prototype,b.prototype),c)}};Object.extend=function(a,b){for(property in b)a[property]=b[property];return a};Object.prototype.extend=function(a){return Object.extend.apply(this,[this,a])};Function.prototype.bind=function(a){var b=this;return function(){return b.apply(a,arguments)}};
+Function.prototype.bindAsEventListener=function(a){var b=this;return function(c){b.call(a,c||window.event)}};Number.prototype.toColorPart=function(){var a=this.toString(16);return 16>this?"0"+a:a};var Try={these:function(){for(var a,b=0;b<arguments.length;b++){var c=arguments[b];try{a=c();break}catch(d){}}return a}},PeriodicalExecuter=Class.create();
+PeriodicalExecuter.prototype={initialize:function(a,b){this.callback=a;this.frequency=b;this.currentlyExecuting=!1;this.registerCallback()},registerCallback:function(){setInterval(this.onTimerEvent.bind(this),1E3*this.frequency)},onTimerEvent:function(){if(!this.currentlyExecuting)try{this.currentlyExecuting=!0,this.callback()}finally{this.currentlyExecuting=!1}}};
+function findObj(a){var b;!(b=document[a])&&document.all&&(b=document.all[a]);!b&&document.getElementById&&(b=document.getElementById(a));if(!b&&!document.all&&document.getElementsByName){b=document.getElementsByName(a);if(0==b.length)return null;if(1==b.length)return b[0]}return b}Array.prototype.push||(Array.prototype.push=function(){for(var a=this.length,b=0;b<arguments.length;b++)this[a+b]=arguments[b];return this.length});
+function $(){for(var a=[],b=0;b<arguments.length;b++){var c=arguments[b];"string"==typeof c&&(c=findObj(c));if(1==arguments.length)return c;a.push(c)}return a}
+var Ajax={getTransport:function(){return Try.these(function(){return new ActiveXObject("Msxml2.XMLHTTP")},function(){return new ActiveXObject("Microsoft.XMLHTTP")},function(){return new XMLHttpRequest})||!1},getXml:function(a){return a&&200<=a.status&&300>a.status&&(a=a.responseXML)&&a.documentElement?a.documentElement:null},getError:function(a){return a.statusText||"connection error N"+a.status},emptyFunction:function(){},Base:function(){}};
+Ajax.Base.prototype={setOptions:function(a){this._options={_method:"post",asynchronous:!0,parameters:""}.extend(a||{})},getStatus:function(){try{return this.transport.status||0}catch(a){return 0}},responseIsSuccess:function(){var a=this.getStatus();return!a||200<=a&&300>a},responseIsFailure:function(){return!this.responseIsSuccess()}};Ajax.Request=Class.create();Ajax.Request.Events=["Uninitialized","Loading","Loaded","Interactive","Complete"];
+Class.inherit(Ajax.Request,Ajax.Base,{initialize:function(a,b){this.transport=Ajax.getTransport();this.setOptions(b);this.transportTimer={};this.finished=!1;this.request(a)},request:function(a){var b=this._options.parameters||"";0<b.length&&(b+="&_=");try{"get"==this._options._method&&0<b.length&&(a+="?"+b);this.transport.open(this._options._method.toUpperCase(),a,this._options.asynchronous);this._options.asynchronous&&(this.transport.onreadystatechange=this.onStateChange.bind(this),this._options.timeout&&
+(this.transportTimer=setTimeout(this.handleTimeout.bind(this),this._options.timeout)));this.setRequestHeaders();var c=this._options.postBody?this._options.postBody:b;this.transport.send("post"==this._options._method?c:null)}catch(d){this.dispatchException(d)}},setRequestHeaders:function(){var a=["X-Requested-With","XMLHttpRequest"];"post"==this._options._method&&(a.push("Content-type","application/x-www-form-urlencoded"),this.transport.overrideMimeType&&2005>(navigator.userAgent.match("/Gecko/(d{4})/")||
+[0,2005])[1]&&a.push("Connection","close"));this._options.requestHeaders&&a.push.apply(a,this._options.requestHeaders);for(var b=0;b<a.length;b+=2)this.transport.setRequestHeader(a[b],a[b+1])},onStateChange:function(){1!=this.transport.readyState&&this.respondToReadyState(this.transport.readyState)},handleTimeout:function(){this.finished||(this.finished=!0,(this._options.onTimeout||Ajax.emptyFunction)(this))},respondToReadyState:function(a){if("Complete"==Ajax.Request.Events[a]){try{this.finished||
+(this.finished=!0,this._options.timeout&&clearTimeout(this.transportTimer),(this._options.onComplete||Ajax.emptyFunction)(this.transport))}catch(b){this.dispatchException(b)}this.transport.onreadystatechange=Ajax.emptyFunction}},dispatchException:function(a){(this._options.onException||Ajax.emptyFunction)(this,a)}});
+var EventHelper={register:function(a,b,c){var d=a[b];a[b]="function"!=typeof d?c:function(){d();c()}}},Behaviour={list:[],register:function(a){Behaviour.list.push(a)},init:function(){EventHelper.register(window,"onload",function(){Behaviour.apply()})},apply:function(){for(h=0;sheet=Behaviour.list[h];h++)for(selector in sheet)if(list=document.getElementsBySelector(selector))for(i=0;element=list[i];i++)sheet[selector](element)}};Behaviour.init();
+function getAllChildren(a){return a.all?a.all:a.getElementsByTagName("*")}
+document.getElementsBySelector=function(a){if(!document.getElementsByTagName)return[];a=a.split(" ");for(var b=Array(document),c=0;c<a.length;c++)if(token=a[c].replace(/^\s+/,"").replace(/\s+$/,""),-1<token.indexOf("#")){var d=token.split("#"),e=d[0],b=document.getElementById(d[1]);if(null==b||e&&b.nodeName.toLowerCase()!=e)return[];b=Array(b)}else if(-1<token.indexOf(".")){d=token.split(".");e=d[0];d=d[1];e||(e="*");for(var m=[],l=0,p=0;p<b.length;p++){var f;f="*"==e?getAllChildren(b[p]):b[p].getElementsByTagName(e);
+if(null!=f)for(var q=0;q<f.length;q++)m[l++]=f[q]}b=[];for(l=e=0;l<m.length;l++)m[l].className&&m[l].className.match(RegExp("\\b"+d+"\\b"))&&(b[e++]=m[l])}else{if(!b[0])return;e=token;m=[];for(p=l=0;p<b.length;p++)for(f=b[p].getElementsByTagName(e),q=0;q<f.length;q++)m[l++]=f[q];b=m}return b};
+var NodeUtils={getNodeValue:function(a,b){var c=a.getElementsByTagName(b);if(0==c.length)return"";var c=c[0].childNodes,d="";for(i=0;i<c.length;i++)d+=c[i].nodeValue;return d},getNodeText:function(a){a=a.childNodes;var b="";for(i=0;i<a.length;i++)b+=a[i].nodeValue;return b},getAttrValue:function(a,b){for(k=0;k<a.attributes.length;k++)if(a.attributes[k].nodeName==b)return a.attributes[k].nodeValue;return null}},CommonUtils={getRow:function(a,b){var c=b.rows[a];if(null!=c)return c;if(null!=b.rows.head)return null;
+for(k=0;k<b.rows.length;k++)if(b.rows[k].id==a)return b.rows[k];return null},getCell:function(a,b,c){var d=b.cells[a];if(null!=d)return d;if(null!=c.rows.head)return null;for(k=0;k<b.cells.length;k++)if(b.cells[k].id==a)return b.cells[k];return null},insertCell:function(a,b,c,d,e,m){a=a.insertCell(-1);a.id=b;d&&(a.align=d);a.className=c;e&&(a.height=e);a.innerHTML=m}};
+function playSound(a){var b=document.createElement("div");-1!=navigator.userAgent.toLowerCase().indexOf("opera")&&(b.style="position: absolute; left: 0px; top: -200px;");document.body.appendChild(b);b.innerHTML='<audio autoplay src="'+a+'"><embed src="'+a+'" hidden="true" autostart="true" loop="false"></audio>'}function htmlescape(a){return a.replace("&","&amp;").replace("<","&lt;").replace(">","&gt;").replace('"',"&quot;")};

src/messenger/webim/js/167/update.js

@@ -0,0 +1,33 @@
+function loadNews() {
+	if (typeof(window.mibewNews) == "undefined" || typeof(window.mibewNews.length) == "undefined")
+		return;
+	
+	var str = "<div>";
+	for (var i = 0; i < window.mibewNews.length; i++) {
+		str += "<div class=\"newstitle\"><a hre" + "f=\"" + window.mibewNews[i].link + "\">" + window.mibewNews[i].title + "</a>, <span class=\"small\">" + window.mibewNews[i].date + "</span></div>";
+		str += "<div class=\"newstext\">" + window.mibewNews[i].message+"</div>";
+	}
+	$("#news").html(str + "</div>");
+}
+
+function loadVersion() {
+	if(typeof(window.mibewLatest) == "undefined" || typeof(window.mibewLatest.version) == "undefined")
+		return;
+	
+	var current = $("#cver").html();
+
+	if(current != window.mibewLatest.version) {
+		if(current < window.mibewLatest.version) {
+			$("#cver").css("color","red");
+		}
+		$("#lver").html(window.mibewLatest.version+", Download <a href=\""+window.mibewLatest.download+"\">"+window.mibewLatest.title+"</a>");
+	} else {
+		$("#cver").css("color","green");
+		$("#lver").html(window.mibewLatest.version);
+	}
+}
+
+$(function(){
+	loadNews();
+	loadVersion();
+});

src/messenger/webim/js/167/users.js

@@ -0,0 +1,27 @@
+/*
+ This file is part of Mibew Messenger project.
+ http://mibew.org
+
+ Copyright (c) 2005-2013 Mibew Messenger Community
+ License: http://mibew.org/license.php
+*/
+Ajax.PeriodicalUpdater=Class.create();
+Class.inherit(Ajax.PeriodicalUpdater,Ajax.Base,{initialize:function(a){this.setOptions(a);this._options.onComplete=this.requestComplete.bind(this);this._options.onException=this.handleException.bind(this);this._options.onTimeout=this.handleTimeout.bind(this);this._options.timeout=5E3;this.frequency=this._options.frequency||2;this.updater={};this.update()},handleException:function(a,b){this._options.handleError&&this._options.handleError("offline, reconnecting");this.stopUpdate();this.timer=setTimeout(this.update.bind(this),
+1E3)},handleTimeout:function(a){this._options.handleError&&this._options.handleError("timeout, reconnecting");this.stopUpdate();this.timer=setTimeout(this.update.bind(this),1E3)},stopUpdate:function(){this.updater._options&&(this.updater._options.onComplete=void 0);clearTimeout(this.timer)},update:function(){this._options.updateParams&&(this._options.parameters=this._options.updateParams());this.updater=new Ajax.Request(this._options.url,this._options)},requestComplete:function(a){try{var b=Ajax.getXml(a);
+b?(this._options.updateContent||Ajax.emptyFunction)(b):this._options.handleError&&this._options.handleError("reconnecting")}catch(c){}this.timer=setTimeout(this.update.bind(this),1E3*this.frequency)}});
+var HtmlGenerationUtils={popupLink:function(a,b,c,d,e,m,l){return'<a href="'+a+'"'+(null!=l?' class="'+l+'"':"")+' target="_blank" title="'+b+'" onclick="this.newWindow = window.open(\''+a+"', '"+c+"', 'toolbar=0,scrollbars=0,location=0,status=1,menubar=0,width="+e+",height="+m+",resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;\">"+d+"</a>"},generateOneRowTable:function(a){return'<table class="inner"><tr>'+a+"</tr></table>"},viewOpenCell:function(a,b,c,d,e,m,l,p){m=
+2;b=b+"?thread="+c;var f="<td>",f=e||d?f+HtmlGenerationUtils.popupLink(p||!d?b:b+"&viewonly=true",localized[e?0:1],"ImCenter"+c,a,640,480,null):f+('<a href="#">'+a+"</a>"),f=f+"</td>";e&&(f=f+'<td class="icon">'+HtmlGenerationUtils.popupLink(b,localized[0],"ImCenter"+c,'<img src="'+mibewRoot+'/images/tbliclspeak.gif" width="15" height="15" border="0" alt="'+localized[0]+'">',640,480,null),f+="</td>",m++);d&&(f+='<td class="icon">',f+=HtmlGenerationUtils.popupLink(b+"&viewonly=true",localized[1],"ImCenter"+
+c,'<img src="'+mibewRoot+'/images/tbliclread.gif" width="15" height="15" border="0" alt="'+localized[1]+'">',640,480,null),f+="</td>",m++);""!=l&&(f+='</tr><tr><td class="firstmessage" colspan="'+m+'"><a href="javascript:void(0)" title="'+l+'" onclick="alert(this.title);return false;">',f+=30<l.length?l.substring(0,30)+"...":l,f+="</a></td>");return HtmlGenerationUtils.generateOneRowTable(f)},banCell:function(a,b){return'<td class="icon">'+HtmlGenerationUtils.popupLink(mibewRoot+"/operator/ban.php?"+
+(b?"id="+b:"thread="+a),localized[2],"ban"+a,'<img src="'+mibewRoot+'/images/ban.gif" width="15" height="15" border="0" alt="'+localized[2]+'">',720,480,null)+"</td>"}};Ajax.ThreadListUpdater=Class.create();
+Class.inherit(Ajax.ThreadListUpdater,Ajax.Base,{initialize:function(a){this.setOptions(a);this._options.updateParams=this.updateParams.bind(this);this._options.handleError=this.handleError.bind(this);this._options.updateContent=this.updateContent.bind(this);this._options.lastrevision=0;this.threadTimers={};this.delta=0;this.t=this._options.table;this.periodicalUpdater=new Ajax.PeriodicalUpdater(this._options)},updateParams:function(){return"since="+this._options.lastrevision+"&status="+this._options.istatus+
+(this._options.showonline?"&showonline=1":"")},setStatus:function(a){this._options.status.innerHTML=a},handleError:function(a){this.setStatus(a)},updateThread:function(a){function b(a,b,c,d){if(a=CommonUtils.getCell(c,b,a))a.innerHTML=d}for(var c,d,e,m=!1,l=!1,p=!1,f=null,q=null,g=0;g<a.attributes.length;g++){var n=a.attributes[g];"id"==n.nodeName?c=n.nodeValue:"stateid"==n.nodeName?d=n.nodeValue:"state"==n.nodeName?e=n.nodeValue:"canopen"==n.nodeName?l=!0:"canview"==n.nodeName?m=!0:"canban"==n.nodeName?
+p=!0:"ban"==n.nodeName?f=n.nodeValue:"banid"==n.nodeName&&(q=n.nodeValue)}g=CommonUtils.getRow("thr"+c,this.t);if("closed"==d)g&&this.t.deleteRow(g.rowIndex),this.threadTimers[c]=null;else{var n=NodeUtils.getNodeValue(a,"name"),u=NodeUtils.getNodeValue(a,"addr"),s=NodeUtils.getNodeValue(a,"time"),v=NodeUtils.getNodeValue(a,"agent"),t=NodeUtils.getNodeValue(a,"modified"),w=NodeUtils.getNodeValue(a,"message"),r="<td>"+NodeUtils.getNodeValue(a,"useragent")+"</td>";null!=f&&(r="<td>"+NodeUtils.getNodeValue(a,
+"reason")+"</td>");p&&(r+=HtmlGenerationUtils.banCell(c,q));r=HtmlGenerationUtils.generateOneRowTable(r);a=CommonUtils.getRow("t"+d,this.t);p=CommonUtils.getRow("t"+d+"end",this.t);null!=g&&(g.rowIndex<=a.rowIndex||g.rowIndex>=p.rowIndex)&&(this.t.deleteRow(g.rowIndex),g=this.threadTimers[c]=null);if(null==g){if(g=this.t.insertRow(a.rowIndex+1),g.className="blocked"==f&&"chat"!=d?"ban":"in"+d,g.id="thr"+c,this.threadTimers[c]=[s,t,d],CommonUtils.insertCell(g,"name","visitor",null,null,HtmlGenerationUtils.viewOpenCell(n,
+this._options.agentservl,c,m,l,f,w,"chat"!=d)),CommonUtils.insertCell(g,"contid","visitor","center",null,u),CommonUtils.insertCell(g,"state","visitor","center",null,e),CommonUtils.insertCell(g,"op","visitor","center",null,v),CommonUtils.insertCell(g,"time","visitor","center",null,this.getTimeSince(s)),CommonUtils.insertCell(g,"wait","visitor","center",null,"chat"!=d?this.getTimeSince(t):"-"),CommonUtils.insertCell(g,"etc","visitor","center",null,r),"wait"==d||"prio"==d)return!0}else this.threadTimers[c]=
+[s,t,d],g.className="blocked"==f&&"chat"!=d?"ban":"in"+d,b(this.t,g,"name",HtmlGenerationUtils.viewOpenCell(n,this._options.agentservl,c,m,l,f,w,"chat"!=d)),b(this.t,g,"contid",u),b(this.t,g,"state",e),b(this.t,g,"op",v),b(this.t,g,"time",this.getTimeSince(s)),b(this.t,g,"wait","chat"!=d?this.getTimeSince(t):"-"),b(this.t,g,"etc",r);return!1}},updateQueueMessages:function(){function a(a,b){var c=$(b),l=$(b+"end");return null==c||null==l?!1:c.rowIndex+1<l.rowIndex}var b=$("statustd");if(b){var c=a(this.t,
+"twait")||a(this.t,"tprio")||a(this.t,"tchat");b.innerHTML=c?"":this._options.noclients;b.height=c?5:30}},getTimeSince:function(a){a=Math.floor(((new Date).getTime()-a-this.delta)/1E3);var b=Math.floor(a/60),c="";a%=60;10>a&&(a="0"+a);60<=b&&(c=Math.floor(b/60),b%=60,10>b&&(b="0"+b),c+=":");return c+b+":"+a},updateTimers:function(){for(var a in this.threadTimers)if(null!=this.threadTimers[a]){var b=this.threadTimers[a],c=CommonUtils.getRow("thr"+a,this.t);if(null!=c){var d=this.getTimeSince(b[0]),
+e=CommonUtils.getCell("time",c,this.t);e&&(e.innerHTML=d);b="chat"!=b[2]?this.getTimeSince(b[1]):"-";if(c=CommonUtils.getCell("wait",c,this.t))c.innerHTML=b}}},updateThreads:function(a){var b=!1,c=NodeUtils.getAttrValue(a,"time"),d=NodeUtils.getAttrValue(a,"revision");c&&(this.delta=(new Date).getTime()-c);d&&(this._options.lastrevision=d);for(c=0;c<a.childNodes.length;c++)d=a.childNodes[c],"thread"==d.tagName&&this.updateThread(d)&&(b=!0);this.updateQueueMessages();this.updateTimers();this.setStatus(this._options.istatus?
+"Away":"Up to date");b&&(playSound(mibewRoot+"/sounds/new_user.wav"),window.focus(),updaterOptions.showpopup&&alert(localized[5]))},updateOperators:function(a){var b=$("onlineoperators");if(b){for(var c=[],d=0;d<a.childNodes.length;d++){var e=a.childNodes[d];if("operator"==e.tagName){var m=NodeUtils.getAttrValue(e,"name"),e=null!=NodeUtils.getAttrValue(e,"away");c[c.length]='<img src="'+mibewRoot+"/images/op"+(e?"away":"online")+'.gif" width="12" height="12" border="0" alt="'+localized[1]+'"> '+m}}b.innerHTML=
+c.join(", ")}},updateContent:function(a){if("update"==a.tagName)for(var b=0;b<a.childNodes.length;b++){var c=a.childNodes[b];"threads"==c.tagName?this.updateThreads(c):"operators"==c.tagName&&this.updateOperators(c)}else"error"==a.tagName?this.setStatus(NodeUtils.getNodeValue(a,"descr")):this.setStatus("reconnecting")}});
+function togglemenu(){$("sidebar")&&($("wcontent")&&$("togglemenu"))&&("contentnomenu"==$("wcontent").className?($("sidebar").style.display="block",$("wcontent").className="contentinner",$("togglemenu").innerHTML=localized[4]):($("sidebar").style.display="none",$("wcontent").className="contentnomenu",$("togglemenu").innerHTML=localized[3]))}var mibewRoot="";Behaviour.register({"#togglemenu":function(a){a.onclick=function(){togglemenu()}}});
+EventHelper.register(window,"onload",function(){mibewRoot=updaterOptions.wroot;new Ajax.ThreadListUpdater({table:$("threadlist"),status:$("connstatus"),istatus:0}.extend(updaterOptions||{}));updaterOptions.havemenu||togglemenu()});

src/messenger/webim/js/source/build.xml

@@ -2,12 +2,12 @@
 
 <project basedir="." default="update" name="Obfuscator">
   <property name="closure.c" value="/usr/local/closure/compiler.jar" />
-  <property name="webim.location" value="../164" />
+  <property name="mibew.location" value="../167" />
 
   <target name="update">
 	<java jar="${closure.c}" fork="true">
 	  <arg value="--module_output_path_prefix"/>
-	  <arg value="${webim.location}/"/>
+	  <arg value="${mibew.location}/"/>
 	  <arg value="--module"/>
 	  	<arg value="common:1"/>
 		  <arg value="--js"/>

src/messenger/webim/js/source/chat.js

@@ -2,7 +2,7 @@
  * @preserve This file is part of Mibew Messenger project.
  * http://mibew.org
  * 
- * Copyright (c) 2005-2011 Mibew Messenger Community
+ * Copyright (c) 2005-2013 Mibew Messenger Community
  * License: http://mibew.org/license.php
  */
 
