banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
bnet/additions
master
release-1.4
release-1.3
release-1.2
release-1.1
dev/push
release-1.0
dev-fontawesome
dev-zenmode
release-0.9
release-0.8
release-0.7
release-0.6
release-2020-06-30-13-12
1.3.13
1.4.6
1.3.12
1.4.5
1.4.4
1.3.11
1.2.10
1.4.3
1.4.2
1.4.1
1.4.0
1.4-rc2
1.3.10
1.3.9
1.4-rc1
1.3.8
1.4-beta
1.3.7
1.2.9
1.1.12
1.1.11
1.2.8
1.3.6
1.3.5
1.3.4
1.3.3
1.2.7
1.1.10
1.0.12
1.3.2
1.2.6
1.3.1
1.3.0
1.0.11
1.1.9
1.2.5
1.3-rc
1.0.10
1.1.8
1.2.4
1.3-beta
1.1.7
1.2.3
1.1.6
1.2.2
1.2.1
1.2.0
1.0.9
1.1.5
1.2-rc
1.1.2
1.0.6
v0.9.5
v0.8.7
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
0.7.4
v0.7.4
0.8.6
v0.8.6
0.9-rc2
v0.9-rc2
v0.9-rc
v0.8.5
v0.9-beta
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.7.3
v0.8.0
v0.8-rc
v0.7.2
v0.8-beta
v0.7.1
v0.7
v0.7-beta2
v0.7-beta1
v0.6
v0.6-rc
v0.6-beta
v0.5.4
v0.5.4@5065
v0.5.4@5062
v0.5.3
v0.5.3@4832
v0.5.2
v0.5.2@4679
v0.5.1
v0.5.1@4518
v0.5
v0.5@4408
v0.5-rc
v0.5-rc@4349
v0.5-beta
v0.5-beta@4347
v0.4.2
v0.4.2@4050
v0.4.1
v0.4.1@4045
v0.4-beta
v0.4-beta@3548
v0.3.1
v0.3.1@3081
v0.3-stable
v0.3-stable@2921
v0.3-rc1
v0.3-beta
v0.3-beta@2799
v0.2.2
v0.2.2@2495
v0.2.1
v0.2.1@2348
v0.2.2@2481
v0.2-stable
v0.2-stable@2204
v0.2-beta
v0.2-beta@1878
v0.2-beta@1877
v0.2-alpha
v0.2-alpha@1499
v0.1.1
v0.1.1@1258
v0.1-stable
v0.1-stable@1183
v0.1-rc2
v0.1-rc2@900
v0.1-rc1
v0.1-rc1@582
v0.1-beta2
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.7
1.0.8
1.1-beta
1.1-rc
1.1.0
1.1.1
1.1.3
1.1.4
1.2-beta
v1.0-beta
v1.0-rc
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '279ae66120'
${ noResults }
roundcubemail/index.php

328 lines
12 KiB
PHTML
Raw Normal View History Unescape Escape

Initial revision
19 years ago
<?php
CS fixes
9 years ago
/**
-fixed disclaimer
16 years ago
+-------------------------------------------------------------------------+
- s/RoundCube/Roundcube/
14 years ago
| Roundcube Webmail IMAP Client |
Master is 1.5-git now
5 years ago
| Version 1.5-git |
-fixed disclaimer
16 years ago
| |
Remove year(s) from copyright headers + some cleanup
5 years ago
| Copyright (C) The Roundcube Dev Team |
-fixed disclaimer
16 years ago
| |
Changed license to GNU GPLv3+ with exceptions for skins and plugins
13 years ago
| This program is free software: you can redistribute it and/or modify |
| it under the terms of the GNU General Public License (with exceptions |
| for skins & plugins) as published by the Free Software Foundation, |
| either version 3 of the License, or (at your option) any later version. |
| |
| This file forms part of the Roundcube Webmail Software for which the |
| following exception is added: Plugins and Skins which merely make |
| function calls to the Roundcube Webmail Software, and for that purpose |
| include it by reference shall not be considered modifications of |
| the software. |
| |
| If you wish to use this file in another project or create a modified |
| version that will not be part of the Roundcube Webmail Software, you |
| may remove the exception above and use this source code under the |
| original version of the license. |
-fixed disclaimer
16 years ago
| |
| This program is distributed in the hope that it will be useful, |
| but WITHOUT ANY WARRANTY; without even the implied warranty of |
Changed license to GNU GPLv3+ with exceptions for skins and plugins
13 years ago
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
-fixed disclaimer
16 years ago
| GNU General Public License for more details. |
| |
Changed license to GNU GPLv3+ with exceptions for skins and plugins
13 years ago
| You should have received a copy of the GNU General Public License |
| along with this program. If not, see http://www.gnu.org/licenses/. |
-fixed disclaimer
16 years ago
| |
+-------------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
CS fixes
11 years ago
| Author: Aleksander Machniak <alec@alec.pl> |
-fixed disclaimer
16 years ago
+-------------------------------------------------------------------------+
Initial revision
19 years ago
*/
Changed codebase to PHP5 with autoloader + added some new classes from the devel-vnext branch
16 years ago
// include environment
require_once 'program/include/iniset.php';
Optimized loading time; added periodic mail check; added EXPUNGE command
19 years ago
- Fix imap_init hook broken in r3258 (#1486493)
14 years ago
// init application, start session, init output class, etc.
