Tagging release version 0.9.14

setting version to 0.9.14 for release
some spelling fixage
2010-10-25 11:25:20 +00:00 · 2010-10-25 11:22:29 +00:00 · 2010-10-25 08:48:03 +00:00 · 2010-10-25 07:02:36 +00:00 · 2010-10-25 06:45:15 +00:00 · 2010-10-24 20:59:52 +00:00
465 changed files with 27334 additions and 750 deletions
--- a/actions/admin/settings/110.accounts.php
+++ b/actions/admin/settings/110.accounts.php
@@ -38,6 +38,14 @@ return array(
 					'default' => false,
 					'save_method' => 'storeSettingField',
 					),
+				'login_domain_login' => array(
+					'label' => $lng['serversettings']['login_domain_login'],
+					'settinggroup' => 'login',
+					'varname' => 'domain_login',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
 				'login_maxloginattempts' => array(
 					'label' => $lng['serversettings']['maxloginattempts'],
 					'settinggroup' => 'login',
--- a/actions/admin/settings/120.system.php
+++ b/actions/admin/settings/120.system.php
@@ -28,6 +28,7 @@ return array(
 					'varname' => 'documentroot_prefix',
 					'type' => 'string',
 					'default' => '/var/customers/webs/',
+					'plausibility_check_method' => 'checkPathConflicts',
 					'save_method' => 'storeSettingField',
 					),
 				'system_ipaddress' => array(
@@ -83,15 +84,6 @@ return array(
 					'plausibility_check_method' => 'checkMysqlAccessHost',
 					'save_method' => 'storeSettingMysqlAccessHost',
 					),
-				'system_realtime_port' => array(
-					'label' => $lng['serversettings']['system_realtime_port'],
-					'settinggroup' => 'system',
-					'varname' => 'realtime_port',
-					'type' => (function_exists('socket_create') ? 'int' : 'hidden'),
-					'int_max' => 65535,
-					'default' => 0,
-					'save_method' => 'storeSettingField',
-					),
 				'system_index_file_extension' => array(
 					'label' => $lng['serversettings']['index_file_extension'],
 					'settinggroup' => 'system',
--- a/actions/admin/settings/125.multiserver.php
+++ b/actions/admin/settings/125.multiserver.php
@@ -0,0 +1,36 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Settings
+ * @version    $Id$
+ */
+
+return array(
+	'groups' => array(
+		'multiserver' => array(
+			'title' => $lng['admin']['multiserver'],
+			'fields' => array(
+				'multiserver_enabled' => array(
+					'label' => $lng['multiserver']['enabled'],
+					'settinggroup' => 'multiserver',
+					'varname' => 'enabled',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'overview_option' => true,
+					'disabled' => true
+					)
+				)
+			)
+		)
+	);
--- a/actions/admin/settings/130.webserver.php
+++ b/actions/admin/settings/130.webserver.php
@@ -198,6 +198,7 @@ return array(
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField',
+					'overview_option' => true
 					),
 				'system_ssl_cert_file' => array(
 					'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
@@ -229,6 +230,16 @@ return array(
 					'default' => '',
 					'save_method' => 'storeSettingField',
 					),
+				'system_ssl_cert_chainfile' => array(
+					'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_cert_chainfile',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
 				'system_ssl_openssl_cnf' => array(
 					'label' => $lng['serversettings']['ssl']['openssl_cnf'],
 					'settinggroup' => 'system',
--- a/actions/admin/settings/135.fcgid.php
+++ b/actions/admin/settings/135.fcgid.php
@@ -29,30 +29,6 @@ return array(
 					'save_method' => 'storeSettingField',
 					'overview_option' => true
 					),					
-				'system_mod_fcgid_enabled_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_ownvhost',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					),
-				'system_mod_fcgid_httpuser' => array(
-					'label' => $lng['admin']['mod_fcgid_user'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpuser',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField',
-					),
-				'system_mod_fcgid_httpgroup' => array(
-					'label' => $lng['admin']['mod_fcgid_group'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpgroup',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField',
-					),					
 				'system_mod_fcgid_configdir' => array(
 					'label' => $lng['serversettings']['mod_fcgid']['configdir'],
 					'settinggroup' => 'system',
@@ -60,6 +36,7 @@ return array(
 					'type' => 'string',
 					'string_type' => 'dir',
 					'default' => '/var/www/php-fcgi-scripts/',
+					'plausibility_check_method' => 'checkPathConflicts',
 					'save_method' => 'storeSettingField',
 					),
 				'system_mod_fcgid_tmpdir' => array(
@@ -117,9 +94,43 @@ return array(
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField',
 					),
-				),
-			),
-		),
+				'system_mod_fcgid_enabled_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_ownvhost',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mod_fcgid_httpuser' => array(
+					'label' => $lng['admin']['mod_fcgid_user'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpuser',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mod_fcgid_httpgroup' => array(
+					'label' => $lng['admin']['mod_fcgid_group'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpgroup',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mod_fcgid_defaultini_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_defaultini_ownvhost',
+					'type' => 'option',
+					'default' => '1',
+					'option_mode' => 'one',
+					'option_options_method' => 'getPhpConfigs',
+					'save_method' => 'storeSettingField',
+					),
+				)
+			)
+		)
 	);

 ?>
--- a/actions/admin/settings/140.statistics.php
+++ b/actions/admin/settings/140.statistics.php
@@ -66,6 +66,15 @@ return array(
 					'string_type' => 'dir',
 					'default' => '/etc/awstats/',
 					'save_method' => 'storeSettingField',
+					),
+				'system_awstats_icons' => array(
+					'label' => $lng['serversettings']['awstats_icons'],
+					'settinggroup' => 'system',
+					'varname' => 'awstats_icons',
+					'type' => 'string',
+					'string_type' => 'dir',
+					'default' => '/usr/share/awstats/icon/',
+					'save_method' => 'storeSettingField',
 					)
 				)
 			)
--- a/actions/admin/settings/190.ticket.php
+++ b/actions/admin/settings/190.ticket.php
@@ -58,6 +58,7 @@ return array(
 					'option_mode' => 'one',
 					'option_options' => array(0 => html_entity_decode($lng['admin']['tickets']['daily']), 1 => html_entity_decode($lng['admin']['tickets']['weekly']), 2 => html_entity_decode($lng['admin']['tickets']['monthly']), 3 => html_entity_decode($lng['admin']['tickets']['yearly'])),
 					'save_method' => 'storeSettingField',
+					'plausibility_check_method' => 'setCycleOfCronjob',
 					),
 				'ticket_concurrently_open' => array(
 					'label' => $lng['serversettings']['ticket']['concurrentlyopen'],
--- a/admin_admins.php
+++ b/admin_admins.php
@@ -63,6 +63,8 @@ if($page == 'admins'
 			'email_forwarders_used' => $lng['customer']['forwarders'] . ' (' . $lng['panel']['used'] . ')',
 			'email_quota' => $lng['customer']['email_quota'],
 			'email_quota_used' => $lng['customer']['email_quota'] . ' (' . $lng['panel']['used'] . ')',
+			'email_autoresponder' => $lng['customer']['autoresponder'],
+			'email_autoresponder_used' => $lng['customer']['autoresponder'] . ' (' . $lng['panel']['used'] . ')',
 			'deactivated' => $lng['admin']['deactivated']
 		);
 		$paging = new paging($userinfo, $db, TABLE_PANEL_ADMINS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
@@ -84,7 +86,7 @@ if($page == 'admins'
 				$row['traffic'] = round($row['traffic'] / (1024 * 1024), $settings['panel']['decimal_places']);
 				$row['diskspace_used'] = round($row['diskspace_used'] / 1024, $settings['panel']['decimal_places']);
 				$row['diskspace'] = round($row['diskspace'] / 1024, $settings['panel']['decimal_places']);
-				$row = str_replace_array('-1', 'UL', $row, 'customers domains diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps subdomains tickets');
+				$row = str_replace_array('-1', 'UL', $row, 'customers domains diskspace traffic mysqls emails email_accounts email_forwarders email_quota email_autoresponder ftps subdomains tickets');
 				$row = htmlentities_array($row);
 				eval("\$admins.=\"" . getTemplate("admins/admins_admin") . "\";");
 				$count++;
@@ -213,6 +215,20 @@ if($page == 'admins'
 				$email_quota = - 1;
 			}

+			if($settings['autoresponder']['autoresponder_active'] == '1')
+			{
+				$email_autoresponder = intval_ressource($_POST['email_autoresponder']);
+
+				if(isset($_POST['email_autoresponder_ul']))
+				{
+					$email_autoresponder = - 1;
+				}
+			}
+			else
+			{
+				$email_autoresponder = 0;
+			}
+
 			$ftps = intval_ressource($_POST['ftps']);

 			if(isset($_POST['ftps_ul']))
@@ -224,8 +240,7 @@ if($page == 'admins'
 			{
 				$tickets = intval_ressource($_POST['tickets']);

-				if(isset($_POST['tickets_ul'])
-			   		&& $settings['ticket']['enabled'] == '1')
+				if(isset($_POST['tickets_ul']))
 				{
 					$tickets = - 1;
 				}
@@ -345,8 +360,8 @@ if($page == 'admins'
 					$change_serversettings = '0';
 				}

-				$result = $db->query("INSERT INTO `" . TABLE_PANEL_ADMINS . "` (`loginname`, `password`, `name`, `email`, `def_language`, `change_serversettings`, `customers`, `customers_see_all`, `domains`, `domains_see_all`, `caneditphpsettings`, `diskspace`, `traffic`, `subdomains`, `emails`, `email_accounts`, `email_forwarders`, `email_quota`, `ftps`, `tickets`, `mysqls`, `ip`, `can_manage_aps_packages`, `aps_packages`)
-					                   VALUES ('" . $db->escape($loginname) . "', '" . md5($password) . "', '" . $db->escape($name) . "', '" . $db->escape($email) . "','" . $db->escape($def_language) . "', '" . $db->escape($change_serversettings) . "', '" . $db->escape($customers) . "', '" . $db->escape($customers_see_all) . "', '" . $db->escape($domains) . "', '" . $db->escape($domains_see_all) . "', '" . (int)$caneditphpsettings . "', '" . $db->escape($diskspace) . "', '" . $db->escape($traffic) . "', '" . $db->escape($subdomains) . "', '" . $db->escape($emails) . "', '" . $db->escape($email_accounts) . "', '" . $db->escape($email_forwarders) . "', '" . $db->escape($email_quota) . "', '" . $db->escape($ftps) . "', '" . $db->escape($tickets) . "', '" . $db->escape($mysqls) . "', '" . (int)$ipaddress . "', " . (int)$can_manage_aps_packages . ", " . (int)$number_of_aps_packages . ")");
+				$result = $db->query("INSERT INTO `" . TABLE_PANEL_ADMINS . "` (`loginname`, `password`, `name`, `email`, `def_language`, `change_serversettings`, `customers`, `customers_see_all`, `domains`, `domains_see_all`, `caneditphpsettings`, `diskspace`, `traffic`, `subdomains`, `emails`, `email_accounts`, `email_forwarders`, `email_quota`, `ftps`, `tickets`, `mysqls`, `ip`, `can_manage_aps_packages`, `aps_packages`, `email_autoresponder`)
+					                   VALUES ('" . $db->escape($loginname) . "', '" . md5($password) . "', '" . $db->escape($name) . "', '" . $db->escape($email) . "','" . $db->escape($def_language) . "', '" . $db->escape($change_serversettings) . "', '" . $db->escape($customers) . "', '" . $db->escape($customers_see_all) . "', '" . $db->escape($domains) . "', '" . $db->escape($domains_see_all) . "', '" . (int)$caneditphpsettings . "', '" . $db->escape($diskspace) . "', '" . $db->escape($traffic) . "', '" . $db->escape($subdomains) . "', '" . $db->escape($emails) . "', '" . $db->escape($email_accounts) . "', '" . $db->escape($email_forwarders) . "', '" . $db->escape($email_quota) . "', '" . $db->escape($ftps) . "', '" . $db->escape($tickets) . "', '" . $db->escape($mysqls) . "', '" . (int)$ipaddress . "', " . (int)$can_manage_aps_packages . ", " . (int)$number_of_aps_packages . ", " . $db->escape($email_autoresponder) . ")");
 				$adminid = $db->insert_id();
 				$log->logAction(ADM_ACTION, LOG_INFO, "added admin '" . $loginname . "'");
 				redirectTo($filename, Array('page' => $page, 's' => $s));
@@ -388,6 +403,7 @@ if($page == 'admins'
 			$email_accounts_ul = makecheckbox('email_accounts_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
 			$email_forwarders_ul = makecheckbox('email_forwarders_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
 			$email_quota_ul = makecheckbox('email_quota_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$email_autoresponder_ul = makecheckbox('email_autoresponder_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
 			$ftps_ul = makecheckbox('ftps_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
 			$tickets_ul = makecheckbox('tickets_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
 			$mysqls_ul = makecheckbox('mysqls_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
@@ -426,6 +442,7 @@ if($page == 'admins'
 					$email_accounts = $result['email_accounts'];
 					$email_forwarders = $result['email_forwarders'];
 					$email_quota = $result['email_quota'];
+					$email_autoresponder = $result['email_autoresponder'];
 					$ftps = $result['ftps'];
 					$tickets = $result['tickets'];
 					$mysqls = $result['mysqls'];
@@ -500,6 +517,20 @@ if($page == 'admins'
 						$email_quota = - 1;
 					}

+					if($settings['autoresponder']['autoresponder_active'] == '1')
+					{
+						$email_autoresponder = intval_ressource($_POST['email_autoresponder']);
+
+						if(isset($_POST['email_autoresponder_ul']))
+						{
+							$email_autoresponder = - 1;
+						}
+					}
+					else
+					{
+						$email_autoresponder = 0;
+					}
+
 					$ftps = intval_ressource($_POST['ftps']);

 					if(isset($_POST['ftps_ul']))
@@ -609,7 +640,7 @@ if($page == 'admins'
 						$change_serversettings = '0';
 					}

-					$db->query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET `name`='" . $db->escape($name) . "', `email`='" . $db->escape($email) . "', `def_language`='" . $db->escape($def_language) . "', `change_serversettings` = '" . $db->escape($change_serversettings) . "', `customers` = '" . $db->escape($customers) . "', `customers_see_all` = '" . $db->escape($customers_see_all) . "', `domains` = '" . $db->escape($domains) . "', `domains_see_all` = '" . $db->escape($domains_see_all) . "', `caneditphpsettings` = '" . (int)$caneditphpsettings . "', `password` = '" . $password . "', `diskspace`='" . $db->escape($diskspace) . "', `traffic`='" . $db->escape($traffic) . "', `subdomains`='" . $db->escape($subdomains) . "', `emails`='" . $db->escape($emails) . "', `email_accounts` = '" . $db->escape($email_accounts) . "', `email_forwarders`='" . $db->escape($email_forwarders) . "', `email_quota`='" . $db->escape($email_quota) . "', `ftps`='" . $db->escape($ftps) . "', `tickets`='" . $db->escape($tickets) . "', `mysqls`='" . $db->escape($mysqls) . "', `ip`='" . (int)$ipaddress . "', `deactivated`='" . $db->escape($deactivated) . "', `can_manage_aps_packages`=" . (int)$can_manage_aps_packages . ", `aps_packages`=" . (int)$number_of_aps_packages . " WHERE `adminid`='" . $db->escape($id) . "'");
+					$db->query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET `name`='" . $db->escape($name) . "', `email`='" . $db->escape($email) . "', `def_language`='" . $db->escape($def_language) . "', `change_serversettings` = '" . $db->escape($change_serversettings) . "', `customers` = '" . $db->escape($customers) . "', `customers_see_all` = '" . $db->escape($customers_see_all) . "', `domains` = '" . $db->escape($domains) . "', `domains_see_all` = '" . $db->escape($domains_see_all) . "', `caneditphpsettings` = '" . (int)$caneditphpsettings . "', `password` = '" . $password . "', `diskspace`='" . $db->escape($diskspace) . "', `traffic`='" . $db->escape($traffic) . "', `subdomains`='" . $db->escape($subdomains) . "', `emails`='" . $db->escape($emails) . "', `email_accounts` = '" . $db->escape($email_accounts) . "', `email_forwarders`='" . $db->escape($email_forwarders) . "', `email_quota`='" . $db->escape($email_quota) . "', `email_autoresponder`='" . $db->escape($email_autoresponder) . "', `ftps`='" . $db->escape($ftps) . "', `tickets`='" . $db->escape($tickets) . "', `mysqls`='" . $db->escape($mysqls) . "', `ip`='" . (int)$ipaddress . "', `deactivated`='" . $db->escape($deactivated) . "', `can_manage_aps_packages`=" . (int)$can_manage_aps_packages . ", `aps_packages`=" . (int)$number_of_aps_packages . " WHERE `adminid`='" . $db->escape($id) . "'");
 					$log->logAction(ADM_ACTION, LOG_INFO, "edited admin '#" . $id . "'");
 					$redirect_props = Array(
 						'page' => $page,
@@ -687,6 +718,13 @@ if($page == 'admins'
 					$result['email_quota'] = '';
 				}

+				$email_autoresponder_ul = makecheckbox('email_autoresponder_ul', $lng['customer']['unlimited'], '-1', false, $result['email_autoresponder'], true, true);
+
+				if($result['email_autoresponder'] == '-1')
+				{
+					$result['email_autoresponder'] = '';
+				}
+
 				$ftps_ul = makecheckbox('ftps_ul', $lng['customer']['unlimited'], '-1', false, $result['ftps'], true, true);

 				if($result['ftps'] == '-1')
--- a/admin_customers.php
+++ b/admin_customers.php
@@ -77,6 +77,12 @@ if($page == 'customers'
 			$fields['c.tickets_used'] = $lng['customer']['tickets'] . ' (' . $lng['panel']['used'] . ')';
 		}
 		
+		if($settings['autoresponder']['autoresponder_active'] == 1)
+		{
+			$fields['c.email_autoresponder'] = $lng['customer']['autoresponder'];
+			$fields['c.email_autoresponder_used'] = $lng['customer']['autoresponder'] . ' (' . $lng['panel']['used'] . ')';			
+		}
+
 		$paging = new paging($userinfo, $db, TABLE_PANEL_CUSTOMERS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
 		$customers = '';
 		$result = $db->query("SELECT `c`.*, `a`.`loginname` AS `adminname` " . "FROM `" . TABLE_PANEL_CUSTOMERS . "` `c`, `" . TABLE_PANEL_ADMINS . "` `a` " . "WHERE " . ($userinfo['customers_see_all'] ? '' : " `c`.`adminid` = '" . (int)$userinfo['adminid'] . "' AND ") . "`c`.`adminid`=`a`.`adminid` " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
@@ -107,7 +113,7 @@ if($page == 'customers'
 					$column_style = ' style="background-color: #f99122;"';
 				}

-				$row = str_replace_array('-1', 'UL', $row, 'diskspace traffic mysqls emails email_accounts email_forwarders ftps tickets subdomains');
+				$row = str_replace_array('-1', 'UL', $row, 'diskspace traffic mysqls emails email_accounts email_forwarders ftps tickets subdomains email_autoresponder');
 				$row = htmlentities_array($row);
 				eval("\$customers.=\"" . getTemplate("customers/customers_customer") . "\";");
 				$count++;
@@ -182,6 +188,7 @@ if($page == 'customers'
 				$db->query("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid`='" . (int)$id . "'");
 				$domains_deleted = $db->affected_rows();
 				$db->query("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`='" . (int)$id . "'");
+				$db->query("DELETE FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `customerid`='" . (int)$id . "'");
 				$db->query("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid`='" . (int)$id . "' AND `adminsession` = '0'");
 				$db->query("DELETE FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE `customerid`='" . (int)$id . "'");
 				$db->query("DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid`='" . (int)$id . "'");
@@ -242,6 +249,11 @@ if($page == 'customers'
 					$admin_update_query.= ", `email_quota_used` = `email_quota_used` - 0" . (int)$result['email_quota'];
 				}

+				if($result['email_autoresponder'] != '-1')
+				{
+					$admin_update_query.= ", `email_autoresponder` = `email_autoresponder` - 0" . (int)$result['email_autoresponder'];
+				}
+
 				if($result['subdomains'] != '-1')
 				{
 					$admin_update_query.= ", `subdomains_used` = `subdomains_used` - 0" . (int)$result['subdomains'];
@@ -381,6 +393,20 @@ if($page == 'customers'
 					$email_quota = - 1;
 				}
 				
+				if($settings['autoresponder']['autoresponder_active'] == '1')
+				{
+					$email_autoresponder = intval_ressource($_POST['email_autoresponder']);
+
+					if(isset($_POST['email_autoresponder_ul']))
+					{
+						$email_autoresponder = - 1;
+					}
+				}
+				else
+				{
+					$email_autoresponder = 0;
+				}
+
 				$email_imap = intval_ressource($_POST['email_imap']);
 				$email_pop3 = intval_ressource($_POST['email_pop3']);
 				$ftps = intval_ressource($_POST['ftps']);
@@ -425,6 +451,7 @@ if($page == 'customers'
 				$sendpassword = intval($_POST['sendpassword']);
 				$phpenabled = intval($_POST['phpenabled']);
 				$perlenabled = intval($_POST['perlenabled']);
+				$store_defaultindex = intval($_POST['store_defaultindex']);
 				$diskspace = $diskspace * 1024;
 				$traffic = $traffic * 1024 * 1024;

@@ -434,6 +461,7 @@ if($page == 'customers'
 				   || ((($userinfo['email_accounts_used'] + $email_accounts) > $userinfo['email_accounts']) && $userinfo['email_accounts'] != '-1')
 				   || ((($userinfo['email_forwarders_used'] + $email_forwarders) > $userinfo['email_forwarders']) && $userinfo['email_forwarders'] != '-1')
 				   || ((($userinfo['email_quota_used'] + $email_quota) > $userinfo['email_quota']) && $userinfo['email_quota'] != '-1' && $settings['system']['mail_quota_enabled'] == '1')
+				   || ((($userinfo['email_autoresponder_used'] + $email_autoresponder) > $userinfo['email_autoresponder']) && $userinfo['email_autoresponder'] != '-1' && $settings['autoresponder']['autoresponder_active'] == '1')
 				   || ((($userinfo['ftps_used'] + $ftps) > $userinfo['ftps']) && $userinfo['ftps'] != '-1')
 				   || ((($userinfo['tickets_used'] + $tickets) > $userinfo['tickets']) && $userinfo['tickets'] != '-1')
 				   || ((($userinfo['subdomains_used'] + $subdomains) > $userinfo['subdomains']) && $userinfo['subdomains'] != '-1')
@@ -444,6 +472,7 @@ if($page == 'customers'
 				   || ($email_accounts == '-1' && $userinfo['email_accounts'] != '-1')
 				   || ($email_forwarders == '-1' && $userinfo['email_forwarders'] != '-1')
 				   || ($email_quota == '-1' && $userinfo['email_quota'] != '-1' && $settings['system']['mail_quota_enabled'] == '1')
+				   || ($email_autoresponder == '-1' && $userinfo['email_autoresponder'] != '-1' && $settings['autoresponder']['autoresponder_active'] == '1')
 				   || ($ftps == '-1' && $userinfo['ftps'] != '-1')
 				   || ($tickets == '-1' && $userinfo['tickets'] != '-1')
 				   || ($subdomains == '-1' && $userinfo['subdomains'] != '-1')
@@ -537,7 +566,7 @@ if($page == 'customers'
 						$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
 					}

-					$result = $db->query("INSERT INTO `" . TABLE_PANEL_CUSTOMERS . "` (`adminid`, `loginname`, `password`, `name`, `firstname`, `company`, `street`, `zipcode`, `city`, `phone`, `fax`, `email`, `customernumber`, `def_language`, `documentroot`, `guid`, `diskspace`, `traffic`, `subdomains`, `emails`, `email_accounts`, `email_forwarders`, `email_quota`, `ftps`, `tickets`, `mysqls`, `standardsubdomain`, `phpenabled`, `imap`, `pop3`, `aps_packages`, `perlenabled`)  VALUES ('" . (int)$userinfo['adminid'] . "', '" . $db->escape($loginname) . "', '" . md5($password) . "', '" . $db->escape($name) . "', '" . $db->escape($firstname) . "', '" . $db->escape($company) . "', '" . $db->escape($street) . "', '" . $db->escape($zipcode) . "', '" . $db->escape($city) . "', '" . $db->escape($phone) . "', '" . $db->escape($fax) . "', '" . $db->escape($email) . "', '" . $db->escape($customernumber) . "','" . $db->escape($def_language) . "', '" . $db->escape($documentroot) . "', '" . $db->escape($guid) . "', '" . $db->escape($diskspace) . "', '" . $db->escape($traffic) . "', '" . $db->escape($subdomains) . "', '" . $db->escape($emails) . "', '" . $db->escape($email_accounts) . "', '" . $db->escape($email_forwarders) . "', '" . $db->escape($email_quota) . "', '" . $db->escape($ftps) . "', '" . $db->escape($tickets) . "', '" . $db->escape($mysqls) . "', '0', '" . $db->escape($phpenabled) . "', '" . $db->escape($email_imap) . "', '" . $db->escape($email_pop3) . "', '" . (int)$number_of_aps_packages . "', '" . $db->escape($perlenabled) . "')");
+					$result = $db->query("INSERT INTO `" . TABLE_PANEL_CUSTOMERS . "` (`adminid`, `loginname`, `password`, `name`, `firstname`, `company`, `street`, `zipcode`, `city`, `phone`, `fax`, `email`, `customernumber`, `def_language`, `documentroot`, `guid`, `diskspace`, `traffic`, `subdomains`, `emails`, `email_accounts`, `email_forwarders`, `email_quota`, `ftps`, `tickets`, `mysqls`, `standardsubdomain`, `phpenabled`, `imap`, `pop3`, `aps_packages`, `perlenabled`, `email_autoresponder`)  VALUES ('" . (int)$userinfo['adminid'] . "', '" . $db->escape($loginname) . "', '" . md5($password) . "', '" . $db->escape($name) . "', '" . $db->escape($firstname) . "', '" . $db->escape($company) . "', '" . $db->escape($street) . "', '" . $db->escape($zipcode) . "', '" . $db->escape($city) . "', '" . $db->escape($phone) . "', '" . $db->escape($fax) . "', '" . $db->escape($email) . "', '" . $db->escape($customernumber) . "','" . $db->escape($def_language) . "', '" . $db->escape($documentroot) . "', '" . $db->escape($guid) . "', '" . $db->escape($diskspace) . "', '" . $db->escape($traffic) . "', '" . $db->escape($subdomains) . "', '" . $db->escape($emails) . "', '" . $db->escape($email_accounts) . "', '" . $db->escape($email_forwarders) . "', '" . $db->escape($email_quota) . "', '" . $db->escape($ftps) . "', '" . $db->escape($tickets) . "', '" . $db->escape($mysqls) . "', '0', '" . $db->escape($phpenabled) . "', '" . $db->escape($email_imap) . "', '" . $db->escape($email_pop3) . "', '" . (int)$number_of_aps_packages . "', '" . $db->escape($perlenabled) . "', '" . $db->escape($email_autoresponder) . "')");
 					$customerid = $db->insert_id();
 					$admin_update_query = "UPDATE `" . TABLE_PANEL_ADMINS . "` SET `customers_used` = `customers_used` + 1";

@@ -566,6 +595,12 @@ if($page == 'customers'
 						$admin_update_query.= ", `email_quota_used` = `email_quota_used` + 0" . (int)$email_quota;
 					}

+					if($email_autoresponder != '-1'
+						&& $settings['autoresponder']['autoresponder_active'] == 1)
+					{
+						$admin_update_query.= ", `email_autoresponder_used` = `email_autoresponder_used` + 0" . (int)$email_autoresponder;
+					}
+
 					if($subdomains != '-1')
 					{
 						$admin_update_query.= ", `subdomains_used` = `subdomains_used` + 0" . (int)$subdomains;
@@ -602,7 +637,7 @@ if($page == 'customers'
 					}

 					$log->logAction(ADM_ACTION, LOG_INFO, "added user '" . $loginname . "'");
-					inserttask('2', $loginname, $guid, $guid);
+					inserttask('2', $loginname, $guid, $guid, $store_defaultindex);

 					// Add htpasswd for the webalizer stats

@@ -717,7 +752,7 @@ if($page == 'customers'

 				while(list($language_file, $language_name) = each($languages))
 				{
-					$language_options.= makeoption($language_name, $language_file, $userinfo['def_language'], true);
+					$language_options.= makeoption($language_name, $language_file, $settings['panel']['standardlanguage'], true);
 				}

 				$diskspace_ul = makecheckbox('diskspace_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
@@ -727,6 +762,7 @@ if($page == 'customers'
 				$email_accounts_ul = makecheckbox('email_accounts_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
 				$email_forwarders_ul = makecheckbox('email_forwarders_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
 				$email_quota_ul = makecheckbox('email_quota_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+				$email_autoresponder_ul = makecheckbox('email_autoresponder_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
 				$ftps_ul = makecheckbox('ftps_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
 				$tickets_ul = makecheckbox('tickets_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
 				$mysqls_ul = makecheckbox('mysqls_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
@@ -737,6 +773,7 @@ if($page == 'customers'
 				$sendpassword = makeyesno('sendpassword', '1', '0', '1');
 				$phpenabled = makeyesno('phpenabled', '1', '0', '1');
 				$perlenabled = makeyesno('perlenabled', '1', '0', '0');
+				$store_defaultindex = makeyesno('store_defaultindex', '1', '0', '1');
 				eval("echo \"" . getTemplate("customers/customers_add") . "\";");
 			}
 		}
@@ -819,6 +856,20 @@ if($page == 'customers'
 					$email_quota = - 1;
 				}

