banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

CS fixes

Browse Source
pull/160/head
Aleksander Machniak 11 years ago
parent d575e46067
commit 0301d9347f
8 changed files with 1064 additions and 1047 deletions
Show Stats Download Patch File Download Diff File

39
index.php
Unescape Escape View File

@ -32,6 +32,7 @@
| | | |
+-------------------------------------------------------------------------+ +-------------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> | | Author: Thomas Bruederli <roundcube@gmail.com> |
| Author: Aleksander Machniak <alec@alec.pl> |
+-------------------------------------------------------------------------+ +-------------------------------------------------------------------------+
*/ */
@ -71,9 +72,11 @@ if ($RCMAIL->action == 'error' && !empty($_GET['_code'])) {
// check if https is required (for login) and redirect if necessary // check if https is required (for login) and redirect if necessary
if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) { if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
$https_port = is_bool($force_https) ? 443 : $force_https; $https_port = is_bool($force_https) ? 443 : $force_https;
if (!rcube_utils::https_check($https_port)) { if (!rcube_utils::https_check($https_port)) {
$host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']); $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
$host .= ($https_port != 443 ? ':' . $https_port : ''); $host .= ($https_port != 443 ? ':' . $https_port : '');
header('Location: https://' . $host . $_SERVER['REQUEST_URI']); header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
exit; exit;
} }
@ -101,8 +104,8 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
)); ));
// Login // Login
if ($auth['valid'] && !$auth['abort'] && if ($auth['valid'] && !$auth['abort']
$RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck']) && $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck'])
) { ) {
// create new session ID, don't destroy the current session // create new session ID, don't destroy the current session
// it was destroyed already by $RCMAIL->kill_session() above // it was destroyed already by $RCMAIL->kill_session() above
@ -121,13 +124,15 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
parse_str($url, $query); parse_str($url, $query);
// prevent endless looping on login page // prevent endless looping on login page
if ($query['_task'] == 'login') if ($query['_task'] == 'login') {
unset($query['_task']); unset($query['_task']);
}
// prevent redirect to compose with specified ID (#1488226) // prevent redirect to compose with specified ID (#1488226)
if ($query['_action'] == 'compose' && !empty($query['_id'])) if ($query['_action'] == 'compose' && !empty($query['_id'])) {
$query = array(); $query = array();
} }
}
// allow plugins to control the redirect url after login success // allow plugins to control the redirect url after login success
$redir = $RCMAIL->plugins->exec_hook('login_after', $query + array('_task' => 'mail')); $redir = $RCMAIL->plugins->exec_hook('login_after', $query + array('_task' => 'mail'));
@ -153,24 +158,30 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
$error_message = $error_labels[$error_code] ? $error_labels[$error_code] : 'loginfailed'; $error_message = $error_labels[$error_code] ? $error_labels[$error_code] : 'loginfailed';
$OUTPUT->show_message($error_message, 'warning');
// log failed login // log failed login
$RCMAIL->log_login($auth['user'], true, $error_code); $RCMAIL->log_login($auth['user'], true, $error_code);
$OUTPUT->show_message($error_message, 'warning');
$RCMAIL->plugins->exec_hook('login_failed', array( $RCMAIL->plugins->exec_hook('login_failed', array(
'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user'])); 'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user']));