PHP7: Fixed some E_WARNING errors that previously were E_STRICT
9 years ago
$RCMAIL = rcmail::get_instance(0, $GLOBALS['env']);
More code cleanup
16 years ago
- Make the whole PHP output non-cacheable (#1487797)
13 years ago
// Make the whole PHP output non-cacheable (#1487797)
- Merge devel-framework branch, resolved conflicts
12 years ago
$RCMAIL->output->nocacheing_headers();
Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385) Added 'common_headers' hook
6 years ago
$RCMAIL->output->common_headers(!empty($_SESSION['user_id']));
- Make the whole PHP output non-cacheable (#1487797)
13 years ago
- get rid of some hardcoded action names and move decission about output compression to the user
15 years ago
// turn on output buffering
ob_start();
Little improvements for message parsing and encoding
18 years ago
Show appropriate error message if config files are missing
16 years ago
// check if config files had errors
if ($err_str = $RCMAIL->config->get_error()) {
CS fixes
11 years ago
rcmail::raise_error(array(
'code' => 601,
'type' => 'php',
'message' => $err_str), false, true);
Show appropriate error message if config files are missing
16 years ago
}
Improved error handling in DB connection failure
18 years ago
// check DB connections and exit on failure
Merged devel-framework branch (r5746:5779) back into trunk
13 years ago
if ($err_str = $RCMAIL->db->is_error()) {
CS fixes
11 years ago
rcmail::raise_error(array(
'code' => 603,
'type' => 'db',
CS fixes
9 years ago
'message' => $err_str), false, true);
Merged branch devel-addressbook from r443 back to trunk
17 years ago
}
Improved error handling in DB connection failure
18 years ago
Initial revision
19 years ago
// error steps
- Merge devel-framework branch, resolved conflicts
12 years ago
if ($RCMAIL->action == 'error' && !empty($_GET['_code'])) {
CS fixes
9 years ago
rcmail::raise_error(array('code' => hexdec($_GET['_code'])), false, true);
Changed codebase to PHP5 with autoloader + added some new classes from the devel-vnext branch
16 years ago
}
Initial revision
19 years ago
Revert r3038 and allow to specify the port as value of force_https
15 years ago
// check if https is required (for login) and redirect if necessary
if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
Support hostname and hostname:port in force_https option (#5511)
8 years ago
// force_https can be true, <hostname>, <hostname>:<port>, <port>
if (!is_bool($force_https)) {
list($host, $port) = explode(':', $force_https);
CS fixes
11 years ago
Support hostname and hostname:port in force_https option (#5511)
8 years ago
if (is_numeric($host) && empty($port)) {
$port = $host;
$host = '';
}
}
if (!rcube_utils::https_check($port ?: 443)) {
if (empty($host)) {
$host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
}
if ($port && $port != 443) {
$host .= ':' . $port;
}
CS fixes
11 years ago
header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
exit;
}
Revert r3038 and allow to specify the port as value of force_https
15 years ago
}
Merged branch devel-api (from r2208 to r2387) back into trunk (omitting some sample plugins)
15 years ago
// trigger startup plugin hook
$startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));
$RCMAIL->set_task($startup['task']);
$RCMAIL->action = $startup['action'];
Initial revision
19 years ago
// try to log in
- Fix setting task name according to auth state. So, any action before user is authenticated is assigned to 'login' task instead of 'mail'. Now binding plugins to 'login' task is possible and realy usefull. It's also possible to bind to all tasks excluding 'login'.