@@ -24,8 +24,8 @@ var FrameUtils = {
 	doc.open();
 	doc.write("<html><head>");
 	doc.write("<link rel=\"stylesheet\" type=\"text/css\" media=\"all\" href=\""+Chat.cssfile+"\">");
-	doc.write("</head><body bgcolor='#FFFFFF' text='#000000' link='#C28400' vlink='#C28400' alink='#C28400'>");
+	doc.write("</head><body bgcolor=\"#FFFFFF\" text=#000000\" link=\"#C28400\" vlink=\"#C28400\" alink=\"#C28400\">");
-	doc.write("<table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td valign='top' class='message' id='content'></td></tr></table><a id='bottom' name='bottom'></a>");
+	doc.write("<table width=\"100%\" cellspacing=\"0\" cellpadding=\"0\" border=\"0\"><tr><td valign=\"top\" class=\"message\" id=\"content\"></td></tr></table><a id=\"bottom\" name=\"bottom\"></a>");
 	doc.write("</body></html>");
 	doc.close();
 	frm.onload = function() {
@@ -85,7 +85,7 @@ Class.inherit( Ajax.ChatThreadUpdater, Ajax.Base, {
   },
 
   handleException: function(_request, ex) {
-  	this.setStatus("offline, reconnecting");
+	this.setStatus("offline, reconnecting");
 	this.stopUpdate();
 	this.timer = setTimeout(this.update.bind(this), 1000);
   },
@@ -99,11 +99,11 @@ Class.inherit( Ajax.ChatThreadUpdater, Ajax.Base, {
   updateOptions: function(act) {
     this._options.parameters = 'act='+act+'&thread=' + (this._options.threadid || 0) +
 			'&token=' + (this._options.token || 0)+
-    		'&lastid=' + (this._options.lastid || 0);
+		'&lastid=' + (this._options.lastid || 0);
     if( this._options.user )
-    	this._options.parameters += "&user=true";
+	this._options.parameters += "&user=true";
 	if( act == 'refresh' && this._options.message && this._options.message.value != '' )
-    	this._options.parameters += "&typed=1";
+	this._options.parameters += "&typed=1";
   },
 
   enableInput: function(val) {
@@ -113,7 +113,7 @@ Class.inherit( Ajax.ChatThreadUpdater, Ajax.Base, {
 
   stopUpdate: function() {
     this.enableInput(true);
-  	if( this.updater._options )
+	if( this.updater._options )
 	    this.updater._options.onComplete = undefined;
     clearTimeout(this.timer);
   },
@@ -126,13 +126,13 @@ Class.inherit( Ajax.ChatThreadUpdater, Ajax.Base, {
   requestComplete: function(_response) {
     try {
         this.enableInput(true);
-    	this.cansend = true;
+	this.cansend = true;
-    	var xmlRoot = Ajax.getXml(_response);
+	var xmlRoot = Ajax.getXml(_response);
         if( xmlRoot && xmlRoot.tagName == 'thread' ) {
           this.updateContent( xmlRoot );
-    	} else {
+	} else {
-    	  this.handleError(_response, xmlRoot, 'refresh messages failed');
+	  this.handleError(_response, xmlRoot, 'refresh messages failed');
-    	}
+	}
 	} catch (e) {
     }
     this.skipNextsound = false;
@@ -150,21 +150,22 @@ Class.inherit( Ajax.ChatThreadUpdater, Ajax.Base, {
     var postOptions = {}.extend(this._options);
     postOptions.parameters += "&message=" + encodeURIComponent(msg);
     postOptions.onComplete = (function(presponse) {
-    	this.requestComplete( presponse );
+	this.requestComplete( presponse );
-    	if( this._options.message ) {
+	if( this._options.message ) {
-    		this._options.message.value = '';
+		this._options.message.value = '';
-    		this._options.message.focus();
+		this._options.message.focus();
-    	}
+	}
     }).bind(this);
     if( myRealAgent != 'opera' )
-    	this.enableInput(false);
+	this.enableInput(false);
     this.updater = new Ajax.Request(this._options.servl, postOptions);
   },
 
   changeName: function(newname) {
     this.skipNextsound = true;
     new Ajax.Request(this._options.servl, {parameters:'act=rename&thread=' + (this._options.threadid || 0) +
-    	'&token=' + (this._options.token || 0) + '&name=' + encodeURIComponent(newname)});
+	'&token=' + (this._options.token || 0) + '&name=' + encodeURIComponent(newname)});
+
   },
 
   onThreadClosed: function(_response) {
@@ -179,7 +180,7 @@ Class.inherit( Ajax.ChatThreadUpdater, Ajax.Base, {
   closeThread: function() {
 	var _params = 'act=close&thread=' + (this._options.threadid || 0) + '&token=' + (this._options.token || 0);
 	if( this._options.user )
-    	_params += "&user=true";
+	_params += "&user=true";
     new Ajax.Request(this._options.servl, {parameters:_params, onComplete: this.onThreadClosed.bind(this)});
   },
 
@@ -189,16 +190,16 @@ Class.inherit( Ajax.ChatThreadUpdater, Ajax.Base, {
   },
 
   showTyping: function(istyping) {
-  	if( $("typingdiv") ) {
+	if( $("typingdiv") ) {
 		$("typingdiv").style.display=istyping ? 'inline' : 'none';
-  	}
+	}
   },
 
   setupAvatar: function(avatar) {
 	var imageLink = NodeUtils.getNodeText(avatar);
 	if( this._options.avatar && this._options.user ) {
 		this._options.avatar.innerHTML = imageLink != ""
-			? "<img src=\""+Chat.webimRoot+"/images/free.gif\" width=\"7\" height=\"1\" border=\"0\" alt=\"\" /><img src=\""
+			? "<img src=\""+Chat.mibewRoot+"/images/free.gif\" width=\"7\" height=\"1\" border=\"0\" alt=\"\" /><img src=\""
 				+imageLink+ "\" border=\"0\" alt=\"\"/>"
 			: "";
 	}
@@ -207,7 +208,7 @@ Class.inherit( Ajax.ChatThreadUpdater, Ajax.Base, {
   updateContent: function(xmlRoot) {
 	var haveMessage = false;
 
-   	var result_div = this._options.container;
+	var result_div = this._options.container;
 	var _lastid = NodeUtils.getAttrValue(xmlRoot, "lastid");
 	if( _lastid ) {
 		this._options.lastid = _lastid;
@@ -253,7 +254,7 @@ Class.inherit( Ajax.ChatThreadUpdater, Ajax.Base, {
 		if(!this.skipNextsound) {
 			var tsound = $('soundimg');
 			if(tsound == null || tsound.className.match(new RegExp("\\bisound\\b")) ) {
-				playSound(Chat.webimRoot+'/sounds/new_message.wav');
+				playSound(Chat.mibewRoot+'/sounds/new_message.wav');
 			}
 		}
 		if( !this.focused ) {
@@ -265,7 +266,7 @@ Class.inherit( Ajax.ChatThreadUpdater, Ajax.Base, {
   isSendkey: function(ctrlpressed, key) {
 	  return ((key==13 && (ctrlpressed || this._options.ignorectrl)) || (key==10));
   },
-  
+
   handleKeyDown: function(k) {
 	if( k ){ ctrl=k.ctrlKey;k=k.which; } else { k=event.keyCode;ctrl=event.ctrlKey;	}
 	if( this._options.message && this.isSendkey(ctrl, k) ) {
@@ -311,10 +312,12 @@ var Chat = {
   threadUpdater : {},
 
   applyName: function() {
-	Chat.threadUpdater.changeName($('uname').value);
+	if ( !$('uname').value.match(/^\s*$/) ) {
-	$('changename1').style.display='none';
+	    Chat.threadUpdater.changeName($('uname').value);
-	$('changename2').style.display='inline';
+	    $('changename1').style.display='none';
-	$('unamelink').innerHTML = htmlescape($('uname').value);
+	    $('changename2').style.display='inline';
+	    $('unamelink').innerHTML = htmlescape($('uname').value);
+	}
   },
 
   showNameField: function() {
@@ -391,7 +394,7 @@ Behaviour.register({
 });
 
 EventHelper.register(window, 'onload', function(){
-  Chat.webimRoot = threadParams.wroot;
+  Chat.mibewRoot = threadParams.wroot;
   Chat.cssfile = threadParams.cssfile;
   Chat.threadUpdater = new Ajax.ChatThreadUpdater(({ignorectrl:-1,container:myRealAgent=='safari'?self.frames[0]:$("chatwnd"),avatar:$("avatarwnd"),message:$("msgwnd")}).extend( threadParams || {} ));
 });

src/messenger/webim/js/source/common.js

@@ -2,7 +2,7 @@
  * @preserve This file is part of Mibew Messenger project.
  * http://mibew.org
  *
- * Copyright (c) 2005-2011 Mibew Messenger Community
+ * Copyright (c) 2005-2013 Mibew Messenger Community
  * License: http://mibew.org/license.php
  */
 
@@ -171,7 +171,7 @@ var Ajax = {
   },
 
   getError: function(_response) {
-  	return _response.statusText || "connection error N" + _response.status;
+	return _response.statusText || "connection error N" + _response.status;
   },
 
   emptyFunction: function() {}
@@ -274,9 +274,9 @@ Class.inherit( Ajax.Request, Ajax.Base, {
   },
 
   handleTimeout: function() {
-  	if(this.finished) { return; }
+	if(this.finished) { return; }
-  	this.finished = true;
+	this.finished = true;
-  	(this._options.onTimeout || Ajax.emptyFunction)(this);
+	(this._options.onTimeout || Ajax.emptyFunction)(this);
   },
 
   respondToReadyState: function(readystate) {
@@ -285,9 +285,9 @@ Class.inherit( Ajax.Request, Ajax.Base, {
     if (event == 'Complete') {
       try {
 		if(!this.finished) {
-	        this.finished = true;
+		this.finished = true;
-	      	if(this._options.timeout) { clearTimeout(this.transportTimer); }
+		if(this._options.timeout) { clearTimeout(this.transportTimer); }
-	      	(this._options.onComplete || Ajax.emptyFunction)(this.transport);
+		(this._options.onComplete || Ajax.emptyFunction)(this.transport);
 	    }
       } catch (e) {
         this.dispatchException(e);
@@ -468,41 +468,41 @@ var NodeUtils = {
 
 var CommonUtils = {
   getRow: function(_id,_table) {
-  	var _row = _table.rows[_id];
+	var _row = _table.rows[_id];
-  	if( _row != null )
+	if( _row != null )
-  		return _row;
+		return _row;
-  	if( _table.rows['head'] != null )
+	if( _table.rows['head'] != null )
-  		return null;
+		return null;
 
-  	for( k=0; k < _table.rows.length; k++ ) {
+	for( k=0; k < _table.rows.length; k++ ) {
-  		if( _table.rows[k].id == _id )
+		if( _table.rows[k].id == _id )
-  			return _table.rows[k];
+			return _table.rows[k];
-  	}
+	}
-  	return null;
+	return null;
   },
 
   getCell: function(_id,_row,_table) {
-  	var _cell = _row.cells[_id];
+	var _cell = _row.cells[_id];
-  	if( _cell != null )
+	if( _cell != null )
-  		return _cell;
+		return _cell;
-  	if( _table.rows['head'] != null )
+	if( _table.rows['head'] != null )
-  		return null;
+		return null;
-  	for( k=0; k < _row.cells.length; k++ ) {
+	for( k=0; k < _row.cells.length; k++ ) {
-  		if( _row.cells[k].id == _id )
+		if( _row.cells[k].id == _id )
-  			return _row.cells[k];
+			return _row.cells[k];
-  	}
+	}
-  	return null;
+	return null;
   },
 
   insertCell: function(_row,_id,_className,_align,_height, _inner) {
-  	var cell = _row.insertCell(-1);
+	var cell = _row.insertCell(-1);
-  	cell.id = _id;
+	cell.id = _id;
-  	if(_align)
+	if(_align)
-  		cell.align = _align;
+		cell.align = _align;
-  	cell.className = _className;
+	cell.className = _className;
-  	if(_height)
+	if(_height)
-  		cell.height = _height;
+		cell.height = _height;
-  	cell.innerHTML = _inner;
+	cell.innerHTML = _inner;
   }
 };
 
@@ -510,7 +510,7 @@ function playSound(wav_file) {
   var player = document.createElement("div");
   var agt = navigator.userAgent.toLowerCase();
   if(agt.indexOf('opera') != -1) {
-  	player.style = "position: absolute; left: 0px; top: -200px;";
+	player.style = "position: absolute; left: 0px; top: -200px;";
   }
   document.body.appendChild(player);
   player.innerHTML = '<audio autoplay src="'+wav_file+'"><embed src="'+wav_file+'" hidden="true" autostart="true" loop="false"></audio>';

src/messenger/webim/js/source/users.js

@@ -2,7 +2,7 @@
  * @preserve This file is part of Mibew Messenger project.
  * http://mibew.org
  * 
- * Copyright (c) 2005-2011 Mibew Messenger Community
+ * Copyright (c) 2005-2013 Mibew Messenger Community
  * License: http://mibew.org/license.php
  */
 
@@ -35,19 +35,19 @@ Class.inherit( Ajax.PeriodicalUpdater, Ajax.Base, {
   },
 
   stopUpdate: function() {
-  	if( this.updater._options )
+	if( this.updater._options )
 	    this.updater._options.onComplete = undefined;
     clearTimeout(this.timer);
   },
 
   update: function() {
     if( this._options.updateParams )
-    	this._options.parameters = (this._options.updateParams)();
+	this._options.parameters = (this._options.updateParams)();
     this.updater = new Ajax.Request(this._options.url, this._options);
   },
 
   requestComplete: function(presponse) {
-  	try {
+	try {
 		var xmlRoot = Ajax.getXml(presponse);
 		if( xmlRoot ) {
 	      (this._options.updateContent || Ajax.emptyFunction)( xmlRoot );
@@ -64,9 +64,9 @@ Class.inherit( Ajax.PeriodicalUpdater, Ajax.Base, {
 var HtmlGenerationUtils = {
 
   popupLink: function(link, title, wndid, inner, width, height,linkclass) {
-  	return '<a href="'+link+'"'+(linkclass != null ? ' class="'+linkclass+'"' : '')+' target="_blank" title="'+title+'" onclick="this.newWindow = window.open(\''+link+'\', \''+
+	return '<a href="'+link+'"'+(linkclass != null ? ' class="'+linkclass+'"' : '')+' target="_blank" title="'+title+'" onclick="this.newWindow = window.open(\''+link+'\', \''+
-  			wndid+'\', \'toolbar=0,scrollbars=0,location=0,status=1,menubar=0,width='+width+',height='+height+',resizable=1\');this.newWindow.focus();this.newWindow.opener=window;return false;">'+
+			wndid+'\', \'toolbar=0,scrollbars=0,location=0,status=1,menubar=0,width='+width+',height='+height+',resizable=1\');this.newWindow.focus();this.newWindow.opener=window;return false;">'+
-  			inner+'</a>';
+			inner+'</a>';
   },
 
   generateOneRowTable: function(content) {
@@ -74,10 +74,10 @@ var HtmlGenerationUtils = {
   },
 
   viewOpenCell: function(username,servlet,id,canview,canopen,ban,message,cantakenow) {
-  		var cellsCount = 2;
+		var cellsCount = 2;
-  		var link = servlet+"?thread="+id;
+		var link = servlet+"?thread="+id;
- 		var gen = '<td>';
+		var gen = '<td>';
- 		if(canopen || canview ) {
+		if(canopen || canview ) {
 			gen += HtmlGenerationUtils.popupLink( (cantakenow||!canview) ? link : link+"&viewonly=true", localized[canopen ? 0 : 1], "ImCenter"+id, username, 640, 480, null);
 		} else {
 			gen += '<a href="#">' + username + '</a>';
@@ -85,13 +85,13 @@ var HtmlGenerationUtils = {
 		gen += '</td>';
 		if( canopen ) {
 			gen += '<td class="icon">';
-			gen += HtmlGenerationUtils.popupLink( link, localized[0], "ImCenter"+id, '<img src="'+webimRoot+'/images/tbliclspeak.gif" width="15" height="15" border="0" alt="'+localized[0]+'">', 640, 480, null);
+			gen += HtmlGenerationUtils.popupLink( link, localized[0], "ImCenter"+id, '<img src="'+mibewRoot+'/images/tbliclspeak.gif" width="15" height="15" border="0" alt="'+localized[0]+'">', 640, 480, null);
 			gen += '</td>';
 			cellsCount++;
 		}
 		if( canview ) {
 			gen += '<td class="icon">';
-			gen += HtmlGenerationUtils.popupLink( link+"&viewonly=true", localized[1], "ImCenter"+id, '<img src="'+webimRoot+'/images/tbliclread.gif" width="15" height="15" border="0" alt="'+localized[1]+'">', 640, 480, null);
+			gen += HtmlGenerationUtils.popupLink( link+"&viewonly=true", localized[1], "ImCenter"+id, '<img src="'+mibewRoot+'/images/tbliclread.gif" width="15" height="15" border="0" alt="'+localized[1]+'">', 640, 480, null);
 			gen += '</td>';
 			cellsCount++;
 		}
@@ -100,11 +100,11 @@ var HtmlGenerationUtils = {
 			gen += message.length > 30 ? message.substring(0,30) + '...' : message;
 			gen += '</a></td>';
 		}
-  		return HtmlGenerationUtils.generateOneRowTable(gen);
+		return HtmlGenerationUtils.generateOneRowTable(gen);
   },
   banCell: function(id,banid){
       return '<td class="icon">'+
-          HtmlGenerationUtils.popupLink( webimRoot+'/operator/ban.php?'+(banid ? 'id='+banid : 'thread='+id), localized[2], "ban"+id, '<img src="'+webimRoot+'/images/ban.gif" width="15" height="15" border="0" alt="'+localized[2]+'">', 720, 480, null)+
+          HtmlGenerationUtils.popupLink( mibewRoot+'/operator/ban.php?'+(banid ? 'id='+banid : 'thread='+id), localized[2], "ban"+id, '<img src="'+mibewRoot+'/images/ban.gif" width="15" height="15" border="0" alt="'+localized[2]+'">', 720, 480, null)+
           '</td>';
   }
 };
@@ -125,11 +125,11 @@ Class.inherit( Ajax.ThreadListUpdater, Ajax.Base, {
   },
 
   updateParams: function() {
-  	return "since=" + this._options.lastrevision + "&status=" + this._options.istatus + (this._options.showonline ? "&showonline=1" : "");
+	return "since=" + this._options.lastrevision + "&status=" + this._options.istatus + (this._options.showonline ? "&showonline=1" : "");
   },
 
   setStatus: function(msg) {
-  	this._options.status.innerHTML = msg;
+	this._options.status.innerHTML = msg;
   },
 
   handleError: function(s) {
@@ -236,7 +236,7 @@ Class.inherit( Ajax.ThreadListUpdater, Ajax.Base, {
 			return false;
 		}
 		return startRow.rowIndex+1 < endRow.rowIndex;
-  	}
+	}
 	var _status = $("statustd");
 	if( _status) {
 		var notempty = queueNotEmpty(this.t, "twait") || queueNotEmpty(this.t, "tprio") || queueNotEmpty(this.t, "tchat");
@@ -301,18 +301,18 @@ Class.inherit( Ajax.ThreadListUpdater, Ajax.Base, {
 	this.updateTimers();
 	this.setStatus(this._options.istatus ? "Away" : "Up to date");
 	if( newAdded ) {
-		playSound(webimRoot+'/sounds/new_user.wav');
+		playSound(mibewRoot+'/sounds/new_user.wav');
 		window.focus();
 		if(updaterOptions.showpopup) {
 			alert(localized[5]);
 		}
 	}
   },
-  
+
   updateOperators: function(root) {
-  	var div = $('onlineoperators');
+	var div = $('onlineoperators');
-  	if (!div)
+	if (!div)
-  		return;
+		return;
 
 	var names = [];
 	
@@ -325,7 +325,7 @@ Class.inherit( Ajax.ThreadListUpdater, Ajax.Base, {
 		var isAway = NodeUtils.getAttrValue(node, 'away') != null;
 		
 		names[names.length] = 
-			'<img src="'+webimRoot+'/images/op'+(isAway ? 'away' : 'online')+
+			'<img src="'+mibewRoot+'/images/op'+(isAway ? 'away' : 'online')+
 					'.gif" width="12" height="12" border="0" alt="'+localized[1]+'"> '+ name;
 	}
 
@@ -365,7 +365,7 @@ if($("sidebar") && $("wcontent") && $("togglemenu")) {
 }
 }
 
-var webimRoot = "";
+var mibewRoot = "";
 
 Behaviour.register({
 	'#togglemenu' : function(el) {
@@ -376,9 +376,9 @@ Behaviour.register({
 });
 