+				if($settings['autoresponder']['autoresponder_active'] == '1')
+				{
+					$email_autoresponder = intval_ressource($_POST['email_autoresponder']);
+
+					if(isset($_POST['email_autoresponder_ul']))
+					{
+						$email_autoresponder = - 1;
+					}
+				}
+				else
+				{
+					$email_autoresponder = 0;
+				}				
+
 				$email_imap = intval_ressource($_POST['email_imap']);
 				$email_pop3 = intval_ressource($_POST['email_pop3']);
 				$ftps = intval_ressource($_POST['ftps']);
@@ -870,6 +921,7 @@ if($page == 'customers'
 				   || ((($userinfo['email_accounts_used'] + $email_accounts - $result['email_accounts']) > $userinfo['email_accounts']) && $userinfo['email_accounts'] != '-1')
 				   || ((($userinfo['email_forwarders_used'] + $email_forwarders - $result['email_forwarders']) > $userinfo['email_forwarders']) && $userinfo['email_forwarders'] != '-1')
 				   || ((($userinfo['email_quota_used'] + $email_quota - $result['email_quota']) > $userinfo['email_quota']) && $userinfo['email_quota'] != '-1' && $settings['system']['mail_quota_enabled'] == '1')
+				   || ((($userinfo['email_autoresponder_used'] + $email_autoresponder - $result['email_autoresponder']) > $userinfo['email_autoresponder']) && $userinfo['email_autoresponder'] != '-1' && $settings['autoresponder']['autoresponder_active'] == '1')
 				   || ((($userinfo['ftps_used'] + $ftps - $result['ftps']) > $userinfo['ftps']) && $userinfo['ftps'] != '-1')
 				   || ((($userinfo['tickets_used'] + $tickets - $result['tickets']) > $userinfo['tickets']) && $userinfo['tickets'] != '-1')
 				   || ((($userinfo['subdomains_used'] + $subdomains - $result['subdomains']) > $userinfo['subdomains']) && $userinfo['subdomains'] != '-1')
@@ -880,6 +932,7 @@ if($page == 'customers'
 				   || ($email_accounts == '-1' && $userinfo['email_accounts'] != '-1')
 				   || ($email_forwarders == '-1' && $userinfo['email_forwarders'] != '-1')
 				   || ($email_quota == '-1' && $userinfo['email_quota'] != '-1' && $settings['system']['mail_quota_enabled'] == '1')
+				   || ($email_autoresponder == '-1' && $userinfo['email_autoresponder'] != '-1' && $settings['autoresponder']['autoresponder_active'] == '1')
 				   || ($ftps == '-1' && $userinfo['ftps'] != '-1')
 				   || ($tickets == '-1' && $userinfo['tickets'] != '-1')
 				   || ($subdomains == '-1' && $userinfo['subdomains'] != '-1')
@@ -939,7 +992,7 @@ if($page == 'customers'
 							$_stdsubdomain = $result['loginname'] . '.' . $settings['system']['hostname'];
 						}

-						$db->query("INSERT INTO `" . TABLE_PANEL_DOMAINS . "` " . "(`domain`, `customerid`, `adminid`, `parentdomainid`, `ipandport`, `documentroot`, `zonefile`, `isemaildomain`, `caneditdomain`, `openbasedir`, `safemode`, `speciallogfile`, `specialsettings`, `add_date`) " . "VALUES ('" . $db->escape($_stdsubdomain) . "', '" . (int)$result['customerid'] . "', '" . (int)$userinfo['adminid'] . "', '-1', '" . $db->escape($settings['system']['defaultip']) . "', '" . $db->escape($result['documentroot']) . "', '', '0', '0', '1', '1', '0', '', '".date('Y-m-d')."'");
+						$db->query("INSERT INTO `" . TABLE_PANEL_DOMAINS . "` " . "(`domain`, `customerid`, `adminid`, `parentdomainid`, `ipandport`, `documentroot`, `zonefile`, `isemaildomain`, `caneditdomain`, `openbasedir`, `safemode`, `speciallogfile`, `specialsettings`, `add_date`) " . "VALUES ('" . $db->escape($_stdsubdomain) . "', '" . (int)$result['customerid'] . "', '" . (int)$userinfo['adminid'] . "', '-1', '" . $db->escape($settings['system']['defaultip']) . "', '" . $db->escape($result['documentroot']) . "', '', '0', '0', '1', '1', '0', '', '".date('Y-m-d')."')");
 						$domainid = $db->insert_id();
 						$db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` SET `standardsubdomain`=\'' . (int)$domainid . '\' WHERE `customerid`=\'' . (int)$result['customerid'] . '\'');
 						$log->logAction(ADM_ACTION, LOG_NOTICE, "automatically added standardsubdomain for user '" . $result['loginname'] . "'");
@@ -999,7 +1052,7 @@ if($page == 'customers'
 						$db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET `imap`='" . (int)$email_imap . "' WHERE `customerid`='" . (int)$id . "'");
 					}

-					$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `name`='" . $db->escape($name) . "', `firstname`='" . $db->escape($firstname) . "', `company`='" . $db->escape($company) . "', `street`='" . $db->escape($street) . "', `zipcode`='" . $db->escape($zipcode) . "', `city`='" . $db->escape($city) . "', `phone`='" . $db->escape($phone) . "', `fax`='" . $db->escape($fax) . "', `email`='" . $db->escape($email) . "', `customernumber`='" . $db->escape($customernumber) . "', `def_language`='" . $db->escape($def_language) . "', `password` = '" . $password . "', `diskspace`='" . $db->escape($diskspace) . "', `traffic`='" . $db->escape($traffic) . "', `subdomains`='" . $db->escape($subdomains) . "', `emails`='" . $db->escape($emails) . "', `email_accounts` = '" . $db->escape($email_accounts) . "', `email_forwarders`='" . $db->escape($email_forwarders) . "', `ftps`='" . $db->escape($ftps) . "', `tickets`='" . $db->escape($tickets) . "', `mysqls`='" . $db->escape($mysqls) . "', `deactivated`='" . $db->escape($deactivated) . "', `phpenabled`='" . $db->escape($phpenabled) . "', `email_quota`='" . $db->escape($email_quota) . "', `imap`='" . $db->escape($email_imap) . "', `pop3`='" . $db->escape($email_pop3) . "', `aps_packages`='" . (int)$number_of_aps_packages . "', `perlenabled`='" . $db->escape($perlenabled) . "' WHERE `customerid`='" . (int)$id . "'");
+					$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `name`='" . $db->escape($name) . "', `firstname`='" . $db->escape($firstname) . "', `company`='" . $db->escape($company) . "', `street`='" . $db->escape($street) . "', `zipcode`='" . $db->escape($zipcode) . "', `city`='" . $db->escape($city) . "', `phone`='" . $db->escape($phone) . "', `fax`='" . $db->escape($fax) . "', `email`='" . $db->escape($email) . "', `customernumber`='" . $db->escape($customernumber) . "', `def_language`='" . $db->escape($def_language) . "', `password` = '" . $password . "', `diskspace`='" . $db->escape($diskspace) . "', `traffic`='" . $db->escape($traffic) . "', `subdomains`='" . $db->escape($subdomains) . "', `emails`='" . $db->escape($emails) . "', `email_accounts` = '" . $db->escape($email_accounts) . "', `email_forwarders`='" . $db->escape($email_forwarders) . "', `ftps`='" . $db->escape($ftps) . "', `tickets`='" . $db->escape($tickets) . "', `mysqls`='" . $db->escape($mysqls) . "', `deactivated`='" . $db->escape($deactivated) . "', `phpenabled`='" . $db->escape($phpenabled) . "', `email_quota`='" . $db->escape($email_quota) . "', `imap`='" . $db->escape($email_imap) . "', `pop3`='" . $db->escape($email_pop3) . "', `aps_packages`='" . (int)$number_of_aps_packages . "', `perlenabled`='" . $db->escape($perlenabled) . "', `email_autoresponder`='" . $db->escape($email_autoresponder) . "' WHERE `customerid`='" . (int)$id . "'");
 					$admin_update_query = "UPDATE `" . TABLE_PANEL_ADMINS . "` SET `customers_used` = `customers_used` ";

 					if($mysqls != '-1'
@@ -1082,6 +1135,22 @@ if($page == 'customers'
 						}
 					}

+					if($email_autoresponder != '-1'
+					   || $result['email_autoresponder'] != '-1')
+					{
+						$admin_update_query.= ", `email_autoresponder_used` = `email_autoresponder_used` ";
+
+						if($email_autoresponder != '-1')
+						{
+							$admin_update_query.= " + 0" . (int)$email_autoresponder . " ";
+						}
+
+						if($result['email_autoresponder'] != '-1')
+						{
+							$admin_update_query.= " - 0" . (int)$result['email_autoresponder'] . " ";
+						}
+					}
+
 					if($subdomains != '-1'
 					   || $result['subdomains'] != '-1')
 					{
@@ -1234,6 +1303,13 @@ if($page == 'customers'
 					$result['email_quota'] = '';
 				}

+				$email_autoresponder_ul = makecheckbox('email_autoresponder_ul', $lng['customer']['unlimited'], '-1', false, $result['email_autoresponder'], true, true);
+
+				if($result['email_autoresponder'] == '-1')
+				{
+					$result['email_autoresponder'] = '';
+				}
+
 				$ftps_ul = makecheckbox('ftps_ul', $lng['customer']['unlimited'], '-1', false, $result['ftps'], true, true);

 				if($result['ftps'] == '-1')
--- a/admin_domains.php
+++ b/admin_domains.php
@@ -527,6 +527,7 @@ if($page == 'domains'
 						'reallydisablesecuritysetting' => (($openbasedir == '0' || $safemode == '0') && $userinfo['change_serversettings'] == '1'),
 						'reallydocrootoutofcustomerroot' => (substr($documentroot, 0, strlen($customer['documentroot'])) != $customer['documentroot'] && !preg_match('/^https?\:\/\//', $documentroot))
 					);
+					$question_nr = 1;
 					foreach($security_questions as $question_name => $question_launch)
 					{
 						if($question_launch !== false)
@@ -536,10 +537,11 @@ if($page == 'domains'
 							if(!isset($_POST[$question_name])
 							   || $_POST[$question_name] != $question_name)
 							{
-								ask_yesno('admin_domain_' . $question_name, $filename, $params);
+								ask_yesno('admin_domain_' . $question_name, $filename, $params, $question_nr);
 								exit;
 							}
 						}
+						$question_nr++;
 					}

 					$db->query("INSERT INTO `" . TABLE_PANEL_DOMAINS . "` (`domain`, `customerid`, `adminid`, `documentroot`, `ipandport`,`aliasdomain`, `zonefile`, `dkim`, `wwwserveralias`, `isbinddomain`, `isemaildomain`, `email_only`, `subcanemaildomain`, `caneditdomain`, `openbasedir`, `safemode`,`speciallogfile`, `specialsettings`, `ssl`, `ssl_redirect`, `ssl_ipandport`, `add_date`, `registration_date`, `phpsettingid`, `mod_fcgid_starter`, `mod_fcgid_maxrequests`, `ismainbutsubto`) VALUES ('" . $db->escape($domain) . "', '" . (int)$customerid . "', '" . (int)$adminid . "', '" . $db->escape($documentroot) . "', '" . $db->escape($ipandport) . "', " . (($aliasdomain != 0) ? '\'' . $db->escape($aliasdomain) . '\'' : 'NULL') . ", '" . $db->escape($zonefile) . "', '" . $db->escape($dkim) . "', '" . $db->escape($wwwserveralias) . "', '" . $db->escape($isbinddomain) . "', '" . $db->escape($isemaildomain) . "', '" . $db->escape($email_only) . "', '" . $db->escape($subcanemaildomain) . "', '" . $db->escape($caneditdomain) . "', '" . $db->escape($openbasedir) . "', '" . $db->escape($safemode) . "', '" . $db->escape($speciallogfile) . "', '" . $db->escape($specialsettings) . "', '" . $ssl . "', '" . $ssl_redirect . "' , '" . $ssl_ipandport . "', '" . $db->escape(time()) . "', '" . $db->escape($registration_date) . "', '" . (int)$phpsettingid . "', '" . (int)$mod_fcgid_starter . "', '" . (int)$mod_fcgid_maxrequests . "', '".(int)$issubof."')");
@@ -1131,7 +1133,7 @@ if($page == 'domains'
 				}

 				$subtodomains = makeoption($lng['domains']['nosubtomaindomain'], 0, NULL, true);
-				$result_domains = $db->query("SELECT `d`.`id`, `d`.`domain`  FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` WHERE `d`.`aliasdomain` IS NULL AND `d`.`parentdomainid`=0 AND `d`.`id`<>'" . (int)$result['id'] . "' AND `c`.`standardsubdomain`<>`d`.`id` AND `d`.`customerid`='" . (int)$result['customerid'] . "' AND `c`.`customerid`=`d`.`customerid` ORDER BY `d`.`domain` ASC");
+				$result_domains = $db->query("SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` WHERE `d`.`aliasdomain` IS NULL AND `d`.`parentdomainid`=0 AND `d`.`id`<>'" . (int)$result['id'] . "' AND `c`.`standardsubdomain`<>`d`.`id` AND `c`.`customerid`=`d`.`customerid`". ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = '" . (int)$userinfo['adminid'] . "'") . " ORDER BY `d`.`domain` ASC");

 				while($row_domain = $db->fetch_array($result_domains))
 				{
--- a/admin_index.php
+++ b/admin_index.php
@@ -61,6 +61,7 @@ if($page == 'overview')
 				SUM(`email_accounts_used`) AS `email_accounts_used`,
 				SUM(`email_forwarders_used`) AS `email_forwarders_used`,
 				SUM(`email_quota_used`) AS `email_quota_used`,
+				SUM(`email_autoresponder_used`) AS `email_autoresponder_used`,
 				SUM(`ftps_used`) AS `ftps_used`,
 				SUM(`tickets_used`) AS `tickets_used`,
 				SUM(`subdomains_used`) AS `subdomains_used`,
@@ -140,7 +141,7 @@ if($page == 'overview')
 	$userinfo['diskspace_used'] = round($userinfo['diskspace_used'] / 1024, $settings['panel']['decimal_places']);
 	$userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), $settings['panel']['decimal_places']);
 	$userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), $settings['panel']['decimal_places']);
-	$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'customers domains diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps tickets subdomains aps_packages');
+	$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'customers domains diskspace traffic mysqls emails email_accounts email_forwarders email_quota email_autoresponder ftps tickets subdomains aps_packages');

 	$cron_last_runs = getCronjobsLastRun();
 	$outstanding_tasks = getOutstandingTasks();
@@ -185,7 +186,7 @@ if($page == 'overview')
 	}

 	// Try to get the uptime
-	// First: With exec (let's hope it's enabled for the SysCP - vHost)
+	// First: With exec (let's hope it's enabled for the Froxlor - vHost)

 	$uptime_array = explode(" ", @file_get_contents("/proc/uptime"));

--- a/admin_ipsandports.php
+++ b/admin_ipsandports.php
@@ -145,7 +145,9 @@ if($page == 'ipsandports'
 			$ssl_cert_file = validate($_POST['ssl_cert_file'], 'ssl_cert_file');
 			$ssl_key_file = validate($_POST['ssl_key_file'], 'ssl_key_file');
 			$ssl_ca_file = validate($_POST['ssl_ca_file'], 'ssl_ca_file');
+			$ssl_cert_chainfile = validate($_POST['ssl_cert_chainfile'], 'ssl_cert_chainfile');
 			$default_vhostconf_domain = validate(str_replace("\r\n", "\n", $_POST['default_vhostconf_domain']), 'default_vhostconf_domain', '/^[^\0]*$/');
+			$docroot = validate($_POST['docroot'], 'docroot');
 			
 			if($listen_statement != '1')
 			{
@@ -187,6 +189,20 @@ if($page == 'ipsandports'
 				$ssl_ca_file = makeCorrectFile($ssl_ca_file);
 			}

+			if($ssl_cert_chainfile != '')
+			{
+				$ssl_cert_chainfile = makeCorrectFile($ssl_cert_chainfile);
+			}
+
+			if(strlen(trim($docroot)) > 0)
+			{
+				$docroot = makeCorrectDir($docroot);
+			}
+			else
+			{
+				$docroot = '';
+			}
+
 			$result_checkfordouble = $db->query_first("SELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ip`='" . $db->escape($ip) . "' AND `port`='" . (int)$port . "'");

 			if($result_checkfordouble['id'] != '')
@@ -195,7 +211,23 @@ if($page == 'ipsandports'
 			}
 			else
 			{
-				$db->query("INSERT INTO `" . TABLE_PANEL_IPSANDPORTS . "` (`ip`, `port`, `listen_statement`, `namevirtualhost_statement`, `vhostcontainer`, `vhostcontainer_servername_statement`, `specialsettings`, `ssl`, `ssl_cert_file`, `ssl_key_file`, `ssl_ca_file`, `default_vhostconf_domain`) VALUES ('" . $db->escape($ip) . "', '" . (int)$port . "', '" . (int)$listen_statement . "', '" . (int)$namevirtualhost_statement . "', '" . (int)$vhostcontainer . "', '" . (int)$vhostcontainer_servername_statement . "', '" . $db->escape($specialsettings) . "', '" . (int)$ssl . "', '" . $db->escape($ssl_cert_file) . "', '" . $db->escape($ssl_key_file) . "', '" . $db->escape($ssl_ca_file) . "', '" . $db->escape($default_vhostconf_domain) . "')");
+				$db->query("INSERT INTO `" . TABLE_PANEL_IPSANDPORTS . "`
+					SET 
+						`ip` = '" . $db->escape($ip) . "', 
+						`port` = '" . (int)$port . "', 
+						`listen_statement` = '" . (int)$listen_statement . "', 
+						`namevirtualhost_statement` = '" . (int)$namevirtualhost_statement . "', 
+						`vhostcontainer` = '" . (int)$vhostcontainer . "', 
+						`vhostcontainer_servername_statement` = '" . (int)$vhostcontainer_servername_statement . "', 
+						`specialsettings` = '" . $db->escape($specialsettings) . "', 
+						`ssl` = '" . (int)$ssl . "', 
+						`ssl_cert_file` = '" . $db->escape($ssl_cert_file) . "', 
+						`ssl_key_file` = '" . $db->escape($ssl_key_file) . "', 
+						`ssl_ca_file` = '" . $db->escape($ssl_ca_file) . "',
+						`ssl_cert_chainfile` = '" . $db->escape($ssl_cert_chainfile) . "', 
+						`default_vhostconf_domain` = '" . $db->escape($default_vhostconf_domain) . "',
+						`docroot` = '" . $db->escape($docroot) . "';
+					");

 				if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
 				{
@@ -241,7 +273,9 @@ if($page == 'ipsandports'
 				$ssl_cert_file = validate($_POST['ssl_cert_file'], 'ssl_cert_file');
 				$ssl_key_file = validate($_POST['ssl_key_file'], 'ssl_key_file');
 				$ssl_ca_file = validate($_POST['ssl_ca_file'], 'ssl_ca_file');
+				$ssl_cert_chainfile = validate($_POST['ssl_cert_chainfile'], 'ssl_cert_chainfile');
 				$default_vhostconf_domain = validate(str_replace("\r\n", "\n", $_POST['default_vhostconf_domain']), 'default_vhostconf_domain', '/^[^\0]*$/');
+				$docroot =  validate($_POST['docroot'], 'docroot');
 				
 				if($listen_statement != '1')
 				{
@@ -283,6 +317,20 @@ if($page == 'ipsandports'
 					$ssl_ca_file = makeCorrectFile($ssl_ca_file);
 				}

+				if($ssl_cert_chainfile != '')
+				{
+					$ssl_cert_chainfile = makeCorrectFile($ssl_cert_chainfile);
+				}
+
+				if(strlen(trim($docroot)) > 0)
+				{
+					$docroot = makeCorrectDir($docroot);
+				}
+				else
+				{
+					$docroot = '';
+				}
+
 				if($result['ip'] != $ip
 				   && $result['ip'] == $settings['system']['ipaddress']
 				   && $result_sameipotherport['id'] == '')
@@ -296,7 +344,26 @@ if($page == 'ipsandports'
 				}
 				else
 				{
-					$db->query("UPDATE `" . TABLE_PANEL_IPSANDPORTS . "` SET `ip`='" . $db->escape($ip) . "', `port`='" . (int)$port . "', `listen_statement`='" . (int)$listen_statement . "', `namevirtualhost_statement`='" . (int)$namevirtualhost_statement . "', `vhostcontainer`='" . (int)$vhostcontainer . "', `vhostcontainer_servername_statement`='" . (int)$vhostcontainer_servername_statement . "', `specialsettings`='" . $db->escape($specialsettings) . "', `ssl`='" . (int)$ssl . "', `ssl_cert_file`='" . $db->escape($ssl_cert_file) . "', `ssl_key_file`='" . $db->escape($ssl_key_file) . "', `ssl_ca_file`='" . $db->escape($ssl_ca_file) . "', `default_vhostconf_domain`='" . $db->escape($default_vhostconf_domain) . "' WHERE `id`='" . (int)$id . "'");
+
+					$db->query("UPDATE `" . TABLE_PANEL_IPSANDPORTS . "`
+					SET 
+						`ip` = '" . $db->escape($ip) . "', 
+						`port` = '" . (int)$port . "', 
+						`listen_statement` = '" . (int)$listen_statement . "', 
+						`namevirtualhost_statement` = '" . (int)$namevirtualhost_statement . "', 
+						`vhostcontainer` = '" . (int)$vhostcontainer . "', 
+						`vhostcontainer_servername_statement` = '" . (int)$vhostcontainer_servername_statement . "', 
+						`specialsettings` = '" . $db->escape($specialsettings) . "', 
+						`ssl` = '" . (int)$ssl . "', 
+						`ssl_cert_file` = '" . $db->escape($ssl_cert_file) . "', 
+						`ssl_key_file` = '" . $db->escape($ssl_key_file) . "', 
+						`ssl_ca_file` = '" . $db->escape($ssl_ca_file) . "',
+						`ssl_cert_chainfile` = '" . $db->escape($ssl_cert_chainfile) . "', 
+						`default_vhostconf_domain` = '" . $db->escape($default_vhostconf_domain) . "',
+						`docroot` = '" . $db->escape($docroot) . "' 
+					WHERE `id`='" . (int)$id . "'
+					");
+
 					$log->logAction(ADM_ACTION, LOG_WARNING, "changed IP/port from '" . $result['ip'] . ":" . $result['port'] . "' to '" . $ip . ":" . $port . "'");
 					inserttask('1');
 					inserttask('4');
--- a/admin_tickets.php
+++ b/admin_tickets.php
@@ -140,6 +140,7 @@ if($page == 'tickets'
 						$cananswer = 1;
 					}

+					$row['subject'] = html_entity_decode($row['subject']);
 					if(strlen($row['subject']) > 20)
 					{
 						$row['subject'] = substr($row['subject'], 0, 17) . '...';
@@ -168,7 +169,7 @@ if($page == 'tickets'
 				$newticket->Set('subject', validate($_POST['subject'], 'subject'), true, false);
 				$newticket->Set('priority', validate($_POST['priority'], 'priority'), true, false);
 				$newticket->Set('category', validate($_POST['category'], 'category'), true, false);
-				$newticket->Set('customer', validate($_POST['customer'], 'customer'), true, false);
+				$newticket->Set('customer', (int)$_POST['customer'], true, false);
 				$newticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false);

 				if($newticket->Get('subject') == null)
--- a/customer_autoresponder.php
+++ b/customer_autoresponder.php
@@ -87,6 +87,7 @@ if($action == "add")
 			`subject` = '" . $db->escape($subject) . "',
 			`customerid` = '" . $db->escape((int)$userinfo['customerid']) . "'
 			");
+		$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_autoresponder_used` = `email_autoresponder_used` + 1 WHERE `customerid` = '" . $db->escape((int)$userinfo['customerid']). "'");
 		redirectTo($filename, Array('s' => $s));
 	}

@@ -265,6 +266,7 @@ if($action == "delete")
 			WHERE `email` = '" . $db->escape($account) . "'
 			AND `customerid` = '" . $db->escape((int)$userinfo['customerid']) . "'
 			");
+		$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_autoresponder_used` = `email_autoresponder_used` - 1 WHERE `customerid` = '" . $db->escape((int)$userinfo['customerid']). "'");
 		redirectTo($filename, Array('s' => $s));
 	}

--- a/customer_index.php
+++ b/customer_index.php
@@ -67,7 +67,7 @@ if($page == 'overview')
 	$userinfo['diskspace_used'] = round($userinfo['diskspace_used'] / 1024, $settings['panel']['decimal_places']);
 	$userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), $settings['panel']['decimal_places']);
 	$userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), $settings['panel']['decimal_places']);
-	$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps tickets subdomains aps_packages');
+	$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota email_autoresponder ftps tickets subdomains aps_packages');
 	$opentickets = 0;
 	$opentickets = $db->query_first('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
                                   WHERE `customerid` = "' . $userinfo['customerid'] . '"
--- a/customer_tickets.php
+++ b/customer_tickets.php
@@ -98,6 +98,7 @@ elseif($page == 'tickets')
 					$cananswer = 0;
 				}

+				$row['subject'] = html_entity_decode($row['subject']);
 				if(strlen($row['subject']) > 20)
 				{
 					$row['subject'] = substr($row['subject'], 0, 17) . '...';
--- a/images/multiserver/no.png
+++ b/images/multiserver/no.png
--- a/images/multiserver/server.png
+++ b/images/multiserver/server.png
--- a/images/multiserver/tick.png
+++ b/images/multiserver/tick.png
--- a/images/multiserver/view.png
+++ b/images/multiserver/view.png
--- a/index.php
+++ b/index.php
@@ -49,7 +49,44 @@ if($action == 'login')
 		}
 		else
 		{
-			$is_admin = true;
+			if((int)$settings['login']['domain_login'] == 1)
+			{
+				/**
+				 * check if the customer tries to login with a domain, #374
+				 */
+				$domainname = $idna_convert->encode(preg_replace(Array('/\:(\d)+$/', '/^https?\:\/\//'), '', $loginname));
+				$row2 = $db->query_first("SELECT `customerid` FROM `".TABLE_PANEL_DOMAINS."` WHERE `domain` = '".$db->escape($domainname)."'");
+	
+				if(isset($row2['customerid']) && $row2['customerid'] > 0)
+				{
+					$loginname = getCustomerDetail($row2['customerid'], 'loginname');
+					
+					if($loginname !== false)
+					{
+						$row3 = $db->query_first("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname`='" . $db->escape($loginname) . "'");
+		
+						if($row3['customer'] == $loginname)
+						{
+							$table = "`" . TABLE_PANEL_CUSTOMERS . "`";
+							$uid = 'customerid';
+							$adminsession = '0';
+							$is_admin = false;
+						}
+					}
+					else
+					{
+						$is_admin = true;
+					}
+				}
+				else
+				{
+					$is_admin = true;
+				}
+			}
+			else
+			{
+				$is_admin = true;
+			}
 		}

 		if(hasUpdates($version) && $is_admin == false)
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -164,6 +164,8 @@ CREATE TABLE `panel_admins` (
  `can_manage_aps_packages` tinyint(1) NOT NULL default '1',
  `aps_packages` int(5) NOT NULL default '0',
  `aps_packages_used` int(5) NOT NULL default '0',
+  `email_autoresponder` int(5) NOT NULL default '0',
+  `email_autoresponder_used` int(5) NOT NULL default '0',
   PRIMARY KEY  (`adminid`),
   UNIQUE KEY `loginname` (`loginname`)
 ) TYPE=MyISAM ;
@@ -228,6 +230,8 @@ CREATE TABLE `panel_customers` (
  `aps_packages` int(5) NOT NULL default '0',
  `aps_packages_used` int(5) NOT NULL default '0',
  `perlenabled` tinyint(1) NOT NULL default '0',
+  `email_autoresponder` int(5) NOT NULL default '0',
+  `email_autoresponder_used` int(5) NOT NULL default '0',
   PRIMARY KEY  (`customerid`),
   UNIQUE KEY `loginname` (`loginname`)
 ) TYPE=MyISAM ;
@@ -333,6 +337,8 @@ CREATE TABLE `panel_ipsandports` (
  `ssl_key_file` varchar(255) NOT NULL,
  `ssl_ca_file` varchar(255) NOT NULL,
  `default_vhostconf_domain` text NOT NULL,
+  `ssl_cert_chainfile` varchar(255) NOT NULL,
+  `docroot` varchar(255) NOT NULL default '',
  PRIMARY KEY  (`id`)
 ) TYPE=MyISAM ;