$RCMAIL->kill_session(); $RCMAIL->kill_session();
} }
} }
// end session (after optional referer check) // end session (after optional referer check)
else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id']) && (!$RCMAIL->config->get('referer_check') || rcube_utils::check_referer())) { else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])
&& (!$RCMAIL->config->get('referer_check') || rcube_utils::check_referer())
) {
$userdata = array( $userdata = array(
'user' => $_SESSION['username'], 'user' => $_SESSION['username'],
'host' => $_SESSION['storage_host'], 'host' => $_SESSION['storage_host'],
'lang' => $RCMAIL->user->language, 'lang' => $RCMAIL->user->language,
); );
$OUTPUT->show_message('loggedout'); $OUTPUT->show_message('loggedout');
$RCMAIL->logout_actions(); $RCMAIL->logout_actions();
$RCMAIL->kill_session(); $RCMAIL->kill_session();
$RCMAIL->plugins->exec_hook('logout_after', $userdata); $RCMAIL->plugins->exec_hook('logout_after', $userdata);
@ -188,8 +199,11 @@ else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action !=
if (empty($RCMAIL->user->ID)) { if (empty($RCMAIL->user->ID)) {
// log session failures // log session failures
$task = rcube_utils::get_input_value('_task', rcube_utils::INPUT_GPC); $task = rcube_utils::get_input_value('_task', rcube_utils::INPUT_GPC);
if ($task && !in_array($task, array('login','logout')) && !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])) {
$RCMAIL->session->log("Aborted session " . $sess_id . "; no valid session data found"); if ($task && !in_array($task, array('login','logout'))
&& !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])
) {
$RCMAIL->session->log("Aborted session $sess_id; no valid session data found");
$session_error = true; $session_error = true;
} }
@ -201,8 +215,7 @@ if (empty($RCMAIL->user->ID)) {
html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because . html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because .
these files may expose sensitive configuration data like server passwords and encryption keys these files may expose sensitive configuration data like server passwords and encryption keys
to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.") to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.")
) ));
);
} }
if ($session_error || $_REQUEST['_err'] == 'session') { if ($session_error || $_REQUEST['_err'] == 'session') {
@ -217,6 +230,7 @@ if (empty($RCMAIL->user->ID)) {
$plugin = $RCMAIL->plugins->exec_hook('unauthenticated', array('task' => 'login', 'error' => $session_error)); $plugin = $RCMAIL->plugins->exec_hook('unauthenticated', array('task' => 'login', 'error' => $session_error));
$RCMAIL->set_task($plugin['task']); $RCMAIL->set_task($plugin['task']);
$OUTPUT->send($plugin['task']); $OUTPUT->send($plugin['task']);
} }
// CSRF prevention // CSRF prevention
@ -264,8 +278,9 @@ else if ($RCMAIL->action == 'save-pref') {
// include task specific functions // include task specific functions
if (is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/func.inc')) if (is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/func.inc')) {
include_once $incfile; include_once $incfile;
}
// allow 5 "redirects" to another action // allow 5 "redirects" to another action
$redirects = 0; $incstep = null; $redirects = 0; $incstep = null;
@ -300,7 +315,6 @@ if ($RCMAIL->action == 'refresh') {
// parse main template (default) // parse main template (default)
$OUTPUT->send($RCMAIL->task); $OUTPUT->send($RCMAIL->task);
// if we arrive here, something went wrong // if we arrive here, something went wrong
rcmail::raise_error(array( rcmail::raise_error(array(
'code' => 404, 'code' => 404,
@ -308,4 +322,3 @@ rcmail::raise_error(array(
'line' => __LINE__, 'line' => __LINE__,
'file' => __FILE__, 'file' => __FILE__,
'message' => "Invalid request"), true, true); 'message' => "Invalid request"), true, true);