 EventHelper.register(window, 'onload', function(){
-  webimRoot = updaterOptions.wroot;
+  mibewRoot = updaterOptions.wroot;
   new Ajax.ThreadListUpdater(({table:$("threadlist"),status:$("connstatus"),istatus:0}).extend(updaterOptions || {}));
   if(!updaterOptions.havemenu) {
 	  togglemenu();
-  }	 
+  }
 });

src/messenger/webim/leavemessage.php

@@ -33,13 +33,13 @@ function store_message($name, $email, $info, $message,$groupid,$referrer) {
 	$link = connect();
 	$thread = create_thread($groupid,$name,$remoteHost,$referrer,$current_locale,$visitor['id'], $userbrowser,$state_left,$link);
 	if( $referrer ) {
-		post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.came.from',array($referrer)),$link);
+		post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.came.from',array($referrer),true),$link);
 	}
 	if($email) {
-		post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.email',array($email)),$link);
+		post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.email',array($email),true),$link);
 	}
 	if($info) {
-		post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.info',array($info)),$link);
+		post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.info',array($info),true),$link);
 	}
 	post_message_($thread['threadid'],$kind_user,$message,$link,$name);
 	mysql_close($link);
@@ -50,7 +50,7 @@ $groupname = "";
 $group = NULL;
 loadsettings();
 if($settings['enablegroups'] == '1') {
-	$groupid = verifyparam( "group", "/^\d{1,8}$/", "");
+	$groupid = verifyparam( "group", "/^\d{1,10}$/", "");
 	if($groupid) {
 		$group = group_by_id($groupid);
 		if(!$group) {
@@ -102,8 +102,8 @@ if(!locale_exists($message_locale)) {
 
 store_message($visitor_name, $email, $info, $message, $groupid, $referrer);
 
-$subject = getstring2_("leavemail.subject", array($visitor_name), $message_locale);
+$subject = getstring2_("leavemail.subject", array($visitor_name), $message_locale,true);
-$body = getstring2_("leavemail.body", array($visitor_name,$email,$message,$info ? "$info\n" : ""), $message_locale);
+$body = getstring2_("leavemail.body", array($visitor_name,$email,$message,$info ? "$info\n" : ""), $message_locale,true);
 
 if (isset($group) && !empty($group['vcemail'])) {
 	$inbox_mail = $group['vcemail'];
@@ -113,7 +113,7 @@ if (isset($group) && !empty($group['vcemail'])) {
 
 if($inbox_mail) {
 	$link = connect();
-	webim_mail($inbox_mail, $email, $subject, $body, $link);
+	mibew_mail($inbox_mail, $email, $subject, $body, $link);
 	mysql_close($link);
 }
 

src/messenger/webim/libs/captcha.php

@@ -22,8 +22,12 @@ function can_show_captcha()
 
 function gen_captcha()
 {
-	$md5_hash = md5(rand(0, 9999));
+	$symbols = 'abcdefghijkmnpqrstuvwxyz123456789';
-	return substr($md5_hash, 15, 5);
+	$string = '';
+	for ($i = 0; $i < 5; $i++) {
+		$string .= substr($symbols, mt_rand(0, strlen($symbols)), 1);
+	}
+	return $string;
 }
 
 function draw_captcha($security_code)

src/messenger/webim/libs/chat.php

@@ -17,8 +17,8 @@
 
 $connection_timeout = 30; // sec
 
-$namecookie = "WEBIM_Data";
+$namecookie = "MIBEW_Data";
-$usercookie = "WEBIM_UserID";
+$usercookie = "MIBEW_UserID";
 
 $state_queue = 0;
 $state_waiting = 1;
@@ -38,14 +38,16 @@ $kind_avatar = 7;
 $kind_to_string = array($kind_user => "user", $kind_agent => "agent", $kind_for_agent => "hidden",
 						$kind_info => "inf", $kind_conn => "conn", $kind_events => "event", $kind_avatar => "avatar");
 
-function get_user_id()
-{
-	return (time() + microtime()) . rand(0, 99999999);
-}
-
 function next_token()
 {
-	return rand(99999, 99999999);
+	if (function_exists('openssl_random_pseudo_bytes')) {
+		$token_arr = unpack('N', "\x0" . openssl_random_pseudo_bytes(3));
+		$token = $token_arr[1];
+	}
+	else {
+		$token = mt_rand(99999, 99999999);
+	}
+	return $token;
 }
 
 function next_revision($link)
@@ -60,13 +62,13 @@ function post_message_($threadid, $kind, $message, $link, $from = null, $utime =
 {
 	global $mysqlprefix;
 	$query = sprintf(
-		"insert into ${mysqlprefix}chatmessage (threadid,ikind,tmessage,tname,agentId,dtmcreated) values (%s, %s,'%s',%s,%s,%s)",
+		"insert into ${mysqlprefix}chatmessage (threadid,ikind,tmessage,tname,agentId,dtmcreated) values (%s,%s,'%s',%s,%s,%s)",
-		$threadid,
+		intval($threadid),
-		$kind,
+		intval($kind),
 		mysql_real_escape_string($message, $link),
 		$from ? "'" . mysql_real_escape_string($from, $link) . "'" : "null",
-		$opid ? $opid : "0",
+		$opid ? intval($opid) : "0",
-		$utime ? "FROM_UNIXTIME($utime)" : "CURRENT_TIMESTAMP");
+		$utime ? "FROM_UNIXTIME(" . intval($utime) . ")" : "CURRENT_TIMESTAMP");
 
 	perform_query($query, $link);
 	return mysql_insert_id($link);
@@ -82,8 +84,8 @@ function post_message($threadid, $kind, $message, $from = null, $agentid = null)
 
 function prepare_html_message($text)
 {
-	$escaped_text = htmlspecialchars($text);
+	$escaped_text = safe_htmlspecialchars($text);
-	$text_w_links = preg_replace('/(http|ftp):\/\/\S*/', '<a href="$0" target="_blank">$0</a>', $escaped_text);
+	$text_w_links = preg_replace('/(https?|ftp):\/\/\S*/i', '<a href="$0" target="_blank">$0</a>', $escaped_text);
 	$multiline = str_replace("\n", "<br/>", $text_w_links);
 	return $multiline;
 }
@@ -95,8 +97,8 @@ function message_to_html($msg)
 	$message = "<span>" . date("H:i:s", $msg['created']) . "</span> ";
 	$kind = $kind_to_string{$msg['ikind']};
 	if ($msg['tname'])
-		$message .= "<span class='n$kind'>" . htmlspecialchars($msg['tname']) . "</span>: ";
+		$message .= "<span class=\"n$kind\">" . safe_htmlspecialchars($msg['tname']) . "</span>: ";
-	$message .= "<span class='m$kind'>" . prepare_html_message($msg['tmessage']) . "</span><br/>";
+	$message .= "<span class=\"m$kind\">" . prepare_html_message($msg['tmessage']) . "</span><br/>";
 	return $message;
 }
 
@@ -119,13 +121,13 @@ function message_to_text($msg)
 
 function get_messages($threadid, $meth, $isuser, &$lastid)
 {
-	global $kind_for_agent, $kind_avatar, $webim_encoding, $mysqlprefix;
+	global $kind_for_agent, $kind_avatar, $mibew_encoding, $mysqlprefix;
 	$link = connect();
 
 	$query = sprintf(
 		"select messageid,ikind,unix_timestamp(dtmcreated) as created,tname,tmessage from ${mysqlprefix}chatmessage " .
 		"where threadid = %s and messageid > %s %s order by messageid",
-		$threadid, $lastid, $isuser ? "and ikind <> $kind_for_agent" : "");
+		intval($threadid), intval($lastid), $isuser ? "and ikind <> " . intval($kind_for_agent) : "");
 
 	$messages = array();
 	$msgs = select_multi_assoc($query, $link);
@@ -134,10 +136,10 @@ function get_messages($threadid, $meth, $isuser, &$lastid)
 		if ($meth == 'xml') {
 			switch ($msg['ikind']) {
 				case $kind_avatar:
-					$message = "<avatar>" . myiconv($webim_encoding, "utf-8", escape_with_cdata($msg['tmessage'])) . "</avatar>";
+					$message = "<avatar>" . myiconv($mibew_encoding, "utf-8", escape_with_cdata($msg['tmessage'])) . "</avatar>";
 					break;
 				default:
-					$message = "<message>" . myiconv($webim_encoding, "utf-8", escape_with_cdata(message_to_html($msg))) . "</message>\n";
+					$message = "<message>" . myiconv($mibew_encoding, "utf-8", escape_with_cdata(message_to_html($msg))) . "</message>\n";
 			}
 		} else {
 			if ($msg['ikind'] != $kind_avatar) {
@@ -157,7 +159,7 @@ function get_messages($threadid, $meth, $isuser, &$lastid)
 
 function print_thread_messages($thread, $token, $lastid, $isuser, $format, $agentid = null)
 {
-	global $webim_encoding, $webimroot, $connection_timeout, $settings;
+	global $mibew_encoding, $mibewroot, $connection_timeout, $settings;
 	$threadid = $thread['threadid'];
 	$istyping = abs($thread['current'] - $thread[$isuser ? "lpagent" : "lpuser"]) < $connection_timeout
 				&& $thread[$isuser ? "agentTyping" : "userTyping"] == "1" ? "1" : "0";
@@ -166,7 +168,7 @@ function print_thread_messages($thread, $token, $lastid, $isuser, $format, $agen
 		$output = get_messages($threadid, "xml", $isuser, $lastid);
 
 		start_xml_output();
-		print("<thread lastid=\"$lastid\" typing=\"" . $istyping . "\" canpost=\"" . (($isuser || $agentid != null && $agentid == $thread['agentId']) ? 1 : 0) . "\">");
+		print("<thread lastid=\"$lastid\" typing=\"" . safe_htmlspecialchars($istyping) . "\" canpost=\"" . (($isuser || $agentid != null && $agentid == $thread['agentId']) ? 1 : 0) . "\">");
 		foreach ($output as $msg) {
 			print $msg;
 		}
@@ -176,25 +178,25 @@ function print_thread_messages($thread, $token, $lastid, $isuser, $format, $agen
 		$output = get_messages($threadid, "html", $isuser, $lastid);
 
 		start_html_output();
-		$url = "$webimroot/thread.php?act=refresh&amp;thread=$threadid&amp;token=$token&amp;html=on&amp;user=" . ($isuser ? "true" : "false");
+		$url = "$mibewroot/thread.php?act=refresh&amp;thread=" . safe_htmlspecialchars($threadid) . "&amp;token=" . safe_htmlspecialchars($token) . "&amp;html=on&amp;user=" . ($isuser ? "true" : "false");
 
 		print(
 				"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">" .
 				"<html>\n<head>\n" .
-				"<link href=\"$webimroot/styles/default/chat.css\" rel=\"stylesheet\" type=\"text/css\">\n" .
+				"<link href=\"$mibewroot/styles/default/chat.css\" rel=\"stylesheet\" type=\"text/css\">\n" .
-				"<meta http-equiv=\"Refresh\" content=\"" . $settings['updatefrequency_oldchat'] . "; URL=$url&amp;sn=11\">\n" .
+				"<meta http-equiv=\"Refresh\" content=\"" . safe_htmlspecialchars($settings['updatefrequency_oldchat']) . "; URL=$url&amp;sn=11\">\n" .
 				"<meta http-equiv=\"Pragma\" content=\"no-cache\">\n" .
 				"<title>chat</title>\n" .
 				"</head>\n" .
-				"<body bgcolor='#FFFFFF' text='#000000' link='#C28400' vlink='#C28400' alink='#C28400' onload=\"if( location.hash != '#aend' ){location.hash='#aend';}\">" .
+				"<body bgcolor=\"#FFFFFF\" text=\"#000000\" link=\"#C28400\" vlink=\"#C28400\" alink=\"#C28400\" onload=\"if( location.hash != '#aend' ){location.hash='#aend';}\">" .
-				"<table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td valign='top' class='message'>");
+				"<table width=\"100%\" cellspacing=\"0\" cellpadding=\"0\" border=\"0\"><tr><td valign=\"top\" class=\"message\">");
 
 		foreach ($output as $msg) {
 			print $msg;
 		}
 
 		print(
-				"</td></tr></table><a name='aend'></a>" .
+				"</td></tr></table><a name=\"aend\"></a>" .
 				"</body></html>");
 	}
 }
@@ -290,9 +292,9 @@ function setup_logo()
 {
 	global $page, $settings;
 	loadsettings();
-	$page['ct.company.name'] = topage($settings['title']);
+	$page['ct.company.name'] = safe_htmlspecialchars(topage($settings['title']));
-	$page['ct.company.chatLogoURL'] = topage($settings['logo']);
+	$page['ct.company.chatLogoURL'] = safe_htmlspecialchars(topage($settings['logo']));
-	$page['webimHost'] = topage($settings['hosturl']);
+	$page['mibewHost'] = safe_htmlspecialchars(topage($settings['hosturl']));
 }
 
 function setup_leavemessage($name, $email, $message, $groupid, $groupname, $info, $referrer, $canshowcaptcha)
@@ -308,7 +310,7 @@ function setup_leavemessage($name, $email, $message, $groupid, $groupname, $info
 	$page['referrer'] = urlencode(topage($referrer));
 }
 
-function setup_survey($name, $email, $groupid, $info, $referrer)
+function setup_survey($name, $email, $groupid, $info, $referrer, $canshowcaptcha)
 {
 	global $settings, $page;
 
@@ -317,6 +319,7 @@ function setup_survey($name, $email, $groupid, $info, $referrer)
 	$page['formgroupid'] = $groupid;
 	$page['forminfo'] = topage($info);
 	$page['referrer'] = urlencode(topage($referrer));
+	$page['showcaptcha'] = ($settings["surveyaskcaptcha"] == "1" && $canshowcaptcha) ? "1" : "";
 
 	if ($settings['enablegroups'] == '1' && $settings["surveyaskgroup"] == "1") {
 		$link = connect();
@@ -336,7 +339,7 @@ function setup_survey($name, $email, $groupid, $info, $referrer)
 				$groupname .= " (offline)";
 			}
 			$isselected = $k['groupid'] == $groupid;
-			$val .= "<option value=\"" . $k['groupid'] . "\"" . ($isselected ? " selected=\"selected\"" : "") . ">$groupname</option>";
+			$val .= "<option value=\"" . safe_htmlspecialchars($k['groupid']) . "\"" . ($isselected ? " selected=\"selected\"" : "") . ">" . safe_htmlspecialchars($groupname) . "</option>";
 		}
 		$page['groups'] = $val;
 	}
@@ -348,7 +351,7 @@ function setup_survey($name, $email, $groupid, $info, $referrer)
 
 function setup_chatview_for_user($thread, $level)
 {
-	global $page, $webimroot, $settings;
+	global $page, $mibewroot, $settings;
 	loadsettings();
 	$page = array();
 	$page['agent'] = false;
@@ -358,11 +361,11 @@ function setup_chatview_for_user($thread, $level)
 	$page['displ1'] = $nameisset ? "none" : "inline";
 	$page['displ2'] = $nameisset ? "inline" : "none";
 	$page['level'] = $level;
-	$page['ct.chatThreadId'] = $thread['threadid'];
+	$page['ct.chatThreadId'] = safe_htmlspecialchars($thread['threadid']);
-	$page['ct.token'] = $thread['ltoken'];
+	$page['ct.token'] = safe_htmlspecialchars($thread['ltoken']);
-	$page['ct.user.name'] = htmlspecialchars(topage($thread['userName']));
+	$page['ct.user.name'] = safe_htmlspecialchars(topage($thread['userName']));
 	$page['canChangeName'] = $settings['usercanchangename'] == "1";
-	$page['chat.title'] = topage($settings['chattitle']);
+	$page['chat.title'] = safe_htmlspecialchars(topage($settings['chattitle']));
 
 	setup_logo();
 	if ($settings['sendmessagekey'] == 'enter') {
@@ -373,11 +376,11 @@ function setup_chatview_for_user($thread, $level)
 		$page['ignorectrl'] = 0;
 	}
 
-	$params = "thread=" . $thread['threadid'] . "&amp;token=" . $thread['ltoken'];
+	$params = "thread=" . $thread['threadid'] . "&token=" . $thread['ltoken'];
-	$page['mailLink'] = "$webimroot/client.php?" . $params . "&amp;level=$level&amp;act=mailthread";
+	$page['mailLink'] = safe_htmlspecialchars("$mibewroot/client.php?" . $params . "&level=$level&act=mailthread");
 
 	if ($settings['enablessl'] == "1" && !is_secure_request()) {
-		$page['sslLink'] = get_app_location(true, true) . "/client.php?" . $params . "&amp;level=$level";
+		$page['sslLink'] = safe_htmlspecialchars(get_app_location(true, true) . "/client.php?" . $params . "&level=$level");
 	}
 
 	$page['isOpera95'] = is_agent_opera95();
@@ -391,7 +394,7 @@ function load_canned_messages($locale, $groupid)
 	global $mysqlprefix;
 	$link = connect();
 	$result = select_multi_assoc(
-		"select vcvalue from ${mysqlprefix}chatresponses where locale = '$locale' " .
+		"select vcvalue from ${mysqlprefix}chatresponses where locale = '" . mysql_real_escape_string($locale, $link) . "' " .
 		"AND (groupid is NULL OR groupid = 0) order by vcvalue", $link);
 	if (count($result) == 0) {
 		foreach (explode("\n", getstring_('chat.predefined_answers', $locale)) as $answer) {
@@ -400,8 +403,8 @@ function load_canned_messages($locale, $groupid)
 	}
 	if ($groupid) {
 		$result2 = select_multi_assoc(
-			"select vcvalue from ${mysqlprefix}chatresponses where locale = '$locale' " .
+			"select vcvalue from ${mysqlprefix}chatresponses where locale = '" . mysql_real_escape_string($locale, $link) . "' " .
-			"AND groupid = $groupid order by vcvalue", $link);
+			"AND groupid = " . intval($groupid) . " order by vcvalue", $link);
 		foreach ($result as $r) {
 			$result2[] = $r;
 		}
@@ -413,16 +416,16 @@ function load_canned_messages($locale, $groupid)
 
 function setup_chatview_for_operator($thread, $operator)
 {
-	global $page, $webimroot, $company_logo_link, $company_name, $settings;
+	global $page, $mibewroot, $company_logo_link, $company_name, $settings;
 	loadsettings();
 	$page = array();
 	$page['agent'] = true;
 	$page['user'] = false;
 	$page['canpost'] = $thread['agentId'] == $operator['operatorid'];
-	$page['ct.chatThreadId'] = $thread['threadid'];
+	$page['ct.chatThreadId'] = safe_htmlspecialchars($thread['threadid']);
-	$page['ct.token'] = $thread['ltoken'];
+	$page['ct.token'] = safe_htmlspecialchars($thread['ltoken']);
-	$page['ct.user.name'] = htmlspecialchars(topage(get_user_name($thread['userName'], $thread['remote'], $thread['userid'])));
+	$page['ct.user.name'] = safe_htmlspecialchars(topage(get_user_name($thread['userName'], $thread['remote'], $thread['userid'])));
-	$page['chat.title'] = topage($settings['chattitle']);
+	$page['chat.title'] = safe_htmlspecialchars(topage($settings['chattitle']));
 
 	setup_logo();
 	if ($settings['sendmessagekey'] == 'enter') {
@@ -434,20 +437,20 @@ function setup_chatview_for_operator($thread, $operator)
 	}
 
 	if ($settings['enablessl'] == "1" && !is_secure_request()) {
-		$page['sslLink'] = get_app_location(true, true) . "/operator/agent.php?thread=" . $thread['threadid'] . "&amp;token=" . $thread['ltoken'];
+		$page['sslLink'] = safe_htmlspecialchars(get_app_location(true, true) . "/operator/agent.php?thread=" . $thread['threadid'] . "&token=" . $thread['ltoken']);
 	}
 	$page['isOpera95'] = is_agent_opera95();
 	$page['neediframesrc'] = needsFramesrc();
 	$page['historyParams'] = array("userid" => "" . $thread['userid']);
-	$page['historyParamsLink'] = add_params($webimroot . "/operator/userhistory.php", $page['historyParams']);
+	$page['historyParamsLink'] = safe_htmlspecialchars(add_params($mibewroot . "/operator/userhistory.php", $page['historyParams']));
 	$predefinedres = "";
 	$canned_messages = load_canned_messages($thread['locale'], $thread['groupid']);
 	foreach ($canned_messages as $answer) {
-		$predefinedres .= "<option>" . htmlspecialchars(topage($answer['vcvalue'])) . "</option>";
+		$predefinedres .= "<option>" . safe_htmlspecialchars(topage($answer['vcvalue'])) . "</option>";
 	}
 	$page['predefinedAnswers'] = $predefinedres;
-	$params = "thread=" . $thread['threadid'] . "&amp;token=" . $thread['ltoken'];
+	$params = "thread=" . $thread['threadid'] . "&token=" . $thread['ltoken'];
-	$page['redirectLink'] = "$webimroot/operator/agent.php?" . $params . "&amp;act=redirect";
+	$page['redirectLink'] = safe_htmlspecialchars("$mibewroot/operator/agent.php?" . $params . "&act=redirect");
 