@@ -456,7 +462,7 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (18, 'system', 'vmail_homedir', '/var/customers/mail/');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (19, 'system', 'bindconf_directory', '/etc/bind/');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (20, 'system', 'bindreload_command', '/etc/init.d/bind9 reload');
-INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (22, 'panel', 'version', '0.9.12');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (22, 'panel', 'version', '0.9.14');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (23, 'system', 'hostname', 'SERVERNAME');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (24, 'login', 'maxloginattempts', '3');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (25, 'login', 'deactivatetime', '900');
@@ -503,9 +509,9 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (67, 'logger', 'logfile', '');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (68, 'logger', 'logtypes', 'syslog,mysql');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (69, 'logger', 'severity', '1');
-INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (70, 'system','ssl_cert_file','/etc/apache2/apache2.pem');
-INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (71, 'system','use_ssl','1');
-INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (72, 'system','openssl_cnf','[ req ]\r\ndefault_bits = 1024\r\ndistinguished_name = req_distinguished_name\r\nattributes = req_attributes\r\nprompt = no\r\noutput_password =\r\ninput_password =\r\n[ req_distinguished_name ]\r\nC = DE\r\nST = froxlor\r\nL = froxlor    \r\nO = Testcertificate\r\nOU = froxlor        \r\nCN = @@domain_name@@\r\nemailAddress = @@email@@    \r\n[ req_attributes ]\r\nchallengePassword =\r\n');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (70, 'system', 'ssl_cert_file', '/etc/apache2/apache2.pem');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (71, 'system', 'use_ssl', '0');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (72, 'system', 'openssl_cnf', '[ req ]\r\ndefault_bits = 1024\r\ndistinguished_name = req_distinguished_name\r\nattributes = req_attributes\r\nprompt = no\r\noutput_password =\r\ninput_password =\r\n[ req_distinguished_name ]\r\nC = DE\r\nST = froxlor\r\nL = froxlor    \r\nO = Testcertificate\r\nOU = froxlor        \r\nCN = @@domain_name@@\r\nemailAddress = @@email@@    \r\n[ req_attributes ]\r\nchallengePassword =\r\n');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (73, 'system', 'default_vhostconf', '');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (74, 'system', 'mail_quota_enabled', '0');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (75, 'system', 'mail_quota', '100');
@@ -540,13 +546,12 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (104, 'aps', 'webserver-htaccess', '');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (105, 'aps', 'php-function', '');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (106, 'aps', 'webserver-module', '');
-INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (107, 'system', 'realtime_port', '0');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (108, 'session', 'allow_multiple_login', '0');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (109, 'panel', 'allow_domain_change_admin', '0');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (110, 'panel', 'allow_domain_change_customer', '0');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (111, 'system', 'mod_fcgid_maxrequests', '250');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (112, 'system','ssl_key_file','/etc/apache2/apache2.key');
-INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (113, 'system','ssl_ca_file','');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (113, 'system','ssl_ca_file', '');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (114, 'panel', 'frontend', 'froxlor');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (115, 'spf', 'use_spf', '0');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (116, 'spf', 'spf_entry', '@	IN	TXT	"v=spf1 a mx -all"');
@@ -585,6 +590,10 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (149, 'perl', 'suexecworkaround', '0');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (150, 'perl', 'suexecpath', '/var/www/cgi-bin/');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (151, 'system', 'awstats_awstatspath', '/usr/bin/');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (152, 'system', 'mod_fcgid_defaultini_ownvhost', '1');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (153, 'system', 'awstats_icons', '/usr/share/awstats/icon/');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (154, 'system', 'ssl_cert_chainfile', '');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (155, 'login', 'domain_login', '0');

 # --------------------------------------------------------

@@ -785,7 +794,7 @@ CREATE TABLE `panel_tickets` (
  `message` text NOT NULL,
  `dt` int(15) NOT NULL,
  `lastchange` int(15) NOT NULL,
-  `ip` varchar(20) NOT NULL,
+  `ip` varchar(39) NOT NULL default '',
  `status` enum('0','1','2','3') NOT NULL default '1',
  `lastreplier` enum('0','1') NOT NULL default '0',
  `answerto` int(11) unsigned NOT NULL,
@@ -987,13 +996,12 @@ CREATE TABLE IF NOT EXISTS `cronjobs_run` (
 #

 INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`, `desc_lng_key`) VALUES (1, 'froxlor/core', 'cron_tasks.php', '5 MINUTE', '1', 'cron_tasks');
-INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`, `desc_lng_key`) VALUES (2, 'froxlor/core', 'cron_legacy.php', '5 MINUTE', '1', 'cron_legacy');
-INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`, `desc_lng_key`) VALUES (3, 'froxlor/aps', 'cron_apsinstaller.php', '5 MINUTE', '0', 'cron_apsinstaller');
-INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`, `desc_lng_key`) VALUES (4, 'froxlor/autoresponder', 'cron_autoresponder.php', '5 MINUTE', '0', 'cron_autoresponder');
-INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`, `desc_lng_key`) VALUES (5, 'froxlor/aps', 'cron_apsupdater.php', '1 HOUR', '0', 'cron_apsupdater');
-INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`, `desc_lng_key`) VALUES (6, 'froxlor/core', 'cron_traffic.php', '1 DAY', '1', 'cron_traffic');
-INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`, `desc_lng_key`) VALUES (7, 'froxlor/ticket', 'cron_used_tickets_reset.php', '1 DAY', '1', 'cron_ticketsreset');
-INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`, `desc_lng_key`) VALUES (8, 'froxlor/ticket', 'cron_ticketarchive.php', '1 MONTH', '1', 'cron_ticketarchive');
+INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`, `desc_lng_key`) VALUES (2, 'froxlor/aps', 'cron_apsinstaller.php', '5 MINUTE', '0', 'cron_apsinstaller');
+INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`, `desc_lng_key`) VALUES (3, 'froxlor/autoresponder', 'cron_autoresponder.php', '5 MINUTE', '0', 'cron_autoresponder');
+INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`, `desc_lng_key`) VALUES (4, 'froxlor/aps', 'cron_apsupdater.php', '1 HOUR', '0', 'cron_apsupdater');
+INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`, `desc_lng_key`) VALUES (5, 'froxlor/core', 'cron_traffic.php', '1 DAY', '1', 'cron_traffic');
+INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`, `desc_lng_key`) VALUES (6, 'froxlor/ticket', 'cron_used_tickets_reset.php', '1 DAY', '1', 'cron_ticketsreset');
+INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`, `desc_lng_key`) VALUES (7, 'froxlor/ticket', 'cron_ticketarchive.php', '1 MONTH', '1', 'cron_ticketarchive');

 # --------------------------------------------------------

--- a/install/install.php
+++ b/install/install.php
@@ -182,6 +182,18 @@ function requirement_checks()
 		status_message('green', 'OK');
 	}

+	// Check if magic_quotes_runtime is active
+	status_message('begin', $lng['install']['phpmagic_quotes_runtime']);	 
+	if(get_magic_quotes_runtime())
+	{
+	    // Deactivate
+	    set_magic_quotes_runtime(false);
+	    status_message('orange', $lng['install']['active'] . '<br />' . $lng['install']['phpmagic_quotes_runtime_description']);
+	}
+	else
+	{
+		status_message('green', 'OK');
+	}

 	status_message('begin', $lng['install']['phpmysql']);

@@ -499,16 +511,20 @@ if(isset($_POST['installstep'])
 	//first we make a backup of the old DB if it exists

 	status_message('begin', $lng['install']['backup_old_db']);
+	$tables_exist = false;

 	$sql = "SHOW TABLES FROM $mysql_database";
 	$result = mysql_query($sql);
-	// check the first row
-	$row = mysql_fetch_row($result);

-	$tables_exist = false;
-	if(isset($row[0]) && $row[0] != '')
+	// check the first row
+	if($result !== false)
 	{
-		$tables_exist = true;
+		$row = mysql_num_rows($result);
+	
+		if($row > 0)
+		{
+			$tables_exist = true;
+		}
 	}

 	if($tables_exist)
@@ -689,6 +705,7 @@ if(isset($_POST['installstep'])
 		`password` = '" . md5($admin_pass1) . "',
 		`name` = 'Siteadmin',
 		`email` = 'admin@" . $db->escape($servername) . "',
+		`def_language` = '". $db->escape($languages[$language]) . "',
 		`customers` = -1,
 		`customers_used` = 0,
 		`customers_see_all` = 1,
@@ -718,7 +735,10 @@ if(isset($_POST['installstep'])
 		`traffic` = -1048576,
 		`traffic_used` = 0,
 		`deactivated` = 0,
-		`aps_packages` = -1");
+		`aps_packages` = -1,
+		`aps_packages_used` = 0,
+		`email_autoresponder` = -1,
+		`email_autoresponder_used` = 0");
 	status_message('green', 'OK');

 	//now we create the userdata.inc.php with the mysql-accounts
--- a/install/lng/english.lng.php
+++ b/install/lng/english.lng.php
@@ -91,4 +91,11 @@ $lng['install']['click_here_to_refresh'] = 'Re-check';
 $lng['install']['click_here_to_continue'] = 'Continue installation';
 $lng['install']['froxlor_succ_checks'] = 'All requirements are satisfied';

+/*
+ * Added in Froxlor 0.9.13
+ */
+$lng['install']['phpmagic_quotes_runtime'] = 'Checking whether magic_quotes_runtime is off';
+$lng['install']['active'] = 'no';
+$lng['install']['phpmagic_quotes_runtime_description'] = 'PHP setting "magic_quotes_runtime" must be set to "Off" in order to avoid strange behavior of Froxlor. Disabling it for now (this is only temporary, please fix our php.ini).';
+
 ?>
--- a/install/lng/german.lng.php
+++ b/install/lng/german.lng.php
@@ -91,4 +91,11 @@ $lng['install']['click_here_to_refresh'] = 'Erneut pr&uuml;fen';
 $lng['install']['click_here_to_continue'] = 'Installation fortf&uuml;hren';
 $lng['install']['froxlor_succ_checks'] = 'Alle Vorraussetzungen sind erf&uuml;llt';

+/*
+ * Added in Froxlor 0.9.13
+ */
+$lng['install']['phpmagic_quotes_runtime'] = 'Pr&uuml;fe ob magic_quotes_runtime ausgeschalten ist';
+$lng['install']['active'] = 'nein';
+$lng['install']['phpmagic_quotes_runtime_description'] = 'Die PHP Einstellung "magic_quotes_runtime" muss deaktiviert sein ("Off"), um merkw&uuml;rdige Verhalten von Froxlor zu umgehen. Sie wurde deaktiviert (nur tempor&auml;r, bitte php.ini anpassen).';
+
 ?>
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
@@ -1027,3 +1027,225 @@ if(isFroxlorVersion('0.9.12-svn6'))

 	updateToVersion('0.9.12');
 }
+
+if(isFroxlorVersion('0.9.12'))
+{
+	showUpdateStep("Updating from 0.9.12 to 0.9.13-svn1", false);
+
+	showUpdateStep("Adding new fields to admin-table");
+	$db->query("ALTER TABLE `".TABLE_PANEL_ADMINS."` ADD `email_autoresponder` int(5) NOT NULL default '0' AFTER `aps_packages_used`;");
+	$db->query("ALTER TABLE `".TABLE_PANEL_ADMINS."` ADD `email_autoresponder_used` int(5) NOT NULL default '0' AFTER `email_autoresponder`;");
+	lastStepStatus(0);
+	
+	showUpdateStep("Adding new fields to customer-table");
+	$db->query("ALTER TABLE `".TABLE_PANEL_CUSTOMERS."` ADD `email_autoresponder` int(5) NOT NULL default '0' AFTER `perlenabled`;");
+	$db->query("ALTER TABLE `".TABLE_PANEL_CUSTOMERS."` ADD `email_autoresponder_used` int(5) NOT NULL default '0' AFTER `email_autoresponder`;");
+	lastStepStatus(0);
+	
+	if((int)$settings['autoresponder']['autoresponder_active'] == 1)
+	{
+		$update_autoresponder_default = isset($_POST['update_autoresponder_default']) ? intval_ressource($_POST['update_autoresponder_default']) : 0;
+
+		if(isset($_POST['update_autoresponder_default_ul'])) {
+			$update_autoresponder_default = -1;
+		}
+	}
+	else
+	{
+		$update_autoresponder_default = 0;
+	}
+
+	showUpdateStep("Setting default amount of autoresponders");
+	// admin gets unlimited
+	$db->query("UPDATE `".TABLE_PANEL_ADMINS."` SET `email_autoresponder`='-1' WHERE `adminid` = '".(int)$userinfo['adminid']."'");
+	// customers
+	$db->query("UPDATE `".TABLE_PANEL_CUSTOMERS."` SET `email_autoresponder`='".(int)$update_autoresponder_default."' WHERE `deactivated` = '0'");
+	lastStepStatus(0);
+
+	updateToVersion('0.9.13-svn1');
+}
+
+if(isFroxlorVersion('0.9.13-svn1'))
+{
+	showUpdateStep("Updating from 0.9.13-svn1 to 0.9.13 final");
+	lastStepStatus(0);
+
+	updateToVersion('0.9.13');
+}
+
+if(isFroxlorVersion('0.9.13'))
+{
+	showUpdateStep("Updating from 0.9.13 to 0.9.13.1 final", false);
+
+	$update_defaultini_ownvhost = isset($_POST['update_defaultini_ownvhost']) ? (int)$_POST['update_defaultini_ownvhost'] : 1;	
+
+	showUpdateStep("Adding settings for Froxlor-vhost's PHP-configuration");
+	$db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settinggroup`, `varname`, `value`) VALUES ('system', 'mod_fcgid_defaultini_ownvhost', '".(int)$update_defaultini_ownvhost."');");
+	lastStepStatus(0);
+
+	updateToVersion('0.9.13.1');
+}
+
+/**
+ * be compatible with the few who already use 0.9.14-svn1
+ */
+if(isFroxlorVersion('0.9.14-svn1'))
+{
+	showUpdateStep("Resetting version 0.9.14-svn1 to 0.9.13.1");
+	lastStepStatus(0);
+
+	updateToVersion('0.9.13.1');
+}
+
+if(isFroxlorVersion('0.9.13.1'))
+{
+	showUpdateStep("Updating from 0.9.13.1 to 0.9.14-svn2", false);
+	
+	if($settings['ticket']['enabled'] == '1')
+	{
+		showUpdateStep("Setting INTERVAL for used-tickets cronjob");
+		setCycleOfCronjob(null, null, $settings['ticket']['reset_cycle'], null);
+		lastStepStatus(0);
+	}
+	updateToVersion('0.9.14-svn2');
+}
+
+if(isFroxlorVersion('0.9.14-svn2'))
+{
+	showUpdateStep("Updating from 0.9.14-svn2 to 0.9.14-svn3", false);
+
+	$update_awstats_icons = isset($_POST['update_awstats_icons']) ? makeCorrectDir($_POST['update_awstats_icons']) : $settings['system']['awstats_icons'];	
+
+	showUpdateStep("Adding AWStats icons path to the settings");
+	$db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settinggroup`, `varname`, `value`) VALUES ('system', 'awstats_icons', '".$db->escape($update_awstats_icons)."');");
+	lastStepStatus(0);
+
+	updateToVersion('0.9.14-svn3');
+}
+
+if(isFroxlorVersion('0.9.14-svn3'))
+{
+	showUpdateStep("Updating from 0.9.14-svn3 to 0.9.14-svn4", false);
+
+	$update_ssl_cert_chainfile = isset($_POST['update_ssl_cert_chainfile']) ? $_POST['update_ssl_cert_chainfile'] : '';	
+
+	if($update_ssl_cert_chainfile != '')
+	{
+		$update_ssl_cert_chainfile = makeCorrectFile($update_ssl_cert_chainfile);
+	}
+
+	showUpdateStep("Adding SSLCertificateChainFile to the settings");
+	$db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settinggroup`, `varname`, `value`) VALUES ('system', 'ssl_cert_chainfile', '".$db->escape($update_ssl_cert_chainfile)."');");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding new field to IPs and ports for SSLCertificateChainFile");
+	$db->query("ALTER TABLE `".TABLE_PANEL_IPSANDPORTS."` ADD `ssl_cert_chainfile` varchar(255) NOT NULL AFTER `default_vhostconf_domain`;");
+	lastStepStatus(0);
+
+	updateToVersion('0.9.14-svn4');
+}
+
+if(isFroxlorVersion('0.9.14-svn4'))
+{
+	showUpdateStep("Updating from 0.9.14-svn4 to 0.9.14-svn5", false);
+
+	showUpdateStep("Adding docroot-field to IPs and ports for custom-docroot settings");
+	$db->query("ALTER TABLE `".TABLE_PANEL_IPSANDPORTS."` ADD `docroot` varchar(255) NOT NULL default '' AFTER `ssl_cert_chainfile`;");
+	lastStepStatus(0);
+
+	updateToVersion('0.9.14-svn5');
+}
+
+if(isFroxlorVersion('0.9.14-svn5'))
+{
+	showUpdateStep("Updating from 0.9.14-svn5 to 0.9.14-svn6", false);
+
+	$update_allow_domain_login = isset($_POST['update_allow_domain_login']) ? (int)$_POST['update_allow_domain_login'] : '0';
+
+	showUpdateStep("Adding domain-login switch to the settings");
+	$db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settinggroup`, `varname`, `value`) VALUES ('login', 'domain_login', '".(int)$update_allow_domain_login."');");
+	lastStepStatus(0);
+
+	updateToVersion('0.9.14-svn6');
+}
+
+/*
+ * revert database changes we did for multiserver-support
+ * before branching - sorry guys :/
+ */
+if(isFroxlorVersion('0.9.14-svn9'))
+{
+	showUpdateStep("Reverting multiserver-patches (svn)", false);
+
+	$update_allow_domain_login = isset($_POST['update_allow_domain_login']) ? (int)$_POST['update_allow_domain_login'] : '0';
+
+	showUpdateStep("Reverting database table-changes");
+	$db->query("ALTER TABLE `".TABLE_PANEL_SETTINGS."` DROP `sid`;");
+
+	showUpdateStep(".");
+	$db->query("ALTER TABLE `".TABLE_PANEL_CUSTOMERS."` DROP `sid`;");
+
+	showUpdateStep(".");
+	$db->query("ALTER TABLE `".TABLE_MAIL_VIRTUAL."` DROP `sid`;");
+
+	showUpdateStep(".");
+	$db->query("ALTER TABLE `".TABLE_FTP_USERS."` DROP `sid`;");
+
+	showUpdateStep(".");
+	$db->query("ALTER TABLE `".TABLE_PANEL_TASKS."` DROP `sid`;");
+
+	showUpdateStep(".");
+	$db->query("ALTER TABLE `".TABLE_APS_TASKS."` DROP `sid`;");
+
+	showUpdateStep(".");
+	$db->query("ALTER TABLE `".TABLE_PANEL_LOG."` DROP `sid`;");
+
+	showUpdateStep(".");
+	$db->query("ALTER TABLE `".TABLE_PANEL_PHPCONFIGS."` DROP `sid`;");
+	lastStepStatus(0);
+
+	showUpdateStep("Removing froxlor-clients table");
+	$db->query("DROP TABLE IF EXISTS `froxlor_clients`");
+	lastStepStatus(0);
+
+	updateToVersion('0.9.14-svn10');
+}
+
+if(isFroxlorVersion('0.9.14-svn6'))
+{
+	showUpdateStep("Updating from 0.9.14-svn6 to 0.9.14-svn10", false);
+
+	// remove deprecated realtime-feature
+	showUpdateStep("Removing realtime-feature (deprecated)");
+	$db->query("DELETE FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'system' AND `varname` = 'realtime_port';");
+	lastStepStatus(0);
+
+	// remove deprecated panel_navigation
+	showUpdateStep("Removing table `panel_navigation` (deprecated)");
+	$db->query("DROP TABLE IF EXISTS `panel_navigation`;");
+	lastStepStatus(0);
+
+	// remove deprecated panel_cronscript
+	showUpdateStep("Removing table `panel_cronscript` (deprecated)");
+	$db->query("DROP TABLE IF EXISTS `panel_cronscript`;");
+	lastStepStatus(0);
+
+	// make ticket-system ipv6 compatible
+	showUpdateStep("Altering IP field in panel_tickets (IPv6 compatibility)");
+	$db->query("ALTER TABLE `" . TABLE_PANEL_TICKETS . "` MODIFY `ip` varchar(39) NOT NULL default '';");
+	lastStepStatus(0);
+
+	showUpdateStep("Removing deprecated legacy-cronjob from database");
+	$db->query("DELETE FROM `".TABLE_PANEL_CRONRUNS."` WHERE `cronfile` ='cron_legacy.php';");
+	lastStepStatus(0);
+
+	updateToVersion('0.9.14-svn10');
+}
+
+if(isFroxlorVersion('0.9.14-svn10'))
+{
+	showUpdateStep("Updating from 0.9.14-svn10 to 0.9.14 final");
+	lastStepStatus(0);
+
+	updateToVersion('0.9.14');
+}
--- a/install/updates/preconfig/0.9/preconfig_0.9.inc.php
+++ b/install/updates/preconfig/0.9/preconfig_0.9.inc.php
@@ -279,4 +279,76 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version)
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}
+
+	if(versionInUpdate($current_version, '0.9.13-svn1'))
+	{
+		if((int)$settings['autoresponder']['autoresponder_active'] == 1)
+		{
+			$has_preconfig = true;
+			$description = 'Froxlor can now limit the number of autoresponder-entries for each user. Here you can set the value which will be available for each customer (Of course you can change the value for each customer separately after the update).';
+			$question = '<strong>How many autoresponders should your customers be able to add?:</strong>&nbsp;';
+			$question.= '<input type="text" class="text" name="update_autoresponder_default" value="0" />&nbsp;'.makecheckbox('update_autoresponder_default', $lng['customer']['unlimited'], '-1', false, 0, true, true).'<br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
+
+	if(versionInUpdate($current_version, '0.9.13.1'))
+	{
+		if((int)$settings['system']['mod_fcgid_ownvhost'] == 1)
+		{
+			$has_preconfig = true;
+			$description = 'You have FCGID for Froxlor itself activated. You can now specify a PHP-configuration for this.';
+			$question = '<strong>Select Froxlor-vhost PHP configuration:</strong>&nbsp;';
+			$question .= '<select name="update_defaultini_ownvhost">';
+			$configs_array = getPhpConfigs();
+			$configs = '';
+			foreach($configs_array as $idx => $desc)
+			{
+				$configs .= makeoption($desc, $idx, '1');
+			}
+			$question .= $configs.'</select>';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
+
+	if(versionInUpdate($current_version, '0.9.14-svn3'))
+	{
+		if((int)$settings['system']['awstats_enabled'] == 1)
+		{
+			$has_preconfig = true;
+			$description = 'To have icons in AWStats statistic-pages please enter the path to AWStats icons folder.';
+			$question = '<strong>Path to AWSTats icons folder:</strong>&nbsp;';
+			$question.= '<input type="text" class="text" name="update_awstats_icons" value="'.$settings['system']['awstats_icons'].'" />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
+
+	if(versionInUpdate($current_version, '0.9.14-svn4'))
+	{
+		if((int)$settings['system']['use_ssl'] == 1)
+		{
+			$has_preconfig = true;
+			$description = 'Froxlor now has the possibility to set \'SSLCertificateChainFile\' for the apache webserver.';
+			$question = '<strong>Enter filename (leave empty for none):</strong>&nbsp;';
+			$question.= '<input type="text" class="text" name="update_ssl_cert_chainfile" value="'.$settings['system']['ssl_cert_chainfile'].'" />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
+
+	if(versionInUpdate($current_version, '0.9.14-svn6'))
+	{
+		$has_preconfig = true;
+		$description = 'You can now allow customers to use any of their domains as username for the login.';
+		$question = '<strong>Do you want to enable domain-login for all customers?:</strong>&nbsp;';
+		$question.= makeyesno('update_allow_domain_login', '1', '0', '0');
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if(versionInUpdate($current_version, '0.9.14-svn10'))
+	{       
+		$has_preconfig = true;
+		$description = '<strong>This update removes the unsupported real-time option. Additionally the deprecated tables for navigation and cronscripts are removed, any modules using these tables need to be updated to the new structure!</strong>'; 
+		$question = '';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
 }
--- a/lib/classes/aps/class.ApsParser.php
+++ b/lib/classes/aps/class.ApsParser.php
@@ -1314,12 +1314,14 @@ class ApsParser

 		//check for special CGI url handlers within mappings

+		/**
+		 * as of 0.9.13 we can handle CGI ;-), #404
+		 *
 		$XmlCgiMapping = $ParentMapping->children('http://apstandard.com/ns/1/cgi');
-
-		if($XmlCgiMapping->handler)
-		{
+		if($XmlCgiMapping->handler) {
 			$Error[] = $lng['aps']['cgi'];
 		}
+		*/

 		//resolve deeper mappings

@@ -1567,7 +1569,9 @@ class ApsParser
 			}

 			//CGI
-
+			/**
+			 * as of 0.9.13 we can handle CGI ;-), #404
+			 *
 			if ($this->aps_version == '1.0')
 			{
 				// the good ole way
@@ -1586,6 +1590,7 @@ class ApsParser
 			{
 				$Error[] = $lng['aps']['cgi'];
 			}
+			*/