14 years ago
if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
Improve system security by using optional special URL with security token Allows to define separate server/path for image/js/css files Fix bugs where CSRF attacks were still possible on some requests
10 years ago
$request_valid = $_SESSION['temp'] && $RCMAIL->check_request();
Changed 'password_charset' default to 'UTF-8' (#6522)
6 years ago
$pass_charset = $RCMAIL->config->get('password_charset', 'UTF-8');
Merged branch devel-api (from r2208 to r2387) back into trunk (omitting some sample plugins)
15 years ago
Improve system security by using optional special URL with security token Allows to define separate server/path for image/js/css files Fix bugs where CSRF attacks were still possible on some requests
10 years ago
// purge the session in case of new login when a session already exists
Fix CSRF bypass that could be used to log out an authenticated user (#7302)
4 years ago
if ($request_valid) {
$RCMAIL->kill_session();
}
Add option to log successful logins.
16 years ago
CS fixes
11 years ago
$auth = $RCMAIL->plugins->exec_hook('authenticate', array(
CS fixes
8 years ago
'host' => $RCMAIL->autoselect_host(),
'user' => trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)),
'pass' => rcube_utils::get_input_value('_pass', rcube_utils::INPUT_POST, true, $pass_charset),
'valid' => $request_valid,
'cookiecheck' => true,
CS fixes
11 years ago
));
// Login
if ($auth['valid'] && !$auth['abort']
&& $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck'])
) {
// create new session ID, don't destroy the current session
// it was destroyed already by $RCMAIL->kill_session() above
$RCMAIL->session->remove('temp');
$RCMAIL->session->regenerate_id(false);
// send auth cookie if necessary
$RCMAIL->session->set_auth_cookie();
// log successful login
$RCMAIL->log_login();
// restore original request parameters
$query = array();
if ($url = rcube_utils::get_input_value('_url', rcube_utils::INPUT_POST)) {
parse_str($url, $query);
// prevent endless looping on login page
if ($query['_task'] == 'login') {
unset($query['_task']);
}
// prevent redirect to compose with specified ID (#1488226)
if ($query['_action'] == 'compose' && !empty($query['_id'])) {
Fix error when using back button after sending an email (#1490009)
9 years ago
$query = array('_action' => 'compose');
CS fixes
11 years ago
}
}
// allow plugins to control the redirect url after login success
$redir = $RCMAIL->plugins->exec_hook('login_after', $query + array('_task' => 'mail'));
unset($redir['abort'], $redir['_err']);
// send redirect
Improve system security by using optional special URL with security token Allows to define separate server/path for image/js/css files Fix bugs where CSRF attacks were still possible on some requests
10 years ago
$OUTPUT->redirect($redir, 0, true);
Show explicit error message when provided hostname is invalid (#1488550)
12 years ago
}
else {
CS fixes
11 years ago
if (!$auth['valid']) {
CS fixes
8 years ago
$error_code = rcmail::ERROR_INVALID_REQUEST;
CS fixes
11 years ago
}
else {
Display custom error messages from plugins hooks (as documented in the API spec)
10 years ago
$error_code = is_numeric($auth['error']) ? $auth['error'] : $RCMAIL->login_error();
CS fixes
11 years ago
}
Show explicit error message when provided hostname is invalid (#1488550)
12 years ago
CS fixes
11 years ago
$error_labels = array(
CS fixes
8 years ago
rcmail::ERROR_STORAGE => 'storageerror',
rcmail::ERROR_COOKIES_DISABLED => 'cookiesdisabled',
rcmail::ERROR_INVALID_REQUEST => 'invalidrequest',
rcmail::ERROR_INVALID_HOST => 'invalidhost',
rcmail::ERROR_RATE_LIMIT => 'accountlocked',
CS fixes
11 years ago
);
Show explicit error message when provided hostname is invalid (#1488550)
12 years ago
Fix login error message display broken in b51de327
10 years ago
$error_message = !empty($auth['error']) && !is_numeric($auth['error']) ? $auth['error'] : ($error_labels[$error_code] ?: 'loginfailed');
- Handle situation when $IMAP object isn't initialized on log in