 	$page['namePostfix'] = "";
 	$page['frequency'] = $settings['updatefrequency_chat'];
@@ -460,11 +463,11 @@ function update_thread_access($threadid, $params, $link)
 	foreach ($params as $k => $v) {
 		if (strlen($clause) > 0)
 			$clause .= ", ";
-		$clause .= $k . "=" . $v;
+		$clause .= "`" . mysql_real_escape_string($k, $link) . "`=" . $v;
 	}
 	perform_query(
 		"update ${mysqlprefix}chatthread set $clause " .
-		"where threadid = $threadid", $link);
+		"where threadid = " . intval($threadid), $link);
 }
 
 function ping_thread($thread, $isuser, $istyping)
@@ -478,7 +481,7 @@ function ping_thread($thread, $isuser, $istyping)
 	$current = $thread['current'];
 
 	if ($thread['istate'] == $state_loading && $isuser) {
-		$params['istate'] = $state_queue;
+		$params['istate'] = intval($state_queue);
 		commit_thread($thread['threadid'], $params, $link);
 		mysql_close($link);
 		return;
@@ -493,7 +496,7 @@ function ping_thread($thread, $isuser, $istyping)
 
 			$message_to_post = getstring_("chat.status.operator.dead", $thread['locale']);
 			post_message_($thread['threadid'], $kind_conn, $message_to_post, $link, null, $lastping + $connection_timeout);
-			$params['istate'] = $state_waiting;
+			$params['istate'] = intval($state_waiting);
 			$params['nextagent'] = 0;
 			commit_thread($thread['threadid'], $params, $link);
 			mysql_close($link);
@@ -508,11 +511,11 @@ function ping_thread($thread, $isuser, $istyping)
 function commit_thread($threadid, $params, $link)
 {
 	global $mysqlprefix;
-	$query = "update ${mysqlprefix}chatthread t set lrevision = " . next_revision($link) . ", dtmmodified = CURRENT_TIMESTAMP";
+	$query = "update ${mysqlprefix}chatthread t set lrevision = " . intval(next_revision($link)) . ", dtmmodified = CURRENT_TIMESTAMP";
 	foreach ($params as $k => $v) {
-		$query .= ", " . $k . "=" . $v;
+		$query .= ", `" . mysql_real_escape_string($k, $link) . "`=" . $v;
 	}
-	$query .= " where threadid = $threadid";
+	$query .= " where threadid = " . intval($threadid);
 
 	perform_query($query, $link);
 }
@@ -526,7 +529,7 @@ function rename_user($thread, $newname)
 
 	if ($thread['userName'] != $newname) {
 		post_message_($thread['threadid'], $kind_events,
-					  getstring2_("chat.status.user.changedname", array($thread['userName'], $newname), $thread['locale']), $link);
+					  getstring2_("chat.status.user.changedname", array($thread['userName'], $newname), $thread['locale'], true), $link);
 	}
 	mysql_close($link);
 }
@@ -537,12 +540,12 @@ function close_thread($thread, $isuser)
 
 	$link = connect();
 	if ($thread['istate'] != $state_closed) {
-		commit_thread($thread['threadid'], array('istate' => $state_closed,
+		commit_thread($thread['threadid'], array( 'istate' => intval($state_closed),
-												'messageCount' => "(SELECT COUNT(*) FROM ${mysqlprefix}chatmessage WHERE ${mysqlprefix}chatmessage.threadid = t.threadid AND ikind = 1)"), $link);
+							  'messageCount' => "(SELECT COUNT(*) FROM ${mysqlprefix}chatmessage WHERE ${mysqlprefix}chatmessage.threadid = t.threadid AND ikind = 1)" ), $link);
 	}
 
-	$message = $isuser ? getstring2_("chat.status.user.left", array($thread['userName']), $thread['locale'])
+	$message = $isuser ? getstring2_("chat.status.user.left", array($thread['userName']), $thread['locale'], true)
-			: getstring2_("chat.status.operator.left", array($thread['agentName']), $thread['locale']);
+			: getstring2_("chat.status.operator.left", array($thread['agentName']), $thread['locale'], true);
 	post_message_($thread['threadid'], $kind_events, $message, $link);
 	mysql_close($link);
 }
@@ -554,10 +557,16 @@ function close_old_threads($link)
 		return;
 	}
 	$next_revision = next_revision($link);
-	$query = "update ${mysqlprefix}chatthread set lrevision =  $next_revision, dtmmodified = CURRENT_TIMESTAMP, istate = $state_closed " .
+	$query = sprintf("update ${mysqlprefix}chatthread set lrevision = %s, dtmmodified = CURRENT_TIMESTAMP, istate =  %s " .
-			"where istate <> $state_closed and istate <> $state_left and lastpingagent <> 0 and lastpinguser <> 0 and " .
+			"where istate <> %s and istate <> %s and lastpingagent <> 0 and lastpinguser <> 0 and " .
-			"(ABS(UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - UNIX_TIMESTAMP(lastpinguser)) > " . $settings['thread_lifetime'] . " and " .
+			"(ABS(UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - UNIX_TIMESTAMP(lastpinguser)) > %s and " .
-			"ABS(UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - UNIX_TIMESTAMP(lastpingagent)) > " . $settings['thread_lifetime'] . ")";
+			"ABS(UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - UNIX_TIMESTAMP(lastpingagent)) > %s)",
+			intval($next_revision),
+			intval($state_closed),
+			intval($state_closed),
+			intval($state_left),
+			intval($settings['thread_lifetime']),
+			intval($settings['thread_lifetime']));
 
 	perform_query($query, $link);
 }
@@ -568,7 +577,7 @@ function thread_by_id_($id, $link)
 	return select_one_row("select threadid,userName,agentName,agentId,lrevision,istate,ltoken,userTyping,agentTyping" .
 						  ",unix_timestamp(dtmmodified) as modified, unix_timestamp(dtmcreated) as created" .
 						  ",remote,referer,locale,unix_timestamp(lastpinguser) as lpuser,unix_timestamp(lastpingagent) as lpagent, unix_timestamp(CURRENT_TIMESTAMP) as current,nextagent,shownmessageid,userid,userAgent,groupid" .
-						  " from ${mysqlprefix}chatthread where threadid = " . $id, $link);
+						  " from ${mysqlprefix}chatthread where threadid = " . intval($id), $link);
 }
 
 function ban_for_addr_($addr, $link)
@@ -590,15 +599,16 @@ function create_thread($groupid, $username, $remoteHost, $referer, $lang, $useri
 	global $mysqlprefix;
 	$query = sprintf(
 		"insert into ${mysqlprefix}chatthread (userName,userid,ltoken,remote,referer,lrevision,locale,userAgent,dtmcreated,dtmmodified,istate" . ($groupid ? ",groupid" : "") . ") values " .
-		"('%s','%s',%s,'%s','%s',%s,'%s','%s',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,$initialState" . ($groupid ? ",$groupid" : "") . ")",
+		"('%s','%s',%s,'%s','%s',%s,'%s','%s',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,%s" . ($groupid ? "," . intval($groupid) : "") . ")",
 		mysql_real_escape_string($username, $link),
 		mysql_real_escape_string($userid, $link),
-		next_token(),
+		intval(next_token()),
 		mysql_real_escape_string($remoteHost, $link),
 		mysql_real_escape_string($referer, $link),
-		next_revision($link),
+		intval(next_revision($link)),
 		mysql_real_escape_string($lang, $link),
-		mysql_real_escape_string($userbrowser, $link));
+		mysql_real_escape_string($userbrowser, $link),
+		intval($initialState));
 
 	perform_query($query, $link);
 	$id = mysql_insert_id($link);
@@ -612,9 +622,9 @@ function do_take_thread($threadid, $operatorId, $operatorName)
 	global $state_chatting;
 	$link = connect();
 	commit_thread($threadid,
-				  array("istate" => $state_chatting,
+				  array("istate" => intval($state_chatting),
 					   "nextagent" => 0,
-					   "agentId" => $operatorId,
+					   "agentId" => intval($operatorId),
 					   "agentName" => "'" . mysql_real_escape_string($operatorName, $link) . "'"), $link);
 	mysql_close($link);
 }
@@ -638,10 +648,10 @@ function reopen_thread($threadid)
 
 	if ($thread['istate'] != $state_chatting && $thread['istate'] != $state_queue && $thread['istate'] != $state_loading) {
 		commit_thread($threadid,
-					  array("istate" => $state_waiting, "nextagent" => 0), $link);
+					  array("istate" => intval($state_waiting), "nextagent" => 0), $link);
 	}
 
-	post_message_($thread['threadid'], $kind_events, getstring_("chat.status.user.reopenedthread", $thread['locale']), $link);
+	post_message_($thread['threadid'], $kind_events, getstring_("chat.status.user.reopenedthread", $thread['locale'], true), $link);
 	mysql_close($link);
 	return $thread;
 }
@@ -661,17 +671,17 @@ function take_thread($thread, $operator)
 
 		if ($state == $state_waiting) {
 			if ($operatorName != $thread['agentName']) {
-				$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale']);
+				$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale'], true);
 			} else {
-				$message_to_post = getstring2_("chat.status.operator.returned", array($operatorName), $thread['locale']);
+				$message_to_post = getstring2_("chat.status.operator.returned", array($operatorName), $thread['locale'], true);
 			}
 		} else {
-			$message_to_post = getstring2_("chat.status.operator.joined", array($operatorName), $thread['locale']);
+			$message_to_post = getstring2_("chat.status.operator.joined", array($operatorName), $thread['locale'], true);
 		}
 	} else if ($state == $state_chatting) {
 		if ($operator['operatorid'] != $thread['agentId']) {
 			do_take_thread($threadid, $operator['operatorid'], $operatorName);
-			$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale']);
+			$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale'], true);
 		}
 	} else {
 		die("cannot take thread");
@@ -692,9 +702,9 @@ function check_for_reassign($thread, $operator)
 		 || $thread['agentId'] == $operator['operatorid'])) {
 		do_take_thread($thread['threadid'], $operator['operatorid'], $operatorName);
 		if ($operatorName != $thread['agentName']) {
-			$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale']);
+			$message_to_post = getstring2_("chat.status.operator.changed", array($operatorName, $thread['agentName']), $thread['locale'], true);
 		} else {
-			$message_to_post = getstring2_("chat.status.operator.returned", array($operatorName), $thread['locale']);
+			$message_to_post = getstring2_("chat.status.operator.returned", array($operatorName), $thread['locale'], true);
 		}
 
 		post_message($thread['threadid'], $kind_events, $message_to_post);
@@ -702,6 +712,34 @@ function check_for_reassign($thread, $operator)
 	}
 }
 
+function notify_operators($thread, $firstmessage, $link)
+{
+	global $settings, $mysqlprefix;
+	if ($settings['enablejabber'] == 1) {
+		$groupid = $thread['groupid'];
+		$query = "select ${mysqlprefix}chatoperator.operatorid as opid, inotify, vcjabbername, vcemail, (unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time from ${mysqlprefix}chatoperator";
+		if ($groupid) {
+			$query .= ", ${mysqlprefix}chatgroupoperator where groupid = " . intval($groupid) . " and ${mysqlprefix}chatoperator.operatorid = ${mysqlprefix}chatgroupoperator.operatorid and istatus = 0";
+		} else {
+			$query .= " where istatus = 0";
+		}
+		$query .= " and inotify = 1";
+		$result = select_multi_assoc($query, $link);
+		$text = getstring2_("notify.new.text", array(
+													get_app_location(true, $settings['enablessl'] == '1' && $settings['forcessl'] == '1') . "/operator/agent.php?thread=" . $thread['threadid'],
+													$thread['userName']
+											   ), $thread['locale'], true);
+		if ($firstmessage) {
+			$text .= "\n$firstmessage";
+		}
+		foreach ($result as $op) {
+			if ($op['time'] < $settings['online_timeout'] && is_valid_email($op['vcjabbername'])) {
+				mibew_xmpp($op['vcjabbername'], getstring2("notify.new.subject", array($thread['userName']), true), $text, $link);
+			}
+		}
+	}
+}
+
 function check_connections_from_remote($remote, $link)
 {
 	global $settings, $state_closed, $state_left, $mysqlprefix;
@@ -710,7 +748,7 @@ function check_connections_from_remote($remote, $link)
 	}
 	$result = select_one_row(
 		"select count(*) as opened from ${mysqlprefix}chatthread " .
-		"where remote = '" . mysql_real_escape_string($remote, $link) . "' AND istate <> $state_closed AND istate <> $state_left", $link);
+		"where remote = '" . mysql_real_escape_string($remote, $link) . "' AND istate <> " . intval($state_closed) . " AND istate <> " . intval($state_left), $link);
 	if ($result && isset($result['opened'])) {
 		return $result['opened'] < $settings['max_connections_from_one_host'];
 	}
@@ -719,13 +757,13 @@ function check_connections_from_remote($remote, $link)
 
 function visitor_from_request()
 {
-	global $namecookie, $webim_encoding, $usercookie;
+	global $namecookie, $mibew_encoding, $usercookie;
 	$defaultName = getstring("chat.default.username");
 	$userName = $defaultName;
 	if (isset($_COOKIE[$namecookie])) {
 		$data = base64_decode(strtr($_COOKIE[$namecookie], '-_,', '+/='));
 		if (strlen($data) > 0) {
-			$userName = myiconv("utf-8", $webim_encoding, $data);
+			$userName = myiconv("utf-8", $mibew_encoding, $data);
 		}
 	}
 
@@ -736,7 +774,7 @@ function visitor_from_request()
 	if (isset($_COOKIE[$usercookie])) {
 		$userId = $_COOKIE[$usercookie];
 	} else {
-		$userId = get_user_id();
+		$userId = uniqid('', TRUE);
 		setcookie($usercookie, $userId, time() + 60 * 60 * 24 * 365);
 	}
 	return array('id' => $userId, 'name' => $userName);

src/messenger/webim/libs/common.php

@@ -15,13 +15,36 @@
  * limitations under the License.
  */
 
-session_start();
+// Prevent Mibew from access to files outside the installation
+@ini_set('open_basedir', dirname(__FILE__) . '/../');
 
 require_once(dirname(__FILE__) . '/converter.php');
 require_once(dirname(__FILE__) . '/config.php');
 
-$version = '1.6.5';
+// Sanitize path to application and remove extra slashes
-$jsver = "165";
+$mibewroot = join("/", array_map("urlencode", preg_split('/\//', preg_replace('/\/+$/', '', preg_replace('/\/{2,}/', '/', '/' . $mibewroot)))));
+
+// Sanitize database tables prefix
+$mysqlprefix = preg_replace('/[^A-Za-z0-9_$]/', '', $mysqlprefix);
+
+// test and set default locales
+$default_locale = locale_pattern_check($default_locale) && locale_exists($default_locale) ? $default_locale : 'en';
+$home_locale = locale_pattern_check($home_locale) && locale_exists($home_locale) ? $default_locale : 'en';
+
+$locale_cookie_name = 'mibew_locale';
+
+$version = '1.6.7';
+$jsver = "167";
+
+// Make session cookie more secure
+@ini_set('session.cookie_httponly', TRUE);
+if (is_secure_request()) {
+    @ini_set('session.cookie_secure', TRUE);
+}
+@ini_set('session.cookie_path', "$mibewroot/");
+@ini_set('session.name', 'MibewSessionID');
+
+session_start();
 
 function myiconv($in_enc, $out_enc, $string)
 {
@@ -59,7 +82,7 @@ function verifyparam($name, $regexp, $default = null)
 		if (isset($default))
 			return $default;
 	}
-	echo "<html><head></head><body>Wrong parameter used or absent: " . $name . "</body></html>";
+	echo "<html><head></head><body>Wrong parameter used or absent: " . safe_htmlspecialchars($name) . "</body></html>";
 	exit;
 }
 
@@ -71,21 +94,24 @@ function debugexit_print($var)
 	exit;
 }
 
-$locale_pattern = "/^[\w-]{2,5}$/";
-
 function locale_exists($locale)
 {
 	return file_exists(dirname(__FILE__) . "/../locales/$locale/properties");
 }
 
+function locale_pattern_check($locale)
+{
+	$locale_pattern = "/^[\w-]{2,5}$/";
+	return preg_match($locale_pattern, $locale) && $locale != 'names';
+}
+
 function get_available_locales()
 {
-	global $locale_pattern;
 	$list = array();
 	$folder = dirname(__FILE__) . "/../locales";
 	if ($handle = opendir($folder)) {
 		while (false !== ($file = readdir($handle))) {
-			if (preg_match($locale_pattern, $file) && $file != 'names' && is_dir("$folder/$file")) {
+			if (locale_pattern_check($file) && is_dir("$folder/$file")) {
 				$list[] = $file;
 			}
 		}
@@ -97,11 +123,11 @@ function get_available_locales()
 
 function get_user_locale()
 {
-	global $default_locale;
+	global $default_locale, $locale_cookie_name;
 
-	if (isset($_COOKIE['webim_locale'])) {
+	if (isset($_COOKIE[$locale_cookie_name])) {
-		$requested_lang = $_COOKIE['webim_locale'];
+		$requested_lang = $_COOKIE[$locale_cookie_name];
-		if (locale_exists($requested_lang))
+		if (locale_pattern_check($requested_lang) && locale_exists($requested_lang))
 			return $requested_lang;
 	}
 
@@ -111,12 +137,12 @@ function get_user_locale()
 			if (strlen($requested_lang) > 2)
 				$requested_lang = substr($requested_lang, 0, 2);
 
-			if (locale_exists($requested_lang))
+			if (locale_pattern_check($requested_lang) && locale_exists($requested_lang))
 				return $requested_lang;
 		}
 	}
 
-	if (locale_exists($default_locale))
+	if (locale_pattern_check($default_locale) && locale_exists($default_locale))
 		return $default_locale;
 
 	return 'en';
@@ -124,19 +150,21 @@ function get_user_locale()
 
 function get_locale()
 {
-	global $webimroot, $locale_pattern;
+	global $mibewroot, $locale_cookie_name;
 
-	$locale = verifyparam("locale", $locale_pattern, "");
+	$locale = verifyparam("locale", "/./", "");
 
-	if ($locale && locale_exists($locale)) {
+	if ($locale && locale_pattern_check($locale) && locale_exists($locale)) {
 		$_SESSION['locale'] = $locale;
-		setcookie('webim_locale', $locale, time() + 60 * 60 * 24 * 1000, "$webimroot/");
+	}
-	} else if (isset($_SESSION['locale'])) {
+	else if (isset($_SESSION['locale']) && locale_pattern_check($_SESSION['locale']) && locale_exists($_SESSION['locale'])) {
-		$locale = $_SESSION['locale'];
+		$locale =  $_SESSION['locale'];
+	}
+	else {
+		$locale = get_user_locale();
 	}
 
-	if (!$locale || !locale_exists($locale))
+	setcookie($locale_cookie_name, $locale, time() + 60 * 60 * 24 * 1000, "$mibewroot/");
-		$locale = get_user_locale();
 	return $locale;
 }
 
@@ -166,10 +194,14 @@ function get_locale_links($href)
 
 function load_messages($locale)
 {
-	global $messages, $webim_encoding, $output_encoding;
+	global $messages, $mibew_encoding, $output_encoding;
 	$hash = array();
-	$current_encoding = $webim_encoding;
+	$current_encoding = $mibew_encoding;
+	
 	$fp = fopen(dirname(__FILE__) . "/../locales/$locale/properties", "r");
+	if ($fp === FALSE) {
+		die("unable to open properties for locale $locale");
+	}
 	while (!feof($fp)) {
 		$line = fgets($fp, 4096);
 		$keyval = preg_split("/=/", $line, 2);
@@ -178,10 +210,10 @@ function load_messages($locale)
 				$current_encoding = trim($keyval[1]);
 			} else if ($keyval[0] == 'output_encoding') {
 				$output_encoding[$locale] = trim($keyval[1]);
-			} else if ($current_encoding == $webim_encoding) {
+			} else if ($current_encoding == $mibew_encoding) {
 				$hash[$keyval[0]] = str_replace("\\n", "\n", trim($keyval[1]));
 			} else {
-				$hash[$keyval[0]] = myiconv($current_encoding, $webim_encoding, str_replace("\\n", "\n", trim($keyval[1])));
+				$hash[$keyval[0]] = myiconv($current_encoding, $mibew_encoding, str_replace("\\n", "\n", trim($keyval[1])));
 			}
 		}
 	}
@@ -191,13 +223,13 @@ function load_messages($locale)
 
 function getoutputenc()
 {
-	global $current_locale, $output_encoding, $webim_encoding, $messages;
+	global $current_locale, $output_encoding, $mibew_encoding, $messages;
 	if (!isset($messages[$current_locale]))
 		load_messages($current_locale);
-	return isset($output_encoding[$current_locale]) ? $output_encoding[$current_locale] : $webim_encoding;
+	return isset($output_encoding[$current_locale]) ? $output_encoding[$current_locale] : $mibew_encoding;
 }
 
-function getstring_($text, $locale)
+function getstring_($text, $locale, $raw = false)
 {
 	global $messages;
 	if (!isset($messages[$locale]))
@@ -205,81 +237,85 @@ function getstring_($text, $locale)
 
 	$localized = $messages[$locale];
 	if (isset($localized[$text]))
-		return $localized[$text];
+		return $raw ? $localized[$text] : sanitize_string($localized[$text], 'low', 'moderate');
 	if ($locale != 'en') {
-		return getstring_($text, 'en');
+		return getstring_($text, 'en', $raw);
 	}
 
-	return "!" . $text;
+	return "!" . ($raw ? $text : sanitize_string($text, 'low', 'moderate'));
 }
 
-function getstring($text)
+function getstring($text, $raw = false)
 {
 	global $current_locale;
-	return getstring_($text, $current_locale);
+	$string = getstring_($text, $current_locale, true);
+	return $raw ? $string : sanitize_string($string, 'low', 'moderate');
 }
 