 			//webserver modules

--- a/lib/classes/froxlorclient/class.froxlorclient.php
+++ b/lib/classes/froxlorclient/class.froxlorclient.php
@@ -0,0 +1,369 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Multiserver
+ * @version    $Id$
+ * @link       http://www.nutime.de/
+ * @since      0.9.14-svn8
+ *
+ * Multiserver - FroxlorClient-Class
+ */
+
+class froxlorclient
+{
+	/**
+	 * Userinfo
+	 * @var array
+	 */
+	private $userinfo = array();
+
+	/**
+	 * Database handler
+	 * @var db
+	 */
+	private $db = false;
+
+	/**
+	 * Client ID
+	 * @var cid
+	 */
+	private $cid = -1;
+
+	/**
+	 * Client Data Array
+	 * @var c_data
+	 */
+	private $c_data = array();
+
+	/**
+	 * Client Settings_Data Array
+	 * @var s_data
+	 */
+	private $s_data = array();
+
+	/**
+	 * Client-Object-Array
+	 * @var clients
+	 */
+	static private $clients = array();
+
+	/**
+	 * Class constructor.
+	 *
+	 * @param array    $userinfo userdetails array of logged in user
+	 * @param resource $db       database-object
+	 * @param int      $cid      client-id
+	 */
+	private function __construct($userinfo, $db, $cid = -1)
+	{
+		$this->userinfo = $userinfo;
+		$this->db = $db;
+		$this->cid = $cid;
+
+		// read data from database
+		$this->_readData();
+	}
+
+	/**
+	 * static function to initialize the class using
+	 * singleton design pattern
+	 * 
+	 * @param array    $_usernfo  userdetails array of logged in user
+	 * @param resource $_db       database-object
+	 * @param int      $_cid      client-id
+	 */
+	static public function getInstance($_usernfo, $_db, $_cid)
+	{
+		if(!isset(self::$clients[$_cid]))
+		{
+			self::$clients[$_cid] = new froxlorclient($_usernfo, $_db, $_cid);
+		}
+
+		return self::$clients[$_cid];
+	}
+
+	/**
+	 * return an array of enabled froxlor-client ids
+	 * 
+	 * @param resource mysql-object
+	 * 
+	 * @return array
+	 */
+	static public function getFroxlorClients($_db = null)
+	{
+		$sql = "SELECT `id` FROM `".TABLE_FROXLOR_CLIENTS."` WHERE `enabled` = '1';";
+		$res = $_db->query($sql);
+		$result = array();
+		while($_r = mysql_fetch_array($res))
+		{
+			$result[] = $_r['id'];
+		}
+		return $result;
+	}
+
+	/**
+	 * Insert new client to database
+	 */
+	public function Insert()
+	{
+		$this->db->query("INSERT INTO  
+			`" . TABLE_FROXLOR_CLIENTS . "` 
+		SET
+			`name` = '" . $this->db->escape($this->Get('name')) . "',  
+			`desc` = '" . $this->db->escape($this->Get('desc')) . "', 
+			`enabled` = '" . (int)$this->Get('enabled') . "';
+		");
+		$this->cid = $this->db->insert_id();
+		return $this->cid;
+	}
+
+	/**
+	 * Update data in database
+	 */
+	public function Update()
+	{
+		$this->db->query("UPDATE 
+			`" . TABLE_FROXLOR_CLIENTS . "` 
+		SET
+			`name` = '" . $this->db->escape($this->Get('name')) . "',  
+			`desc` = '" . $this->db->escape($this->Get('desc')) . "', 
+			`enabled` = '" . (int)$this->Get('enabled') . "'
+		WHERE 
+			`id` = '" . (int)$this->cid . "';
+		");
+		return true;
+	}
+
+	/**
+	 * This function removes a Froxlor-Client and its settings
+	 * from the database. Optionally the Froxlor-Client data
+	 * can be removed by setting the $delete_me parameter
+	 * 
+	 * @param bool $delete_me removes client-data (not customer data) on the client
+	 * 
+	 * @return bool
+	 * 
+	 * @TODO 
+	 * - remove client settings in panel_settings (sid = client-id)
+	 * - implement $delete_me parameter
+	 */
+	public function Delete($delete_me = false)
+	{
+		// delete froxlor-client from the database
+		$this->db->query('DELETE FROM 
+			`' . TABLE_FROXLOR_CLIENTS . '` 
+		WHERE 
+			`id` = "' . (int)$this->cid . '";
+		');
+
+		// Delete settings from panel_settings
+		$this->db->query('DELETE FROM 
+			`' . TABLE_PANEL_SETTINGS . '` 
+		WHERE 
+			`sid` = "' . (int)$this->cid . '";
+		');
+
+		return true;
+	}
+
+	/**
+	 * return the complete client-settings array
+	 * for the settings page
+	 */
+	public function getSettingsArray()
+	{
+		return $this->Get('settings');
+	}
+
+	/**
+	 * get a value from the internal data array
+	 * 
+	 * @param string $_var
+	 * @param string $_vartrusted
+	 * 
+	 * @return mixed or null if not found
+	 */
+	public function Get($_var = '', $_vartrusted = false)
+	{
+		if($_var != '')
+		{
+			if(!$_vartrusted)
+			{
+				$_var = htmlspecialchars($_var);
+			}
+
+			if(isset($this->c_data[$_var]))
+			{
+				return $this->c_data[$_var];
+			}
+			else
+			{
+				return null;
+			}
+		}
+	}
+
+	/**
+	 * set a value in the internal data array
+	 * 
+	 * @param string $_var
+	 * @param string $_value
+	 * @param bool   $_vartrusted
+	 * @param bool   $_valuetrusted
+	 */
+	public function Set($_var = '', $_value = '', $_vartrusted = false, $_valuetrusted = false)
+	{
+		if($_var != ''
+			&& $_value != ''
+		) {
+			if(!$_vartrusted)
+			{
+				$_var = htmlspecialchars($_var);
+			}
+
+			if(!$_valuetrusted)
+			{
+				$_value = htmlspecialchars($_value);
+			}
+
+			$this->c_data[$_var] = $_value;
+		}
+	}
+
+	/**
+	 * get a value from the internal settings array
+	 *
+	 * @param string $_grp
+	 * @param string $_var
+	 * @param bool   $_grptrusted
+	 * @param bool   $_vartrusted
+	 * 
+	 * @return mixed or null if not found
+	 */
+	public function getSetting($_grp = '', $_var = '', $_grptrusted = false, $_vartrusted = false)
+	{
+		if($_grp != ''
+			&& $_var != ''
+		) {
+
+			if(!$_grptrusted)
+			{
+				$_grp = htmlspecialchars($_grp);
+			}
+
+			if(!$_vartrusted)
+			{
+				$_var = htmlspecialchars($_var);
+			}
+
+			if(isset($this->c_data['settings'][$_grp][$_var]))
+			{
+				return $this->c_data['settings'][$_grp][$_var];
+			}
+			else
+			{
+				return null;
+			}
+		}
+	}
+
+	/**
+	 * set a value in the internal settings array
+	 *
+	 * @param string $_grp
+	 * @param string $_var
+	 * @param string $_value
+	 * @param bool   $_grptrusted
+	 * @param bool   $_vartrusted
+	 * @param bool   $_valuetrusted
+	 */
+	public function setSetting($_grp = '', $_var = '', $_value = '', $_grptrusted = false, $_vartrusted = false, $_valuetrusted = false)
+	{
+		if($_grp != ''
+			&& $_var != ''
+			&& $_value != ''
+		) {
+			if(!$_grptrusted)
+			{
+				$_grp = htmlspecialchars($_grp);
+			}
+
+			if(!$_vartrusted)
+			{
+				$_var = htmlspecialchars($_var);
+			}
+
+			if(!$_valuetrusted)
+			{
+				$_value = htmlspecialchars($_value);
+			}
+
+			if(!isset($this->c_data['settings']) || !is_array($this->c_data['settings'])) {
+				$this->c_data['settings'] = array();
+			}
+
+			if(!isset($this->c_data['settings'][$_grp]) || !is_array($this->c_data['settings'][$_grp])) {
+				$this->c_data['settings'][$_grp] = array();
+			}
+
+			$this->c_data['settings'][$_grp][$_var] = $_value;
+		}
+	}
+
+	/**
+	 * read client settings from database
+	 */
+	private function _readSettings()
+	{
+		if(isset($this->cid)
+			&& $this->cid != - 1
+		) {
+			$spath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
+			$this->s_data = loadConfigArrayDir(
+								makeCorrectDir($spath.'/actions/admin/settings/'),
+								makeCorrectDir($spath.'/actions/multiserver/clientsettings/')
+							);
+			$settings = loadSettings($this->s_data, $this->db, $this->cid);
+
+			foreach($settings as $group => $fv)
+			{
+				foreach($fv as $field => $value)
+				{
+					$this->setSetting($group, $field, $value, true, true, true);					
+				}
+			}
+		}
+	}
+
+	/**
+	 * Read client data from database.
+	 */
+	private function _readData()
+	{
+		if(isset($this->cid)
+			&& $this->cid != - 1
+		) {
+			$_client = $this->db->query_first('SELECT * FROM `' . TABLE_FROXLOR_CLIENTS . '` WHERE `id` = "' . $this->cid . '"');
+
+			foreach($_client as $field => $value)
+			{
+				$this->Set($field, $value, true, true);
+			}
+
+			// after we have details about the client, 
+			// we need its settings too
+			$this->_readSettings();
+		}
+	}
+}
--- a/lib/classes/htmlpurifier/CREDITS
+++ b/lib/classes/htmlpurifier/CREDITS
@@ -0,0 +1,9 @@
+
+CREDITS
+
+Almost everything written by Edward Z. Yang (Ambush Commander).  Lots of thanks
+to the DevNetwork Community for their help (see docs/ref-devnetwork.html for
+more details), Feyd especially (namely IPv6 and optimization).  Thanks to RSnake
+for letting me package his fantastic XSS cheatsheet for a smoketest.
+
+    vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/LICENSE
+++ b/lib/classes/htmlpurifier/LICENSE
@@ -0,0 +1,504 @@
+		  GNU LESSER GENERAL PUBLIC LICENSE
+		       Version 2.1, February 1999
+
+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL.  It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+  This license, the Lesser General Public License, applies to some
+specially designated software packages--typically libraries--of the
+Free Software Foundation and other authors who decide to use it.  You
+can use it too, but we suggest you first think carefully about whether
+this license or the ordinary General Public License is the better
+strategy to use in any particular case, based on the explanations below.
+
+  When we speak of free software, we are referring to freedom of use,
+not price.  Our General Public Licenses are designed to make sure that
+you have the freedom to distribute copies of free software (and charge
+for this service if you wish); that you receive source code or can get
+it if you want it; that you can change the software and use pieces of
+it in new free programs; and that you are informed that you can do
+these things.
+
+  To protect your rights, we need to make restrictions that forbid
+distributors to deny you these rights or to ask you to surrender these
+rights.  These restrictions translate to certain responsibilities for
+you if you distribute copies of the library or if you modify it.
+
+  For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you.  You must make sure that they, too, receive or can get the source
+code.  If you link other code with the library, you must provide
+complete object files to the recipients, so that they can relink them
+with the library after making changes to the library and recompiling
+it.  And you must show them these terms so they know their rights.
+
+  We protect your rights with a two-step method: (1) we copyright the
+library, and (2) we offer you this license, which gives you legal
+permission to copy, distribute and/or modify the library.
+
+  To protect each distributor, we want to make it very clear that
+there is no warranty for the free library.  Also, if the library is
+modified by someone else and passed on, the recipients should know
+that what they have is not the original version, so that the original
+author's reputation will not be affected by problems that might be
+introduced by others.
+
+  Finally, software patents pose a constant threat to the existence of
+any free program.  We wish to make sure that a company cannot
+effectively restrict the users of a free program by obtaining a
+restrictive license from a patent holder.  Therefore, we insist that
+any patent license obtained for a version of the library must be
+consistent with the full freedom of use specified in this license.
+
+  Most GNU software, including some libraries, is covered by the
+ordinary GNU General Public License.  This license, the GNU Lesser
+General Public License, applies to certain designated libraries, and
+is quite different from the ordinary General Public License.  We use
+this license for certain libraries in order to permit linking those
+libraries into non-free programs.
+
+  When a program is linked with a library, whether statically or using
+a shared library, the combination of the two is legally speaking a
+combined work, a derivative of the original library.  The ordinary
+General Public License therefore permits such linking only if the
+entire combination fits its criteria of freedom.  The Lesser General
+Public License permits more lax criteria for linking other code with
+the library.
+
+  We call this license the "Lesser" General Public License because it
+does Less to protect the user's freedom than the ordinary General
+Public License.  It also provides other free software developers Less
+of an advantage over competing non-free programs.  These disadvantages
+are the reason we use the ordinary General Public License for many
+libraries.  However, the Lesser license provides advantages in certain
+special circumstances.
+
+  For example, on rare occasions, there may be a special need to
+encourage the widest possible use of a certain library, so that it becomes
+a de-facto standard.  To achieve this, non-free programs must be
+allowed to use the library.  A more frequent case is that a free
+library does the same job as widely used non-free libraries.  In this
+case, there is little to gain by limiting the free library to free
+software only, so we use the Lesser General Public License.
+
+  In other cases, permission to use a particular library in non-free
+programs enables a greater number of people to use a large body of
+free software.  For example, permission to use the GNU C Library in
+non-free programs enables many more people to use the whole GNU
+operating system, as well as its variant, the GNU/Linux operating
+system.
+
+  Although the Lesser General Public License is Less protective of the
+users' freedom, it does ensure that the user of a program that is
+linked with the Library has the freedom and the wherewithal to run
+that program using a modified version of the Library.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.  Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library".  The
+former contains code derived from the library, whereas the latter must
+be combined with the library in order to run.
+
+		  GNU LESSER GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License Agreement applies to any software library or other
+program which contains a notice placed by the copyright holder or
+other authorized party saying it may be distributed under the terms of
+this Lesser General Public License (also called "this License").
+Each licensee is addressed as "you".
+
+  A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+  The "Library", below, refers to any such software library or work
+which has been distributed under these terms.  A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language.  (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+  "Source code" for a work means the preferred form of the work for
+making modifications to it.  For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+  Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it).  Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+
+  1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+  You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+
+  2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) The modified work must itself be a software library.
+
+    b) You must cause the files modified to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    c) You must cause the whole of the work to be licensed at no
+    charge to all third parties under the terms of this License.
+
+    d) If a facility in the modified Library refers to a function or a
+    table of data to be supplied by an application program that uses
+    the facility, other than as an argument passed when the facility
+    is invoked, then you must make a good faith effort to ensure that,
+    in the event an application does not supply such function or
+    table, the facility still operates, and performs whatever part of
+    its purpose remains meaningful.
+
+    (For example, a function in a library to compute square roots has
+    a purpose that is entirely well-defined independent of the
+    application.  Therefore, Subsection 2d requires that any
+    application-supplied function or table used by this function must
+    be optional: if the application does not supply it, the square
+    root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library.  To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License.  (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.)  Do not make any other change in
+these notices.
+
+  Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+  This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+  4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+  If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library".  Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+  However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library".  The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+  When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library.  The
+threshold for this to be true is not precisely defined by law.
+
+  If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work.  (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+  Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+
+  6. As an exception to the Sections above, you may also combine or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+  You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License.  You must supply a copy of this License.  If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License.  Also, you must do one
+of these things:
+
+    a) Accompany the work with the complete corresponding
+    machine-readable source code for the Library including whatever
+    changes were used in the work (which must be distributed under
+    Sections 1 and 2 above); and, if the work is an executable linked
+    with the Library, with the complete machine-readable "work that
+    uses the Library", as object code and/or source code, so that the
+    user can modify the Library and then relink to produce a modified
+    executable containing the modified Library.  (It is understood
+    that the user who changes the contents of definitions files in the
+    Library will not necessarily be able to recompile the application
+    to use the modified definitions.)
+
+    b) Use a suitable shared library mechanism for linking with the
+    Library.  A suitable mechanism is one that (1) uses at run time a
+    copy of the library already present on the user's computer system,
+    rather than copying library functions into the executable, and (2)
+    will operate properly with a modified version of the library, if
+    the user installs one, as long as the modified version is
+    interface-compatible with the version that the work was made with.
+
+    c) Accompany the work with a written offer, valid for at
+    least three years, to give the same user the materials
+    specified in Subsection 6a, above, for a charge no more
+    than the cost of performing this distribution.
+
+    d) If distribution of the work is made by offering access to copy
+    from a designated place, offer equivalent access to copy the above
+    specified materials from the same place.
+
+    e) Verify that the user has already received a copy of these
+    materials or that you have already sent this user a copy.
+
+  For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it.  However, as a special exception,
+the materials to be distributed need not include anything that is
+normally distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+  It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system.  Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+
+  7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+    a) Accompany the combined library with a copy of the same work
+    based on the Library, uncombined with any other library
+    facilities.  This must be distributed under the terms of the
+    Sections above.
+
+    b) Give prominent notice with the combined library of the fact
+    that part of it is a work based on the Library, and explaining
+    where to find the accompanying uncombined form of the same work.
+
+  8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License.  Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License.  However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+  9. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Library or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+  10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties with
+this License.
+
+  11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded.  In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+  13. The Free Software Foundation may publish revised and/or new
+versions of the Lesser General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation.  If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+
+  14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission.  For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this.  Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+			    NO WARRANTY
+
+  15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+           How to Apply These Terms to Your New Libraries
+
+  If you develop a new library, and you want it to be of the greatest
+possible use to the public, we recommend making it free software that
+everyone can redistribute and change.  You can do so by permitting
+redistribution under these terms (or, alternatively, under the terms of the
+ordinary General Public License).
+
+  To apply these terms, attach the following notices to the library.  It is
+safest to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the library's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This library is free software; you can redistribute it and/or
+    modify it under the terms of the GNU Lesser General Public
+    License as published by the Free Software Foundation; either
+    version 2.1 of the License, or (at your option) any later version.
+
+    This library is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public
+    License along with this library; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the library, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the
+  library `Frob' (a library for tweaking knobs) written by James Random Hacker.
+
+  <signature of Ty Coon>, 1 April 1990
+  Ty Coon, President of Vice
+
+That's all there is to it!
+
+    vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/VERSION
+++ b/lib/classes/htmlpurifier/VERSION
@@ -0,0 +1 @@
+4.2.0
--- a/lib/classes/htmlpurifier/library/HTMLPurifier.auto.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier.auto.php
@@ -0,0 +1,11 @@
+<?php
+
+/**
+ * This is a stub include that automatically configures the include path.
+ */
+
+set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path() );
+require_once 'HTMLPurifier/Bootstrap.php';
+require_once 'HTMLPurifier.autoload.php';
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier.autoload.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier.autoload.php
@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * @file
+ * Convenience file that registers autoload handler for HTML Purifier.
+ */
+
+if (function_exists('spl_autoload_register') && function_exists('spl_autoload_unregister')) {
+    // We need unregister for our pre-registering functionality
+    HTMLPurifier_Bootstrap::registerAutoload();
+    if (function_exists('__autoload')) {
+        // Be polite and ensure that userland autoload gets retained
+        spl_autoload_register('__autoload');
+    }
+} elseif (!function_exists('__autoload')) {
+    function __autoload($class) {
+        return HTMLPurifier_Bootstrap::autoload($class);
+    }
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier.func.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier.func.php
@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * @file
+ * Defines a function wrapper for HTML Purifier for quick use.
+ * @note ''HTMLPurifier()'' is NOT the same as ''new HTMLPurifier()''
+ */
+
+/**
+ * Purify HTML.
+ * @param $html String HTML to purify
+ * @param $config Configuration to use, can be any value accepted by
+ *        HTMLPurifier_Config::create()
+ */
+function HTMLPurifier($html, $config = null) {
+    static $purifier = false;
+    if (!$purifier) {
+        $purifier = new HTMLPurifier();
+    }
+    return $purifier->purify($html, $config);
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier.includes.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier.includes.php
@@ -0,0 +1,212 @@
+<?php
+
+/**
+ * @file
+ * This file was auto-generated by generate-includes.php and includes all of
+ * the core files required by HTML Purifier. Use this if performance is a
+ * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
+ * FILE, changes will be overwritten the next time the script is run.
+ *
+ * @version 4.2.0
+ *
+ * @warning
+ *      You must *not* include any other HTML Purifier files before this file,
+ *      because 'require' not 'require_once' is used.
+ *
+ * @warning
+ *      This file requires that the include path contains the HTML Purifier
+ *      library directory; this is not auto-set.
+ */
+
+require 'HTMLPurifier.php';
+require 'HTMLPurifier/AttrCollections.php';
+require 'HTMLPurifier/AttrDef.php';
+require 'HTMLPurifier/AttrTransform.php';
+require 'HTMLPurifier/AttrTypes.php';
+require 'HTMLPurifier/AttrValidator.php';
+require 'HTMLPurifier/Bootstrap.php';
+require 'HTMLPurifier/Definition.php';
+require 'HTMLPurifier/CSSDefinition.php';
+require 'HTMLPurifier/ChildDef.php';
+require 'HTMLPurifier/Config.php';
+require 'HTMLPurifier/ConfigSchema.php';
+require 'HTMLPurifier/ContentSets.php';
+require 'HTMLPurifier/Context.php';
+require 'HTMLPurifier/DefinitionCache.php';
+require 'HTMLPurifier/DefinitionCacheFactory.php';
+require 'HTMLPurifier/Doctype.php';
+require 'HTMLPurifier/DoctypeRegistry.php';
+require 'HTMLPurifier/ElementDef.php';
+require 'HTMLPurifier/Encoder.php';
+require 'HTMLPurifier/EntityLookup.php';
+require 'HTMLPurifier/EntityParser.php';
+require 'HTMLPurifier/ErrorCollector.php';
+require 'HTMLPurifier/ErrorStruct.php';
+require 'HTMLPurifier/Exception.php';
+require 'HTMLPurifier/Filter.php';
+require 'HTMLPurifier/Generator.php';
+require 'HTMLPurifier/HTMLDefinition.php';
+require 'HTMLPurifier/HTMLModule.php';
+require 'HTMLPurifier/HTMLModuleManager.php';
+require 'HTMLPurifier/IDAccumulator.php';
+require 'HTMLPurifier/Injector.php';
+require 'HTMLPurifier/Language.php';
+require 'HTMLPurifier/LanguageFactory.php';
+require 'HTMLPurifier/Length.php';
+require 'HTMLPurifier/Lexer.php';
+require 'HTMLPurifier/PercentEncoder.php';
+require 'HTMLPurifier/PropertyList.php';
+require 'HTMLPurifier/PropertyListIterator.php';
+require 'HTMLPurifier/Strategy.php';
+require 'HTMLPurifier/StringHash.php';
+require 'HTMLPurifier/StringHashParser.php';
+require 'HTMLPurifier/TagTransform.php';
+require 'HTMLPurifier/Token.php';
+require 'HTMLPurifier/TokenFactory.php';
+require 'HTMLPurifier/URI.php';
+require 'HTMLPurifier/URIDefinition.php';
+require 'HTMLPurifier/URIFilter.php';
+require 'HTMLPurifier/URIParser.php';
+require 'HTMLPurifier/URIScheme.php';
+require 'HTMLPurifier/URISchemeRegistry.php';
+require 'HTMLPurifier/UnitConverter.php';
+require 'HTMLPurifier/VarParser.php';
+require 'HTMLPurifier/VarParserException.php';
+require 'HTMLPurifier/AttrDef/CSS.php';
+require 'HTMLPurifier/AttrDef/Enum.php';
+require 'HTMLPurifier/AttrDef/Integer.php';
+require 'HTMLPurifier/AttrDef/Lang.php';
+require 'HTMLPurifier/AttrDef/Switch.php';
+require 'HTMLPurifier/AttrDef/Text.php';
+require 'HTMLPurifier/AttrDef/URI.php';
+require 'HTMLPurifier/AttrDef/CSS/Number.php';
+require 'HTMLPurifier/AttrDef/CSS/AlphaValue.php';
+require 'HTMLPurifier/AttrDef/CSS/Background.php';
+require 'HTMLPurifier/AttrDef/CSS/BackgroundPosition.php';
+require 'HTMLPurifier/AttrDef/CSS/Border.php';
+require 'HTMLPurifier/AttrDef/CSS/Color.php';
+require 'HTMLPurifier/AttrDef/CSS/Composite.php';
+require 'HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php';
+require 'HTMLPurifier/AttrDef/CSS/Filter.php';
+require 'HTMLPurifier/AttrDef/CSS/Font.php';
+require 'HTMLPurifier/AttrDef/CSS/FontFamily.php';
+require 'HTMLPurifier/AttrDef/CSS/ImportantDecorator.php';
+require 'HTMLPurifier/AttrDef/CSS/Length.php';
+require 'HTMLPurifier/AttrDef/CSS/ListStyle.php';
+require 'HTMLPurifier/AttrDef/CSS/Multiple.php';
+require 'HTMLPurifier/AttrDef/CSS/Percentage.php';
+require 'HTMLPurifier/AttrDef/CSS/TextDecoration.php';
+require 'HTMLPurifier/AttrDef/CSS/URI.php';
+require 'HTMLPurifier/AttrDef/HTML/Bool.php';
+require 'HTMLPurifier/AttrDef/HTML/Nmtokens.php';
+require 'HTMLPurifier/AttrDef/HTML/Class.php';
+require 'HTMLPurifier/AttrDef/HTML/Color.php';
+require 'HTMLPurifier/AttrDef/HTML/FrameTarget.php';
+require 'HTMLPurifier/AttrDef/HTML/ID.php';
+require 'HTMLPurifier/AttrDef/HTML/Pixels.php';
+require 'HTMLPurifier/AttrDef/HTML/Length.php';
+require 'HTMLPurifier/AttrDef/HTML/LinkTypes.php';
+require 'HTMLPurifier/AttrDef/HTML/MultiLength.php';
+require 'HTMLPurifier/AttrDef/URI/Email.php';
+require 'HTMLPurifier/AttrDef/URI/Host.php';
+require 'HTMLPurifier/AttrDef/URI/IPv4.php';
+require 'HTMLPurifier/AttrDef/URI/IPv6.php';
+require 'HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php';
+require 'HTMLPurifier/AttrTransform/Background.php';
+require 'HTMLPurifier/AttrTransform/BdoDir.php';
+require 'HTMLPurifier/AttrTransform/BgColor.php';
+require 'HTMLPurifier/AttrTransform/BoolToCSS.php';
+require 'HTMLPurifier/AttrTransform/Border.php';
+require 'HTMLPurifier/AttrTransform/EnumToCSS.php';
+require 'HTMLPurifier/AttrTransform/ImgRequired.php';
+require 'HTMLPurifier/AttrTransform/ImgSpace.php';
+require 'HTMLPurifier/AttrTransform/Input.php';
+require 'HTMLPurifier/AttrTransform/Lang.php';
+require 'HTMLPurifier/AttrTransform/Length.php';
+require 'HTMLPurifier/AttrTransform/Name.php';
+require 'HTMLPurifier/AttrTransform/NameSync.php';
+require 'HTMLPurifier/AttrTransform/SafeEmbed.php';
+require 'HTMLPurifier/AttrTransform/SafeObject.php';
+require 'HTMLPurifier/AttrTransform/SafeParam.php';
+require 'HTMLPurifier/AttrTransform/ScriptRequired.php';
+require 'HTMLPurifier/AttrTransform/Textarea.php';
+require 'HTMLPurifier/ChildDef/Chameleon.php';
+require 'HTMLPurifier/ChildDef/Custom.php';
+require 'HTMLPurifier/ChildDef/Empty.php';
+require 'HTMLPurifier/ChildDef/Required.php';
+require 'HTMLPurifier/ChildDef/Optional.php';
+require 'HTMLPurifier/ChildDef/StrictBlockquote.php';
+require 'HTMLPurifier/ChildDef/Table.php';
+require 'HTMLPurifier/DefinitionCache/Decorator.php';
+require 'HTMLPurifier/DefinitionCache/Null.php';
+require 'HTMLPurifier/DefinitionCache/Serializer.php';
+require 'HTMLPurifier/DefinitionCache/Decorator/Cleanup.php';
+require 'HTMLPurifier/DefinitionCache/Decorator/Memory.php';
+require 'HTMLPurifier/HTMLModule/Bdo.php';
+require 'HTMLPurifier/HTMLModule/CommonAttributes.php';
+require 'HTMLPurifier/HTMLModule/Edit.php';
+require 'HTMLPurifier/HTMLModule/Forms.php';
+require 'HTMLPurifier/HTMLModule/Hypertext.php';
+require 'HTMLPurifier/HTMLModule/Image.php';
+require 'HTMLPurifier/HTMLModule/Legacy.php';
+require 'HTMLPurifier/HTMLModule/List.php';
+require 'HTMLPurifier/HTMLModule/Name.php';
+require 'HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php';
+require 'HTMLPurifier/HTMLModule/Object.php';
+require 'HTMLPurifier/HTMLModule/Presentation.php';
+require 'HTMLPurifier/HTMLModule/Proprietary.php';
+require 'HTMLPurifier/HTMLModule/Ruby.php';
+require 'HTMLPurifier/HTMLModule/SafeEmbed.php';
+require 'HTMLPurifier/HTMLModule/SafeObject.php';
+require 'HTMLPurifier/HTMLModule/Scripting.php';
+require 'HTMLPurifier/HTMLModule/StyleAttribute.php';
+require 'HTMLPurifier/HTMLModule/Tables.php';
+require 'HTMLPurifier/HTMLModule/Target.php';
+require 'HTMLPurifier/HTMLModule/Text.php';
+require 'HTMLPurifier/HTMLModule/Tidy.php';
+require 'HTMLPurifier/HTMLModule/XMLCommonAttributes.php';
+require 'HTMLPurifier/HTMLModule/Tidy/Name.php';
+require 'HTMLPurifier/HTMLModule/Tidy/Proprietary.php';
+require 'HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php';
+require 'HTMLPurifier/HTMLModule/Tidy/Strict.php';
+require 'HTMLPurifier/HTMLModule/Tidy/Transitional.php';
+require 'HTMLPurifier/HTMLModule/Tidy/XHTML.php';
+require 'HTMLPurifier/Injector/AutoParagraph.php';
+require 'HTMLPurifier/Injector/DisplayLinkURI.php';
+require 'HTMLPurifier/Injector/Linkify.php';
+require 'HTMLPurifier/Injector/PurifierLinkify.php';
+require 'HTMLPurifier/Injector/RemoveEmpty.php';
+require 'HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php';
+require 'HTMLPurifier/Injector/SafeObject.php';
+require 'HTMLPurifier/Lexer/DOMLex.php';
+require 'HTMLPurifier/Lexer/DirectLex.php';
+require 'HTMLPurifier/Strategy/Composite.php';
+require 'HTMLPurifier/Strategy/Core.php';
+require 'HTMLPurifier/Strategy/FixNesting.php';
+require 'HTMLPurifier/Strategy/MakeWellFormed.php';
+require 'HTMLPurifier/Strategy/RemoveForeignElements.php';
+require 'HTMLPurifier/Strategy/ValidateAttributes.php';
+require 'HTMLPurifier/TagTransform/Font.php';
+require 'HTMLPurifier/TagTransform/Simple.php';
+require 'HTMLPurifier/Token/Comment.php';
+require 'HTMLPurifier/Token/Tag.php';
+require 'HTMLPurifier/Token/Empty.php';
+require 'HTMLPurifier/Token/End.php';
+require 'HTMLPurifier/Token/Start.php';
+require 'HTMLPurifier/Token/Text.php';
+require 'HTMLPurifier/URIFilter/DisableExternal.php';
+require 'HTMLPurifier/URIFilter/DisableExternalResources.php';
+require 'HTMLPurifier/URIFilter/DisableResources.php';
+require 'HTMLPurifier/URIFilter/HostBlacklist.php';
+require 'HTMLPurifier/URIFilter/MakeAbsolute.php';
+require 'HTMLPurifier/URIFilter/Munge.php';
+require 'HTMLPurifier/URIScheme/data.php';
+require 'HTMLPurifier/URIScheme/file.php';
+require 'HTMLPurifier/URIScheme/ftp.php';
+require 'HTMLPurifier/URIScheme/http.php';