14 years ago
CS fixes
11 years ago
$OUTPUT->show_message($error_message, 'warning');
Log also failed logins to userlogins log
11 years ago
CS fixes
11 years ago
// log failed login
$RCMAIL->log_login($auth['user'], true, $error_code);
$RCMAIL->plugins->exec_hook('login_failed', array(
'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user']));
Fix CSRF bypass that could be used to log out an authenticated user (#7302)
4 years ago
if (!isset($_SESSION['user_id'])) {
$RCMAIL->kill_session();
}
CS fixes
11 years ago
}
Merged branch devel-addressbook from r443 back to trunk
17 years ago
}
Initial revision
19 years ago
Improve system security by using optional special URL with security token Allows to define separate server/path for image/js/css files Fix bugs where CSRF attacks were still possible on some requests
10 years ago
// end session
else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])) {
Fix CSRF bypass that could be used to log out an authenticated user (#7302)
4 years ago
$RCMAIL->request_security_check(rcube_utils::INPUT_GET | rcube_utils::INPUT_POST);
Improve system security by using optional special URL with security token Allows to define separate server/path for image/js/css files Fix bugs where CSRF attacks were still possible on some requests
10 years ago
CS fixes
11 years ago
$userdata = array(
'user' => $_SESSION['username'],
'host' => $_SESSION['storage_host'],
'lang' => $RCMAIL->user->language,
);
$OUTPUT->show_message('loggedout');
$RCMAIL->logout_actions();
$RCMAIL->kill_session();
$RCMAIL->plugins->exec_hook('logout_after', $userdata);
Merged branch devel-addressbook from r443 back to trunk
17 years ago
}
Initial revision
19 years ago
Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
18 years ago
// check session and auth cookie
Remove obsolete code that disables session check on 'send' action
10 years ago
else if ($RCMAIL->task != 'login' && $_SESSION['user_id']) {
CS fixes
11 years ago
if (!$RCMAIL->session->check_auth()) {
$RCMAIL->kill_session();
Added cookie mismatch detection, display an error message informing the user to clear cookies
5 years ago
$session_error = 'sessionerror';
CS fixes
11 years ago
}
Merged branch devel-addressbook from r443 back to trunk
17 years ago
}
Initial revision
19 years ago
// not logged in -> show login page
Next step: introduce the application class 'rcmail' and get rid of some global vars
16 years ago
if (empty($RCMAIL->user->ID)) {
Added cookie mismatch detection, display an error message informing the user to clear cookies
5 years ago
if ($session_error || $_REQUEST['_err'] === 'session' || ($session_error = $RCMAIL->session_error())) {
$OUTPUT->show_message($session_error ?: 'sessionerror', 'error', null, true, -1);
Prevent from "Call to undefined method rcmail_output_json::add_footer()" error
10 years ago
}
Warn for unsent/unsaved message when closing compose window; remove localStorage copy if page was left intentionally but not on session errors (#1489818)
10 years ago
if ($OUTPUT->ajax_call || $OUTPUT->get_env('framed')) {
Prevent from "Call to undefined method rcmail_output_json::add_footer()" error
10 years ago
$OUTPUT->command('session_error', $RCMAIL->url(array('_err' => 'session')));
$OUTPUT->send('iframe');
}
CS fixes
11 years ago
// check if installer is still active
if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
Add id attribute to the installer warning
6 years ago
$OUTPUT->add_footer(html::div(array('id' => 'login-addon', 'style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
CS fixes
11 years ago
html::tag('h2', array('style' => "margin-top:0.2em"), "Installer script is still accessible") .
html::p(null, "The install script of your Roundcube installation is still stored in its default location!") .
Fix typo
8 years ago
html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because
CS fixes
11 years ago
these files may expose sensitive configuration data like server passwords and encryption keys
to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.")