-function getlocal($text)
+function getlocal($text, $raw = false)
 {
-	global $current_locale, $webim_encoding;
+	global $current_locale, $mibew_encoding;
-	return myiconv($webim_encoding, getoutputenc(), getstring_($text, $current_locale));
+	$string = myiconv($mibew_encoding, getoutputenc(), getstring_($text, $current_locale), true);
+	return $raw ? $string : sanitize_string($string, 'low', 'moderate');
 }
 
-function getlocal_($text, $locale)
+function getlocal_($text, $locale, $raw = false)
 {
-	global $webim_encoding;
+	global $mibew_encoding;
-	return myiconv($webim_encoding, getoutputenc(), getstring_($text, $locale));
+	$string = myiconv($mibew_encoding, getoutputenc(), getstring_($text, $locale), true);
+	return $raw ? $string : sanitize_string($string, 'low', 'moderate');
 }
 
 function topage($text)
 {
-	global $webim_encoding;
+	global $mibew_encoding;
-	return myiconv($webim_encoding, getoutputenc(), $text);
+	return myiconv($mibew_encoding, getoutputenc(), $text);
 }
 
-function getstring2_($text, $params, $locale)
+function getstring2_($text, $params, $locale, $raw = false)
 {
-	$string = getstring_($text, $locale);
+	$string = getstring_($text, $locale, true);
 	for ($i = 0; $i < count($params); $i++) {
 		$string = str_replace("{" . $i . "}", $params[$i], $string);
 	}
-	return $string;
+	return $raw ? $string : sanitize_string($string, 'low', 'moderate');
 }
 
-function getstring2($text, $params)
+function getstring2($text, $params, $raw = false)
 {
 	global $current_locale;
-	return getstring2_($text, $params, $current_locale);
+	$string = getstring2_($text, $params, $current_locale, true);
+	return $raw ? $string : sanitize_string($string, 'low', 'moderate');
 }
 
-function getlocal2($text, $params)
+function getlocal2($text, $params, $raw = false)
 {
-	global $current_locale, $webim_encoding;
+	global $current_locale, $mibew_encoding;
-	$string = myiconv($webim_encoding, getoutputenc(), getstring_($text, $current_locale));
+	$string = myiconv($mibew_encoding, getoutputenc(), getstring_($text, $current_locale, true));
 	for ($i = 0; $i < count($params); $i++) {
 		$string = str_replace("{" . $i . "}", $params[$i], $string);
 	}
-	return $string;
+	return $raw ? $string : sanitize_string($string, 'low', 'moderate');
 }
 
 /* prepares for Javascript string */
 function getlocalforJS($text, $params)
 {
-	global $current_locale, $webim_encoding;
+	global $current_locale, $mibew_encoding;
-	$string = myiconv($webim_encoding, getoutputenc(), getstring_($text, $current_locale));
+	$string = myiconv($mibew_encoding, getoutputenc(), getstring_($text, $current_locale, true));
 	$string = str_replace("\"", "\\\"", str_replace("\n", "\\n", $string));
 	for ($i = 0; $i < count($params); $i++) {
 		$string = str_replace("{" . $i . "}", $params[$i], $string);
 	}
-	return $string;
+	return sanitize_string($string, 'low', 'moderate');
 }
 
 /* ajax server actions use utf-8 */
 function getrawparam($name)
 {
-	global $webim_encoding;
+	global $mibew_encoding;
 	if (isset($_POST[$name])) {
-		$value = myiconv("utf-8", $webim_encoding, $_POST[$name]);
+		$value = myiconv("utf-8", $mibew_encoding, $_POST[$name]);
 		if (get_magic_quotes_gpc()) {
 			$value = stripslashes($value);
 		}
@@ -291,9 +327,9 @@ function getrawparam($name)
 /* form processors use current Output encoding */
 function getparam($name)
 {
-	global $webim_encoding;
+	global $mibew_encoding;
 	if (isset($_POST[$name])) {
-		$value = myiconv(getoutputenc(), $webim_encoding, $_POST[$name]);
+		$value = myiconv(getoutputenc(), $mibew_encoding, $_POST[$name]);
 		if (get_magic_quotes_gpc()) {
 			$value = stripslashes($value);
 		}
@@ -327,11 +363,11 @@ function unicode_urldecode($url)
 
 function getgetparam($name, $default = '')
 {
-	global $webim_encoding;
+	global $mibew_encoding;
 	if (!isset($_GET[$name]) || !$_GET[$name]) {
 		return $default;
 	}
-	$value = myiconv("utf-8", $webim_encoding, unicode_urldecode($_GET[$name]));
+	$value = myiconv("utf-8", $mibew_encoding, unicode_urldecode($_GET[$name]));
 	if (get_magic_quotes_gpc()) {
 		$value = stripslashes($value);
 	}
@@ -348,7 +384,7 @@ function connect()
 		or die('Could not connect: ' . mysql_error());
 	mysql_select_db($mysqldb, $link) or die('Could not select database');
 	if ($force_charset_in_connection) {
-		mysql_query("SET NAMES '$dbencoding'", $link);
+		mysql_query("SET NAMES '" . mysql_real_escape_string($dbencoding, $link) . "'", $link);
 	}
 	return $link;
 }
@@ -421,7 +457,7 @@ function form_value($key)
 {
 	global $page;
 	if (isset($page) && isset($page["form$key"]))
-		return htmlspecialchars($page["form$key"]);
+		return safe_htmlspecialchars($page["form$key"]);
 	return "";
 }
 
@@ -450,7 +486,7 @@ function no_field($key)
 function failed_uploading_file($filename, $key)
 {
 	return getlocal2("errors.failed.uploading.file",
-		array($filename, getlocal($key)));
+		array(safe_htmlspecialchars($filename), getlocal($key)));
 }
 
 function wrong_field($key)
@@ -469,8 +505,8 @@ function get_popup($href, $jshref, $message, $title, $wndName, $options)
 function get_image($href, $width, $height)
 {
 	if ($width != 0 && $height != 0)
-		return "<img src=\"$href\" border=\"0\" width=\"$width\" height=\"$height\" alt=\"\"/>";
+		return "<img src=\"" . safe_htmlspecialchars($href) . "\" border=\"0\" width=\"" . safe_htmlspecialchars($width) . "\" height=\"" . safe_htmlspecialchars($height) . "\" alt=\"\"/>";
-	return "<img src=\"$href\" border=\"0\" alt=\"\"/>";
+	return "<img src=\"" . safe_htmlspecialchars($href) . "\" border=\"0\" alt=\"\"/>";
 }
 
 function get_gifimage_size($filename)
@@ -527,11 +563,11 @@ function is_valid_email($email)
 
 function get_app_location($showhost, $issecure)
 {
-	global $webimroot;
+	global $mibewroot;
 	if ($showhost) {
-		return ($issecure ? "https://" : "http://") . $_SERVER['HTTP_HOST'] . $webimroot;
+		return ($issecure ? "https://" : "http://") . $_SERVER['HTTP_HOST'] . $mibewroot;
 	} else {
-		return $webimroot;
+		return $mibewroot;
 	}
 }
 
@@ -595,8 +631,8 @@ function date_to_text($unixtime)
 	return strftime($date_format . " " . getlocal("time.timeformat"), $unixtime);
 }
 
-$dbversion = '1.6.3';
+$dbversion = '1.6.6';
-$featuresversion = '1.6.4';
+$featuresversion = '1.6.6';
 
 $settings = array(
 	'dbversion' => 0,
@@ -623,10 +659,12 @@ $settings = array(
 	'usercanchangename' => '1',
 	'enablegroups' => '0',
 	'enablestatistics' => '1',
+	'enablejabber' => '0',
 	'enablepresurvey' => '1',
 	'surveyaskmail' => '0',
 	'surveyaskgroup' => '1',
 	'surveyaskmessage' => '0',
+	'surveyaskcaptcha' => '0',
 	'enablepopupnotification' => '0',
 	'showonlineoperators' => '0',
 	'enablecaptcha' => '0',
@@ -709,7 +747,7 @@ function print_csrf_token_input()
 {
 	setcsrftoken();
 
-	echo "<input name='csrf_token' type='hidden' value='" . $_SESSION['csrf_token'] . "' />\n";
+	echo "<input name=\"csrf_token\" type=\"hidden\" value=\"" . $_SESSION['csrf_token'] . "\" />\n";
 }
 
 /* print csrf token in url format */
@@ -724,8 +762,95 @@ function print_csrf_token_in_url()
 function setcsrftoken()
 {
 	if (!isset($_SESSION['csrf_token'])) {
-		$_SESSION['csrf_token'] = sha1(rand(10000000, 99999999));
+		$_SESSION['csrf_token'] = sha1(session_id() . (function_exists('openssl_random_pseudo_bytes') ? openssl_random_pseudo_bytes(32) : (time() + microtime()) . mt_rand(0, 99999999)));
 	}
 }
 
+/* simple HTML sanitation
+ *
+ * includes some code from the PHP Strip Attributes Class For XML and HTML
+ * Copyright 2009 David (semlabs.co.uk)
+ * Available under the MIT License.
+ *
+ * http://semlabs.co.uk/journal/php-strip-attributes-class-for-xml-and-html
+ *
+ */
+
+function sanitize_string($string, $tags_level = 'high', $attr_level = 'high')
+{
+	$sanitize_tags = array(
+		'high' => '',
+		'moderate' => '<span><em><strong><b><i><br>',
+		'low' => '<span><em><strong><b><i><br><p><ul><ol><li><a><font><style>'
+	);
+
+	$sanitize_attributes = array(
+		'high' => array(),
+		'moderate' => array('class', 'style', 'href', 'rel', 'id'),
+		'low' => false
+	);
+
+	$tags_level = array_key_exists($tags_level, $sanitize_tags) ? $tags_level : 'high';
+	$string = strip_tags($string, $sanitize_tags[$tags_level]);
+
+	$attr_level = array_key_exists($attr_level, $sanitize_attributes) ? $attr_level : 'high';
+	if ($sanitize_attributes[$attr_level]) {
+
+		preg_match_all("/<([^ !\/\>\n]+)([^>]*)>/i", $string, $elements);
+		foreach ($elements[1] as $key => $element) {
+			if ($elements[2][$key]) {
+
+				$new_attributes = '';
+				preg_match_all("/([^ =]+)\s*=\s*[\"|']{0,1}([^\"']*)[\"|']{0,1}/i", $elements[2][$key], $attributes );
+
+				if ($attributes[1]) {
+					foreach ($attributes[1] as $attr_key => $attr) {
+						if (in_array($attributes[1][$attr_key], $sanitize_attributes[$attr_level])) {
+							$new_attributes .= ' ' . $attributes[1][$attr_key] . '="' . $attributes[2][$attr_key] . '"';
+						}
+					}
+				}
+
+				$replacement = '<' . $elements[1][$key] . $new_attributes . '>';
+				$string = preg_replace( '/' . sanitize_reg_escape($elements[0][$key]) . '/', $replacement, $string );
+
+			}
+		}
+
+	}
+
+	return $string;
+}
+
+function sanitize_reg_escape($string)
+{
+
+	$conversions = array(	"^" => "\^",
+				"[" => "\[",
+				"." => "\.",
+				"$" => "\$",
+				"{" => "\{",
+				"*" => "\*",
+				"(" => "\(",
+				"\\" => "\\\\",
+				"/" => "\/",
+				"+" => "\+",
+				")" => "\)",
+				"|" => "\|",
+				"?" => "\?",
+				"<" => "\<",
+				">" => "\>"
+	);
+
+	return strtr($string, $conversions);
+}
+
+/* wrapper for htmlspecialchars with single quotes conversion enabled
+   by default */
+
+function safe_htmlspecialchars($string)
+{
+	return htmlspecialchars($string, ENT_QUOTES);
+}
+
 ?>

src/messenger/webim/libs/config.php

@@ -18,19 +18,19 @@
 /*
  *  Application path on server
  */
-$webimroot = "/webim";
+$mibewroot = "/mibew";
 
 /*
  *  Internal encoding
  */
-$webim_encoding = "utf-8";
+$mibew_encoding = "utf-8";
 
 /*
  *  MySQL Database parameters
  */
 $mysqlhost = "localhost";
-$mysqldb = "webim_db";
+$mysqldb = "mibew_db";
-$mysqllogin = "webim_lite";
+$mysqllogin = "mibew";
 $mysqlpass = "123";
 $mysqlprefix = "";
 
@@ -40,7 +40,7 @@ $force_charset_in_connection = true;
 /*
  *  Mailbox
  */
-$webim_mailbox = "webim@yourdomain.com";
+$mibew_mailbox = "mibew@yourdomain.com";
 $mail_encoding = "utf-8";
 
 /*
@@ -49,4 +49,4 @@ $mail_encoding = "utf-8";
 $home_locale = "en"; /* native name will be used in this locale */
 $default_locale = "en"; /* if user does not provide known lang */
 
-?>
+?>

src/messenger/webim/libs/demothread.php

@@ -17,9 +17,9 @@
 
 function demo_print_message($msg, $format)
 {
-	global $webim_encoding;
+	global $mibew_encoding;
 	if ($format == "xml") {
-		print "<message>" . myiconv($webim_encoding, "utf-8", escape_with_cdata(message_to_html($msg))) . "</message>\n";
+		print "<message>" . myiconv($mibew_encoding, "utf-8", escape_with_cdata(message_to_html($msg))) . "</message>\n";
 	} else {
 		print topage(message_to_html($msg));
 	}
@@ -27,7 +27,7 @@ function demo_print_message($msg, $format)
 
 function demo_process_thread($act, $outformat, $lastid, $isuser, $canpost, $istyping, $postmessage)
 {
-	global $kind_for_agent, $kind_info, $kind_events, $kind_user, $kind_agent, $webimroot, $settings;
+	global $kind_for_agent, $kind_info, $kind_events, $kind_user, $kind_agent, $mibewroot, $settings;
 	loadsettings();
 	if ($act == "refresh" || $act == "post") {
 		$lastid++;
@@ -36,36 +36,36 @@ function demo_process_thread($act, $outformat, $lastid, $isuser, $canpost, $isty
 			print("<thread lastid=\"$lastid\" typing=\"" . ($istyping ? 1 : 0) . "\" canpost=\"" . ($canpost ? 1 : 0) . "\">");
 		} else {
 			start_html_output();
-			$url = "$webimroot/thread.php?act=refresh&amp;thread=0&amp;token=123&amp;html=on&amp;user=" . ($isuser ? "true" : "false");
+			$url = "$mibewroot/thread.php?act=refresh&amp;thread=0&amp;token=123&amp;html=on&amp;user=" . ($isuser ? "true" : "false");
 
 			print(
 					"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">" .
 					"<html>\n<head>\n" .
-					"<link href=\"$webimroot/styles/default/chat.css\" rel=\"stylesheet\" type=\"text/css\">\n" .
+					"<link href=\"$mibewroot/styles/default/chat.css\" rel=\"stylesheet\" type=\"text/css\">\n" .
 					"<meta http-equiv=\"Refresh\" content=\"" . $settings['updatefrequency_oldchat'] . "; URL=$url&amp;sn=11\">\n" .
 					"<meta http-equiv=\"Pragma\" content=\"no-cache\">\n" .
 					"<title>chat</title>\n" .
 					"</head>\n" .
-					"<body bgcolor='#FFFFFF' text='#000000' link='#C28400' vlink='#C28400' alink='#C28400'>" .
+					"<body bgcolor=\"#FFFFFF\" text=\"#000000\" link=\"#C28400\" vlink=\"#C28400\" alink=\"#C28400\">" .
-					"<table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td valign='top' class='message'>");
+					"<table width=\"100%\" cellspacing=\"0\" cellpadding=\"0\" border=\"0\"><tr><td valign=\"top\" class=\"message\">");
 
 		}
 		if ($lastid == 1) {
 			demo_print_message(
 				array('ikind' => $kind_for_agent, 'created' => time() - 15, 'tname' => '',
-					 'tmessage' => getstring2('chat.came.from', array("http://google.com"))), $outformat);
+					 'tmessage' => getstring2('chat.came.from', array("http://google.com"), true)), $outformat);
 			demo_print_message(
 				array('ikind' => $kind_info, 'created' => time() - 15, 'tname' => '',
 					 'tmessage' => getstring('chat.wait')), $outformat);
 			demo_print_message(
 				array('ikind' => $kind_events, 'created' => time() - 10, 'tname' => '',
-					 'tmessage' => getstring2("chat.status.operator.joined", array("Administrator"))), $outformat);
+					 'tmessage' => getstring2("chat.status.operator.joined", array("Administrator"), true)), $outformat);
 			demo_print_message(
 				array('ikind' => $kind_agent, 'created' => time() - 9, 'tname' => 'Administrator',
-					 'tmessage' => getstring("demo.chat.welcome")), $outformat);
+					 'tmessage' => getstring("demo.chat.welcome"), true), $outformat);
 			demo_print_message(
 				array('ikind' => $kind_user, 'created' => time() - 5, 'tname' => getstring("chat.default.username"),
-					 'tmessage' => getstring("demo.chat.question")), $outformat);
+					 'tmessage' => getstring("demo.chat.question", true)), $outformat);
 			if ($canpost && $outformat == 'xml') {
 				demo_print_message(
 					array('ikind' => $kind_info, 'created' => time() - 5, 'tname' => '',
@@ -81,7 +81,7 @@ function demo_process_thread($act, $outformat, $lastid, $isuser, $canpost, $isty
 			print("</thread>");
 		} else {
 			print(
-					"</td></tr></table><a name='aend'></a>" .
+					"</td></tr></table><a name=\"aend\"></a>" .
 					"</body></html>");
 		}
 	}

src/messenger/webim/libs/expand.php

@@ -16,7 +16,7 @@
  */
 
 $ifregexp = "/\\\${(if|ifnot):([\w\.]+)}(.*?)(\\\${else:\\2}.*?)?\\\${endif:\\2}/s";
-$expand_include_path = "";
+$expand_include_path = dirname(__FILE__) . '/../';
 $current_style = "";
 
 function check_condition($condition)
@@ -42,16 +42,16 @@ function expand_condition($matches)
 
 function expand_var($matches)
 {
-	global $page, $webimroot, $jsver, $errors, $current_style;
+	global $page, $mibewroot, $jsver, $errors, $current_style;
 	$prefix = $matches[1];
 	$var = $matches[2];
 	if (!$prefix) {
-		if ($var == 'webimroot') {
+		if ($var == 'mibewroot') {
-			return $webimroot;
+			return $mibewroot;
 		} else if ($var == 'jsver') {
 			return $jsver;
 		} else if ($var == 'tplroot') {
-			return "$webimroot/styles/$current_style";
+			return "$mibewroot/styles/$current_style";
 		} else if ($var == 'styleid') {
 			return $current_style;
 		} else if ($var == 'pagination') {
@@ -106,7 +106,7 @@ function expand($basedir, $style, $filename)
 {
 	global $expand_include_path, $current_style;
 	start_html_output();
-	if (!is_dir("$basedir/$style")) {
+	if (!preg_match('/^\w+$/', $style) || !is_dir("$basedir/$style")) {
 		$style = "default";
 	}
 	$expand_include_path = "$basedir/$style/templates/";

src/messenger/webim/libs/getcode.php

@@ -15,6 +15,16 @@
  * limitations under the License.
  */
 
+function setup_getcode_tabs($active)
+{
+	global $page, $mibewroot;
+	$page['tabselected'] = $active;
+	$page['tabs'] = array(
+		array('title' => getlocal("page_getcode.tab.image"), 'link' => "$mibewroot/operator/getcode.php"),
+		array('title' => getlocal("page_getcode.tab.text"), 'link' => "$mibewroot/operator/gettextcode.php"),
+	);
+}
+
 function generate_button($title, $locale, $style, $group, $inner, $showhost, $forcesecure, $modsecurity)
 {
 	$link = get_app_location($showhost, $forcesecure) . "/client.php";
@@ -26,9 +36,9 @@ function generate_button($title, $locale, $style, $group, $inner, $showhost, $fo
 		$link = append_query($link, "group=$group");
 
 	$modsecfix = $modsecurity ? ".replace('http://','').replace('https://','')" : "";
-	$jslink = append_query("'" . $link, "url='+escape(document.location.href$modsecfix)+'&referrer='+escape(document.referrer$modsecfix)");
+	$jslink = safe_htmlspecialchars(append_query("'" . $link, "url='+escape(document.location.href$modsecfix)+'&referrer='+escape(document.referrer$modsecfix)"));
-	$temp = get_popup($link, "$jslink",
+	$temp = get_popup(safe_htmlspecialchars($link), "$jslink",
-					  $inner, $title, "webim", "toolbar=0,scrollbars=0,location=0,status=1,menubar=0,width=640,height=480,resizable=1");
+					  $inner, safe_htmlspecialchars($title), "mibew", "toolbar=0,scrollbars=0,location=0,status=1,menubar=0,width=640,height=480,resizable=1");
 	return "<!-- mibew button -->" . $temp . "<!-- / mibew button -->";
 }
 