+require 'HTMLPurifier/URIScheme/https.php';
+require 'HTMLPurifier/URIScheme/mailto.php';
+require 'HTMLPurifier/URIScheme/news.php';
+require 'HTMLPurifier/URIScheme/nntp.php';
+require 'HTMLPurifier/VarParser/Flexible.php';
+require 'HTMLPurifier/VarParser/Native.php';
--- a/lib/classes/htmlpurifier/library/HTMLPurifier.kses.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier.kses.php
@@ -0,0 +1,30 @@
+<?php
+
+/**
+ * @file
+ * Emulation layer for code that used kses(), substituting in HTML Purifier.
+ */
+
+require_once dirname(__FILE__) . '/HTMLPurifier.auto.php';
+
+function kses($string, $allowed_html, $allowed_protocols = null) {
+    $config = HTMLPurifier_Config::createDefault();
+    $allowed_elements = array();
+    $allowed_attributes = array();
+    foreach ($allowed_html as $element => $attributes) {
+        $allowed_elements[$element] = true;
+        foreach ($attributes as $attribute => $x) {
+            $allowed_attributes["$element.$attribute"] = true;
+        }
+    }
+    $config->set('HTML.AllowedElements', $allowed_elements);
+    $config->set('HTML.AllowedAttributes', $allowed_attributes);
+    $allowed_schemes = array();
+    if ($allowed_protocols !== null) {
+        $config->set('URI.AllowedSchemes', $allowed_protocols);
+    }
+    $purifier = new HTMLPurifier($config);
+    return $purifier->purify($string);
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier.path.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier.path.php
@@ -0,0 +1,11 @@
+<?php
+
+/**
+ * @file
+ * Convenience stub file that adds HTML Purifier's library file to the path
+ * without any other side-effects.
+ */
+
+set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path() );
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier.php
@@ -0,0 +1,237 @@
+<?php
+
+/*! @mainpage
+ *
+ * HTML Purifier is an HTML filter that will take an arbitrary snippet of
+ * HTML and rigorously test, validate and filter it into a version that
+ * is safe for output onto webpages. It achieves this by:
+ *
+ *  -# Lexing (parsing into tokens) the document,
+ *  -# Executing various strategies on the tokens:
+ *      -# Removing all elements not in the whitelist,
+ *      -# Making the tokens well-formed,
+ *      -# Fixing the nesting of the nodes, and
+ *      -# Validating attributes of the nodes; and
+ *  -# Generating HTML from the purified tokens.
+ *
+ * However, most users will only need to interface with the HTMLPurifier
+ * and HTMLPurifier_Config.
+ */
+
+/*
+    HTML Purifier 4.2.0 - Standards Compliant HTML Filtering
+    Copyright (C) 2006-2008 Edward Z. Yang
+
+    This library is free software; you can redistribute it and/or
+    modify it under the terms of the GNU Lesser General Public
+    License as published by the Free Software Foundation; either
+    version 2.1 of the License, or (at your option) any later version.
+
+    This library is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public
+    License along with this library; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+/**
+ * Facade that coordinates HTML Purifier's subsystems in order to purify HTML.
+ *
+ * @note There are several points in which configuration can be specified
+ *       for HTML Purifier.  The precedence of these (from lowest to
+ *       highest) is as follows:
+ *          -# Instance: new HTMLPurifier($config)
+ *          -# Invocation: purify($html, $config)
+ *       These configurations are entirely independent of each other and
+ *       are *not* merged (this behavior may change in the future).
+ *
+ * @todo We need an easier way to inject strategies using the configuration
+ *       object.
+ */
+class HTMLPurifier
+{
+
+    /** Version of HTML Purifier */
+    public $version = '4.2.0';
+
+    /** Constant with version of HTML Purifier */
+    const VERSION = '4.2.0';
+
+    /** Global configuration object */
+    public $config;
+
+    /** Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility */
+    private $filters = array();
+
+    /** Single instance of HTML Purifier */
+    private static $instance;
+
+    protected $strategy, $generator;
+
+    /**
+     * Resultant HTMLPurifier_Context of last run purification. Is an array
+     * of contexts if the last called method was purifyArray().
+     */
+    public $context;
+
+    /**
+     * Initializes the purifier.
+     * @param $config Optional HTMLPurifier_Config object for all instances of
+     *                the purifier, if omitted, a default configuration is
+     *                supplied (which can be overridden on a per-use basis).
+     *                The parameter can also be any type that
+     *                HTMLPurifier_Config::create() supports.
+     */
+    public function __construct($config = null) {
+
+        $this->config = HTMLPurifier_Config::create($config);
+
+        $this->strategy     = new HTMLPurifier_Strategy_Core();
+
+    }
+
+    /**
+     * Adds a filter to process the output. First come first serve
+     * @param $filter HTMLPurifier_Filter object
+     */
+    public function addFilter($filter) {
+        trigger_error('HTMLPurifier->addFilter() is deprecated, use configuration directives in the Filter namespace or Filter.Custom', E_USER_WARNING);
+        $this->filters[] = $filter;
+    }
+
+    /**
+     * Filters an HTML snippet/document to be XSS-free and standards-compliant.
+     *
+     * @param $html String of HTML to purify
+     * @param $config HTMLPurifier_Config object for this operation, if omitted,
+     *                defaults to the config object specified during this
+     *                object's construction. The parameter can also be any type
+     *                that HTMLPurifier_Config::create() supports.
+     * @return Purified HTML
+     */
+    public function purify($html, $config = null) {
+
+        // :TODO: make the config merge in, instead of replace
+        $config = $config ? HTMLPurifier_Config::create($config) : $this->config;
+
+        // implementation is partially environment dependant, partially
+        // configuration dependant
+        $lexer = HTMLPurifier_Lexer::create($config);
+
+        $context = new HTMLPurifier_Context();
+
+        // setup HTML generator
+        $this->generator = new HTMLPurifier_Generator($config, $context);
+        $context->register('Generator', $this->generator);
+
+        // set up global context variables
+        if ($config->get('Core.CollectErrors')) {
+            // may get moved out if other facilities use it
+            $language_factory = HTMLPurifier_LanguageFactory::instance();
+            $language = $language_factory->create($config, $context);
+            $context->register('Locale', $language);
+
+            $error_collector = new HTMLPurifier_ErrorCollector($context);
+            $context->register('ErrorCollector', $error_collector);
+        }
+
+        // setup id_accumulator context, necessary due to the fact that
+        // AttrValidator can be called from many places
+        $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
+        $context->register('IDAccumulator', $id_accumulator);
+
+        $html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context);
+
+        // setup filters
+        $filter_flags = $config->getBatch('Filter');
+        $custom_filters = $filter_flags['Custom'];
+        unset($filter_flags['Custom']);
+        $filters = array();
+        foreach ($filter_flags as $filter => $flag) {
+            if (!$flag) continue;
+            if (strpos($filter, '.') !== false) continue;
+            $class = "HTMLPurifier_Filter_$filter";
+            $filters[] = new $class;
+        }
+        foreach ($custom_filters as $filter) {
+            // maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat
+            $filters[] = $filter;
+        }
+        $filters = array_merge($filters, $this->filters);
+        // maybe prepare(), but later
+
+        for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) {
+            $html = $filters[$i]->preFilter($html, $config, $context);
+        }
+
+        // purified HTML
+        $html =
+            $this->generator->generateFromTokens(
+                // list of tokens
+                $this->strategy->execute(
+                    // list of un-purified tokens
+                    $lexer->tokenizeHTML(
+                        // un-purified HTML
+                        $html, $config, $context
+                    ),
+                    $config, $context
+                )
+            );
+
+        for ($i = $filter_size - 1; $i >= 0; $i--) {
+            $html = $filters[$i]->postFilter($html, $config, $context);
+        }
+
+        $html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);
+        $this->context =& $context;
+        return $html;
+    }
+
+    /**
+     * Filters an array of HTML snippets
+     * @param $config Optional HTMLPurifier_Config object for this operation.
+     *                See HTMLPurifier::purify() for more details.
+     * @return Array of purified HTML
+     */
+    public function purifyArray($array_of_html, $config = null) {
+        $context_array = array();
+        foreach ($array_of_html as $key => $html) {
+            $array_of_html[$key] = $this->purify($html, $config);
+            $context_array[$key] = $this->context;
+        }
+        $this->context = $context_array;
+        return $array_of_html;
+    }
+
+    /**
+     * Singleton for enforcing just one HTML Purifier in your system
+     * @param $prototype Optional prototype HTMLPurifier instance to
+     *                   overload singleton with, or HTMLPurifier_Config
+     *                   instance to configure the generated version with.
+     */
+    public static function instance($prototype = null) {
+        if (!self::$instance || $prototype) {
+            if ($prototype instanceof HTMLPurifier) {
+                self::$instance = $prototype;
+            } elseif ($prototype) {
+                self::$instance = new HTMLPurifier($prototype);
+            } else {
+                self::$instance = new HTMLPurifier();
+            }
+        }
+        return self::$instance;
+    }
+
+    /**
+     * @note Backwards compatibility, see instance()
+     */
+    public static function getInstance($prototype = null) {
+        return HTMLPurifier::instance($prototype);
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier.safe-includes.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier.safe-includes.php
@@ -0,0 +1,206 @@
+<?php
+
+/**
+ * @file
+ * This file was auto-generated by generate-includes.php and includes all of
+ * the core files required by HTML Purifier. This is a convenience stub that
+ * includes all files using dirname(__FILE__) and require_once. PLEASE DO NOT
+ * EDIT THIS FILE, changes will be overwritten the next time the script is run.
+ *
+ * Changes to include_path are not necessary.
+ */
+
+$__dir = dirname(__FILE__);
+
+require_once $__dir . '/HTMLPurifier.php';
+require_once $__dir . '/HTMLPurifier/AttrCollections.php';
+require_once $__dir . '/HTMLPurifier/AttrDef.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform.php';
+require_once $__dir . '/HTMLPurifier/AttrTypes.php';
+require_once $__dir . '/HTMLPurifier/AttrValidator.php';
+require_once $__dir . '/HTMLPurifier/Bootstrap.php';
+require_once $__dir . '/HTMLPurifier/Definition.php';
+require_once $__dir . '/HTMLPurifier/CSSDefinition.php';
+require_once $__dir . '/HTMLPurifier/ChildDef.php';
+require_once $__dir . '/HTMLPurifier/Config.php';
+require_once $__dir . '/HTMLPurifier/ConfigSchema.php';
+require_once $__dir . '/HTMLPurifier/ContentSets.php';
+require_once $__dir . '/HTMLPurifier/Context.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCacheFactory.php';
+require_once $__dir . '/HTMLPurifier/Doctype.php';
+require_once $__dir . '/HTMLPurifier/DoctypeRegistry.php';
+require_once $__dir . '/HTMLPurifier/ElementDef.php';
+require_once $__dir . '/HTMLPurifier/Encoder.php';
+require_once $__dir . '/HTMLPurifier/EntityLookup.php';
+require_once $__dir . '/HTMLPurifier/EntityParser.php';
+require_once $__dir . '/HTMLPurifier/ErrorCollector.php';
+require_once $__dir . '/HTMLPurifier/ErrorStruct.php';
+require_once $__dir . '/HTMLPurifier/Exception.php';
+require_once $__dir . '/HTMLPurifier/Filter.php';
+require_once $__dir . '/HTMLPurifier/Generator.php';
+require_once $__dir . '/HTMLPurifier/HTMLDefinition.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule.php';
+require_once $__dir . '/HTMLPurifier/HTMLModuleManager.php';
+require_once $__dir . '/HTMLPurifier/IDAccumulator.php';
+require_once $__dir . '/HTMLPurifier/Injector.php';
+require_once $__dir . '/HTMLPurifier/Language.php';
+require_once $__dir . '/HTMLPurifier/LanguageFactory.php';
+require_once $__dir . '/HTMLPurifier/Length.php';
+require_once $__dir . '/HTMLPurifier/Lexer.php';
+require_once $__dir . '/HTMLPurifier/PercentEncoder.php';
+require_once $__dir . '/HTMLPurifier/PropertyList.php';
+require_once $__dir . '/HTMLPurifier/PropertyListIterator.php';
+require_once $__dir . '/HTMLPurifier/Strategy.php';
+require_once $__dir . '/HTMLPurifier/StringHash.php';
+require_once $__dir . '/HTMLPurifier/StringHashParser.php';
+require_once $__dir . '/HTMLPurifier/TagTransform.php';
+require_once $__dir . '/HTMLPurifier/Token.php';
+require_once $__dir . '/HTMLPurifier/TokenFactory.php';
+require_once $__dir . '/HTMLPurifier/URI.php';
+require_once $__dir . '/HTMLPurifier/URIDefinition.php';
+require_once $__dir . '/HTMLPurifier/URIFilter.php';
+require_once $__dir . '/HTMLPurifier/URIParser.php';
+require_once $__dir . '/HTMLPurifier/URIScheme.php';
+require_once $__dir . '/HTMLPurifier/URISchemeRegistry.php';
+require_once $__dir . '/HTMLPurifier/UnitConverter.php';
+require_once $__dir . '/HTMLPurifier/VarParser.php';
+require_once $__dir . '/HTMLPurifier/VarParserException.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/Enum.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/Integer.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/Lang.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/Switch.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/Text.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Number.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/AlphaValue.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Background.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Border.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Color.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Composite.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Filter.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Font.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/FontFamily.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Length.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/ListStyle.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Multiple.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Percentage.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/TextDecoration.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/URI.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Bool.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Nmtokens.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Class.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Color.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/FrameTarget.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/ID.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Pixels.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Length.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/LinkTypes.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/MultiLength.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI/Email.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI/Host.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI/IPv4.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI/IPv6.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Background.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/BdoDir.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/BgColor.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/BoolToCSS.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Border.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/EnumToCSS.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/ImgRequired.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/ImgSpace.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Input.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Lang.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Length.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Name.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/NameSync.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/SafeEmbed.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/SafeObject.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/SafeParam.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/ScriptRequired.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Textarea.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Chameleon.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Custom.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Empty.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Required.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Optional.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/StrictBlockquote.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Table.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache/Decorator.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache/Null.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache/Serializer.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache/Decorator/Memory.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Bdo.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/CommonAttributes.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Edit.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Forms.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Hypertext.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Image.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Legacy.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/List.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Name.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Object.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Presentation.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Proprietary.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Ruby.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/SafeEmbed.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/SafeObject.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Scripting.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/StyleAttribute.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tables.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Target.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Text.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/XMLCommonAttributes.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Name.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Proprietary.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Strict.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Transitional.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/XHTML.php';
+require_once $__dir . '/HTMLPurifier/Injector/AutoParagraph.php';
+require_once $__dir . '/HTMLPurifier/Injector/DisplayLinkURI.php';
+require_once $__dir . '/HTMLPurifier/Injector/Linkify.php';
+require_once $__dir . '/HTMLPurifier/Injector/PurifierLinkify.php';
+require_once $__dir . '/HTMLPurifier/Injector/RemoveEmpty.php';
+require_once $__dir . '/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php';
+require_once $__dir . '/HTMLPurifier/Injector/SafeObject.php';
+require_once $__dir . '/HTMLPurifier/Lexer/DOMLex.php';
+require_once $__dir . '/HTMLPurifier/Lexer/DirectLex.php';
+require_once $__dir . '/HTMLPurifier/Strategy/Composite.php';
+require_once $__dir . '/HTMLPurifier/Strategy/Core.php';
+require_once $__dir . '/HTMLPurifier/Strategy/FixNesting.php';
+require_once $__dir . '/HTMLPurifier/Strategy/MakeWellFormed.php';
+require_once $__dir . '/HTMLPurifier/Strategy/RemoveForeignElements.php';
+require_once $__dir . '/HTMLPurifier/Strategy/ValidateAttributes.php';
+require_once $__dir . '/HTMLPurifier/TagTransform/Font.php';
+require_once $__dir . '/HTMLPurifier/TagTransform/Simple.php';
+require_once $__dir . '/HTMLPurifier/Token/Comment.php';
+require_once $__dir . '/HTMLPurifier/Token/Tag.php';
+require_once $__dir . '/HTMLPurifier/Token/Empty.php';
+require_once $__dir . '/HTMLPurifier/Token/End.php';
+require_once $__dir . '/HTMLPurifier/Token/Start.php';
+require_once $__dir . '/HTMLPurifier/Token/Text.php';
+require_once $__dir . '/HTMLPurifier/URIFilter/DisableExternal.php';
+require_once $__dir . '/HTMLPurifier/URIFilter/DisableExternalResources.php';
+require_once $__dir . '/HTMLPurifier/URIFilter/DisableResources.php';
+require_once $__dir . '/HTMLPurifier/URIFilter/HostBlacklist.php';
+require_once $__dir . '/HTMLPurifier/URIFilter/MakeAbsolute.php';
+require_once $__dir . '/HTMLPurifier/URIFilter/Munge.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/data.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/file.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/ftp.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/http.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/https.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/mailto.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/news.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/nntp.php';
+require_once $__dir . '/HTMLPurifier/VarParser/Flexible.php';
+require_once $__dir . '/HTMLPurifier/VarParser/Native.php';
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrCollections.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrCollections.php
@@ -0,0 +1,128 @@
+<?php
+
+/**
+ * Defines common attribute collections that modules reference
+ */
+
+class HTMLPurifier_AttrCollections
+{
+
+    /**
+     * Associative array of attribute collections, indexed by name
+     */
+    public $info = array();
+
+    /**
+     * Performs all expansions on internal data for use by other inclusions
+     * It also collects all attribute collection extensions from
+     * modules
+     * @param $attr_types HTMLPurifier_AttrTypes instance
+     * @param $modules Hash array of HTMLPurifier_HTMLModule members
+     */
+    public function __construct($attr_types, $modules) {
+        // load extensions from the modules
+        foreach ($modules as $module) {
+            foreach ($module->attr_collections as $coll_i => $coll) {
+                if (!isset($this->info[$coll_i])) {
+                    $this->info[$coll_i] = array();
+                }
+                foreach ($coll as $attr_i => $attr) {
+                    if ($attr_i === 0 && isset($this->info[$coll_i][$attr_i])) {
+                        // merge in includes
+                        $this->info[$coll_i][$attr_i] = array_merge(
+                            $this->info[$coll_i][$attr_i], $attr);
+                        continue;
+                    }
+                    $this->info[$coll_i][$attr_i] = $attr;
+                }
+            }
+        }
+        // perform internal expansions and inclusions
+        foreach ($this->info as $name => $attr) {
+            // merge attribute collections that include others
+            $this->performInclusions($this->info[$name]);
+            // replace string identifiers with actual attribute objects
+            $this->expandIdentifiers($this->info[$name], $attr_types);
+        }
+    }
+
+    /**
+     * Takes a reference to an attribute associative array and performs
+     * all inclusions specified by the zero index.
+     * @param &$attr Reference to attribute array
+     */
+    public function performInclusions(&$attr) {
+        if (!isset($attr[0])) return;
+        $merge = $attr[0];
+        $seen  = array(); // recursion guard
+        // loop through all the inclusions
+        for ($i = 0; isset($merge[$i]); $i++) {
+            if (isset($seen[$merge[$i]])) continue;
+            $seen[$merge[$i]] = true;
+            // foreach attribute of the inclusion, copy it over
+            if (!isset($this->info[$merge[$i]])) continue;
+            foreach ($this->info[$merge[$i]] as $key => $value) {
+                if (isset($attr[$key])) continue; // also catches more inclusions
+                $attr[$key] = $value;
+            }
+            if (isset($this->info[$merge[$i]][0])) {
+                // recursion
+                $merge = array_merge($merge, $this->info[$merge[$i]][0]);
+            }
+        }
+        unset($attr[0]);
+    }
+
+    /**
+     * Expands all string identifiers in an attribute array by replacing
+     * them with the appropriate values inside HTMLPurifier_AttrTypes
+     * @param &$attr Reference to attribute array
+     * @param $attr_types HTMLPurifier_AttrTypes instance
+     */
+    public function expandIdentifiers(&$attr, $attr_types) {
+
+        // because foreach will process new elements we add, make sure we
+        // skip duplicates
+        $processed = array();
+
+        foreach ($attr as $def_i => $def) {
+            // skip inclusions
+            if ($def_i === 0) continue;
+
+            if (isset($processed[$def_i])) continue;
+
+            // determine whether or not attribute is required
+            if ($required = (strpos($def_i, '*') !== false)) {
+                // rename the definition
+                unset($attr[$def_i]);
+                $def_i = trim($def_i, '*');
+                $attr[$def_i] = $def;
+            }
+
+            $processed[$def_i] = true;
+
+            // if we've already got a literal object, move on
+            if (is_object($def)) {
+                // preserve previous required
+                $attr[$def_i]->required = ($required || $attr[$def_i]->required);
+                continue;
+            }
+
+            if ($def === false) {
+                unset($attr[$def_i]);
+                continue;
+            }
+
+            if ($t = $attr_types->get($def)) {
+                $attr[$def_i] = $t;
+                $attr[$def_i]->required = $required;
+            } else {
+                unset($attr[$def_i]);
+            }
+        }
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef.php
@@ -0,0 +1,123 @@
+<?php
+
+/**
+ * Base class for all validating attribute definitions.
+ *
+ * This family of classes forms the core for not only HTML attribute validation,
+ * but also any sort of string that needs to be validated or cleaned (which
+ * means CSS properties and composite definitions are defined here too).
+ * Besides defining (through code) what precisely makes the string valid,
+ * subclasses are also responsible for cleaning the code if possible.
+ */
+
+abstract class HTMLPurifier_AttrDef
+{
+
+    /**
+     * Tells us whether or not an HTML attribute is minimized. Has no
+     * meaning in other contexts.
+     */
+    public $minimized = false;
+
+    /**
+     * Tells us whether or not an HTML attribute is required. Has no
+     * meaning in other contexts
+     */
+    public $required = false;
+
+    /**
+     * Validates and cleans passed string according to a definition.
+     *
+     * @param $string String to be validated and cleaned.
+     * @param $config Mandatory HTMLPurifier_Config object.
+     * @param $context Mandatory HTMLPurifier_AttrContext object.
+     */
+    abstract public function validate($string, $config, $context);
+
+    /**
+     * Convenience method that parses a string as if it were CDATA.
+     *
+     * This method process a string in the manner specified at
+     * <http://www.w3.org/TR/html4/types.html#h-6.2> by removing
+     * leading and trailing whitespace, ignoring line feeds, and replacing
+     * carriage returns and tabs with spaces.  While most useful for HTML
+     * attributes specified as CDATA, it can also be applied to most CSS
+     * values.
+     *
+     * @note This method is not entirely standards compliant, as trim() removes
+     *       more types of whitespace than specified in the spec. In practice,
+     *       this is rarely a problem, as those extra characters usually have
+     *       already been removed by HTMLPurifier_Encoder.
+     *
+     * @warning This processing is inconsistent with XML's whitespace handling
+     *          as specified by section 3.3.3 and referenced XHTML 1.0 section
+     *          4.7.  However, note that we are NOT necessarily
+     *          parsing XML, thus, this behavior may still be correct. We
+     *          assume that newlines have been normalized.
+     */
+    public function parseCDATA($string) {
+        $string = trim($string);
+        $string = str_replace(array("\n", "\t", "\r"), ' ', $string);
+        return $string;
+    }
+
+    /**
+     * Factory method for creating this class from a string.
+     * @param $string String construction info
+     * @return Created AttrDef object corresponding to $string
+     */
+    public function make($string) {
+        // default implementation, return a flyweight of this object.
+        // If $string has an effect on the returned object (i.e. you
+        // need to overload this method), it is best
+        // to clone or instantiate new copies. (Instantiation is safer.)
+        return $this;
+    }
+
+    /**
+     * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work
+     * properly. THIS IS A HACK!
+     */
+    protected function mungeRgb($string) {
+        return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);
+    }
+
+    /**
+     * Parses a possibly escaped CSS string and returns the "pure" 
+     * version of it.
+     */
+    protected function expandCSSEscape($string) {
+        // flexibly parse it
+        $ret = '';
+        for ($i = 0, $c = strlen($string); $i < $c; $i++) {
+            if ($string[$i] === '\\') {
+                $i++;
+                if ($i >= $c) {
+                    $ret .= '\\';
+                    break;
+                }
+                if (ctype_xdigit($string[$i])) {
+                    $code = $string[$i];
+                    for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
+                        if (!ctype_xdigit($string[$i])) break;
+                        $code .= $string[$i];
+                    }
+                    // We have to be extremely careful when adding
+                    // new characters, to make sure we're not breaking
+                    // the encoding.
+                    $char = HTMLPurifier_Encoder::unichr(hexdec($code));
+                    if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue;
+                    $ret .= $char;
+                    if ($i < $c && trim($string[$i]) !== '') $i--;
+                    continue;
+                }
+                if ($string[$i] === "\n") continue;
+            }
+            $ret .= $string[$i];
+        }
+        return $ret;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS.php
@@ -0,0 +1,87 @@
+<?php
+
+/**
+ * Validates the HTML attribute style, otherwise known as CSS.
+ * @note We don't implement the whole CSS specification, so it might be
+ *       difficult to reuse this component in the context of validating
+ *       actual stylesheet declarations.
+ * @note If we were really serious about validating the CSS, we would
+ *       tokenize the styles and then parse the tokens. Obviously, we
+ *       are not doing that. Doing that could seriously harm performance,
+ *       but would make these components a lot more viable for a CSS
+ *       filtering solution.
+ */
+class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
+{
+
+    public function validate($css, $config, $context) {
+
+        $css = $this->parseCDATA($css);
+
+        $definition = $config->getCSSDefinition();
+
+        // we're going to break the spec and explode by semicolons.
+        // This is because semicolon rarely appears in escaped form
+        // Doing this is generally flaky but fast
+        // IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI
+        // for details
+
+        $declarations = explode(';', $css);
+        $propvalues = array();
+
+        /**
+         * Name of the current CSS property being validated.
+         */
+        $property = false;
+        $context->register('CurrentCSSProperty', $property);
+
+        foreach ($declarations as $declaration) {
+            if (!$declaration) continue;
+            if (!strpos($declaration, ':')) continue;
+            list($property, $value) = explode(':', $declaration, 2);
+            $property = trim($property);
+            $value    = trim($value);
+            $ok = false;
+            do {
+                if (isset($definition->info[$property])) {
+                    $ok = true;
+                    break;
+                }
+                if (ctype_lower($property)) break;
+                $property = strtolower($property);
+                if (isset($definition->info[$property])) {
+                    $ok = true;
+                    break;
+                }
+            } while(0);
+            if (!$ok) continue;
+            // inefficient call, since the validator will do this again
+            if (strtolower(trim($value)) !== 'inherit') {
+                // inherit works for everything (but only on the base property)