));
}
Plugin API: Add possibility to specify HTTP return code via 'unauthenticated' hook
6 years ago
$plugin = $RCMAIL->plugins->exec_hook('unauthenticated', array(
'task' => 'login',
'error' => $session_error,
Fix so 401 error is returned only on failed logon requests (#7010)
5 years ago
// Return 401 only on failed logins (#7010)
'http_code' => empty($session_error) && !empty($error_message) ? 401 : 200
Plugin API: Add possibility to specify HTTP return code via 'unauthenticated' hook
6 years ago
));
- Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023)
14 years ago
CS fixes
11 years ago
$RCMAIL->set_task($plugin['task']);
Plugin API: Add 'unauthenticated' hook (#1488138)
12 years ago
Plugin API: Add possibility to specify HTTP return code via 'unauthenticated' hook
6 years ago
if ($plugin['http_code'] == 401) {
Return "401 Unauthorized" status when login fails (#5663)
7 years ago
header('HTTP/1.0 401 Unauthorized');
}
CS fixes
11 years ago
$OUTPUT->send($plugin['task']);
Merged branch devel-addressbook from r443 back to trunk
17 years ago
}
- Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023)
14 years ago
else {
Improve system security by using optional special URL with security token Allows to define separate server/path for image/js/css files Fix bugs where CSRF attacks were still possible on some requests
10 years ago
// CSRF prevention
$RCMAIL->request_security_check();
Add option (disabled_actions) to disable UI elements/actions (#1489638)
10 years ago
// check access to disabled actions
$disabled_actions = (array) $RCMAIL->config->get('disabled_actions');
if (in_array($RCMAIL->task . '.' . ($RCMAIL->action ?: 'index'), $disabled_actions)) {
rcube::raise_error(array(
Fix so "Action disabled" error uses more appropriate 404 code (#5440)
8 years ago
'code' => 404, 'type' => 'php',
Add option (disabled_actions) to disable UI elements/actions (#1489638)
10 years ago
'message' => "Action disabled"), true, true);
}
- Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023)
14 years ago
}
Initial revision
19 years ago
- Plugin API: added 'ready' hook (#1488073)
13 years ago
// we're ready, user is authenticated and the request is safe
$plugin = $RCMAIL->plugins->exec_hook('ready', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));
$RCMAIL->set_task($plugin['task']);
$RCMAIL->action = $plugin['action'];
- Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023)
14 years ago
// handle special actions
Moved code block to a more appropriate position + codestyle
16 years ago
if ($RCMAIL->action == 'keep-alive') {
CS fixes
11 years ago
$OUTPUT->reset();
$RCMAIL->plugins->exec_hook('keep_alive', array());
$OUTPUT->send();
Moved code block to a more appropriate position + codestyle
16 years ago
}
- Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023)
14 years ago
else if ($RCMAIL->action == 'save-pref') {
CS fixes
11 years ago
include INSTALL_PATH . 'program/steps/utils/save_pref.inc';
- Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023)
14 years ago
}
Re-design of caching (new database table added\!); some bugfixes; Postgres support
19 years ago
Initial revision
19 years ago
Simplify step inclusion in controller (index.php)
16 years ago
// include task specific functions
CS fixes
11 years ago
if (is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/func.inc')) {
include_once $incfile;
}
Simplify step inclusion in controller (index.php)
16 years ago
// allow 5 "redirects" to another action
Remove unused variable
7 years ago
$redirects = 0;
Simplify step inclusion in controller (index.php)
16 years ago
while ($redirects < 5) {
CS fixes
11 years ago
// execute a plugin action
Give precedence to plugin.* actions over custom tasks registered by plugins
10 years ago
if (preg_match('/^plugin\./', $RCMAIL->action)) {
$RCMAIL->plugins->exec_action($RCMAIL->action);
CS fixes
11 years ago
break;
}
Give precedence to plugin.* actions over custom tasks registered by plugins
10 years ago
// execute action registered to a plugin task
else if ($RCMAIL->plugins->is_plugin_task($RCMAIL->task)) {
if (!$RCMAIL->action) $RCMAIL->action = 'index';
$RCMAIL->plugins->exec_action($RCMAIL->task.'.'.$RCMAIL->action);
CS fixes
11 years ago
break;
}
// try to include the step file
else if (($stepfile = $RCMAIL->get_action_file())
&& is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/'.$stepfile)
) {
// include action file only once (in case it don't exit)
include_once $incfile;
$redirects++;
}
else {
break;
}
Merged branch devel-addressbook from r443 back to trunk
17 years ago
}
Initial revision
19 years ago
Plugin API: Add 'refresh' hook
12 years ago
if ($RCMAIL->action == 'refresh') {
CS fixes
11 years ago
$RCMAIL->plugins->exec_hook('refresh', array('last' => intval(rcube_utils::get_input_value('_last', rcube_utils::INPUT_GPC))));
Plugin API: Add 'refresh' hook
12 years ago
}
Initial revision
19 years ago
Simplify step inclusion in controller (index.php)
16 years ago
// parse main template (default)
Next step: introduce the application class 'rcmail' and get rid of some global vars
16 years ago
$OUTPUT->send($RCMAIL->task);
Fix for URL injection vulnerability (Bug #1307966)
19 years ago
// if we arrive here, something went wrong
- Framework refactoring (I hope it's the last one): rcube,rcmail,rcube_ui -> rcube,rcmail,rcube_utils renamed main.inc into rcube_bc.inc
12 years ago
rcmail::raise_error(array(
CS fixes
11 years ago
'code' => 404,
'type' => 'php',
'line' => __LINE__,
'file' => __FILE__,
'message' => "Invalid request"), true, true);