@@ -51,7 +61,7 @@ function verifyparam_groupid($paramid)
 	global $settings, $errors;
 	$groupid = "";
 	if ($settings['enablegroups'] == '1') {
-		$groupid = verifyparam($paramid, "/^\d{0,8}$/", "");
+		$groupid = verifyparam($paramid, "/^\d{0,10}$/", "");
 		if ($groupid) {
 			$group = group_by_id($groupid);
 			if (!$group) {

src/messenger/webim/libs/groups.php

@@ -20,7 +20,7 @@ function group_by_id($id)
 	global $mysqlprefix;
 	$link = connect();
 	$group = select_one_row(
-		"select * from ${mysqlprefix}chatgroup where groupid = $id", $link);
+		"select * from ${mysqlprefix}chatgroup where groupid = " . intval($id), $link);
 	mysql_close($link);
 	return $group;
 }
@@ -36,11 +36,12 @@ function get_group_name($group)
 
 function setup_group_settings_tabs($gid, $active)
 {
-	global $page, $webimroot, $settings;
+	global $page, $mibewroot, $settings;
 	if ($gid) {
+		$page['tabselected'] = $active;
 		$page['tabs'] = array(
-			getlocal("page_group.tab.main") => $active != 0 ? "$webimroot/operator/group.php?gid=$gid" : "",
+			array('title' => getlocal("page_group.tab.main"), 'link' => "$mibewroot/operator/group.php?gid=$gid"),
-			getlocal("page_group.tab.members") => $active != 1 ? "$webimroot/operator/groupmembers.php?gid=$gid" : "",
+			array('title' => getlocal("page_group.tab.members"), 'link' => "$mibewroot/operator/groupmembers.php?gid=$gid"),
 		);
 	} else {
 		$page['tabs'] = array();
@@ -52,7 +53,7 @@ function get_operator_groupslist($operatorid, $link)
 	global $settings, $mysqlprefix;
 	if ($settings['enablegroups'] == '1') {
 		$groupids = array(0);
-		$allgroups = select_multi_assoc("select groupid from ${mysqlprefix}chatgroupoperator where operatorid = $operatorid order by groupid", $link);
+		$allgroups = select_multi_assoc("select groupid from ${mysqlprefix}chatgroupoperator where operatorid = " . intval($operatorid) . " order by groupid", $link);
 		foreach ($allgroups as $g) {
 			$groupids[] = $g['groupid'];
 		}

src/messenger/webim/libs/notify.php

@@ -15,20 +15,49 @@
  * limitations under the License.
  */
 
-function webim_mail($toaddr, $reply_to, $subject, $body, $link)
+function log_notification($locale, $kind, $to, $subj, $text, $refop, $link)
 {
-	global $webim_encoding, $webim_mailbox, $mail_encoding, $current_locale;
+	global $mysqlprefix;
+	$query = sprintf(
+		"insert into ${mysqlprefix}chatnotification (locale,vckind,vcto,vcsubject,tmessage,refoperator,dtmcreated) values ('%s','%s','%s','%s','%s',%s,%s)",
+		mysql_real_escape_string($locale, $link),
+		mysql_real_escape_string($kind, $link),
+		mysql_real_escape_string($to, $link),
+		mysql_real_escape_string($subj, $link),
+		mysql_real_escape_string($text, $link),
+		$refop ? intval($refop) : "0",
+		"CURRENT_TIMESTAMP");
 
-	$headers = "From: $webim_mailbox\r\n"
+	perform_query($query, $link);
-			   . "Reply-To: " . myiconv($webim_encoding, $mail_encoding, $reply_to) . "\r\n"
+}
+
+function mibew_mail($toaddr, $reply_to, $subject, $body, $link)
+{
+	global $mibew_encoding, $mibew_mailbox, $mail_encoding, $current_locale;
+
+	$headers = "From: $mibew_mailbox\r\n"
+			   . "Reply-To: " . myiconv($mibew_encoding, $mail_encoding, $reply_to) . "\r\n"
 			   . "Content-Type: text/plain; charset=$mail_encoding\r\n"
 			   . 'X-Mailer: PHP/' . phpversion();
 
-	$real_subject = "=?" . $mail_encoding . "?B?" . base64_encode(myiconv($webim_encoding, $mail_encoding, $subject)) . "?=";
+	$real_subject = "=?" . $mail_encoding . "?B?" . base64_encode(myiconv($mibew_encoding, $mail_encoding, $subject)) . "?=";
 
 	$body = preg_replace("/\n/", "\r\n", $body);
 
-	@mail($toaddr, $real_subject, wordwrap(myiconv($webim_encoding, $mail_encoding, $body), 70), $headers);
+	log_notification($current_locale, "mail", $toaddr, $subject, $body, null, $link);
+
+	$old_from = ini_get('sendmail_from');
+	ini_set('sendmail_from', $mibew_mailbox);
+	@mail($toaddr, $real_subject, wordwrap(myiconv($mibew_encoding, $mail_encoding, $body), 70), $headers);
+	if (isset($old_from)) {
+		ini_set('sendmail_from', $old_from);
+	}
+}
+
+function mibew_xmpp($toaddr, $subject, $text, $link)
+{
+	global $current_locale;
+	log_notification($current_locale, "xmpp", $toaddr, $subject, $text, null, $link);
 }
 
 ?>

src/messenger/webim/libs/operator.php

@@ -15,6 +15,8 @@
  * limitations under the License.
  */
 
+$remember_cookie_name = 'mibew_operator';
+
 $can_administrate = 0;
 $can_takeover = 1;
 $can_viewthreads = 2;
@@ -34,7 +36,7 @@ function operator_by_login($login)
 	global $mysqlprefix;
 	$link = connect();
 	$operator = select_one_row(
-		"select * from ${mysqlprefix}chatoperator where vclogin = '" . mysql_real_escape_string($login) . "'", $link);
+		"select * from ${mysqlprefix}chatoperator where vclogin = '" . mysql_real_escape_string($login, $link) . "'", $link);
 	mysql_close($link);
 	return $operator;
 }
@@ -53,7 +55,7 @@ function operator_by_id_($id, $link)
 {
 	global $mysqlprefix;
 	return select_one_row(
-		"select * from ${mysqlprefix}chatoperator where operatorid = $id", $link);
+		"select * from ${mysqlprefix}chatoperator where operatorid = " . intval($id), $link);
 }
 
 function operator_by_id($id)
@@ -94,21 +96,22 @@ function operator_is_away($operator)
 	return $operator['istatus'] != 0 && $operator['time'] < $settings['online_timeout'] ? "1" : "";
 }
 
-function update_operator($operatorid, $login, $email, $password, $localename, $commonname)
+function update_operator($operatorid, $login, $email, $jabber, $password, $localename, $commonname, $notify)
 {
 	global $mysqlprefix;
 	$link = connect();
 	$query = sprintf(
 		"update ${mysqlprefix}chatoperator set vclogin = '%s',%s vclocalename = '%s', vccommonname = '%s'" .
-		", vcemail = '%s', vcjabbername= '%s'" .
+		", vcemail = '%s', vcjabbername= '%s', inotify = %s" .
 		" where operatorid = %s",
-		mysql_real_escape_string($login),
+		mysql_real_escape_string($login, $link),
-		($password ? " vcpassword='" . md5($password) . "'," : ""),
+		($password ? " vcpassword='" . mysql_real_escape_string(calculate_password_hash($login, $password), $link) . "'," : ""),
-		mysql_real_escape_string($localename),
+		mysql_real_escape_string($localename, $link),
-		mysql_real_escape_string($commonname),
+		mysql_real_escape_string($commonname, $link),
-		mysql_real_escape_string($email),
+		mysql_real_escape_string($email, $link),
-		'',
+		mysql_real_escape_string($jabber, $link),
-		$operatorid);
+		intval($notify),
+		intval($operatorid));
 
 	perform_query($query, $link);
 	mysql_close($link);
@@ -120,34 +123,36 @@ function update_operator_avatar($operatorid, $avatar)
 	$link = connect();
 	$query = sprintf(
 		"update ${mysqlprefix}chatoperator set vcavatar = '%s' where operatorid = %s",
-		mysql_real_escape_string($avatar), $operatorid);
+		mysql_real_escape_string($avatar, $link), intval($operatorid));
 
 	perform_query($query, $link);
 	mysql_close($link);
 }
 
-function create_operator_($login, $email, $password, $localename, $commonname, $avatar, $link)
+function create_operator_($login, $email, $jabber, $password, $localename, $commonname, $notify, $avatar, $link)
 {
 	global $mysqlprefix;
 	$query = sprintf(
-		"insert into ${mysqlprefix}chatoperator (vclogin,vcpassword,vclocalename,vccommonname,vcavatar,vcemail,vcjabbername) values ('%s','%s','%s','%s','%s','%s','%s')",
+		"insert into ${mysqlprefix}chatoperator (vclogin,vcpassword,vclocalename,vccommonname,vcavatar,vcemail,vcjabbername,inotify) values ('%s','%s','%s','%s','%s','%s','%s',%s)",
-		mysql_real_escape_string($login),
+		mysql_real_escape_string($login, $link),
-		md5($password),
+		mysql_real_escape_string(calculate_password_hash($login, $password), $link),
-		mysql_real_escape_string($localename),
+		mysql_real_escape_string($localename, $link),
-		mysql_real_escape_string($commonname),
+		mysql_real_escape_string($commonname, $link),
-		mysql_real_escape_string($avatar),
+		mysql_real_escape_string($avatar, $link),
-		mysql_real_escape_string($email), '');
+		mysql_real_escape_string($email, $link),
+		mysql_real_escape_string($jabber, $link),
+		intval($notify));
 
 	perform_query($query, $link);
 	$id = mysql_insert_id($link);
 
-	return select_one_row("select * from ${mysqlprefix}chatoperator where operatorid = $id", $link);
+	return select_one_row("select * from ${mysqlprefix}chatoperator where operatorid = " . intval($id), $link);
 }
 
-function create_operator($login, $email, $password, $localename, $commonname, $avatar)
+function create_operator($login, $email, $jabber, $password, $localename, $commonname, $notify, $avatar)
 {
 	$link = connect();
-	$newop = create_operator_($login, $email, $password, $localename, $commonname, $avatar, $link);
+	$newop = create_operator_($login, $email, $jabber, $password, $localename, $commonname, $notify, $avatar, $link);
 	mysql_close($link);
 	return $newop;
 }
@@ -156,7 +161,7 @@ function notify_operator_alive($operatorid, $istatus)
 {
 	global $mysqlprefix;
 	$link = connect();
-	perform_query("update ${mysqlprefix}chatoperator set istatus = $istatus, dtmlastvisited = CURRENT_TIMESTAMP where operatorid = $operatorid", $link);
+	perform_query(sprintf("update ${mysqlprefix}chatoperator set istatus = %s, dtmlastvisited = CURRENT_TIMESTAMP where operatorid = %s", intval($istatus), intval($operatorid)), $link);
 	mysql_close($link);
 }
 
@@ -167,7 +172,7 @@ function has_online_operators($groupid = "")
 	$link = connect();
 	$query = "select count(*) as total, min(unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time from ${mysqlprefix}chatoperator";
 	if ($groupid) {
-		$query .= ", ${mysqlprefix}chatgroupoperator where groupid = $groupid and ${mysqlprefix}chatoperator.operatorid = " .
+		$query .= ", ${mysqlprefix}chatgroupoperator where groupid = " . intval($groupid) . " and ${mysqlprefix}chatoperator.operatorid = " .
 				  "${mysqlprefix}chatgroupoperator.operatorid and istatus = 0";
 	} else {
 		$query .= " where istatus = 0";
@@ -182,7 +187,7 @@ function is_operator_online($operatorid, $link)
 	global $settings, $mysqlprefix;
 	loadsettings_($link);
 	$query = "select count(*) as total, min(unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time " .
-			 "from ${mysqlprefix}chatoperator where operatorid = $operatorid";
+			 "from ${mysqlprefix}chatoperator where operatorid = " . intval($operatorid);
 	$row = select_one_row($query, $link);
 	return $row['time'] < $settings['online_timeout'] && $row['total'] == 1;
 }
@@ -200,18 +205,18 @@ function append_query($link, $pv)
 {
 	$infix = '?';
 	if (strstr($link, $infix) !== FALSE)
-		$infix = '&amp;';
+		$infix = '&';
 	return "$link$infix$pv";
 }
 
 function check_login($redirect = true)
 {
-	global $webimroot, $mysqlprefix;
+	global $mibewroot, $mysqlprefix, $remember_cookie_name;
 	if (!isset($_SESSION["${mysqlprefix}operator"])) {
-		if (isset($_COOKIE['webim_lite'])) {
+		if (isset($_COOKIE[$remember_cookie_name])) {
-			list($login, $pwd) = preg_split("/,/", $_COOKIE['webim_lite'], 2);
+			list($login, $pwd) = preg_split('/\x0/', base64_decode($_COOKIE[$remember_cookie_name]), 2);
 			$op = operator_by_login($login);
-			if ($op && isset($pwd) && isset($op['vcpassword']) && md5($op['vcpassword']) == $pwd) {
+			if ($op && isset($pwd) && isset($op['vcpassword']) && calculate_password_hash($op['vclogin'], $op['vcpassword']) == $pwd) {
 				$_SESSION["${mysqlprefix}operator"] = $op;
 				return $op;
 			}
@@ -222,7 +227,7 @@ function check_login($redirect = true)
 		}
 		if ($redirect) {
 			$_SESSION['backpath'] = $requested;
-			header("Location: $webimroot/operator/login.php");
+			header("Location: $mibewroot/operator/login.php");
 			exit;
 		} else {
 			return null;
@@ -237,32 +242,32 @@ function get_logged_in()
 	return isset($_SESSION["${mysqlprefix}operator"]) ? $_SESSION["${mysqlprefix}operator"] : FALSE;
 }
 
-function login_operator($operator, $remember)
+function login_operator($operator, $remember, $https = FALSE)
 {
-	global $webimroot, $mysqlprefix;
+	global $mibewroot, $mysqlprefix, $remember_cookie_name;
 	$_SESSION["${mysqlprefix}operator"] = $operator;
 	if ($remember) {
-		$value = $operator['vclogin'] . "," . md5($operator['vcpassword']);
+		$value = base64_encode($operator['vclogin'] . "\x0" . calculate_password_hash($operator['vclogin'], $operator['vcpassword']));
-		setcookie('webim_lite', $value, time() + 60 * 60 * 24 * 1000, "$webimroot/");
+		setcookie($remember_cookie_name, $value, time() + 60 * 60 * 24 * 1000, "$mibewroot/", NULL, $https, TRUE);
 
-	} else if (isset($_COOKIE['webim_lite'])) {
+	} else if (isset($_COOKIE[$remember_cookie_name])) {
-		setcookie('webim_lite', '', time() - 3600, "$webimroot/");
+		setcookie($remember_cookie_name, '', time() - 3600, "$mibewroot/");
 	}
 }
 
 function logout_operator()
 {
-	global $webimroot, $mysqlprefix;
+	global $mibewroot, $mysqlprefix, $remember_cookie_name;
 	unset($_SESSION["${mysqlprefix}operator"]);
 	unset($_SESSION['backpath']);
-	if (isset($_COOKIE['webim_lite'])) {
+	if (isset($_COOKIE[$remember_cookie_name])) {
-		setcookie('webim_lite', '', time() - 3600, "$webimroot/");
+		setcookie($remember_cookie_name, '', time() - 3600, "$mibewroot/");
 	}
 }
 
 function setup_redirect_links($threadid, $token)
 {
-	global $page, $webimroot, $settings, $mysqlprefix;
+	global $page, $mibewroot, $settings, $mysqlprefix;
 	loadsettings();
 	$link = connect();
 
@@ -286,7 +291,7 @@ function setup_redirect_links($threadid, $token)
 
 	$operators = select_multi_assoc(db_build_select(
 										"operatorid, vclogin, vclocalename, vccommonname, istatus, (unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time",
-										"${mysqlprefix}chatoperator", array(), "order by vclogin $limit"), $link);
+										"${mysqlprefix}chatoperator", array(), "order by vclogin " . $limit), $link);
 
 	$groups = array_slice($groups, $p['start'], $p['end'] - $p['start']);
 	mysql_close($link);
@@ -301,9 +306,9 @@ function setup_redirect_links($threadid, $token)
 						: getlocal("char.redirect.operator.away_suff")
 				)
 				: "";
-		$agent_list .= "<li><a href=\"" . add_params($webimroot . "/operator/redirect.php", $params) .
+		$agent_list .= "<li><a href=\"" . add_params($mibewroot . "/operator/redirect.php", $params) .
-					   "\" title=\"" . topage(get_operator_name($agent)) . "\">" .
+					   "\" title=\"" . safe_htmlspecialchars(topage(get_operator_name($agent))) . "\">" .
-					   topage(get_operator_name($agent)) .
+					   safe_htmlspecialchars(topage(get_operator_name($agent))) .
 					   "</a> $status</li>";
 	}
 	$page['redirectToAgent'] = $agent_list;
@@ -318,9 +323,9 @@ function setup_redirect_links($threadid, $token)
 					: ($group['ilastseenaway'] !== NULL && $group['ilastseenaway'] < $settings['online_timeout']
 							? getlocal("char.redirect.operator.away_suff")
 							: "");
-			$group_list .= "<li><a href=\"" . add_params($webimroot . "/operator/redirect.php", $params) .
+			$group_list .= "<li><a href=\"" . add_params($mibewroot . "/operator/redirect.php", $params) .
-						   "\" title=\"" . topage(get_group_name($group)) . "\">" .
+						   "\" title=\"" . safe_htmlspecialchars(topage(get_group_name($group))) . "\">" .
-						   topage(get_group_name($group)) .
+						   safe_htmlspecialchars(topage(get_group_name($group))) .
 						   "</a> $status</li>";
 		}
 	}
@@ -395,10 +400,39 @@ function get_operator_groupids($operatorid)
 {
 	global $mysqlprefix;
 	$link = connect();
-	$query = "select groupid from ${mysqlprefix}chatgroupoperator where operatorid = $operatorid";
+	$query = "select groupid from ${mysqlprefix}chatgroupoperator where operatorid = " . intval($operatorid);
 	$result = select_multi_assoc($query, $link);
 	mysql_close($link);
 	return $result;
 }
 
+function calculate_password_hash($login, $password)
+{
+	$hash = '*0';
+	if (CRYPT_BLOWFISH == 1) {
+		if (defined('PHP_VERSION_ID') && (PHP_VERSION_ID > 50306)) {
+			$hash = crypt($password, '$2y$08$' . $login);
+		}
+		else {
+			$hash = crypt($password, '$2a$08$' . $login);
+		}
+        }
+
+	if ( (CRYPT_MD5 == 1) && !strcmp($hash, '*0') ) {
+		$hash = crypt($password, '$1$' . $login);
+	}
+
+	return strcmp($hash, '*0') ? $hash : md5($password);
+}
+
+function check_password_hash($login, $password, $hash)
+{
+	if (preg_match('/^\$/', $hash)) {
+		return !strcmp(calculate_password_hash($login, $password), $hash);
+	}
+	else {
+		return !strcmp(md5($password), $hash);
+	}
+}
+
 ?>

src/messenger/webim/libs/operator_settings.php

@@ -17,23 +17,25 @@
 
 function setup_operator_settings_tabs($opId, $active)
 {
-	global $page, $webimroot, $settings;
+	global $page, $mibewroot, $settings;
 	loadsettings();
 
 	if ($opId) {
+		$page['tabselected'] = $active;
 		if ($settings['enablegroups'] == '1') {
 			$page['tabs'] = array(
-				getlocal("page_agent.tab.main") => $active != 0 ? "$webimroot/operator/operator.php?op=$opId" : "",
+				array('title' => getlocal("page_agent.tab.main"), 'link' => "$mibewroot/operator/operator.php?op=$opId"),
-				getlocal("page_agent.tab.avatar") => $active != 1 ? "$webimroot/operator/avatar.php?op=$opId" : "",
+				array('title' => getlocal("page_agent.tab.avatar"), 'link' => "$mibewroot/operator/avatar.php?op=$opId"),
-				getlocal("page_agent.tab.groups") => $active != 2 ? "$webimroot/operator/opgroups.php?op=$opId" : "",
+				array('title' => getlocal("page_agent.tab.groups"), 'link' => "$mibewroot/operator/opgroups.php?op=$opId"),
-				getlocal("page_agent.tab.permissions") => $active != 3 ? "$webimroot/operator/permissions.php?op=$opId" : ""
+				array('title' => getlocal("page_agent.tab.permissions"), 'link' => "$mibewroot/operator/permissions.php?op=$opId"),
 			);
 		} else {
 			$page['tabs'] = array(
-				getlocal("page_agent.tab.main") => $active != 0 ? "$webimroot/operator/operator.php?op=$opId" : "",
+				array('title' => getlocal("page_agent.tab.main"), 'link' => "$mibewroot/operator/operator.php?op=$opId"),
-				getlocal("page_agent.tab.avatar") => $active != 1 ? "$webimroot/operator/avatar.php?op=$opId" : "",
+				array('title' => getlocal("page_agent.tab.avatar"), 'link' => "$mibewroot/operator/avatar.php?op=$opId"),
-				getlocal("page_agent.tab.permissions") => $active != 3 ? "$webimroot/operator/permissions.php?op=$opId" : ""
+				array('title' => getlocal("page_agent.tab.permissions"), 'link' => "$mibewroot/operator/permissions.php?op=$opId"),
 			);
+			if ($active == 3) $active--;
 		}
 	} else {
 		$page['tabs'] = array();

src/messenger/webim/libs/pagination.php

@@ -18,31 +18,33 @@
 $pagination_spacing = "   ";
 $links_on_page = 5;
 