+                $result = $definition->info[$property]->validate(
+                    $value, $config, $context );
+            } else {
+                $result = 'inherit';
+            }
+            if ($result === false) continue;
+            $propvalues[$property] = $result;
+        }
+
+        $context->destroy('CurrentCSSProperty');
+
+        // procedure does not write the new CSS simultaneously, so it's
+        // slightly inefficient, but it's the only way of getting rid of
+        // duplicates. Perhaps config to optimize it, but not now.
+
+        $new_declarations = '';
+        foreach ($propvalues as $prop => $value) {
+            $new_declarations .= "$prop:$value;";
+        }
+
+        return $new_declarations ? $new_declarations : false;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/AlphaValue.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/AlphaValue.php
@@ -0,0 +1,21 @@
+<?php
+
+class HTMLPurifier_AttrDef_CSS_AlphaValue extends HTMLPurifier_AttrDef_CSS_Number
+{
+
+    public function __construct() {
+        parent::__construct(false); // opacity is non-negative, but we will clamp it
+    }
+
+    public function validate($number, $config, $context) {
+        $result = parent::validate($number, $config, $context);
+        if ($result === false) return $result;
+        $float = (float) $result;
+        if ($float < 0.0) $result = '0';
+        if ($float > 1.0) $result = '1';
+        return $result;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Background.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Background.php
@@ -0,0 +1,87 @@
+<?php
+
+/**
+ * Validates shorthand CSS property background.
+ * @warning Does not support url tokens that have internal spaces.
+ */
+class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
+{
+
+    /**
+     * Local copy of component validators.
+     * @note See HTMLPurifier_AttrDef_Font::$info for a similar impl.
+     */
+    protected $info;
+
+    public function __construct($config) {
+        $def = $config->getCSSDefinition();
+        $this->info['background-color'] = $def->info['background-color'];
+        $this->info['background-image'] = $def->info['background-image'];
+        $this->info['background-repeat'] = $def->info['background-repeat'];
+        $this->info['background-attachment'] = $def->info['background-attachment'];
+        $this->info['background-position'] = $def->info['background-position'];
+    }
+
+    public function validate($string, $config, $context) {
+
+        // regular pre-processing
+        $string = $this->parseCDATA($string);
+        if ($string === '') return false;
+
+        // munge rgb() decl if necessary
+        $string = $this->mungeRgb($string);
+
+        // assumes URI doesn't have spaces in it
+        $bits = explode(' ', strtolower($string)); // bits to process
+
+        $caught = array();
+        $caught['color']    = false;
+        $caught['image']    = false;
+        $caught['repeat']   = false;
+        $caught['attachment'] = false;
+        $caught['position'] = false;
+
+        $i = 0; // number of catches
+        $none = false;
+
+        foreach ($bits as $bit) {
+            if ($bit === '') continue;
+            foreach ($caught as $key => $status) {
+                if ($key != 'position') {
+                    if ($status !== false) continue;
+                    $r = $this->info['background-' . $key]->validate($bit, $config, $context);
+                } else {
+                    $r = $bit;
+                }
+                if ($r === false) continue;
+                if ($key == 'position') {
+                    if ($caught[$key] === false) $caught[$key] = '';
+                    $caught[$key] .= $r . ' ';
+                } else {
+                    $caught[$key] = $r;
+                }
+                $i++;
+                break;
+            }
+        }
+
+        if (!$i) return false;
+        if ($caught['position'] !== false) {
+            $caught['position'] = $this->info['background-position']->
+                validate($caught['position'], $config, $context);
+        }
+
+        $ret = array();
+        foreach ($caught as $value) {
+            if ($value === false) continue;
+            $ret[] = $value;
+        }
+
+        if (empty($ret)) return false;
+        return implode(' ', $ret);
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
@@ -0,0 +1,133 @@
+<?php
+
+/* W3C says:
+    [ // adjective and number must be in correct order, even if
+      // you could switch them without introducing ambiguity.
+      // some browsers support that syntax
+        [
+            <percentage> | <length> | left | center | right
+        ]
+        [
+            <percentage> | <length> | top | center | bottom
+        ]?
+    ] |
+    [ // this signifies that the vertical and horizontal adjectives
+      // can be arbitrarily ordered, however, there can only be two,
+      // one of each, or none at all
+        [
+            left | center | right
+        ] ||
+        [
+            top | center | bottom
+        ]
+    ]
+    top, left = 0%
+    center, (none) = 50%
+    bottom, right = 100%
+*/
+
+/* QuirksMode says:
+    keyword + length/percentage must be ordered correctly, as per W3C
+
+    Internet Explorer and Opera, however, support arbitrary ordering. We
+    should fix it up.
+
+    Minor issue though, not strictly necessary.
+*/
+
+// control freaks may appreciate the ability to convert these to
+// percentages or something, but it's not necessary
+
+/**
+ * Validates the value of background-position.
+ */
+class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
+{
+
+    protected $length;
+    protected $percentage;
+
+    public function __construct() {
+        $this->length     = new HTMLPurifier_AttrDef_CSS_Length();
+        $this->percentage = new HTMLPurifier_AttrDef_CSS_Percentage();
+    }
+
+    public function validate($string, $config, $context) {
+        $string = $this->parseCDATA($string);
+        $bits = explode(' ', $string);
+
+        $keywords = array();
+        $keywords['h'] = false; // left, right
+        $keywords['v'] = false; // top, bottom
+        $keywords['ch'] = false; // center (first word)
+        $keywords['cv'] = false; // center (second word)
+        $measures = array();
+
+        $i = 0;
+
+        $lookup = array(
+            'top' => 'v',
+            'bottom' => 'v',
+            'left' => 'h',
+            'right' => 'h',
+            'center' => 'c'
+        );
+
+        foreach ($bits as $bit) {
+            if ($bit === '') continue;
+
+            // test for keyword
+            $lbit = ctype_lower($bit) ? $bit : strtolower($bit);
+            if (isset($lookup[$lbit])) {
+                $status = $lookup[$lbit];
+                if ($status == 'c') {
+                    if ($i == 0) {
+                        $status = 'ch';
+                    } else {
+                        $status = 'cv';
+                    }
+                }
+                $keywords[$status] = $lbit;
+                $i++;
+            }
+
+            // test for length
+            $r = $this->length->validate($bit, $config, $context);
+            if ($r !== false) {
+                $measures[] = $r;
+                $i++;
+            }
+
+            // test for percentage
+            $r = $this->percentage->validate($bit, $config, $context);
+            if ($r !== false) {
+                $measures[] = $r;
+                $i++;
+            }
+
+        }
+
+        if (!$i) return false; // no valid values were caught
+
+        $ret = array();
+
+        // first keyword
+        if     ($keywords['h'])     $ret[] = $keywords['h'];
+        elseif ($keywords['ch']) {
+            $ret[] = $keywords['ch'];
+            $keywords['cv'] = false; // prevent re-use: center = center center
+        }
+        elseif (count($measures))   $ret[] = array_shift($measures);
+
+        if     ($keywords['v'])     $ret[] = $keywords['v'];
+        elseif ($keywords['cv'])    $ret[] = $keywords['cv'];
+        elseif (count($measures))   $ret[] = array_shift($measures);
+
+        if (empty($ret)) return false;
+        return implode(' ', $ret);
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Border.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Border.php
@@ -0,0 +1,43 @@
+<?php
+
+/**
+ * Validates the border property as defined by CSS.
+ */
+class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef
+{
+
+    /**
+     * Local copy of properties this property is shorthand for.
+     */
+    protected $info = array();
+
+    public function __construct($config) {
+        $def = $config->getCSSDefinition();
+        $this->info['border-width'] = $def->info['border-width'];
+        $this->info['border-style'] = $def->info['border-style'];
+        $this->info['border-top-color'] = $def->info['border-top-color'];
+    }
+
+    public function validate($string, $config, $context) {
+        $string = $this->parseCDATA($string);
+        $string = $this->mungeRgb($string);
+        $bits = explode(' ', $string);
+        $done = array(); // segments we've finished
+        $ret = ''; // return value
+        foreach ($bits as $bit) {
+            foreach ($this->info as $propname => $validator) {
+                if (isset($done[$propname])) continue;
+                $r = $validator->validate($bit, $config, $context);
+                if ($r !== false) {
+                    $ret .= $r . ' ';
+                    $done[$propname] = true;
+                    break;
+                }
+            }
+        }
+        return rtrim($ret);
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Color.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Color.php
@@ -0,0 +1,78 @@
+<?php
+
+/**
+ * Validates Color as defined by CSS.
+ */
+class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
+{
+
+    public function validate($color, $config, $context) {
+
+        static $colors = null;
+        if ($colors === null) $colors = $config->get('Core.ColorKeywords');
+
+        $color = trim($color);
+        if ($color === '') return false;
+
+        $lower = strtolower($color);
+        if (isset($colors[$lower])) return $colors[$lower];
+
+        if (strpos($color, 'rgb(') !== false) {
+            // rgb literal handling
+            $length = strlen($color);
+            if (strpos($color, ')') !== $length - 1) return false;
+            $triad = substr($color, 4, $length - 4 - 1);
+            $parts = explode(',', $triad);
+            if (count($parts) !== 3) return false;
+            $type = false; // to ensure that they're all the same type
+            $new_parts = array();
+            foreach ($parts as $part) {
+                $part = trim($part);
+                if ($part === '') return false;
+                $length = strlen($part);
+                if ($part[$length - 1] === '%') {
+                    // handle percents
+                    if (!$type) {
+                        $type = 'percentage';
+                    } elseif ($type !== 'percentage') {
+                        return false;
+                    }
+                    $num = (float) substr($part, 0, $length - 1);
+                    if ($num < 0) $num = 0;
+                    if ($num > 100) $num = 100;
+                    $new_parts[] = "$num%";
+                } else {
+                    // handle integers
+                    if (!$type) {
+                        $type = 'integer';
+                    } elseif ($type !== 'integer') {
+                        return false;
+                    }
+                    $num = (int) $part;
+                    if ($num < 0) $num = 0;
+                    if ($num > 255) $num = 255;
+                    $new_parts[] = (string) $num;
+                }
+            }
+            $new_triad = implode(',', $new_parts);
+            $color = "rgb($new_triad)";
+        } else {
+            // hexadecimal handling
+            if ($color[0] === '#') {
+                $hex = substr($color, 1);
+            } else {
+                $hex = $color;
+                $color = '#' . $color;
+            }
+            $length = strlen($hex);
+            if ($length !== 3 && $length !== 6) return false;
+            if (!ctype_xdigit($hex)) return false;
+        }
+
+        return $color;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Composite.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Composite.php
@@ -0,0 +1,38 @@
+<?php
+
+/**
+ * Allows multiple validators to attempt to validate attribute.
+ *
+ * Composite is just what it sounds like: a composite of many validators.
+ * This means that multiple HTMLPurifier_AttrDef objects will have a whack
+ * at the string.  If one of them passes, that's what is returned.  This is
+ * especially useful for CSS values, which often are a choice between
+ * an enumerated set of predefined values or a flexible data type.
+ */
+class HTMLPurifier_AttrDef_CSS_Composite extends HTMLPurifier_AttrDef
+{
+
+    /**
+     * List of HTMLPurifier_AttrDef objects that may process strings
+     * @todo Make protected
+     */
+    public $defs;
+
+    /**
+     * @param $defs List of HTMLPurifier_AttrDef objects
+     */
+    public function __construct($defs) {
+        $this->defs = $defs;
+    }
+
+    public function validate($string, $config, $context) {
+        foreach ($this->defs as $i => $def) {
+            $result = $this->defs[$i]->validate($string, $config, $context);
+            if ($result !== false) return $result;
+        }
+        return false;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
@@ -0,0 +1,28 @@
+<?php
+
+/**
+ * Decorator which enables CSS properties to be disabled for specific elements.
+ */
+class HTMLPurifier_AttrDef_CSS_DenyElementDecorator extends HTMLPurifier_AttrDef
+{
+    public $def, $element;
+
+    /**
+     * @param $def Definition to wrap
+     * @param $element Element to deny
+     */
+    public function __construct($def, $element) {
+        $this->def = $def;
+        $this->element = $element;
+    }
+    /**
+     * Checks if CurrentToken is set and equal to $this->element
+     */
+    public function validate($string, $config, $context) {
+        $token = $context->get('CurrentToken', true);
+        if ($token && $token->name == $this->element) return false;
+        return $this->def->validate($string, $config, $context);
+    }
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Filter.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Filter.php
@@ -0,0 +1,54 @@
+<?php
+
+/**
+ * Microsoft's proprietary filter: CSS property
+ * @note Currently supports the alpha filter. In the future, this will
+ *       probably need an extensible framework
+ */
+class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef
+{
+
+    protected $intValidator;
+
+    public function __construct() {
+        $this->intValidator = new HTMLPurifier_AttrDef_Integer();
+    }
+
+    public function validate($value, $config, $context) {
+        $value = $this->parseCDATA($value);
+        if ($value === 'none') return $value;
+        // if we looped this we could support multiple filters
+        $function_length = strcspn($value, '(');
+        $function = trim(substr($value, 0, $function_length));
+        if ($function !== 'alpha' &&
+            $function !== 'Alpha' &&
+            $function !== 'progid:DXImageTransform.Microsoft.Alpha'
+            ) return false;
+        $cursor = $function_length + 1;
+        $parameters_length = strcspn($value, ')', $cursor);
+        $parameters = substr($value, $cursor, $parameters_length);
+        $params = explode(',', $parameters);
+        $ret_params = array();
+        $lookup = array();
+        foreach ($params as $param) {
+            list($key, $value) = explode('=', $param);
+            $key   = trim($key);
+            $value = trim($value);
+            if (isset($lookup[$key])) continue;
+            if ($key !== 'opacity') continue;
+            $value = $this->intValidator->validate($value, $config, $context);
+            if ($value === false) continue;
+            $int = (int) $value;
+            if ($int > 100) $value = '100';
+            if ($int < 0) $value = '0';
+            $ret_params[] = "$key=$value";
+            $lookup[$key] = true;
+        }
+        $ret_parameters = implode(',', $ret_params);
+        $ret_function = "$function($ret_parameters)";
+        return $ret_function;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Font.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Font.php
@@ -0,0 +1,149 @@
+<?php
+
+/**
+ * Validates shorthand CSS property font.
+ */
+class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
+{
+
+    /**
+     * Local copy of component validators.
+     *
+     * @note If we moved specific CSS property definitions to their own
+     *       classes instead of having them be assembled at run time by
+     *       CSSDefinition, this wouldn't be necessary.  We'd instantiate
+     *       our own copies.
+     */
+    protected $info = array();
+
+    public function __construct($config) {
+        $def = $config->getCSSDefinition();
+        $this->info['font-style']   = $def->info['font-style'];
+        $this->info['font-variant'] = $def->info['font-variant'];
+        $this->info['font-weight']  = $def->info['font-weight'];
+        $this->info['font-size']    = $def->info['font-size'];
+        $this->info['line-height']  = $def->info['line-height'];
+        $this->info['font-family']  = $def->info['font-family'];
+    }
+
+    public function validate($string, $config, $context) {
+
+        static $system_fonts = array(
+            'caption' => true,
+            'icon' => true,
+            'menu' => true,
+            'message-box' => true,
+            'small-caption' => true,
+            'status-bar' => true
+        );
+
+        // regular pre-processing
+        $string = $this->parseCDATA($string);
+        if ($string === '') return false;
+
+        // check if it's one of the keywords
+        $lowercase_string = strtolower($string);
+        if (isset($system_fonts[$lowercase_string])) {
+            return $lowercase_string;
+        }
+
+        $bits = explode(' ', $string); // bits to process
+        $stage = 0; // this indicates what we're looking for
+        $caught = array(); // which stage 0 properties have we caught?
+        $stage_1 = array('font-style', 'font-variant', 'font-weight');
+        $final = ''; // output
+
+        for ($i = 0, $size = count($bits); $i < $size; $i++) {
+            if ($bits[$i] === '') continue;
+            switch ($stage) {
+
+                // attempting to catch font-style, font-variant or font-weight
+                case 0:
+                    foreach ($stage_1 as $validator_name) {
+                        if (isset($caught[$validator_name])) continue;
+                        $r = $this->info[$validator_name]->validate(
+                                                $bits[$i], $config, $context);
+                        if ($r !== false) {
+                            $final .= $r . ' ';
+                            $caught[$validator_name] = true;
+                            break;
+                        }
+                    }
+                    // all three caught, continue on
+                    if (count($caught) >= 3) $stage = 1;
+                    if ($r !== false) break;
+
+                // attempting to catch font-size and perhaps line-height
+                case 1:
+                    $found_slash = false;
+                    if (strpos($bits[$i], '/') !== false) {
+                        list($font_size, $line_height) =
+                                                    explode('/', $bits[$i]);
+                        if ($line_height === '') {
+                            // ooh, there's a space after the slash!
+                            $line_height = false;
+                            $found_slash = true;
+                        }
+                    } else {
+                        $font_size = $bits[$i];
+                        $line_height = false;
+                    }
+                    $r = $this->info['font-size']->validate(
+                                              $font_size, $config, $context);
+                    if ($r !== false) {
+                        $final .= $r;
+                        // attempt to catch line-height
+                        if ($line_height === false) {
+                            // we need to scroll forward
+                            for ($j = $i + 1; $j < $size; $j++) {
+                                if ($bits[$j] === '') continue;
+                                if ($bits[$j] === '/') {
+                                    if ($found_slash) {
+                                        return false;
+                                    } else {
+                                        $found_slash = true;
+                                        continue;
+                                    }
+                                }
+                                $line_height = $bits[$j];
+                                break;
+                            }
+                        } else {
+                            // slash already found
+                            $found_slash = true;
+                            $j = $i;
+                        }
+                        if ($found_slash) {
+                            $i = $j;
+                            $r = $this->info['line-height']->validate(
+                                              $line_height, $config, $context);
+                            if ($r !== false) {
+                                $final .= '/' . $r;
+                            }
+                        }
+                        $final .= ' ';
+                        $stage = 2;
+                        break;
+                    }
+                    return false;
+
+                // attempting to catch font-family
+                case 2:
+                    $font_family =
+                        implode(' ', array_slice($bits, $i, $size - $i));
+                    $r = $this->info['font-family']->validate(
+                                              $font_family, $config, $context);
+                    if ($r !== false) {
+                        $final .= $r . ' ';
+                        // processing completed successfully
+                        return rtrim($final);
+                    }
+                    return false;
+            }
+        }
+        return false;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/FontFamily.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/FontFamily.php
@@ -0,0 +1,72 @@
+<?php
+
+/**
+ * Validates a font family list according to CSS spec
+ * @todo whitelisting allowed fonts would be nice
+ */
+class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
+{
+
+    public function validate($string, $config, $context) {
+        static $generic_names = array(
+            'serif' => true,
+            'sans-serif' => true,
+            'monospace' => true,
+            'fantasy' => true,
+            'cursive' => true
+        );
+
+        // assume that no font names contain commas in them
+        $fonts = explode(',', $string);
+        $final = '';
+        foreach($fonts as $font) {
+            $font = trim($font);
+            if ($font === '') continue;
+            // match a generic name
+            if (isset($generic_names[$font])) {
+                $final .= $font . ', ';
+                continue;
+            }
+            // match a quoted name
+            if ($font[0] === '"' || $font[0] === "'") {
+                $length = strlen($font);
+                if ($length <= 2) continue;
+                $quote = $font[0];
+                if ($font[$length - 1] !== $quote) continue;
+                $font = substr($font, 1, $length - 2);
+            }
+
+            $font = $this->expandCSSEscape($font);
+
+            // $font is a pure representation of the font name
+
+            if (ctype_alnum($font) && $font !== '') {
+                // very simple font, allow it in unharmed
+                $final .= $font . ', ';
+                continue;
+            }
+
+            // bugger out on whitespace.  form feed (0C) really
+            // shouldn't show up regardless
+            $font = str_replace(array("\n", "\t", "\r", "\x0C"), ' ', $font);
+
+            // These ugly transforms don't pose a security
+            // risk (as \\ and \" might).  We could try to be clever and
+            // use single-quote wrapping when there is a double quote
+            // present, but I have choosen not to implement that.
+            // (warning: this code relies on the selection of quotation
+            // mark below)
+            $font = str_replace('\\', '\\5C ', $font);
+            $font = str_replace('"',  '\\22 ', $font);
+
+            // complicated font, requires quoting
+            $final .= "\"$font\", "; // note that this will later get turned into &quot;
+        }
+        $final = rtrim($final, ', ');
+        if ($final === '') return false;
+        return $final;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * Decorator which enables !important to be used in CSS values.
+ */
+class HTMLPurifier_AttrDef_CSS_ImportantDecorator extends HTMLPurifier_AttrDef
+{
+    public $def, $allow;
+
+    /**
+     * @param $def Definition to wrap
+     * @param $allow Whether or not to allow !important
+     */
+    public function __construct($def, $allow = false) {
+        $this->def = $def;
+        $this->allow = $allow;
+    }
+    /**
+     * Intercepts and removes !important if necessary
+     */
+    public function validate($string, $config, $context) {
+        // test for ! and important tokens
+        $string = trim($string);
+        $is_important = false;
+        // :TODO: optimization: test directly for !important and ! important
+        if (strlen($string) >= 9 && substr($string, -9) === 'important') {
+            $temp = rtrim(substr($string, 0, -9));
+            // use a temp, because we might want to restore important
+            if (strlen($temp) >= 1 && substr($temp, -1) === '!') {
+                $string = rtrim(substr($temp, 0, -1));
+                $is_important = true;
+            }
+        }
+        $string = $this->def->validate($string, $config, $context);
+        if ($this->allow && $is_important) $string .= ' !important';
+        return $string;
+    }
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Length.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Length.php
@@ -0,0 +1,47 @@
+<?php
+
+/**
+ * Represents a Length as defined by CSS.
+ */
+class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef
+{
+
+    protected $min, $max;
+
+    /**
+     * @param HTMLPurifier_Length $max Minimum length, or null for no bound. String is also acceptable.
+     * @param HTMLPurifier_Length $max Maximum length, or null for no bound. String is also acceptable.
+     */
+    public function __construct($min = null, $max = null) {
+        $this->min = $min !== null ? HTMLPurifier_Length::make($min) : null;
+        $this->max = $max !== null ? HTMLPurifier_Length::make($max) : null;
+    }
+
+    public function validate($string, $config, $context) {
+        $string = $this->parseCDATA($string);
+
+        // Optimizations
+        if ($string === '') return false;
+        if ($string === '0') return '0';
+        if (strlen($string) === 1) return false;
+
+        $length = HTMLPurifier_Length::make($string);
+        if (!$length->isValid()) return false;
+
+        if ($this->min) {
+            $c = $length->compareTo($this->min);
+            if ($c === false) return false;
+            if ($c < 0) return false;
+        }
+        if ($this->max) {
+            $c = $length->compareTo($this->max);
+            if ($c === false) return false;
+            if ($c > 0) return false;
+        }
+
+        return $length->toString();
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ListStyle.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ListStyle.php
@@ -0,0 +1,78 @@
+<?php
+
+/**
+ * Validates shorthand CSS property list-style.
+ * @warning Does not support url tokens that have internal spaces.
+ */
+class HTMLPurifier_AttrDef_CSS_ListStyle extends HTMLPurifier_AttrDef
+{
+
+    /**
+     * Local copy of component validators.
+     * @note See HTMLPurifier_AttrDef_CSS_Font::$info for a similar impl.
+     */
+    protected $info;
+
+    public function __construct($config) {
+        $def = $config->getCSSDefinition();
+        $this->info['list-style-type']     = $def->info['list-style-type'];
+        $this->info['list-style-position'] = $def->info['list-style-position'];
+        $this->info['list-style-image'] = $def->info['list-style-image'];
+    }
+
+    public function validate($string, $config, $context) {
+
+        // regular pre-processing
+        $string = $this->parseCDATA($string);
+        if ($string === '') return false;
+
+        // assumes URI doesn't have spaces in it
+        $bits = explode(' ', strtolower($string)); // bits to process
+
+        $caught = array();
+        $caught['type']     = false;
+        $caught['position'] = false;
+        $caught['image']    = false;
+
+        $i = 0; // number of catches
+        $none = false;
+
+        foreach ($bits as $bit) {
+            if ($i >= 3) return; // optimization bit
+            if ($bit === '') continue;
+            foreach ($caught as $key => $status) {
+                if ($status !== false) continue;
+                $r = $this->info['list-style-' . $key]->validate($bit, $config, $context);
+                if ($r === false) continue;
+                if ($r === 'none') {
+                    if ($none) continue;
+                    else $none = true;
+                    if ($key == 'image') continue;
+                }
+                $caught[$key] = $r;
+                $i++;
+                break;
+            }
+        }
+
+        if (!$i) return false;
+
+        $ret = array();
+
+        // construct type
+        if ($caught['type']) $ret[] = $caught['type'];
+
+        // construct image
+        if ($caught['image']) $ret[] = $caught['image'];
+
+        // construct position
+        if ($caught['position']) $ret[] = $caught['position'];
+
+        if (empty($ret)) return false;
+        return implode(' ', $ret);
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Multiple.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Multiple.php
@@ -0,0 +1,58 @@
+<?php
+
+/**
+ * Framework class for strings that involve multiple values.
+ *
+ * Certain CSS properties such as border-width and margin allow multiple
+ * lengths to be specified.  This class can take a vanilla border-width
+ * definition and multiply it, usually into a max of four.
+ *
+ * @note Even though the CSS specification isn't clear about it, inherit
+ *       can only be used alone: it will never manifest as part of a multi
+ *       shorthand declaration.  Thus, this class does not allow inherit.
+ */
+class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef
+{
+
+    /**
+     * Instance of component definition to defer validation to.
+     * @todo Make protected
+     */
+    public $single;
+
+    /**
+     * Max number of values allowed.
+     * @todo Make protected
+     */
+    public $max;
+
+    /**
+     * @param $single HTMLPurifier_AttrDef to multiply
+     * @param $max Max number of values allowed (usually four)
+     */
+    public function __construct($single, $max = 4) {
+        $this->single = $single;
+        $this->max = $max;
+    }
+
+    public function validate($string, $config, $context) {
+        $string = $this->parseCDATA($string);
+        if ($string === '') return false;
+        $parts = explode(' ', $string); // parseCDATA replaced \r, \t and \n
+        $length = count($parts);
+        $final = '';
+        for ($i = 0, $num = 0; $i < $length && $num < $this->max; $i++) {
+            if (ctype_space($parts[$i])) continue;
+            $result = $this->single->validate($parts[$i], $config, $context);
+            if ($result !== false) {
+                $final .= $result . ' ';
+                $num++;
+            }
+        }
+        if ($final === '') return false;
+        return rtrim($final);
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Number.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Number.php
@@ -0,0 +1,69 @@
+<?php
+
+/**
+ * Validates a number as defined by the CSS spec.
+ */
+class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
+{
+
+    /**
+     * Bool indicating whether or not only positive values allowed.
+     */
+    protected $non_negative = false;
+
+    /**
+     * @param $non_negative Bool indicating whether negatives are forbidden
+     */
+    public function __construct($non_negative = false) {
+        $this->non_negative = $non_negative;
+    }
+
+    /**
+     * @warning Some contexts do not pass $config, $context. These
+     *          variables should not be used without checking HTMLPurifier_Length
+     */
+    public function validate($number, $config, $context) {
+
+        $number = $this->parseCDATA($number);
+
+        if ($number === '') return false;
+        if ($number === '0') return '0';
+
+        $sign = '';
+        switch ($number[0]) {
+            case '-':
