Index: branches/5.3.x/core/kernel/globals.php
===================================================================
diff -u -N -r15677 -r15902
--- branches/5.3.x/core/kernel/globals.php	(.../globals.php)	(revision 15677)
+++ branches/5.3.x/core/kernel/globals.php	(.../globals.php)	(revision 15902)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: globals.php 15677 2013-01-17 18:52:50Z alex $
+* @version	$Id: globals.php 15902 2013-07-12 15:37:15Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -21,6 +21,38 @@
 	const POUND_TO_KG = 0.45359237;
 
 	/**
+	 * Escape text as HTML.
+	 *
+	 * @see escape
+	 */
+	const ESCAPE_HTML = 'html';
+
+	/**
+	 * Escape text as JavaScript.
+	 *
+	 * @see escape
+	 */
+	const ESCAPE_JS = 'js';
+
+	/**
+	 * Escape text as Url.
+	 */
+	const ESCAPE_URL = 'url';
+
+	/**
+	 * Don't escape anything.
+	 */
+	const ESCAPE_RAW = 'raw';
+
+	/**
+	 * Current escape strategy.
+	 *
+	 * @var string
+	 * @see escape
+	 */
+	public static $escapeStrategy = self::ESCAPE_HTML;
+
+	/**
 	 * Similar to array_merge_recursive but keyed-valued are always overwritten.
 	 * Priority goes to the 2nd array.
 	 *
@@ -570,8 +602,13 @@
 	 */
 	public static function mimeContentType($file)
 	{
-		$ret = '';
+		$ret = self::vendorMimeContentType($file);
 
+		if ( $ret ) {
+			// vendor-specific mime types override any automatic detection
+			return $ret;
+		}
+
 		if ( function_exists('finfo_open') && function_exists('finfo_file') ) {
 			$mime_magic_resource = finfo_open(FILEINFO_MIME_TYPE);
 
@@ -588,6 +625,41 @@
  	}
 
 	/**
+	 * Determines vendor-specific mime type from a given file
+	 *
+	 * @param string $file
+	 * @return bool
+	 * @access public
+	 * @static
+	 */
+	public static function vendorMimeContentType($file)
+	{
+		$file_extension = mb_strtolower(pathinfo(self::removeTempExtension($file), PATHINFO_EXTENSION));
+
+		$mapping = Array (
+			'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+			'dotx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.template',
+			'docm' => 'application/vnd.ms-word.document.macroEnabled.12',
+			'dotm' => 'application/vnd.ms-word.template.macroEnabled.12',
+			'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+			'xltx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.template',
+			'xlsm' => 'application/vnd.ms-excel.sheet.macroEnabled.12',
+			'xltm' => 'application/vnd.ms-excel.template.macroEnabled.12',
+			'xlam' => 'application/vnd.ms-excel.addin.macroEnabled.12',
+			'xlsb' => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12',
+			'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
+			'potx' => 'application/vnd.openxmlformats-officedocument.presentationml.template',
+			'ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml.slideshow',
+			'ppam' => 'application/vnd.ms-powerpoint.addin.macroEnabled.12',
+			'pptm' => 'application/vnd.ms-powerpoint.presentation.macroEnabled.12',
+			'potm' => 'application/vnd.ms-powerpoint.template.macroEnabled.12',
+			'ppsm' => 'application/vnd.ms-powerpoint.slideshow.macroEnabled.12'
+		);
+
+		return isset($mapping[$file_extension]) ? $mapping[$file_extension] : false;
+	}
+
+	/**
 	 * Detects mime type of the file purely based on it's extension
 	 *
 	 * @param string $file
@@ -596,7 +668,7 @@
 	 */
 	public static function mimeContentTypeByExtension($file)
 	{
-		$file_extension = mb_strtolower( pathinfo($file, PATHINFO_EXTENSION) );
+		$file_extension = mb_strtolower(pathinfo(self::removeTempExtension($file), PATHINFO_EXTENSION));
 
 		$mapping = '(xls:application/excel)(hqx:application/macbinhex40)(doc,dot,wrd:application/msword)(pdf:application/pdf)
 					(pgp:application/pgp)(ps,eps,ai:application/postscript)(ppt:application/powerpoint)(rtf:application/rtf)
@@ -622,6 +694,19 @@
 	}
 
 	/**
+	 * Strips ".tmp" suffix (added by flash uploader) from a filename
+	 *
+	 * @param string $file
+	 * @return string
+	 * @access public
+	 * @static
+	 */
+	public static function removeTempExtension($file)
+	{
+		return preg_replace('/(_[\d]+)?\.tmp$/', '', $file);
+	}
+
+	/**
 	 * Return param value and removes it from params array
 	 *
 	 * @param string $name
@@ -688,7 +773,7 @@
 	{
 		if ( version_compare(PHP_VERSION, '5.3.0', '<') ) {
 			$date = new DateTime('@' . $timestamp);
-			$date->setTimezone(new DateTimeZone(getenv('TZ')));
+			$date->setTimezone(new DateTimeZone(date_default_timezone_get()));
 		}
 		else {
 			$date = new DateTime();
@@ -754,6 +839,66 @@
 		set_time_limit(isset($time_limit) ? $time_limit : 0);
 		ini_set('memory_limit', isset($memory_limit) ? $memory_limit : -1);
 	}
+
+	/**
+	 * Escapes a string.
+	 *
+	 * @param string $text     Text to escape.
+	 * @param string $strategy Escape strategy.
+	 *
+	 * @return string
+	 * @throws InvalidArgumentException When unknown escape strategy is given.
+	 */
+	public static function escape($text, $strategy = null)
+	{
+		if ( !isset($strategy) ) {
+			$strategy = self::$escapeStrategy;
+		}
+
+		if ( strpos($strategy, '+') !== false ) {
+			$previous_strategy = '';
+			$strategies = explode('+', $strategy);
+
+			foreach ($strategies as $current_strategy) {
+				// apply default strategy
+				if ( $current_strategy == '' ) {
+					$current_strategy = self::$escapeStrategy;
+				}
+
+				// don't double-escape
+				if ( $current_strategy != $previous_strategy ) {
+					$text = self::escape($text, $current_strategy);
+					$previous_strategy = $current_strategy;
+				}
+			}
+
+			return $text;
+		}
+
+		if ( $strategy == self::ESCAPE_HTML ) {
+			return htmlspecialchars($text, ENT_QUOTES, CHARSET);
+		}
+
+		if ( $strategy == self::ESCAPE_JS ) {
+			// TODO: consider using "addcslashes", because "addslashes" isn't really for JavaScript escaping (according to docs)
+			$text = addslashes($text);
+			$text = str_replace(array("\r", "\n"), array('\r', '\n'), $text);
+			$text = str_replace('</script>', "</'+'script>", $text);
+
+			return $text;
+		}
+
+		if ( $strategy == self::ESCAPE_URL ) {
+			return rawurlencode($text);
+		}
+
+		if ( $strategy == self::ESCAPE_RAW ) {
+			return $text;
+		}
+
+		throw new InvalidArgumentException(sprintf('Unknown escape strategy "%s"', $strategy));
+	}
+
 }
 
 /**