-function generate_pagination_link($page, $title)
+function generate_pagination_link($page, $title, $raw = false)
 {
 	$lnk = $_SERVER['REQUEST_URI'];
 	$href = preg_replace("/\?page=\d+\&/", "?", preg_replace("/\&page=\d+/", "", $lnk));
 	$href .= strstr($href, "?") ? "&page=$page" : "?page=$page";
-	return "<a href=\"" . htmlspecialchars($href) . "\" class=\"pagelink\">$title</a>";
+	return "<a href=\"" . safe_htmlspecialchars($href) . "\" class=\"pagelink\">" . ($raw ? $title : safe_htmlspecialchars($title)) . "</a>";
 }
 
 function generate_pagination_image($id, $alt)
 {
-	global $webimroot;
+	global $mibewroot;
-	return "<img src=\"$webimroot/images/$id.gif\" border=\"0\" alt=\"" . htmlspecialchars($alt) . "\"/>";
+	return "<img src=\"$mibewroot/images/$id.gif\" border=\"0\" alt=\"" . safe_htmlspecialchars($alt) . "\"/>";
 }
 
 function prepare_pagination($items_count, $default_items_per_page = 15)
 {
 	global $page;
 
+	$items_count = intval($items_count);
+
 	if ($items_count) {
-		$items_per_page = verifyparam("items", "/^\d{1,3}$/", $default_items_per_page);
+		$items_per_page = intval(verifyparam("items", "/^\d{1,3}$/", $default_items_per_page));
 		if ($items_per_page < 2)
 			$items_per_page = 2;
 
 		$total_pages = div($items_count + $items_per_page - 1, $items_per_page);
-		$curr_page = verifyparam("page", "/^\d{1,6}$/", 1);
+		$curr_page = intval(verifyparam("page", "/^\d{1,6}$/", 1));
 
 		if ($curr_page < 1)
 			$curr_page = 1;
@@ -105,14 +107,14 @@ function generate_pagination($pagination, $bottom = true)
 		} else {
 			$result .= "<br/>";
 		}
-		$result .= "<div class='pagination'>";
+		$result .= "<div class=\"pagination\">";
 		$curr_page = $pagination['page'];
 
 		$minPage = max($curr_page - $links_on_page, 1);
 		$maxPage = min($curr_page + $links_on_page, $pagination['total']);
 
 		if ($curr_page > 1) {
-			$result .= generate_pagination_link($curr_page - 1, generate_pagination_image("prevpage", getlocal("tag.pagination.previous"))) . $pagination_spacing;
+			$result .= generate_pagination_link($curr_page - 1, generate_pagination_image("prevpage", getlocal("tag.pagination.previous")), true) . $pagination_spacing;
 		}
 
 		for ($i = $minPage; $i <= $maxPage; $i++) {
@@ -126,7 +128,7 @@ function generate_pagination($pagination, $bottom = true)
 		}
 
 		if ($curr_page < $pagination['total']) {
-			$result .= $pagination_spacing . generate_pagination_link($curr_page + 1, generate_pagination_image("nextpage", getlocal("tag.pagination.next")));
+			$result .= $pagination_spacing . generate_pagination_link($curr_page + 1, generate_pagination_image("nextpage", getlocal("tag.pagination.next")), true);
 		}
 		$result .= "</div>";
 	}

src/messenger/webim/libs/settings.php

@@ -21,9 +21,9 @@ function update_settings()
 	$link = connect();
 	foreach ($settings as $key => $value) {
 		if (!isset($settings_in_db[$key])) {
-			perform_query("insert into ${mysqlprefix}chatconfig (vckey) values ('$key')", $link);
+			perform_query("insert into ${mysqlprefix}chatconfig (vckey) values ('" . mysql_real_escape_string($key, $link) . "')", $link);
 		}
-		$query = sprintf("update ${mysqlprefix}chatconfig set vcvalue='%s' where vckey='$key'", mysql_real_escape_string($value));
+		$query = sprintf("update ${mysqlprefix}chatconfig set vcvalue='%s' where vckey='%s'", mysql_real_escape_string($value, $link), mysql_real_escape_string($key, $link));
 		perform_query($query, $link);
 	}
 
@@ -32,13 +32,14 @@ function update_settings()
 
 function setup_settings_tabs($active)
 {
-	global $page, $webimroot;
+	global $page, $mibewroot;
+	$page['tabselected'] = $active;
 	$page['tabs'] = array(
-		getlocal("page_settings.tab.main") => $active != 0 ? "$webimroot/operator/settings.php" : "",
+		array('title' => getlocal("page_settings.tab.main"), 'link' => "$mibewroot/operator/settings.php"),
-		getlocal("page_settings.tab.features") => $active != 1 ? "$webimroot/operator/features.php" : "",
+		array('title' => getlocal("page_settings.tab.features"), 'link' => "$mibewroot/operator/features.php"),
-		getlocal("page_settings.tab.performance") => $active != 2 ? "$webimroot/operator/performance.php" : "",
+		array('title' => getlocal("page_settings.tab.performance"), 'link' => "$mibewroot/operator/performance.php"),
-		getlocal("page_settings.tab.themes") => $active != 3 ? "$webimroot/operator/themes.php" : "",
+		array('title' => getlocal("page_settings.tab.themes"), 'link' => "$mibewroot/operator/themes.php"),
 	);
 }
 
-?>
+?>

src/messenger/webim/libs/userinfo.php

@@ -50,9 +50,9 @@ function get_user_addr($addr)
 	global $settings;
 	if ($settings['geolink'] && preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $addr, $matches)) {
 		$userip = $matches[1];
-		return get_popup(str_replace("{ip}", $userip, $settings['geolink']), '', htmlspecialchars($addr), "GeoLocation", "ip$userip", $settings['geolinkparams']);
+		return get_popup(safe_htmlspecialchars(str_replace("{ip}", $userip, $settings['geolink'])), '', safe_htmlspecialchars($addr), "GeoLocation", safe_htmlspecialchars("ip$userip"), safe_htmlspecialchars($settings['geolinkparams']));
 	}
-	return htmlspecialchars($addr);
+	return safe_htmlspecialchars($addr);
 }
 
 ?>

src/messenger/webim/locales/ar/properties

@@ -99,7 +99,7 @@ clients.queue.chat=محادثة زائر
 clients.queue.prio=طابر أفضلية الزوار
 clients.queue.wait=ينتظر مقدم اخدمة من بداية الوقت
 clients.title=قائمة الزوار المنتظرين
-common.asterisk_explanation=<b><span style='font-size:8.0pt;color:red'>*</span></b> - حقل إلزامي
+common.asterisk_explanation=<b><span style="font-size:8.0pt;color:red">*</span></b> - حقل إلزامي
 company.title=Mibew Messenger مجموعة
 confirm.take.head=تغيير مقدم الخدمة
 confirm.take.message=الزائر <span style="color:blue;">{0}</span> يتحادث مع مقدم الخدمة<span style="color:green;">{1}</span>.<br/>هل ترغب في بدأ المحادثة مع الزائر؟

src/messenger/webim/locales/be/properties

@@ -99,7 +99,7 @@ clients.queue.chat=
 clients.queue.prio=Ïðûÿðûòýòíàÿ ÷àðãà íàâåäâàëüí³êà¢
 clients.queue.wait=×àêàþöü àïåðàòàðà ¢ ïåðøû ðàç
 clients.title=Ñï³ñ íàâåäâàëüí³êà¢, ÿê³ÿ ÷àêàþöü
-common.asterisk_explanation=<b><span style='font-size:8.0pt;color:red'>*</span></b> - ïàë³, àáàâÿçêîâûÿ äëÿ çàïà¢íåííÿ
+common.asterisk_explanation=<b><span style="font-size:8.0pt;color:red">*</span></b> - ïàë³, àáàâÿçêîâûÿ äëÿ çàïà¢íåííÿ
 company.title=Mibew Messenger Community
 confirm.take.head=Çìÿí³öü àïåðàòàðà
 confirm.take.message=Ç íàâåäâàëüí³êàì <span style="color:blue;">{0}</span> óæî ãóòàðûöü <span style="color:green;">{1}</span>.<br/>Âû ¢ïý¢íåíû øòî æàäàåöå çìÿí³öü ÿãî?

src/messenger/webim/locales/bg/properties

@@ -99,7 +99,7 @@ clients.queue.chat=
 clients.queue.prio=Ïðåâèëèãåðîâàíè î÷àêâàùè ïîñåòèòåëè
 clients.queue.wait=Î÷àêâàùè îïåðàòîð çà ïúðâè ïúò
 clients.title=Ñïèñúê ñ î÷àêâàùè ïîñåòèòåëè
-common.asterisk_explanation=<b><span style='font-size:8.0pt;color:red'>*</span></b> - çàäúëæèòåëíè ïîëåòà
+common.asterisk_explanation=<b><span style="font-size:8.0pt;color:red">*</span></b> - çàäúëæèòåëíè ïîëåòà
 company.title=Mibew Messenger Community
 confirm.take.head=Ñìÿíà íà îïåðàòîð
 confirm.take.message=Ñ ïîñåòèòåëÿò <span style="color:blue;">{0}</span> âå÷å ãîâîðè <span style="color:green;">{1}</span>.<br/>Âèå ñèãóðíè ëè ñòå, ÷å èñêàòå äà ãî ñìåíèòå?

src/messenger/webim/locales/ca/properties

@@ -95,7 +95,7 @@ clients.queue.chat=Visitant dialogant
 clients.queue.prio=Visitant amb prioritat per a atenció
 clients.queue.wait=Esperant operador per primera vegada
 clients.title=Llista de visitants en espera
-common.asterisk_explanation=<b><span style='font-size:8.0pt;color:red'>*</span></b> - camps obligatoris
+common.asterisk_explanation=<b><span style="font-size:8.0pt;color:red">*</span></b> - camps obligatoris
 company.title=Mibew Messenger Comunitat
 confirm.take.head=Canviar operador
 confirm.take.message=Visitant <span style="color:blue;">{0}</span> és actualment servit per <span style="color:green;">{1}</span>.<br/>Està vostè segur que vol iniciar conversa amb els visitants?
@@ -275,7 +275,7 @@ page.preview.userchat=Finestra de XAT (mode-usuari)
 page.translate.descr=Si no us agrada la traducció, si us plau els vostres suggeriments.
 page.translate.done=La teva traducció ha estat desada.
 page.translate.one=Introdueix la teva traducció.
-page.translate.title=Traducció Open WebIM
+page.translate.title=Traducció Mibew
 page_agent.cannot_modify=Tu no tens permís per canviar aquest perfil personal.
 page_agent.clear_avatar=Eliminar avatar
 page_agent.create_new=Aquí pot crear un nou operador.

src/messenger/webim/locales/cs/properties

@@ -70,7 +70,7 @@ chat.window.title.user=Mibew Messenger
 chat.window.toolbar.mail_history=Odeslat záznam chatu e-mailem
 chat.window.toolbar.redirect_user=Přesměrovat návštěvníka na jiného operátora
 chat.window.toolbar.refresh=Aktualizovat
-common.asterisk_explanation=<b><span style='font-size:8.0pt;color:red'>*</span></b> - povinné položky
+common.asterisk_explanation=<b><span style="font-size:8.0pt;color:red">*</span></b> - povinné položky
 company.title=Mibew Messenger Community
 confirm.take.head=Změna operátora
 confirm.take.message=Návštěvníkovi <span style="color:blue;">{0}</span> se již věnuje <span style="color:green;">{1}</span>.<br/> Jste si jisti, že chcete zahájit chat s návštěvníkem?

src/messenger/webim/locales/da/properties

@@ -3,19 +3,42 @@ output_charset=utf-8
 output_encoding=utf-8
 admin.content.client_agents=Opret, slet firma operatører. Håndter deres rettigheder.
 admin.content.client_gen_button=HTML code generator knap.
+admin.content.description=Tilladte funktioner for administratorer.
+agent.not_logged_in=Din session er udløbet. Venligst login igen
+app.descr=Mibew Messenger er et open-source live support program.
 app.title=Mibew Messenger
+ban.error.duplicate=Adressen er allerede i brug, klik <a href="ban.php?id={1}">her</a> for at ændre det.
 button.delete=Slet
+button.enter=Enter
 button.offline.bottom=Læg din besked
 button.offline.top=Side konsulent
 button.offline=OFFLINE
+button.online.bottom=Hvad vil du spørge os om
+button.online.top=Supporter
 button.online=ONLINE
-canned.descr=Rediger de spørgsmål du typisk bruger i chatten
+button.save=Gem
-canned.locale=Sprog
+button.search=Søg
+canned.actions.del=fjern
+canned.actions.edit=rediger
+canned.actions=Ændre
+canned.add=Tilføj besked...
+canned.descr=Rediger de spørgsmål du oftest anvender i chatten.
+canned.group=Grupper:
+canned.locale=Sprog:
+canned.title=Pre-definerede beskeder
+cannededit.descr=Rediger en eksisterende besked.
 cannededit.done=Gemt
+cannededit.message=Besked
+cannededit.no_such=Der er ingen besked der matcher
+cannededit.title=Rediger besked
+cannednew.descr=Tilføj ny besked.
+cannednew.title=Ny besked
+char.redirect.operator.away_suff=(ikke tilstede)
 char.redirect.operator.online_suff=Online
-chat.came.from=Besøgende kom fra side {0}
+chat.came.from=Besøgende kom fra følgende side {0}
 chat.client.changename=Skift navn
 chat.client.name=Du er
+chat.client.spam.prefix=[spam]&nbsp;
 chat.client.visited.page=Besøgende navigerede til {0}
 chat.default.username=Besøgende
 chat.error_page.close=Luk...
@@ -26,19 +49,35 @@ chat.mailthread.sent.closewindow=Klik på dette link for at lukke vinduet
 chat.mailthread.sent.content=Din chat-historik er sendt til {0}
 chat.mailthread.sent.title=Sendt
 chat.predefined_answers=Hejsa - kan jeg hjælpe med noget?\nVelkommen til vores support! Kan jeg hjælpe med noget?
+chat.redirect.back=Tilbage...
+chat.redirect.cannot=Du chatter nu med besøgende.
+chat.redirect.choose=Vælg:
+chat.redirect.group=Gruppe:
+chat.redirect.operator=Supporter:
+chat.redirect.title=Videresend til<br/>en anden supporter
+chat.redirected.close=Luk...
+chat.redirected.closewindow=Tryk for at lukke vinduet
+chat.redirected.content=Den besøgende blev sat i prioriteret kø af supporter {0}.
+chat.redirected.group.content=Den besøgende blev sat i prioriteret kø for gruppe {0}.
+chat.redirected.title=Den besøgende blev videresendt til en anden supporter
 chat.status.operator.changed=Operatøren {0} skiftede operatør {1}
 chat.status.operator.dead=Operatøren har problemer med at forbinde og vi har midlertidigt anbragt dig forest i køen. Beklager ventetiden.
 chat.status.operator.joined=Operatøren {0} er kommet ind i chatten
 chat.status.operator.left=Operatøren {0} har forladt chatten
+chat.status.operator.redirect=Supporten har videresendt til til en anden supporter. Vent venligst
 chat.status.operator.returned=Operatøren {0} er tilbage
 chat.status.user.changedname=Besøgende har ændret sit navn fra {0} til {1}
 chat.status.user.dead=Besøgende har lukket chat vinduet
 chat.status.user.left=Besøgende {0} har forladt chatten
 chat.status.user.reopenedthread=Besøgende er kommet tilbage til chatten igen
+chat.thread.state_chatting_with_agent=Chatter
 chat.thread.state_closed=Lukkede
+chat.thread.state_loading=Loader
+chat.thread.state_wait=I kø
+chat.thread.state_wait_for_another_agent=Venter på en supporter
 chat.visitor.email=E-mail: {0}
 chat.visitor.info=Info: {0}
-chat.wait=Tak for at du kontakter os. En operatør vil være klar om et øjeblik...
+chat.wait=Tak for at du kontakter os. En supporter vil være klar om et øjeblik...
 chat.window.chatting_with=Du chatter med:
 chat.window.close_title=Luk chatten
 chat.window.poweredby=Kører på:
@@ -50,20 +89,93 @@ chat.window.send_message_short=Send ({0})
 chat.window.title.agent=Mibew Messenger
 chat.window.title.user=Mibew Messenger
 chat.window.toolbar.mail_history=Send chat historik via e-mail
-chat.window.toolbar.redirect_user=Videresend den besøgende til en anden operatør
+chat.window.toolbar.redirect_user=Videresend den besøgende til en anden supporter
 chat.window.toolbar.refresh=Opdater
+clients.how_to=Tryk på den besøgendes navn for at svare.
+clients.intro=Denne side viser en liste over ventende besøgende.
+clients.no_clients=Der er ingen i kø
+clients.queue.prio=Prioritér kø
+clients.queue.wait=Venter på en supporter for første gang
+clients.title=Liste over besøgende der venter
+common.asterisk_explanation=<b><span style="font-size:8.0pt;color:red">*</span></b> - påkrævede felter
 company.title=Mibew Messenger Community
+confirm.take.head=Vælg ny supporter
+confirm.take.message=Besøgende <span style="color:blue;">{0}</span> bliver allerede hjulpet af <span style="color:green;">{1}</span>.<br/> Er du sikker på, at du vil igangsætte endnu en chat session?
+confirm.take.no=Nej, luk vinduet
+confirm.take.yes=Ja, jeg er sikker
+content.history=Søg i tidligere dialoger
 content.logoff=Log ud af systemet
+data.saved=Ændringerne er gemt
+demo.chat.question=Der er så mange browsere at vælge imellem. Hvilke anbefaler du?
+demo.chat.welcome=Hej. Hvad kan jeg hjælpe med?
 errors.captcha=De indtastede bogstaver stemmer ikke overens med dem i billedet.
+errors.failed.uploading.file=Der skete en fejl ved upload af "{0}": {1}.
+errors.file.move.error=Der skete en fejl under flytning af fil
+errors.file.size.exceeded=Den uploadede fil er for stor
+errors.footer=</ul>
+errors.header=<b>Ret venligst følgende fejl:</b><br/><ul>
+errors.invalid.file.type=Ukendt filtype
 errors.required=Udfyld venligst "{0}".
+errors.suffix=</li>
 errors.wrong_field=Udfyld venligst "{0}" korrekt.
+features.saved=Funktioner aktiveret
+form.field.address.description=Fx: 12.23.45.123 eller todo.com
+form.field.address=Besøgendes adresse
+form.field.agent_commonname.description=Navnet er synligt for besøgende.
+form.field.agent_commonname=Internationalt navn (Latin)
+form.field.agent_name.description=Navnet er synligt for besøgende.
+form.field.agent_name=Navn
+form.field.avatar.current.description=Dit billede
+form.field.avatar.current=Nuværende billede
+form.field.avatar.upload.description=Vælg venligst et billede til upload. <br/> Billedet må ikke overstige 100x100 px.
+form.field.avatar.upload=Upload billede
+form.field.ban_comment=Kommentér
+form.field.ban_days.description=Antal dage denne adresse er blokeret
+form.field.ban_days=Dage
 form.field.email=Din e-mail
+form.field.groupcommondesc.description=Beskrivelse på dansk
+form.field.groupcommondesc=International beskrivelse
+form.field.groupcommonname.description=Engelsk navn.
+form.field.groupcommonname=International navn
+form.field.groupdesc.description=Beskrivelse af gruppe.
+form.field.groupdesc=Beskrivelse
+form.field.groupemail.description=Gruppe email for notifikationer. Ved tomt felt bruges standard adressen.
+form.field.groupname.description=Navn til at identificere gruppen.
+form.field.groupname=Navn
+form.field.login.description=Login kan bestå af små bogstaver og understreger.
+form.field.login=Login
+form.field.mail.description=Til notifikationer og generhvervelse af adgangskoder.
+form.field.mail=Email
 form.field.message=Besked
 form.field.name=Dit navn
+form.field.password.description=Indtast en ny adgangskode eller lad feltet forblive tomt for at beholde forrige kode.
+form.field.password=Adgangskode
+form.field.password_confirm.description=Bekræft adgangskode.
+form.field.password_confirm=Bekræftelse
+form.field.translation=Oversættelse
 harderrors.header=<b>Kan ikke eksekvere:</b><br/><ul>
+image.button.login=/locales/da/images/login.gif
+image.button.save=locales/da/images/save.gif
+image.button.search=locales/da/images/search.gif
 image.chat.history=/locales/da/images/history.gif
 image.chat.message=/locales/da/images/message.gif
 image.chat.sprite=/locales/da/images/wmchat.png
+install.0.app=Applikationssti er {0}
+install.0.package=Mibew pakke er gyldig.
+install.2.create=Opret database "{0}"
+install.2.db_exists=Database "{0}" er oprettet.
+install.2.notice=Databasen blev ikke fundet på serveren. Hvis du har tilladelse til at oprette databasen, så skal du klikke på følgende link.
+install.3.create=Opret nødvendige tabeller.
+install.3.tables_exist=Nødvendige tabeller er oprettet.
+install.4.create=Opdater tabeller
+install.4.done=Tabelstrukturen er up to date.
+install.4.notice=Tabelstrukturen bør justeres til ny version af Messenger.
+install.5.newmessage=Ny besked
+install.5.newvisitor=Ny besøgende
+install.5.text=Klik for at tjekke lyden: {0} og {1}
+install.bad_checksum=Checksum er forskellig for {0}
+install.cannot_read=Kan ikke læse filen {0}
+lang.choose=Vælg sprog
 leavemail.body=Du har en besked fra {0}:\n\n{2}\n\nHans/hendes e-mail: {1}\n{3}
 leavemail.subject=Spørgsmål fra {0}
 leavemessage.close=Luk
@@ -72,6 +184,9 @@ leavemessage.perform=Indsend
 leavemessage.sent.message=Tak for at anvende vores service. Vi vil besvare din mail så hurtigt som muligt.
 leavemessage.sent.title=Din besked er sendt
 leavemessage.title=Angiv din besked
+leftMenu.client_agents=Supportere
+leftMenu.client_gen_button=Knap-kode
+leftMenu.client_settings=Indstillinger
 license.title=Licens
 localedirection=ltr  
 localeid=Danish (da)
@@ -81,10 +196,30 @@ mailthread.close=Luk...
 mailthread.enter_email=Indtast din e-mail:
 mailthread.perform=Send
 mailthread.title=Send chat historik<br/>via e-mail
+menu.agents=Supporterliste
+menu.blocked=Blokerede besøgende
+menu.canned=Pre-definerede beskeder
+menu.goonline=Du er OFFLINE.<br/><a href="{0}">Forbind..</a>
+menu.groups=Grupper
+menu.locale=Sprog
+menu.operator=Du er {0}
+menu.profile=Profil
+menu.translate=Lokalisér
+menu.updates.content=Tjek for nyheder og opdateringer.
+menu.updates=Opdateringer
 page.chat.old_browser.close=Luk...
 page.chat.old_browser.list=<ul>\n<li>Internet Explorer 5.5+</li>\n<li>Fireforx 1.0+</li>\n<li>Opera 8.0+</li>\n<li>Mozilla 1.4+</li>\n<li>Netscape 7.1+</li>\n<li>Safari 1.2+</li>\n</ul>\n<p>Vi understøtter også nogle ældre browsers:</p>\n<ul>\n<li>Internet Explorer 5.0</li>\n<li>Opera 7.0</li>\n</ul>
 page.chat.old_browser.problem=<p>Din browser er ikke fuldt ud kompatibel med Mibew Messenger.\nAnvend venligst end af browsers:</p>
 page.chat.old_browser.title=Anvend venligst en nyerer browser
+page_analysis.search.title=Historik
+page_bans.add=Tilføj adresse
+page_login.login=Login:
+page_login.password=Adgangskode:
+page_login.remember=Husk
+page_login.title=Login
+page_settings.tab.main=Generalt
+pending.table.head.name=Navn
+pending.table.head.operator=Supporter
 presurvey.department=Vælg afdeling:
 presurvey.intro=Tak for at du har kontaktet os. For bedre at kunne servicere dig, udfyld venligst formen nedenfor og klik Start chat knappen.
 presurvey.mail=E-mail:
@@ -92,7 +227,50 @@ presurvey.name=Navn:
 presurvey.question=Første spørgsmål:
 presurvey.submit=Start chat
 presurvey.title=Live support
+report.bydate.1=Dato
+report.bydate.2=Chat tråde
+right.other=Andet
+settings.usernamepattern=Besøgendes identifikator
+settings.wrong.email=Indtast en gyldig email
+settings.wrong.onehostconnections="Maks antal af tråde" feltet skal være tal
 site.title=mibew.org
 site.url=http://mibew.org
+statistics.dates=Vælg datoer
+statistics.description=Fra denne side kan du generere forskellige rapporter.
+statistics.from=Fra:
+statistics.till=Til:
+statistics.title=Statistikker
+statistics.wrong.dates=Du har valgt Fra dato efter Til dato
+tag.pagination.info=Side {0} af {1}, {2}-{3} af {4}
+tag.pagination.next=næste
+tag.pagination.no_items.elements=Ingen elemnter
+tag.pagination.no_items=Fandt 0 elementer
+tag.pagination.previous=tidligere
+thread.back_to_search=Gå til søgning
+thread.intro=Denne side viser detaljer og indhold for chatten.
+time.never=Aldrig
+time.timeformat=%I:%M %p
+time.today.at=I dag kl.
+time.yesterday.at=I går kl.
+topMenu.admin=Start
+topMenu.logoff=Exit
+topMenu.main=Start
+topMenu.users.nomenu=uden menu
+topMenu.users=Besøgende
+translate.direction=Vej:
+translate.show.all=Alle strenge
+translate.show.foradmin=Strenge for administratorer
+translate.show.foroperator=Strenge for supportere
+translate.show.forvisitor=Strenge for besøgende
+translate.show=Vis:
+translate.sort.key=Nøgle identifikator
+translate.sort.lang=Kildesprog streng
+translate.sort=Sorter efter:
 typing.remote=Bruger skriver...
 updates.current=Du bruger:
+updates.env=Miljø:
+updates.installed_locales=Installerede lokaliseringer:
+updates.intro=Messenger opdateringer.
+updates.latest=Seneste version:
+updates.news=Nyheder:
+updates.title=Opdateringer