+                if ($this->non_negative) return false;
+                $sign = '-';
+            case '+':
+                $number = substr($number, 1);
+        }
+
+        if (ctype_digit($number)) {
+            $number = ltrim($number, '0');
+            return $number ? $sign . $number : '0';
+        }
+
+        // Period is the only non-numeric character allowed
+        if (strpos($number, '.') === false) return false;
+
+        list($left, $right) = explode('.', $number, 2);
+
+        if ($left === '' && $right === '') return false;
+        if ($left !== '' && !ctype_digit($left)) return false;
+
+        $left  = ltrim($left,  '0');
+        $right = rtrim($right, '0');
+
+        if ($right === '') {
+            return $left ? $sign . $left : '0';
+        } elseif (!ctype_digit($right)) {
+            return false;
+        }
+
+        return $sign . $left . '.' . $right;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Percentage.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Percentage.php
@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * Validates a Percentage as defined by the CSS spec.
+ */
+class HTMLPurifier_AttrDef_CSS_Percentage extends HTMLPurifier_AttrDef
+{
+
+    /**
+     * Instance of HTMLPurifier_AttrDef_CSS_Number to defer number validation
+     */
+    protected $number_def;
+
+    /**
+     * @param Bool indicating whether to forbid negative values
+     */
+    public function __construct($non_negative = false) {
+        $this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative);
+    }
+
+    public function validate($string, $config, $context) {
+
+        $string = $this->parseCDATA($string);
+
+        if ($string === '') return false;
+        $length = strlen($string);
+        if ($length === 1) return false;
+        if ($string[$length - 1] !== '%') return false;
+
+        $number = substr($string, 0, $length - 1);
+        $number = $this->number_def->validate($number, $config, $context);
+
+        if ($number === false) return false;
+        return "$number%";
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/TextDecoration.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/TextDecoration.php
@@ -0,0 +1,38 @@
+<?php
+
+/**
+ * Validates the value for the CSS property text-decoration
+ * @note This class could be generalized into a version that acts sort of
+ *       like Enum except you can compound the allowed values.
+ */
+class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef
+{
+
+    public function validate($string, $config, $context) {
+
+        static $allowed_values = array(
+            'line-through' => true,
+            'overline' => true,
+            'underline' => true,
+        );
+
+        $string = strtolower($this->parseCDATA($string));
+
+        if ($string === 'none') return $string;
+
+        $parts = explode(' ', $string);
+        $final = '';
+        foreach ($parts as $part) {
+            if (isset($allowed_values[$part])) {
+                $final .= $part . ' ';
+            }
+        }
+        $final = rtrim($final);
+        if ($final === '') return false;
+        return $final;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/URI.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/URI.php
@@ -0,0 +1,52 @@
+<?php
+
+/**
+ * Validates a URI in CSS syntax, which uses url('http://example.com')
+ * @note While theoretically speaking a URI in a CSS document could
+ *       be non-embedded, as of CSS2 there is no such usage so we're
+ *       generalizing it. This may need to be changed in the future.
+ * @warning Since HTMLPurifier_AttrDef_CSS blindly uses semicolons as
+ *          the separator, you cannot put a literal semicolon in
+ *          in the URI. Try percent encoding it, in that case.
+ */
+class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
+{
+
+    public function __construct() {
+        parent::__construct(true); // always embedded
+    }
+
+    public function validate($uri_string, $config, $context) {
+        // parse the URI out of the string and then pass it onto
+        // the parent object
+
+        $uri_string = $this->parseCDATA($uri_string);
+        if (strpos($uri_string, 'url(') !== 0) return false;
+        $uri_string = substr($uri_string, 4);
+        $new_length = strlen($uri_string) - 1;
+        if ($uri_string[$new_length] != ')') return false;
+        $uri = trim(substr($uri_string, 0, $new_length));
+
+        if (!empty($uri) && ($uri[0] == "'" || $uri[0] == '"')) {
+            $quote = $uri[0];
+            $new_length = strlen($uri) - 1;
+            if ($uri[$new_length] !== $quote) return false;
+            $uri = substr($uri, 1, $new_length - 1);
+        }
+
+        $uri = $this->expandCSSEscape($uri);
+
+        $result = parent::validate($uri, $config, $context);
+
+        if ($result === false) return false;
+
+        // extra sanity check; should have been done by URI
+        $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result);
+
+        return "url(\"$result\")";
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/Enum.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/Enum.php
@@ -0,0 +1,65 @@
+<?php
+
+// Enum = Enumerated
+/**
+ * Validates a keyword against a list of valid values.
+ * @warning The case-insensitive compare of this function uses PHP's
+ *          built-in strtolower and ctype_lower functions, which may
+ *          cause problems with international comparisons
+ */
+class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
+{
+
+    /**
+     * Lookup table of valid values.
+     * @todo Make protected
+     */
+    public $valid_values   = array();
+
+    /**
+     * Bool indicating whether or not enumeration is case sensitive.
+     * @note In general this is always case insensitive.
+     */
+    protected $case_sensitive = false; // values according to W3C spec
+
+    /**
+     * @param $valid_values List of valid values
+     * @param $case_sensitive Bool indicating whether or not case sensitive
+     */
+    public function __construct(
+        $valid_values = array(), $case_sensitive = false
+    ) {
+        $this->valid_values = array_flip($valid_values);
+        $this->case_sensitive = $case_sensitive;
+    }
+
+    public function validate($string, $config, $context) {
+        $string = trim($string);
+        if (!$this->case_sensitive) {
+            // we may want to do full case-insensitive libraries
+            $string = ctype_lower($string) ? $string : strtolower($string);
+        }
+        $result = isset($this->valid_values[$string]);
+
+        return $result ? $string : false;
+    }
+
+    /**
+     * @param $string In form of comma-delimited list of case-insensitive
+     *      valid values. Example: "foo,bar,baz". Prepend "s:" to make
+     *      case sensitive
+     */
+    public function make($string) {
+        if (strlen($string) > 2 && $string[0] == 's' && $string[1] == ':') {
+            $string = substr($string, 2);
+            $sensitive = true;
+        } else {
+            $sensitive = false;
+        }
+        $values = explode(',', $string);
+        return new HTMLPurifier_AttrDef_Enum($values, $sensitive);
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Bool.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Bool.php
@@ -0,0 +1,28 @@
+<?php
+
+/**
+ * Validates a boolean attribute
+ */
+class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
+{
+
+    protected $name;
+    public $minimized = true;
+
+    public function __construct($name = false) {$this->name = $name;}
+
+    public function validate($string, $config, $context) {
+        if (empty($string)) return false;
+        return $this->name;
+    }
+
+    /**
+     * @param $string Name of attribute
+     */
+    public function make($string) {
+        return new HTMLPurifier_AttrDef_HTML_Bool($string);
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Class.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Class.php
@@ -0,0 +1,34 @@
+<?php
+
+/**
+ * Implements special behavior for class attribute (normally NMTOKENS)
+ */
+class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens
+{
+    protected function split($string, $config, $context) {
+        // really, this twiddle should be lazy loaded
+        $name = $config->getDefinition('HTML')->doctype->name;
+        if ($name == "XHTML 1.1" || $name == "XHTML 2.0") {
+            return parent::split($string, $config, $context);
+        } else {
+            return preg_split('/\s+/', $string);
+        }
+    }
+    protected function filter($tokens, $config, $context) {
+        $allowed = $config->get('Attr.AllowedClasses');
+        $forbidden = $config->get('Attr.ForbiddenClasses');
+        $ret = array();
+        foreach ($tokens as $token) {
+            if (
+                ($allowed === null || isset($allowed[$token])) &&
+                !isset($forbidden[$token]) &&
+                // We need this O(n) check because of PHP's array
+                // implementation that casts -0 to 0.
+                !in_array($token, $ret, true)
+            ) {
+                $ret[] = $token;
+            }
+        }
+        return $ret;
+    }
+}
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php
@@ -0,0 +1,32 @@
+<?php
+
+/**
+ * Validates a color according to the HTML spec.
+ */
+class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef
+{
+
+    public function validate($string, $config, $context) {
+
+        static $colors = null;
+        if ($colors === null) $colors = $config->get('Core.ColorKeywords');
+
+        $string = trim($string);
+
+        if (empty($string)) return false;
+        if (isset($colors[$string])) return $colors[$string];
+        if ($string[0] === '#') $hex = substr($string, 1);
+        else $hex = $string;
+
+        $length = strlen($hex);
+        if ($length !== 3 && $length !== 6) return false;
+        if (!ctype_xdigit($hex)) return false;
+        if ($length === 3) $hex = $hex[0].$hex[0].$hex[1].$hex[1].$hex[2].$hex[2];
+
+        return "#$hex";
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php
@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * Special-case enum attribute definition that lazy loads allowed frame targets
+ */
+class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum
+{
+
+    public $valid_values = false; // uninitialized value
+    protected $case_sensitive = false;
+
+    public function __construct() {}
+
+    public function validate($string, $config, $context) {
+        if ($this->valid_values === false) $this->valid_values = $config->get('Attr.AllowedFrameTargets');
+        return parent::validate($string, $config, $context);
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php
@@ -0,0 +1,70 @@
+<?php
+
+/**
+ * Validates the HTML attribute ID.
+ * @warning Even though this is the id processor, it
+ *          will ignore the directive Attr:IDBlacklist, since it will only
+ *          go according to the ID accumulator. Since the accumulator is
+ *          automatically generated, it will have already absorbed the
+ *          blacklist. If you're hacking around, make sure you use load()!
+ */
+
+class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
+{
+
+    // ref functionality disabled, since we also have to verify
+    // whether or not the ID it refers to exists
+
+    public function validate($id, $config, $context) {
+
+        if (!$config->get('Attr.EnableID')) return false;
+
+        $id = trim($id); // trim it first
+
+        if ($id === '') return false;
+
+        $prefix = $config->get('Attr.IDPrefix');
+        if ($prefix !== '') {
+            $prefix .= $config->get('Attr.IDPrefixLocal');
+            // prevent re-appending the prefix
+            if (strpos($id, $prefix) !== 0) $id = $prefix . $id;
+        } elseif ($config->get('Attr.IDPrefixLocal') !== '') {
+            trigger_error('%Attr.IDPrefixLocal cannot be used unless '.
+                '%Attr.IDPrefix is set', E_USER_WARNING);
+        }
+
+        //if (!$this->ref) {
+            $id_accumulator =& $context->get('IDAccumulator');
+            if (isset($id_accumulator->ids[$id])) return false;
+        //}
+
+        // we purposely avoid using regex, hopefully this is faster
+
+        if (ctype_alpha($id)) {
+            $result = true;
+        } else {
+            if (!ctype_alpha(@$id[0])) return false;
+            $trim = trim( // primitive style of regexps, I suppose
+                $id,
+                'A..Za..z0..9:-._'
+              );
+            $result = ($trim === '');
+        }
+
+        $regexp = $config->get('Attr.IDBlacklistRegexp');
+        if ($regexp && preg_match($regexp, $id)) {
+            return false;
+        }
+
+        if (/*!$this->ref && */$result) $id_accumulator->add($id);
+
+        // if no change was made to the ID, return the result
+        // else, return the new id if stripping whitespace made it
+        //     valid, or return false.
+        return $result ? $id : false;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Length.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Length.php
@@ -0,0 +1,41 @@
+<?php
+
+/**
+ * Validates the HTML type length (not to be confused with CSS's length).
+ *
+ * This accepts integer pixels or percentages as lengths for certain
+ * HTML attributes.
+ */
+
+class HTMLPurifier_AttrDef_HTML_Length extends HTMLPurifier_AttrDef_HTML_Pixels
+{
+
+    public function validate($string, $config, $context) {
+
+        $string = trim($string);
+        if ($string === '') return false;
+
+        $parent_result = parent::validate($string, $config, $context);
+        if ($parent_result !== false) return $parent_result;
+
+        $length = strlen($string);
+        $last_char = $string[$length - 1];
+
+        if ($last_char !== '%') return false;
+
+        $points = substr($string, 0, $length - 1);
+
+        if (!is_numeric($points)) return false;
+
+        $points = (int) $points;
+
+        if ($points < 0) return '0%';
+        if ($points > 100) return '100%';
+
+        return ((string) $points) . '%';
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php
@@ -0,0 +1,53 @@
+<?php
+
+/**
+ * Validates a rel/rev link attribute against a directive of allowed values
+ * @note We cannot use Enum because link types allow multiple
+ *       values.
+ * @note Assumes link types are ASCII text
+ */
+class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
+{
+
+    /** Name config attribute to pull. */
+    protected $name;
+
+    public function __construct($name) {
+        $configLookup = array(
+            'rel' => 'AllowedRel',
+            'rev' => 'AllowedRev'
+        );
+        if (!isset($configLookup[$name])) {
+            trigger_error('Unrecognized attribute name for link '.
+                'relationship.', E_USER_ERROR);
+            return;
+        }
+        $this->name = $configLookup[$name];
+    }
+
+    public function validate($string, $config, $context) {
+
+        $allowed = $config->get('Attr.' . $this->name);
+        if (empty($allowed)) return false;
+
+        $string = $this->parseCDATA($string);
+        $parts = explode(' ', $string);
+
+        // lookup to prevent duplicates
+        $ret_lookup = array();
+        foreach ($parts as $part) {
+            $part = strtolower(trim($part));
+            if (!isset($allowed[$part])) continue;
+            $ret_lookup[$part] = true;
+        }
+
+        if (empty($ret_lookup)) return false;
+        $string = implode(' ', array_keys($ret_lookup));
+
+        return $string;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/MultiLength.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/MultiLength.php
@@ -0,0 +1,41 @@
+<?php
+
+/**
+ * Validates a MultiLength as defined by the HTML spec.
+ *
+ * A multilength is either a integer (pixel count), a percentage, or
+ * a relative number.
+ */
+class HTMLPurifier_AttrDef_HTML_MultiLength extends HTMLPurifier_AttrDef_HTML_Length
+{
+
+    public function validate($string, $config, $context) {
+
+        $string = trim($string);
+        if ($string === '') return false;
+
+        $parent_result = parent::validate($string, $config, $context);
+        if ($parent_result !== false) return $parent_result;
+
+        $length = strlen($string);
+        $last_char = $string[$length - 1];
+
+        if ($last_char !== '*') return false;
+
+        $int = substr($string, 0, $length - 1);
+
+        if ($int == '') return '*';
+        if (!is_numeric($int)) return false;
+
+        $int = (int) $int;
+
+        if ($int < 0) return false;
+        if ($int == 0) return '0';
+        if ($int == 1) return '*';
+        return ((string) $int) . '*';
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php
@@ -0,0 +1,52 @@
+<?php
+
+/**
+ * Validates contents based on NMTOKENS attribute type.
+ */
+class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
+{
+
+    public function validate($string, $config, $context) {
+
+        $string = trim($string);
+
+        // early abort: '' and '0' (strings that convert to false) are invalid
+        if (!$string) return false;
+
+        $tokens = $this->split($string, $config, $context);
+        $tokens = $this->filter($tokens, $config, $context);
+        if (empty($tokens)) return false;
+        return implode(' ', $tokens);
+
+    }
+
+    /**
+     * Splits a space separated list of tokens into its constituent parts.
+     */
+    protected function split($string, $config, $context) {
+        // OPTIMIZABLE!
+        // do the preg_match, capture all subpatterns for reformulation
+
+        // we don't support U+00A1 and up codepoints or
+        // escaping because I don't know how to do that with regexps
+        // and plus it would complicate optimization efforts (you never
+        // see that anyway).
+        $pattern = '/(?:(?<=\s)|\A)'. // look behind for space or string start
+                   '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)'.
+                   '(?:(?=\s)|\z)/'; // look ahead for space or string end
+        preg_match_all($pattern, $string, $matches);
+        return $matches[1];
+    }
+
+    /**
+     * Template method for removing certain tokens based on arbitrary criteria.
+     * @note If we wanted to be really functional, we'd do an array_filter
+     *       with a callback. But... we're not.
+     */
+    protected function filter($tokens, $config, $context) {
+        return $tokens;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Pixels.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Pixels.php
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * Validates an integer representation of pixels according to the HTML spec.
+ */
+class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
+{
+
+    protected $max;
+
+    public function __construct($max = null) {
+        $this->max = $max;
+    }
+
+    public function validate($string, $config, $context) {
+
+        $string = trim($string);
+        if ($string === '0') return $string;
+        if ($string === '')  return false;
+        $length = strlen($string);
+        if (substr($string, $length - 2) == 'px') {
+            $string = substr($string, 0, $length - 2);
+        }
+        if (!is_numeric($string)) return false;
+        $int = (int) $string;
+
+        if ($int < 0) return '0';
+
+        // upper-bound value, extremely high values can
+        // crash operating systems, see <http://ha.ckers.org/imagecrash.html>
+        // WARNING, above link WILL crash you if you're using Windows
+
+        if ($this->max !== null && $int > $this->max) return (string) $this->max;
+
+        return (string) $int;
+
+    }
+
+    public function make($string) {
+        if ($string === '') $max = null;
+        else $max = (int) $string;
+        $class = get_class($this);
+        return new $class($max);
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/Integer.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/Integer.php
@@ -0,0 +1,73 @@
+<?php
+
+/**
+ * Validates an integer.
+ * @note While this class was modeled off the CSS definition, no currently
+ *       allowed CSS uses this type.  The properties that do are: widows,
+ *       orphans, z-index, counter-increment, counter-reset.  Some of the
+ *       HTML attributes, however, find use for a non-negative version of this.
+ */
+class HTMLPurifier_AttrDef_Integer extends HTMLPurifier_AttrDef
+{
+
+    /**
+     * Bool indicating whether or not negative values are allowed
+     */
+    protected $negative = true;
+
+    /**
+     * Bool indicating whether or not zero is allowed
+     */
+    protected $zero = true;
+
+    /**
+     * Bool indicating whether or not positive values are allowed
+     */
+    protected $positive = true;
+
+    /**
+     * @param $negative Bool indicating whether or not negative values are allowed
+     * @param $zero Bool indicating whether or not zero is allowed
+     * @param $positive Bool indicating whether or not positive values are allowed
+     */
+    public function __construct(
+        $negative = true, $zero = true, $positive = true
+    ) {
+        $this->negative = $negative;
+        $this->zero     = $zero;
+        $this->positive = $positive;
+    }
+
+    public function validate($integer, $config, $context) {
+
+        $integer = $this->parseCDATA($integer);
+        if ($integer === '') return false;
+
+        // we could possibly simply typecast it to integer, but there are
+        // certain fringe cases that must not return an integer.
+
+        // clip leading sign
+        if ( $this->negative && $integer[0] === '-' ) {
+            $digits = substr($integer, 1);
+            if ($digits === '0') $integer = '0'; // rm minus sign for zero
+        } elseif( $this->positive && $integer[0] === '+' ) {
+            $digits = $integer = substr($integer, 1); // rm unnecessary plus
+        } else {
+            $digits = $integer;
+        }
+
+        // test if it's numeric
+        if (!ctype_digit($digits)) return false;
+
+        // perform scope tests
+        if (!$this->zero     && $integer == 0) return false;
+        if (!$this->positive && $integer > 0) return false;
+        if (!$this->negative && $integer < 0) return false;
+
+        return $integer;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/Lang.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/Lang.php
@@ -0,0 +1,73 @@
+<?php
+
+/**
+ * Validates the HTML attribute lang, effectively a language code.
+ * @note Built according to RFC 3066, which obsoleted RFC 1766
+ */
+class HTMLPurifier_AttrDef_Lang extends HTMLPurifier_AttrDef
+{
+
+    public function validate($string, $config, $context) {
+
+        $string = trim($string);
+        if (!$string) return false;
+
+        $subtags = explode('-', $string);
+        $num_subtags = count($subtags);
+
+        if ($num_subtags == 0) return false; // sanity check
+
+        // process primary subtag : $subtags[0]
+        $length = strlen($subtags[0]);
+        switch ($length) {
+            case 0:
+                return false;
+            case 1:
+                if (! ($subtags[0] == 'x' || $subtags[0] == 'i') ) {
+                    return false;
+                }
+                break;
+            case 2:
+            case 3:
+                if (! ctype_alpha($subtags[0]) ) {
+                    return false;
+                } elseif (! ctype_lower($subtags[0]) ) {
+                    $subtags[0] = strtolower($subtags[0]);
+                }
+                break;
+            default:
+                return false;
+        }
+
+        $new_string = $subtags[0];
+        if ($num_subtags == 1) return $new_string;
+
+        // process second subtag : $subtags[1]
+        $length = strlen($subtags[1]);
+        if ($length == 0 || ($length == 1 && $subtags[1] != 'x') || $length > 8 || !ctype_alnum($subtags[1])) {
+            return $new_string;
+        }
+        if (!ctype_lower($subtags[1])) $subtags[1] = strtolower($subtags[1]);
+
+        $new_string .= '-' . $subtags[1];
+        if ($num_subtags == 2) return $new_string;
+
+        // process all other subtags, index 2 and up
+        for ($i = 2; $i < $num_subtags; $i++) {
+            $length = strlen($subtags[$i]);
+            if ($length == 0 || $length > 8 || !ctype_alnum($subtags[$i])) {
+                return $new_string;
+            }
+            if (!ctype_lower($subtags[$i])) {
+                $subtags[$i] = strtolower($subtags[$i]);
+            }
+            $new_string .= '-' . $subtags[$i];
+        }
+
+        return $new_string;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/Switch.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/Switch.php
@@ -0,0 +1,34 @@
+<?php
+
+/**
+ * Decorator that, depending on a token, switches between two definitions.
+ */
+class HTMLPurifier_AttrDef_Switch
+{
+
+    protected $tag;
+    protected $withTag, $withoutTag;
+
+    /**
+     * @param string $tag Tag name to switch upon
+     * @param HTMLPurifier_AttrDef $with_tag Call if token matches tag
+     * @param HTMLPurifier_AttrDef $without_tag Call if token doesn't match, or there is no token
+     */
+    public function __construct($tag, $with_tag, $without_tag) {
+        $this->tag = $tag;
+        $this->withTag = $with_tag;
+        $this->withoutTag = $without_tag;
+    }
+
+    public function validate($string, $config, $context) {
+        $token = $context->get('CurrentToken', true);
+        if (!$token || $token->name !== $this->tag) {
+            return $this->withoutTag->validate($string, $config, $context);
+        } else {
+            return $this->withTag->validate($string, $config, $context);
+        }
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/Text.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/Text.php
@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * Validates arbitrary text according to the HTML spec.
+ */
+class HTMLPurifier_AttrDef_Text extends HTMLPurifier_AttrDef
+{
+
+    public function validate($string, $config, $context) {
+        return $this->parseCDATA($string);
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php
@@ -0,0 +1,77 @@
+<?php
+
+/**
+ * Validates a URI as defined by RFC 3986.
+ * @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme
+ */
+class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
+{
+
+    protected $parser;
+    protected $embedsResource;
+
+    /**
+     * @param $embeds_resource_resource Does the URI here result in an extra HTTP request?
+     */
+    public function __construct($embeds_resource = false) {
+        $this->parser = new HTMLPurifier_URIParser();
+        $this->embedsResource = (bool) $embeds_resource;
+    }
+
+    public function make($string) {
+        $embeds = (bool) $string;
+        return new HTMLPurifier_AttrDef_URI($embeds);
+    }
+
+    public function validate($uri, $config, $context) {
+
+        if ($config->get('URI.Disable')) return false;
+
+        $uri = $this->parseCDATA($uri);
+
+        // parse the URI
+        $uri = $this->parser->parse($uri);
+        if ($uri === false) return false;
+
+        // add embedded flag to context for validators
+        $context->register('EmbeddedURI', $this->embedsResource);
+
+        $ok = false;
+        do {
+
+            // generic validation
+            $result = $uri->validate($config, $context);
+            if (!$result) break;
+
+            // chained filtering
+            $uri_def = $config->getDefinition('URI');
+            $result = $uri_def->filter($uri, $config, $context);
+            if (!$result) break;
+
+            // scheme-specific validation
+            $scheme_obj = $uri->getSchemeObj($config, $context);
+            if (!$scheme_obj) break;
+            if ($this->embedsResource && !$scheme_obj->browsable) break;
+            $result = $scheme_obj->validate($uri, $config, $context);
+            if (!$result) break;
+
+            // Post chained filtering
+            $result = $uri_def->postFilter($uri, $config, $context);
+            if (!$result) break;
+
+            // survived gauntlet
+            $ok = true;
+
+        } while (false);
+
+        $context->destroy('EmbeddedURI');
+        if (!$ok) return false;
+
+        // back to string
+        return $uri->toString();
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Email.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Email.php
@@ -0,0 +1,17 @@
+<?php
+
+abstract class HTMLPurifier_AttrDef_URI_Email extends HTMLPurifier_AttrDef
+{
+
+    /**
+     * Unpacks a mailbox into its display-name and address
+     */
+    function unpack($string) {
+        // needs to be implemented
+    }
+
+}
+
+// sub-implementations
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * Primitive email validation class based on the regexp found at
+ * http://www.regular-expressions.info/email.html
+ */
+class HTMLPurifier_AttrDef_URI_Email_SimpleCheck extends HTMLPurifier_AttrDef_URI_Email
+{
+
+    public function validate($string, $config, $context) {
+        // no support for named mailboxes i.e. "Bob <bob@example.com>"
+        // that needs more percent encoding to be done
+        if ($string == '') return false;
+        $string = trim($string);
+        $result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string);
+        return $result ? $string : false;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Host.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Host.php
@@ -0,0 +1,62 @@
+<?php
+
+/**
+ * Validates a host according to the IPv4, IPv6 and DNS (future) specifications.
+ */
+class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
+{
+
+    /**
+     * Instance of HTMLPurifier_AttrDef_URI_IPv4 sub-validator
+     */
+    protected $ipv4;
+
+    /**
+     * Instance of HTMLPurifier_AttrDef_URI_IPv6 sub-validator
+     */
+    protected $ipv6;
+
+    public function __construct() {
+        $this->ipv4 = new HTMLPurifier_AttrDef_URI_IPv4();
+        $this->ipv6 = new HTMLPurifier_AttrDef_URI_IPv6();
+    }
+
+    public function validate($string, $config, $context) {
+        $length = strlen($string);
+        if ($string === '') return '';
+        if ($length > 1 && $string[0] === '[' && $string[$length-1] === ']') {
+            //IPv6
+            $ip = substr($string, 1, $length - 2);
+            $valid = $this->ipv6->validate($ip, $config, $context);
+            if ($valid === false) return false;
+            return '['. $valid . ']';
+        }
+
+        // need to do checks on unusual encodings too
+        $ipv4 = $this->ipv4->validate($string, $config, $context);
+        if ($ipv4 !== false) return $ipv4;
+
+        // A regular domain name.
+
+        // This breaks I18N domain names, but we don't have proper IRI support,
+        // so force users to insert Punycode. If there's complaining we'll
+        // try to fix things into an international friendly form.
+
+        // The productions describing this are:
+        $a   = '[a-z]';     // alpha
+        $an  = '[a-z0-9]';  // alphanum
+        $and = '[a-z0-9-]'; // alphanum | "-"
+        // domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
+        $domainlabel   = "$an($and*$an)?";
+        // toplabel    = alpha | alpha *( alphanum | "-" ) alphanum
+        $toplabel      = "$a($and*$an)?";
+        // hostname    = *( domainlabel "." ) toplabel [ "." ]
+        $match = preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string);
+        if (!$match) return false;
+
+        return $string;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv4.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv4.php
@@ -0,0 +1,39 @@
+<?php
+
+/**
+ * Validates an IPv4 address
+ * @author Feyd @ forums.devnetwork.net (public domain)
+ */
+class HTMLPurifier_AttrDef_URI_IPv4 extends HTMLPurifier_AttrDef
+{
+
+    /**
+     * IPv4 regex, protected so that IPv6 can reuse it
+     */
+    protected $ip4;
+
+    public function validate($aIP, $config, $context) {
+
+        if (!$this->ip4) $this->_loadRegex();
+
+        if (preg_match('#^' . $this->ip4 . '$#s', $aIP))
+        {
+                return $aIP;
+        }
+
+        return false;
+
+    }
+
+    /**
+     * Lazy load function to prevent regex from being stuffed in
+     * cache.
+     */
+    protected function _loadRegex() {
+        $oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255
+        $this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})";
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv6.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv6.php
@@ -0,0 +1,99 @@
+<?php
+
+/**
+ * Validates an IPv6 address.
+ * @author Feyd @ forums.devnetwork.net (public domain)
+ * @note This function requires brackets to have been removed from address
+ *       in URI.
+ */
+class HTMLPurifier_AttrDef_URI_IPv6 extends HTMLPurifier_AttrDef_URI_IPv4
+{
+
+    public function validate($aIP, $config, $context) {
+
+        if (!$this->ip4) $this->_loadRegex();
+
+        $original = $aIP;
+
+        $hex = '[0-9a-fA-F]';
+        $blk = '(?:' . $hex . '{1,4})';
+        $pre = '(?:/(?:12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))';   // /0 - /128
+
+        //      prefix check
+        if (strpos($aIP, '/') !== false)
+        {
+                if (preg_match('#' . $pre . '$#s', $aIP, $find))
+                {
+                        $aIP = substr($aIP, 0, 0-strlen($find[0]));
+                        unset($find);
+                }
+                else
+                {
+                        return false;
+                }
+        }
+
+        //      IPv4-compatiblity check
+        if (preg_match('#(?<=:'.')' . $this->ip4 . '$#s', $aIP, $find))
+        {
+                $aIP = substr($aIP, 0, 0-strlen($find[0]));
+                $ip = explode('.', $find[0]);
+                $ip = array_map('dechex', $ip);
+                $aIP .= $ip[0] . $ip[1] . ':' . $ip[2] . $ip[3];
+                unset($find, $ip);
+        }
+
+        //      compression check
+        $aIP = explode('::', $aIP);
+        $c = count($aIP);
+        if ($c > 2)
+        {
+                return false;
+        }
+        elseif ($c == 2)
+        {
+                list($first, $second) = $aIP;
+                $first = explode(':', $first);
+                $second = explode(':', $second);
+
+                if (count($first) + count($second) > 8)
+                {
+                        return false;
+                }
+
+                while(count($first) < 8)
+                {
+                        array_push($first, '0');
+                }
+
+                array_splice($first, 8 - count($second), 8, $second);
+                $aIP = $first;
+                unset($first,$second);
+        }
+        else
+        {
+                $aIP = explode(':', $aIP[0]);
+        }
+        $c = count($aIP);
+
+        if ($c != 8)
+        {
+                return false;
+        }
+
+        //      All the pieces should be 16-bit hex strings. Are they?
+        foreach ($aIP as $piece)
+        {
+                if (!preg_match('#^[0-9a-fA-F]{4}$#s', sprintf('%04s', $piece)))
+                {
+                        return false;
+                }
+        }
+
+        return $original;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform.php
@@ -0,0 +1,56 @@
+<?php
+
+/**
+ * Processes an entire attribute array for corrections needing multiple values.
+ *
+ * Occasionally, a certain attribute will need to be removed and popped onto
+ * another value.  Instead of creating a complex return syntax for
+ * HTMLPurifier_AttrDef, we just pass the whole attribute array to a
+ * specialized object and have that do the special work.  That is the
+ * family of HTMLPurifier_AttrTransform.
+ *
+ * An attribute transformation can be assigned to run before or after
+ * HTMLPurifier_AttrDef validation.  See HTMLPurifier_HTMLDefinition for
+ * more details.
+ */
+
+abstract class HTMLPurifier_AttrTransform
+{
+
+    /**
+     * Abstract: makes changes to the attributes dependent on multiple values.
+     *
+     * @param $attr Assoc array of attributes, usually from
+     *              HTMLPurifier_Token_Tag::$attr
+     * @param $config Mandatory HTMLPurifier_Config object.
+     * @param $context Mandatory HTMLPurifier_Context object
+     * @returns Processed attribute array.
+     */
+    abstract public function transform($attr, $config, $context);
+
+    /**
+     * Prepends CSS properties to the style attribute, creating the
+     * attribute if it doesn't exist.
+     * @param $attr Attribute array to process (passed by reference)
+     * @param $css CSS to prepend
+     */
+    public function prependCSS(&$attr, $css) {
+        $attr['style'] = isset($attr['style']) ? $attr['style'] : '';
+        $attr['style'] = $css . $attr['style'];
+    }
+
+    /**
+     * Retrieves and removes an attribute
+     * @param $attr Attribute array to process (passed by reference)
+     * @param $key Key of attribute to confiscate
+     */
+    public function confiscateAttr(&$attr, $key) {
+        if (!isset($attr[$key])) return null;
+        $value = $attr[$key];
+        unset($attr[$key]);
+        return $value;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php
@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * Pre-transform that changes proprietary background attribute to CSS.
+ */
+class HTMLPurifier_AttrTransform_Background extends HTMLPurifier_AttrTransform {
+
+    public function transform($attr, $config, $context) {
+
+        if (!isset($attr['background'])) return $attr;
+
+        $background = $this->confiscateAttr($attr, 'background');
+        // some validation should happen here
+
+        $this->prependCSS($attr, "background-image:url($background);");
+
+        return $attr;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php
@@ -0,0 +1,19 @@
+<?php
+
+// this MUST be placed in post, as it assumes that any value in dir is valid
+
+/**
+ * Post-trasnform that ensures that bdo tags have the dir attribute set.
+ */
+class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform
+{
+
+    public function transform($attr, $config, $context) {
+        if (isset($attr['dir'])) return $attr;
+        $attr['dir'] = $config->get('Attr.DefaultTextDir');
+        return $attr;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php
@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * Pre-transform that changes deprecated bgcolor attribute to CSS.
+ */
+class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform {
+
+    public function transform($attr, $config, $context) {
+
+        if (!isset($attr['bgcolor'])) return $attr;
+
+        $bgcolor = $this->confiscateAttr($attr, 'bgcolor');
+        // some validation should happen here
+
+        $this->prependCSS($attr, "background-color:$bgcolor;");
+
+        return $attr;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php
@@ -0,0 +1,36 @@
+<?php
+
+/**
+ * Pre-transform that changes converts a boolean attribute to fixed CSS
+ */
+class HTMLPurifier_AttrTransform_BoolToCSS extends HTMLPurifier_AttrTransform {
+
+    /**
+     * Name of boolean attribute that is trigger
+     */
+    protected $attr;
+
+    /**
+     * CSS declarations to add to style, needs trailing semicolon
+     */
+    protected $css;
+
+    /**
+     * @param $attr string attribute name to convert from
+     * @param $css string CSS declarations to add to style (needs semicolon)
+     */
+    public function __construct($attr, $css) {
+        $this->attr = $attr;
+        $this->css  = $css;
+    }
+
+    public function transform($attr, $config, $context) {
+        if (!isset($attr[$this->attr])) return $attr;
+        unset($attr[$this->attr]);
+        $this->prependCSS($attr, $this->css);
+        return $attr;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php
@@ -0,0 +1,18 @@
+<?php
+
+/**
+ * Pre-transform that changes deprecated border attribute to CSS.
+ */
+class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform {
+
+    public function transform($attr, $config, $context) {
+        if (!isset($attr['border'])) return $attr;
+        $border_width = $this->confiscateAttr($attr, 'border');
+        // some validation should happen here
+        $this->prependCSS($attr, "border:{$border_width}px solid;");
+        return $attr;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php
@@ -0,0 +1,58 @@
+<?php
+
+/**
+ * Generic pre-transform that converts an attribute with a fixed number of
+ * values (enumerated) to CSS.
+ */
+class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform {
+
+    /**
+     * Name of attribute to transform from
+     */
+    protected $attr;
+
+    /**
+     * Lookup array of attribute values to CSS
+     */
+    protected $enumToCSS = array();
+
+    /**
+     * Case sensitivity of the matching
+     * @warning Currently can only be guaranteed to work with ASCII
+     *          values.
+     */
+    protected $caseSensitive = false;
+
+    /**
+     * @param $attr String attribute name to transform from
+     * @param $enumToCSS Lookup array of attribute values to CSS
+     * @param $case_sensitive Boolean case sensitivity indicator, default false
+     */
+    public function __construct($attr, $enum_to_css, $case_sensitive = false) {
+        $this->attr = $attr;
+        $this->enumToCSS = $enum_to_css;
+        $this->caseSensitive = (bool) $case_sensitive;
+    }
+
+    public function transform($attr, $config, $context) {
+
+        if (!isset($attr[$this->attr])) return $attr;
+
+        $value = trim($attr[$this->attr]);
+        unset($attr[$this->attr]);
+
+        if (!$this->caseSensitive) $value = strtolower($value);
+
+        if (!isset($this->enumToCSS[$value])) {
+            return $attr;
+        }
+
+        $this->prependCSS($attr, $this->enumToCSS[$value]);
+
+        return $attr;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php
@@ -0,0 +1,43 @@
+<?php
+
+// must be called POST validation
+
+/**
+ * Transform that supplies default values for the src and alt attributes
+ * in img tags, as well as prevents the img tag from being removed
+ * because of a missing alt tag. This needs to be registered as both
+ * a pre and post attribute transform.
+ */
+class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
+{
+
+    public function transform($attr, $config, $context) {
+
+        $src = true;
+        if (!isset($attr['src'])) {
+            if ($config->get('Core.RemoveInvalidImg')) return $attr;
+            $attr['src'] = $config->get('Attr.DefaultInvalidImage');
+            $src = false;
+        }
+
+        if (!isset($attr['alt'])) {
+            if ($src) {
+                $alt = $config->get('Attr.DefaultImageAlt');
+                if ($alt === null) {
+                    // truncate if the alt is too long
+                    $attr['alt'] = substr(basename($attr['src']),0,40);
+                } else {
+                    $attr['alt'] = $alt;
+                }
+            } else {
+                $attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt');
+            }
+        }
+
+        return $attr;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php
@@ -0,0 +1,44 @@
+<?php
+
+/**
+ * Pre-transform that changes deprecated hspace and vspace attributes to CSS
+ */
+class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform {
+
+    protected $attr;
+    protected $css = array(
+        'hspace' => array('left', 'right'),
+        'vspace' => array('top', 'bottom')
+    );
+
+    public function __construct($attr) {
+        $this->attr = $attr;
+        if (!isset($this->css[$attr])) {
+            trigger_error(htmlspecialchars($attr) . ' is not valid space attribute');
+        }
+    }
+
+    public function transform($attr, $config, $context) {
+
+        if (!isset($attr[$this->attr])) return $attr;
+
+        $width = $this->confiscateAttr($attr, $this->attr);
+        // some validation could happen here
+
+        if (!isset($this->css[$this->attr])) return $attr;
+
+        $style = '';
+        foreach ($this->css[$this->attr] as $suffix) {
+            $property = "margin-$suffix";
+            $style .= "$property:{$width}px;";
+        }
+
+        $this->prependCSS($attr, $style);
+
+        return $attr;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php
@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * Performs miscellaneous cross attribute validation and filtering for
+ * input elements. This is meant to be a post-transform.
+ */
+class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform {
+
+    protected $pixels;
+
+    public function __construct() {
+        $this->pixels = new HTMLPurifier_AttrDef_HTML_Pixels();
+    }
+
+    public function transform($attr, $config, $context) {
+        if (!isset($attr['type'])) $t = 'text';
+        else $t = strtolower($attr['type']);
+        if (isset($attr['checked']) && $t !== 'radio' && $t !== 'checkbox') {
+            unset($attr['checked']);
+        }
+        if (isset($attr['maxlength']) && $t !== 'text' && $t !== 'password') {
+            unset($attr['maxlength']);
+        }
+        if (isset($attr['size']) && $t !== 'text' && $t !== 'password') {
+            $result = $this->pixels->validate($attr['size'], $config, $context);
+            if ($result === false) unset($attr['size']);
+            else $attr['size'] = $result;
+        }
+        if (isset($attr['src']) && $t !== 'image') {
+            unset($attr['src']);
+        }
+        if (!isset($attr['value']) && ($t === 'radio' || $t === 'checkbox')) {
+            $attr['value'] = '';
+        }
+        return $attr;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php
@@ -0,0 +1,28 @@
+<?php
+
+/**
+ * Post-transform that copies lang's value to xml:lang (and vice-versa)
+ * @note Theoretically speaking, this could be a pre-transform, but putting
+ *       post is more efficient.
+ */
+class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform
+{
+
+    public function transform($attr, $config, $context) {
+
+        $lang     = isset($attr['lang']) ? $attr['lang'] : false;
+        $xml_lang = isset($attr['xml:lang']) ? $attr['xml:lang'] : false;
+
+        if ($lang !== false && $xml_lang === false) {
+            $attr['xml:lang'] = $lang;
+        } elseif ($xml_lang !== false) {
+            $attr['lang'] = $xml_lang;
+        }
+
+        return $attr;
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php
@@ -0,0 +1,27 @@
+<?php
+
+/**
+ * Class for handling width/height length attribute transformations to CSS
+ */
+class HTMLPurifier_AttrTransform_Length extends HTMLPurifier_AttrTransform
+{
+
+    protected $name;
+    protected $cssName;
+
+    public function __construct($name, $css_name = null) {
+        $this->name = $name;
+        $this->cssName = $css_name ? $css_name : $name;
+    }
+
+    public function transform($attr, $config, $context) {
+        if (!isset($attr[$this->name])) return $attr;
+        $length = $this->confiscateAttr($attr, $this->name);
+        if(ctype_digit($length)) $length .= 'px';
+        $this->prependCSS($attr, $this->cssName . ":$length;");
+        return $attr;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php
@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * Pre-transform that changes deprecated name attribute to ID if necessary
+ */
+class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
+{
+
+    public function transform($attr, $config, $context) {
+        // Abort early if we're using relaxed definition of name
+        if ($config->get('HTML.Attr.Name.UseCDATA')) return $attr;
+        if (!isset($attr['name'])) return $attr;
+        $id = $this->confiscateAttr($attr, 'name');
+        if ( isset($attr['id']))   return $attr;
+        $attr['id'] = $id;
+        return $attr;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php
@@ -0,0 +1,27 @@
+<?php
+
+/**
+ * Post-transform that performs validation to the name attribute; if
+ * it is present with an equivalent id attribute, it is passed through;
+ * otherwise validation is performed.
+ */
+class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform
+{
+
+    public function __construct() {
+        $this->idDef = new HTMLPurifier_AttrDef_HTML_ID();
+    }
+
+    public function transform($attr, $config, $context) {
+        if (!isset($attr['name'])) return $attr;
+        $name = $attr['name'];
+        if (isset($attr['id']) && $attr['id'] === $name) return $attr;
+        $result = $this->idDef->validate($name, $config, $context);
+        if ($result === false) unset($attr['name']);
+        else $attr['name'] = $result;
+        return $attr;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php
@@ -0,0 +1,15 @@
+<?php
+
+class HTMLPurifier_AttrTransform_SafeEmbed extends HTMLPurifier_AttrTransform
+{
+    public $name = "SafeEmbed";
+
+    public function transform($attr, $config, $context) {
+        $attr['allowscriptaccess'] = 'never';
+        $attr['allownetworking'] = 'internal';
+        $attr['type'] = 'application/x-shockwave-flash';
+        return $attr;
+    }
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php
@@ -0,0 +1,16 @@
+<?php
+
+/**
+ * Writes default type for all objects. Currently only supports flash.
+ */
+class HTMLPurifier_AttrTransform_SafeObject extends HTMLPurifier_AttrTransform
+{
+    public $name = "SafeObject";
+
+    function transform($attr, $config, $context) {
+        if (!isset($attr['type'])) $attr['type'] = 'application/x-shockwave-flash';
+        return $attr;
+    }
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php
@@ -0,0 +1,63 @@
+<?php
+
+/**
+ * Validates name/value pairs in param tags to be used in safe objects. This
+ * will only allow name values it recognizes, and pre-fill certain attributes
+ * with required values.
+ *
+ * @note
+ *      This class only supports Flash. In the future, Quicktime support
+ *      may be added.
+ *
+ * @warning
+ *      This class expects an injector to add the necessary parameters tags.
+ */
+class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
+{
+    public $name = "SafeParam";
+    private $uri;
+
+    public function __construct() {
+        $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
+    }
+
+    public function transform($attr, $config, $context) {
+        // If we add support for other objects, we'll need to alter the
+        // transforms.
+        switch ($attr['name']) {
+            // application/x-shockwave-flash
+            // Keep this synchronized with Injector/SafeObject.php
+            case 'allowScriptAccess':
+                $attr['value'] = 'never';
+                break;
+            case 'allowNetworking':
+                $attr['value'] = 'internal';
+                break;
+            case 'allowFullScreen':
+                if ($config->get('HTML.FlashAllowFullScreen')) {
+                    $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
+                } else {
+                    $attr['value'] = 'false';
+                }
+                break;
+            case 'wmode':
+                $attr['value'] = 'window';
+                break;
+            case 'movie':
+            case 'src':
+                $attr['name'] = "movie";
+                $attr['value'] = $this->uri->validate($attr['value'], $config, $context);
+                break;
+            case 'flashvars':
+                // we're going to allow arbitrary inputs to the SWF, on
+                // the reasoning that it could only hack the SWF, not us.
+                break;
+            // add other cases to support other param name/value pairs
+            default:
+                $attr['name'] = $attr['value'] = null;
+        }
+        return $attr;
+    }
+}
+
+// vim: et sw=4 sts=4
--- a/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php
+++ b/lib/classes/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php
@@ -0,0 +1,16 @@
+<?php
+
+/**
+ * Implements required attribute stipulation for <script>
+ */
+class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform
+{
+    public function transform($attr, $config, $context) {
+        if (!isset($attr['type'])) {
+            $attr['type'] = 'text/javascript';
+        }
+        return $attr;
+    }
+}
+
+// vim: et sw=4 sts=4
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Michael Kaufmann (d00p)	f685956930	Tagging release version 0.9.14	2010-10-25 11:25:20 +00:00
Michael Kaufmann (d00p)	e7b030fa30	setting version to 0.9.14 for release	2010-10-25 11:22:29 +00:00
Robert Foerster (Dessa)	e74262c81e	some spelling fixage	2010-10-25 08:48:03 +00:00
Michael Kaufmann (d00p)	d1a52ca85c	- various language corrections, fixes #439	2010-10-25 07:02:36 +00:00
Michael Kaufmann (d00p)	44b53ffd2c	- fixed regex for domains to allow a port and/or subfolders/files, fixes #431	2010-10-25 06:45:15 +00:00
Michael Kaufmann (d00p)	ffe49e8acd	outsource makeChownWithNewStats function to lib/functions/ because it is now also used outside the cron-area, refs #258	2010-10-24 20:59:52 +00:00
Michael Kaufmann (d00p)	58b3a19ae7	- remove multiserver-stuff from current-trunk - fix FroxlorSshTransport	2010-10-24 19:16:26 +00:00
Andreas Burchert (scarya)	0be29498b0	- fix in FroxlorSshTransport::close()	2010-10-24 18:58:23 +00:00
Michael Kaufmann (d00p)	1b4069f01e	- remove realtime-feature-stuff	2010-10-24 16:57:17 +00:00
Michael Kaufmann (d00p)	5f284c31ab	- remove realtime configurations and install-instructions from the panel	2010-10-24 08:59:00 +00:00
Florian Aders (EleRas)	1c892a0f9c	Removing duplicate function, fixes #447	2010-10-23 15:20:23 +00:00
Robert Foerster (Dessa)	8fb5a3ae7c	deprecate etch config templates, which will be removed with 0.9.15	2010-10-23 12:33:55 +00:00
Michael Kaufmann (d00p)	3c731661a0	actually update to new version :P	2010-10-23 10:44:35 +00:00
Michael Kaufmann (d00p)	ed5e2ba39d	fixing update-process, reverting multiserver-support-changes (now in branch)	2010-10-23 10:37:43 +00:00
Michael Kaufmann (d00p)	22eb0e19cc	remove deprecated realtime-functionality	2010-10-23 10:24:03 +00:00
Florian Aders (EleRas)	ad31b07a04	Reverting the multiserver-stuff, we'll do this inside the branch	2010-10-23 10:20:23 +00:00
Michael Kaufmann (d00p)	99696ff6cb	- allow 4-character tld's (like .info or .mobi)	2010-10-23 07:50:26 +00:00
Michael Kaufmann (d00p)	8b3c634652	minor work on multiserver-client-deployment	2010-10-22 21:29:47 +00:00
Andreas Burchert (scarya)	26084a19fa	- replaced die() with throw new Exception()	2010-10-21 08:59:46 +00:00
Andreas Burchert (scarya)	84637d82d4	- updated demousage - updated FroxlorPkgCreator (fix for manual added files) - first cron version for remote server data deploying	2010-10-20 21:33:39 +00:00
Andreas Burchert (scarya)	7a83a01095	- added function to FroxlorPkgCreator::addFile($name, $data)	2010-10-20 21:09:52 +00:00
Andreas Burchert (scarya)	71d3410b4f	- added exlude dir variable to DfC - updated demousage	2010-10-20 20:54:57 +00:00
Andreas Burchert (scarya)	b58a9d3b88	- add support for multiple directories	2010-10-20 20:29:47 +00:00
Andreas Burchert (scarya)	05897c3e01	- fix in FroxlorPkgCreator::pack() (better file name, path fix) - added FroxlorDeployfileCreator	2010-10-20 19:47:31 +00:00
Andreas Burchert (scarya)	a06211b497	- description fix in FroxlorSshTransport - added FroxlorPkgCreator	2010-10-20 19:07:51 +00:00
Michael Kaufmann (d00p)	db2cca8e86	- add a few images to beautify multiserver-client overview	2010-10-20 13:00:30 +00:00
Michael Kaufmann (d00p)	aa5e574d5d	- more work on multiserver-client settings	2010-10-20 11:41:43 +00:00
Michael Kaufmann (d00p)	09c5bbcb63	- more work in multiserver-client-settings (save-methods)	2010-10-20 10:05:54 +00:00
Michael Kaufmann (d00p)	cadab96bae	- set server-id parameter for inserttask in customer_ftp.php - call inserttask in admin_clients::deploy	2010-10-20 09:12:21 +00:00
Michael Kaufmann (d00p)	0c9ab91373	- added multiserver-client-deploy-cron - outsourcing Deploy() function from froxlorclient to client_deployer	2010-10-20 09:01:34 +00:00
Michael Kaufmann (d00p)	836b7fb056	- correct links on client-settings page - added new server_id parameter to buildFormEx, so getFormGroupOutput will use the correct template (with correct links)	2010-10-20 07:40:34 +00:00
Michael Kaufmann (d00p)	d3fd4ee2f4	- more work on froxlor-client settings (multiserver mode)	2010-10-19 20:42:55 +00:00
Michael Kaufmann (d00p)	58499a068f	- added "deploy" menu to Froxlor-client (multiserver-support)	2010-10-19 19:50:20 +00:00
Michael Kaufmann (d00p)	ce83e8f92b	- chown newly created awstats-directory when new domain has been created, fixes #258	2010-10-19 19:32:53 +00:00
Michael Kaufmann (d00p)	fc5aea1c33	- implement multiserver-client edit - fix various undefined variables	2010-10-19 16:07:48 +00:00
Michael Kaufmann (d00p)	89bf0aa128	- finish adding of multiserver-clients	2010-10-19 15:05:19 +00:00
Michael Kaufmann (d00p)	b2ea0cb666	- added form to add new froxlor-clients (no deploy etc.) - implemented function to return all active client-id's for inserttask-function (task for all clients+master)	2010-10-19 14:35:33 +00:00
Andreas Burchert (scarya)	c0b19fa2b2	- small fix in if condition for scp/sftp switch	2010-10-19 09:20:32 +00:00
Michael Kaufmann (d00p)	9e028ef0f7	- use correct heading for mysql-editing-form, fixes #444	2010-10-19 08:29:24 +00:00
Michael Kaufmann (d00p)	a8460b7570	- fix loading of settings in case of older Froxlor versions which do not support multiserver-mode	2010-10-19 08:10:22 +00:00
Michael Kaufmann (d00p)	f42fa0ee7b	few minor changes for multiserver-support	2010-10-18 11:34:19 +00:00
Michael Kaufmann (d00p)	8d27f71cee	admin_ipsandports.php does not need a server_id (multiserver-support) yet	2010-10-18 10:44:14 +00:00
Michael Kaufmann (d00p)	3a9813c1b5	- removing deprecated legacy_cron entry from database - minor changes for multiserver-support	2010-10-18 09:48:26 +00:00
Michael Kaufmann (d00p)	699f451234	- more work on settings for FroxlorClients (upcoming multiserver-mode)	2010-10-18 09:20:17 +00:00
Michael Kaufmann (d00p)	cad3c02f08	forgot to save the file :)	2010-10-18 07:55:47 +00:00
Michael Kaufmann (d00p)	7484ab1bc9	- added functions to get/set client settings - added function for deployment of FroxlorClients	2010-10-18 07:48:54 +00:00
Michael Kaufmann (d00p)	8f87aa6636	- added class for FroxlorClients - added admin_clients.php file for managing FroxlorClients - added Multiserver-Menu (unfinished, just base-layout for further developing, disabled by hardcoded setting)	2010-10-18 06:49:06 +00:00
Andreas Burchert (scarya)	15486ed764	- added destructor for FroxlorSshTransport - added a fix for close() operation to prevent missing file writing on remote disk - added a switch for scp/sftp to sendFile	2010-10-17 20:46:39 +00:00
Michael Kaufmann (d00p)	118693471c	- correct sql-query in update to drop table, fixes #440 - use correct language-variable for ips-and-ports docroot-setting, fixes #441	2010-10-17 02:01:18 +00:00
Michael Kaufmann (d00p)	382bd88344	- prepare inserttask()-function for multiserver-support	2010-10-17 01:44:58 +00:00
Andreas Burchert (scarya)	2a4d618bcc	- fixed eol-style	2010-10-17 00:32:41 +00:00
Andreas Burchert (scarya)	14b56d9287	- fixed eol-style from FroxlorSshTransport - added a demo usage script for FroxlorSshTransport	2010-10-17 00:29:04 +00:00
Florian Aders (EleRas)	ba35677cf6	Hint for removed stuff	2010-10-16 23:59:36 +00:00
Andreas Burchert (scarya)	c4723fc3f2	- added FroxlorSshTransport for upcoming multiserver-support	2010-10-16 23:31:38 +00:00
Michael Kaufmann (d00p)	3aff47d983	- first commit for upcoming multiserver-support :)	2010-10-16 20:00:24 +00:00
Michael Kaufmann (d00p)	9fe6db8cd9	- forgot to add setting for SSLCertificateChainFile to the settings-array, refs #418	2010-10-15 11:55:28 +00:00
Michael Kaufmann (d00p)	15a03f63a9	- only use makeCorrectFile() on SSLCertificateChainFile if not empty	2010-10-15 11:51:15 +00:00
Michael Kaufmann (d00p)	d7b5c4bc71	- added possibility to allow customer to login with their domain-name, fixes #374	2010-10-15 11:48:05 +00:00
Michael Kaufmann (d00p)	db05ea5f32	- added possibility to set a custom docroot for any ip/port combination, fixes #417 - sort vhosts-file by type (subdomain, sub-of-main, main-domain), fixes #437	2010-10-15 10:41:58 +00:00
Michael Kaufmann (d00p)	ceedab3a6e	- put enable/disable ssl in the settings overview - added SSLCertificateChainFile to IPs and ports and webserver-cron, fixes #418 - added domain-specific ssl-settings for lighttpd	2010-10-15 08:32:35 +00:00
Michael Kaufmann (d00p)	0b6bb64600	- fix loop-in-loop effect when calculating traffic with awstats, fixes #246	2010-10-15 07:32:16 +00:00
Michael Kaufmann (d00p)	2985a08a8d	- add awstats-icon alias to vhost-content, fixes #257 - removing unnecessary (and partly wrong) language-file entries	2010-10-15 06:50:25 +00:00
Michael Kaufmann (d00p)	a1b26c91d2	small dkim-filter.conf-fixes; refs #384 OMG OMG OMG this commit is LEET :) - wohoooo	2010-10-14 06:52:35 +00:00
Michael Kaufmann (d00p)	7d54744e9a	- add DKIM-milter install/configuration instructions for Debian/Ubuntu, fixes #384	2010-10-14 06:49:05 +00:00
Michael Kaufmann (d00p)	7afc7e2797	- show correct values on update-counters overview (subdomains had the used-tickets value)	2010-10-12 06:50:28 +00:00
Michael Kaufmann (d00p)	8d1f894622	- set used-ticket-cycle on update too - setting version to 0.9.14-svn2	2010-10-12 06:32:29 +00:00
Michael Kaufmann (d00p)	3f0a491f8c	- set used-ticket-cycle directly as INTERVAL for the cronjob	2010-10-12 06:21:08 +00:00
Michael Kaufmann (d00p)	9787089615	. remove customers htaccess/diroptions after deleting the customer, refs #424	2010-10-11 08:44:24 +00:00
Michael Kaufmann (d00p)	076c07b4be	add aps-packages to the updateCounters() function and recalculate resources overview, fixes #425	2010-10-10 11:37:49 +00:00
Michael Kaufmann (d00p)	6887dad1a9	- fixed misspelling in german language-file, fixes #434	2010-10-10 10:50:56 +00:00
Michael Kaufmann (d00p)	5fee795b5c	- set correct config for special-characters (umlauts) in HTMLPurifier, refs #129	2010-10-10 08:20:32 +00:00
Michael Kaufmann (d00p)	146c205f6c	- updated italian language file, thx to Emilien	2010-10-08 10:13:23 +00:00
Michael Kaufmann (d00p)	5c87e2210c	- be sure customer-docroot-prefix is never the same or within the fcgid-configurations-folder	2010-10-05 20:25:52 +00:00
Michael Kaufmann (d00p)	db6bdfd931	- always check that HTMLPurifier's cache folder is writable	2010-10-05 20:24:08 +00:00
Michael Kaufmann (d00p)	b796f02a3d	- add note to fcgid-config-dir setting that this folders gets cleaned on every cronrun	2010-10-04 12:20:10 +00:00
Michael Kaufmann (d00p)	a86140cec0	- set version to 0.9.13.1 (support-ticket-system bugfix)	2010-10-01 06:10:45 +00:00
Michael Kaufmann (d00p)	1f9caedc16	- fix postfix main.cf for FreeBSD, fixes #420	2010-10-01 05:13:31 +00:00
Michael Kaufmann (d00p)	dc6034796a	- fix regex if reply-to header is present in autoresponder, fixes #423	2010-10-01 05:10:01 +00:00
Michael Kaufmann (d00p)	be8d38b478	- fix require for htmlpurifier, thx to Timo for the hint	2010-09-30 12:53:34 +00:00
Michael Kaufmann (d00p)	d3cd83eb93	- add possibility to specify php.ini for Froxlor-Vhost (if enabled), fixes #414	2010-09-28 09:21:13 +00:00
Michael Kaufmann (d00p)	984849d2c8	- set correct default langauge for main-admin after installation	2010-09-27 10:37:02 +00:00
Michael Kaufmann (d00p)	bc82c8fead	- preselect panel language instead of admin-language when adding a new customer	2010-09-27 09:53:12 +00:00
Michael Kaufmann (d00p)	3b9f580bac	- set version to 0.9.13 for upcoming release	2010-09-27 07:06:00 +00:00
Michael Kaufmann (d00p)	84d9212582	- fix deletion of old php-fcgi-starter (again), refs #367	2010-09-27 06:38:42 +00:00
Michael Kaufmann (d00p)	9c7142817d	- fix check for mysql-result in installation (backup of old database part), thx Lantizia	2010-09-26 17:25:48 +00:00
Michael Kaufmann (d00p)	1217483894	- remove old 22_* vhost config files too, fixes #415	2010-09-24 17:16:33 +00:00
Michael Kaufmann (d00p)	71d592e38b	- secure ticket-system with HTML-Purifier	2010-09-23 07:45:04 +00:00
Michael Kaufmann (d00p)	59b7ced862	- remove bad html-tags in ticket-subject and -message, thx to Edward Fjellskaal	2010-09-23 06:08:23 +00:00
Michael Kaufmann (d00p)	29d54671d3	- added limitation for autoresponder, fixes #377 refs #377	2010-09-20 07:56:32 +00:00
Michael Kaufmann (d00p)	7676acf1f2	- go back as many pages as we have security-questions in admin_domains.php, so we always return to the main form, fixes #332 refs #332	2010-09-20 06:07:54 +00:00
Michael Kaufmann (d00p)	ca44db25a0	- don't use loginname for chowning when not in fcgid-mode (pureftp-quota-calculation), fixes #407	2010-09-17 17:54:22 +00:00
Michael Kaufmann (d00p)	8c5f5ba629	- check for magic_quotes_runtime in installation and init-script (for updaters) because of strange behavior of Froxlor if enabled (deactivating it temporarily if so, but better fix php.ini)	2010-09-17 10:33:58 +00:00
Michael Kaufmann (d00p)	ef97f63b73	- only show redirect-info on "path"-field for domain-pages, not for path-options pages, fixes #408 refs #408	2010-09-17 05:16:06 +00:00
Michael Kaufmann (d00p)	b103d719ea	- add missing comma	2010-09-16 12:00:48 +00:00
Michael Kaufmann (d00p)	ad0828df12	- implemented sender address restriction for postfix, fixes #379 refs #379	2010-09-13 06:11:25 +00:00
Michael Kaufmann (d00p)	719fac7f88	- pass month/year parameter to awstats, fixes #240 refs #240	2010-09-13 06:07:39 +00:00
Michael Kaufmann (d00p)	b1b2eec21f	- fix Ubuntu Lucid dovecot-configuration-templates, fixes #401 refs #401	2010-09-13 05:50:10 +00:00
Michael Kaufmann (d00p)	6169328647	- removed old 'cmusieve' plugin, refs #401	2010-09-07 12:00:00 +00:00
Michael Kaufmann (d00p)	fbd93b879c	- Don't let the autoresponder answer to autoresponded-answers, fixes #399	2010-09-07 10:56:58 +00:00
Michael Kaufmann (d00p)	af43ccf37e	- only create folder for active stats-programm, fixes #370	2010-09-07 10:49:29 +00:00
Michael Kaufmann (d00p)	e356957592	- added yes/no to decide whether to store the default index-file to a new customers docroot or not, fixes #369	2010-09-07 10:46:50 +00:00
Michael Kaufmann (d00p)	1fee5d7242	- Allow CGI in APS-packages as we can handle that now, fixes #404	2010-09-07 10:36:58 +00:00
Florian Aders (EleRas)	3e55073188	Updated italian languagefile, thx to Emilien	2010-09-05 07:57:42 +00:00
Michael Kaufmann (d00p)	fb66ed078a	- fix sql-query in admin_customers, fixes #397	2010-08-29 15:42:41 +00:00
Michael Kaufmann (d00p)	d4f93f07ee	- only display domains owned by the current admin or customer_see_all = true, refs #394	2010-08-27 06:08:52 +00:00
Michael Kaufmann (d00p)	6e3bc87302	- removed customer-id limitations in domains-edit, fixes #394 - added permission-check to cron-init script if mod_fcgid_ownvhost is enabled	2010-08-27 05:53:25 +00:00
Michael Kaufmann (d00p)	28f525fb5c	- don't show regular expression on password-complexity-error, fixes #392	2010-08-24 12:34:22 +00:00
Michael Kaufmann (d00p)	def6a7c051	- fix html linebreaks in autoresponder	2010-08-24 11:05:27 +00:00