src/messenger/webim/locales/de/properties

@@ -11,6 +11,8 @@ app.title=Live Support
 ban.error.duplicate=Addresse {0} ist schon vorhanden, klicke <a href="ban.php?id={1}">hier</a> um die Addresse zu ändern.
 button.delete=Löschen
 button.enter=OK
+button.offline.bottom=Nachricht hinterlassen
+button.offline=offline
 button.save=Speichern
 button.search=Suchen
 canned.actions.del=entfernen
@@ -273,7 +275,7 @@ page.preview.userchat=Chat Fenster (Benutzer-Modus)
 page.translate.descr=Wenn ihnen die Überstzung nicht gefällt, senden sie uns bitte ein Update.
 page.translate.done=Ihre Übersetzung wurde gespeichert.
 page.translate.one=Geben sie ihre Übersetzung ein.
-page.translate.title=Übersetze WebIM
+page.translate.title=Übersetze Mibew
 page_agent.cannot_modify=Sie haben nicht die Berechtigung das Profil dieser Person zu ändern.
 page_agent.clear_avatar=Avatar entfernen
 page_agent.create_new=Hier kann ein neuer Operator erstellt werden.

src/messenger/webim/locales/el/properties

@@ -99,7 +99,7 @@ clients.queue.chat=Επισκέπτες σε συνομιλίες
 clients.queue.prio=Επισκέπτες στην ουρά προτεραιότητας
 clients.queue.wait=Αναμονή για το χειριστή για πρώτη φορά
 clients.title=Κατάλογος των εν αναμονή επισκεπτών
-common.asterisk_explanation=<b><span style='font-size:8.0pt;color:red'>*</span></b> - υποχρεωτικά πεδία
+common.asterisk_explanation=<b><span style="font-size:8.0pt;color:red">*</span></b> - υποχρεωτικά πεδία
 company.title=Κοινότητα Συνομιλητή Mibew
 confirm.take.head=Αλλαγή χειριστή
 confirm.take.message=Ο Επισκέπτης <span style="color:blue;">{0}</span> βοηθιέται ήδη από τον <span style="color:green;">{1}</span>.<br/> Είστε πραγματικά σίγουροι ότι θέλετε να αρχίσετε να μιλάτε με τον επισκέπτη?

src/messenger/webim/locales/en/properties

@@ -56,6 +56,8 @@ chat.redirect.choose=Choose:
 chat.redirect.group=Group:
 chat.redirect.operator=Operator:
 chat.redirect.title=Redirect to<br/>another operator
+chat.redirect.unknown_group=Unknown group
+chat.redirect.unknown_operator=Unknown operator
 chat.redirected.close=Close...
 chat.redirected.closewindow=Click to close the window
 chat.redirected.content=The visitor has been placed in the priorty queue of the operator {0}.
@@ -92,6 +94,7 @@ chat.window.title.user=Mibew Messenger
 chat.window.toolbar.mail_history=Send chat history by e-mail
 chat.window.toolbar.redirect_user=Redirect visitor to another operator
 chat.window.toolbar.refresh=Refresh
+chat.window.toolbar.toggle_sound=Toggle sound on/off
 clients.how_to=To answer the visitor click their name in the list.
 clients.intro=This page displays a list of visitors who are waiting.
 clients.no_clients=The list of visitors waiting is empty
@@ -99,7 +102,7 @@ clients.queue.chat=Visitors in dialogs
 clients.queue.prio=Priority visitors' queue
 clients.queue.wait=Waiting an operator for the first time
 clients.title=List of visitors waiting
-common.asterisk_explanation=<b><span style='font-size:8.0pt;color:red'>*</span></b> - mandatory fields
+common.asterisk_explanation=<b><span style="font-size:8.0pt;color:red">*</span></b> - mandatory fields
 company.title=Mibew Messenger Community
 confirm.take.head=Change operator
 confirm.take.message=Visitor <span style="color:blue;">{0}</span> is already being assisted by <span style="color:green;">{1}</span>.<br/> Are you really sure you want to start chatting the visitor?
@@ -149,6 +152,10 @@ form.field.groupdesc=Description
 form.field.groupemail.description=Group email for notifications. Leave empty to use the default address.
 form.field.groupname.description=Name to identify the group.
 form.field.groupname=Name
+form.field.jabber.description=For instant notifications
+form.field.jabber=Jabber ID
+form.field.jabbernotify.description=deliver via Jabber (instant)
+form.field.jabbernotify=Notification of new visitor
 form.field.login.description=Login can consist of small Latin letters and underscore.
 form.field.login=Login
 form.field.mail.description=For notifications and password retrieval.
@@ -232,6 +239,8 @@ menu.groups=Groups
 menu.locale.content=Change locale.
 menu.locale=Language
 menu.main=Main
+menu.notifications.content=All notifications sent by messenger.
+menu.notifications=Notifications
 menu.operator=You are {0}
 menu.profile.content=You can change your personal information on this page.
 menu.profile=Profile
@@ -240,6 +249,24 @@ menu.updates.content=Check for news and updates.
 menu.updates=Updates
 my_settings.error.password_match=Entered passwords do not match
 no_such_operator=No such Operator
+notification.back_to_list=Back to the list
+notification.intro=Contents of sent notification.
+notification.label.subj=Subject
+notification.label.time=Time
+notification.label.to=To
+notification.title=Notification details
+notifications.head.msg=Text
+notifications.head.subj=Subject
+notifications.head.time=Time
+notifications.head.to=To
+notifications.kind.all=-all-
+notifications.kind.mail=E-Mail
+notifications.kind.xmpp=XMPP/Jabber
+notifications.kind=Kind of notification
+notifications.locale.all=-all-
+notifications.locale=Language
+notify.new.subject="{0}"
+notify.new.text={1}: {0}
 operator.group.no_description=&lt;no description&gt;
 operator.groups.intro=Choose groups according to operator skills.
 operator.groups.title=Operator groups
@@ -269,6 +296,8 @@ page.gen_button.modsecurity=Compatibility with mod_security (modsecurity.org), t
 page.gen_button.sample=Example
 page.gen_button.secure_links=Use secure links (https)
 page.gen_button.title=Button HTML code generation
+page_getcode.tab.image=Image
+page_getcode.tab.text=Text
 page.group.create_new=Create new group here.
 page.group.duplicate_name=Please choose another name because a group with that name already exists.
 page.group.intro=On this page you can edit group details.
@@ -282,18 +311,25 @@ page.groups.intro=This page displays a list of groups. Each group can have separ
 page.groups.isaway=Away
 page.groups.isonline=Online
 page.groups.new=Create new group
+page.groups.none=None
+page.groups.remove=Remove
 page.groups.title=Groups
+page.notifications.intro=The list displays all notifications sent by messenger, including instant text messages and E-Mails.
+page.notifications.title=Notifications Log
 page.preview.agentchat=Chat window (operator-mode)
 page.preview.agentrochat=View Chat window (operator in read-only mode)
 page.preview.chatsimple=Simple chat window. Refresh to post messages (IE 5, Opera 7)
 page.preview.choose=Choose style
 page.preview.choosetpl=Choose template
 page.preview.error=Error window
+page.preview.in_separate_window=in separate window
 page.preview.intro=You can view the list of themes you currently have installed here.
 page.preview.leavemessage=Leave message window
 page.preview.leavemessagesent="Message is delivered" window
+page.preview.link=link
 page.preview.mail=Mail thread window
 page.preview.mailsent="Mail is sent" window
+page.preview.no_iframes=No iframes
 page.preview.nochat=List of supported browsers window
 page.preview.redirect=Redirect visitor to another operator window
 page.preview.redirected="Visitor is redirected" window
@@ -312,6 +348,7 @@ page_agent.create_new=You can create a new operator here.
 page_agent.error.duplicate_login=Please choose another login because an operator with that login is already registered in the system.
 page_agent.error.wrong_login=Login should contain only latin characters, numbers and underscore symbol.
 page_agent.intro=Edit general operator settings.
+page_agent.not_found=-not found-
 page_agent.tab.avatar=Photo
 page_agent.tab.groups=Groups
 page_agent.tab.main=General
@@ -325,11 +362,14 @@ page_agents.isaway=Away
 page_agents.isonline=Online
 page_agents.login=Login
 page_agents.new_agent=Add operator...
+page_agents.remove=Remove
 page_agents.status=Last active
 page_agents.title=Operators
 page_analysis.full.text.search=User name or message text search:
 page_analysis.search.title=Chat history
+page_avatar.cannot_load_avatar=cannot load avatar
 page_avatar.intro=You can upload your photo only as JPG, GIF, PNG or TIF image files.
+page_avatar.no_avatar=No avatar
 page_avatar.title=Upload photo
 page_ban.intro=Here you can block malicious visitors that affect your work with spam messages.
 page_ban.sent=Address {0} is blocked for a specified number of days.
@@ -355,6 +395,7 @@ page_settings.tab.features=Optional Services
 page_settings.tab.main=General
 page_settings.tab.performance=Performance
 page_settings.tab.themes=Themes preview
+pending.loading=Loading...
 pending.menu.hide=Hide menu >>
 pending.menu.show=Show menu >>
 pending.popup_notification=A new visitor is waiting for an answer.
@@ -426,6 +467,8 @@ settings.enableban.description=Using it you can block attacks from specific IPs
 settings.enableban=Enable feature "Malicious Visitors"
 settings.enablegroups.description=Use it to have separate queues for different questions.  
 settings.enablegroups=Enable "Groups"
+settings.enablejabber.description=Instant notification of new visitor (require <a href="http://mibew.org/download.php">Mibew Jabber</a> software) 
+settings.enablejabber=Enable "Jabber notifications"
 settings.enablepresurvey.description=Forces the user to fill out a special form to start a chat.
 settings.enablepresurvey=Enable "Pre-chat survey"
 settings.enablessl.description=Please note that your web server should be configured to support https requests.
@@ -461,6 +504,8 @@ settings.saved=Changes saved
 settings.sendmessagekey=Send messages with:
 settings.show_online_operators.description=Can slow down the update rate of the list
 settings.show_online_operators=Show online operators on "List of awaiting visitors" page
+settings.survey.askcaptcha.description=Protection against automated spam (captcha)
+settings.survey.askcaptcha=Force visitor to enter a verification code
 settings.survey.askgroup.description=Show/hide department selection field in the survey
 settings.survey.askgroup=Allows a visitor to choose department/group 
 settings.survey.askmail.description=Show/hide email field in the survey

src/messenger/webim/locales/fi/properties

@@ -27,11 +27,11 @@ cannednew.descr=Lisää uusi viesti.
 cannednew.title=Uusi Viesti
 char.redirect.operator.away_suff=(poissa)
 char.redirect.operator.online_suff=(käyettävissä)
-chat.came.from=Käviä tuli sivulta {0}
+chat.came.from=Kävijä tuli sivulta {0}
 chat.client.changename=Muuta nimi
 chat.client.name=Sinä olet
-chat.client.visited.page=Käviä suuntasi sivulle {0}
+chat.client.visited.page=Kävijä suuntasi sivulle {0}
-chat.default.username=Käviä
+chat.default.username=Kävijä
 chat.error_page.close=Sulje...
 chat.error_page.head=Tapahtui virhe:
 chat.error_page.title=Virhe
@@ -45,7 +45,7 @@ chat.redirect.choose=Valitse:
 chat.redirect.group=Ryhmä:
 chat.redirected.close=Sulje...
 chat.redirected.closewindow=Napsauta sulkeaksesi ikkuna
-chat.status.user.dead=Käviä sulki kesukusteluikkunan
+chat.status.user.dead=Kävijä sulki keskusteluikkunan
 chat.status.user.reopenedthread=Vierailija liittyi keskusteluun uudestaan
 chat.thread.state_chatting_with_agent=Keskustelussa
 chat.thread.state_closed=Suljettu
@@ -79,7 +79,7 @@ errors.required=Täytä "{0}".
 errors.wrong_field=Täytä "{0}" oikein.
 features.saved=Ominaisuudet aktivoitu
 form.field.address.description=Esim.: 12.23.35.123 tai todo.com
-form.field.address=Käviän Osoite
+form.field.address=Kävijän Osoite
 form.field.agent_commonname.description=Tämä nimi näytetään käviöille.
 form.field.agent_name.description=Tämä nimi näytetään käviöille.
 form.field.agent_name=Nimi

src/messenger/webim/locales/fr/properties

@@ -274,7 +274,7 @@ page.preview.userchat=Fenêtre de dialogue (mode-utilisateur)
 page.translate.descr=Si vous n'êtes pas satisfait de la traduction, soumettez une mise à jour.
 page.translate.done=Votre traduction est sauvegardée.
 page.translate.one=Entrez votre traduction.
-page.translate.title=WebIM Traduction Libre
+page.translate.title=Mibew Traduction
 page_agent.cannot_modify=Vous n'êtes pas autorisé à modifier le profil de cette personne.
 page_agent.clear_avatar=Supprimer avatar
 page_agent.create_new=Ici vous pouvez créer un nouvel opérateur
@@ -442,7 +442,7 @@ typing.remote=L'utilisateur distant écrit...
 updates.current=Vous utilisez :
 updates.env=Environnement :
 updates.installed_locales=Localisations :
-updates.intro=Mises à jour WEBIM.
+updates.intro=Mises à jour Mibew.
 updates.latest=Dernière version :
 updates.news=Nouvelles :
 updates.title=Mises à jour

src/messenger/webim/locales/he/properties

@@ -91,7 +91,7 @@ clients.queue.chat=אורחים בשיחות
 clients.queue.prio=רשימת אורחים מועדפים
 clients.queue.wait=ממתינים לראשונה לנציג
 clients.title=רשימת אורחים ממתינים
-common.asterisk_explanation=<b><span style='font-size:8.0pt;color:red'>*</span></b> - שדות חושה למילוי
+common.asterisk_explanation=<b><span style="font-size:8.0pt;color:red">*</span></b> - שדות חושה למילוי
 company.title=Mibew Messenger Community
 confirm.take.head=להחליף נציג
 confirm.take.message=Visitor <span style="color:blue;">{0}</span> נמצא כבר בשיחה <span style="color:green;">{1}</span>.<br/> האם אתה בטוח שברצונך, להחליף את הנציג?

src/messenger/webim/locales/hr/properties

@@ -91,7 +91,7 @@ clients.queue.chat=Posjetitelji u razgovorima
 clients.queue.prio=Prioritetni red čekanja posjetitelja
 clients.queue.wait=Čekanje na operatora po prvi put
 clients.title=Lista posjetitelja koji čekaju
-common.asterisk_explanation=<b><span style='font-size:8.0pt;color:red'>*</span></b> - obavezna polja
+common.asterisk_explanation=<b><span style="font-size:8.0pt;color:red">*</span></b> - obavezna polja
 company.title=Mibew Messenger Community
 confirm.take.head=Promijeni operatora
 confirm.take.message=Posjetitelju <span style="color:blue;">{0}</span> već pomaže <span style="color:green;">{1}</span>.<br/> Jeste li sigurni da želite započeti razgovor sa posjetiteljem?

src/messenger/webim/locales/hu/properties

@@ -99,7 +99,7 @@ clients.queue.chat=Ügyfelek beszélgetésben
 clients.queue.prio=Elsőbbségben lévő ügyfelek listája
 clients.queue.wait=Először várakoznak operátorra
 clients.title=Várakozó ügyfelek listája
-common.asterisk_explanation=<b><span style='font-size:8.0pt;color:red'>*</span></b> - kötelező mező
+common.asterisk_explanation=<b><span style="font-size:8.0pt;color:red">*</span></b> - kötelező mező
 company.title=Mibew Messenger Community
 confirm.take.head=Operátor váltása
 confirm.take.message=Az ügyfélnek<span style="color:blue;">{0}</span>már segít <span style="color:green;">{1}</span>.<br/> Biztos vagy benne, hogy beszélni akarsz az ügyféllel?

src/messenger/webim/locales/id/properties

@@ -99,7 +99,7 @@ clients.queue.chat=Pengunjung dalam dialog
 clients.queue.prio=Prioritas antrian pengunjung
 clients.queue.wait=Menunggu operator untuk pertama kalinya
 clients.title=Daftar menunggu pengunjung
-common.asterisk_explanation=<b><span style='font-size:8.0pt;color:red'>*</span></b> - wajib diisi
+common.asterisk_explanation=<b><span style="font-size:8.0pt;color:red">*</span></b> - wajib diisi
 company.title=Mibew Messenger Community
 confirm.take.head=Ubah operator
 confirm.take.message=Pengunjung <span style="color:blue;">{0}</span> telah dibantu oleh <span style="color:green;">{1}</span>.<br/> Apakah Anda benar-benar yakin ingin memulai chatting pengunjung?