1
program/include/iniset.php
Unescape Escape View File

@ -84,4 +84,3 @@ function rcmail_autoload($classname)
return false; return false;
} }

157
program/include/rcmail.php
Unescape Escape View File

@ -5,8 +5,8 @@
| program/include/rcmail.php | | program/include/rcmail.php |
| | | |
| This file is part of the Roundcube Webmail client | | This file is part of the Roundcube Webmail client |
| Copyright (C) 2008-2012, The Roundcube Dev Team | | Copyright (C) 2008-2013, The Roundcube Dev Team |
| Copyright (C) 2011-2012, Kolab Systems AG | | Copyright (C) 2011-2013, Kolab Systems AG |
| | | |
| Licensed under the GNU General Public License version 3 or | | Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. | | any later version with exceptions for skins & plugins. |
@ -21,7 +21,6 @@
+-----------------------------------------------------------------------+ +-----------------------------------------------------------------------+
*/ */
/** /**
* Application class of Roundcube Webmail * Application class of Roundcube Webmail
* implemented as singleton * implemented as singleton
@ -67,19 +66,20 @@ class rcmail extends rcube
* This implements the 'singleton' design pattern * This implements the 'singleton' design pattern
* *
* @param string Environment name to run (e.g. live, dev, test) * @param string Environment name to run (e.g. live, dev, test)
*
* @return rcmail The one and only instance * @return rcmail The one and only instance
*/ */
static function get_instance($env = '') static function get_instance($env = '')
{ {
if (!self::$instance || !is_a(self::$instance, 'rcmail')) { if (!self::$instance || !is_a(self::$instance, 'rcmail')) {
self::$instance = new rcmail($env); self::$instance = new rcmail($env);
self::$instance->startup(); // init AFTER object was linked with self::$instance // init AFTER object was linked with self::$instance
self::$instance->startup();
} }
return self::$instance; return self::$instance;
} }
/** /**
* Initial startup function * Initial startup function
* to register session, create database and imap connections * to register session, create database and imap connections
@ -89,8 +89,9 @@ class rcmail extends rcube
$this->init(self::INIT_WITH_DB | self::INIT_WITH_PLUGINS); $this->init(self::INIT_WITH_DB | self::INIT_WITH_PLUGINS);
// set filename if not index.php // set filename if not index.php
if (($basename = basename($_SERVER['SCRIPT_FILENAME'])) && $basename != 'index.php') if (($basename = basename($_SERVER['SCRIPT_FILENAME'])) && $basename != 'index.php') {
$this->filename = $basename; $this->filename = $basename;
}
// start session // start session
$this->session_init(); $this->session_init();
@ -107,8 +108,10 @@ class rcmail extends rcube
// we reset list page when switching to another task // we reset list page when switching to another task
// but only to the main task interface - empty action (#1489076) // but only to the main task interface - empty action (#1489076)
// this will prevent from unintentional page reset on cross-task requests // this will prevent from unintentional page reset on cross-task requests
if ($this->session && $_SESSION['task'] != $this->task && empty($this->action)) if ($this->session && $_SESSION['task'] != $this->task && empty($this->action)) {
$this->session->remove('page'); $this->session->remove('page');
}
// set current task to session // set current task to session
$_SESSION['task'] = $this->task; $_SESSION['task'] = $this->task;
} }
@ -121,10 +124,10 @@ class rcmail extends rcube
// load plugins // load plugins
$this->plugins->init($this, $this->task); $this->plugins->init($this, $this->task);
$this->plugins->load_plugins((array)$this->config->get('plugins', array()), array('filesystem_attachments', 'jqueryui')); $this->plugins->load_plugins((array)$this->config->get('plugins', array()),
array('filesystem_attachments', 'jqueryui'));
} }
/** /**
* Setter for application task * Setter for application task
* *
@ -142,10 +145,10 @@ class rcmail extends rcube
$this->task = $task; $this->task = $task;
$this->comm_path = $this->url(array('task' => $this->task)); $this->comm_path = $this->url(array('task' => $this->task));
if ($this->output) if ($this->output) {
$this->output->set_env('task', $this->task); $this->output->set_env('task', $this->task);
} }
}
/** /**
* Setter for system user object * Setter for system user object
@ -173,7 +176,6 @@ class rcmail extends rcube
} }
} }
/** /**
* Return instance of the internal address book class * Return instance of the internal address book class
* *
@ -200,7 +202,8 @@ class rcmail extends rcube
$contacts = $this->address_books[$id]; $contacts = $this->address_books[$id];
} }
else if ($id && $ldap_config[$id]) { else if ($id && $ldap_config[$id]) {
$contacts = new rcube_ldap($ldap_config[$id], $this->config->get('ldap_debug'), $this->config->mail_domain($_SESSION['storage_host'])); $domain = $this->config->mail_domain($_SESSION['storage_host']);
$contacts = new rcube_ldap($ldap_config[$id], $this->config->get('ldap_debug'), $domain);
} }
else if ($id === '0') { else if ($id === '0') {
$contacts = new rcube_contacts($this->db, $this->get_user_id()); $contacts = new rcube_contacts($this->db, $this->get_user_id());
@ -240,9 +243,11 @@ class rcmail extends rcube
} }
self::raise_error(array( self::raise_error(array(
'code' => 700, 'type' => 'php', 'code' => 700,
'file' => __FILE__, 'line' => __LINE__, 'file' => __FILE__,
'message' => "Addressbook source ($id) not found!"), 'line' => __LINE__,
'message' => "Addressbook source ($id) not found!"
),
true, true); true, true);
} }
@ -261,7 +266,6 @@ class rcmail extends rcube
return $contacts; return $contacts;
} }
/** /**
* Return identifier of the address book object * Return identifier of the address book object
* *
@ -278,7 +282,6 @@ class rcmail extends rcube
} }
} }
/** /**
* Return address books list * Return address books list
* *
@ -296,15 +299,17 @@ class rcmail extends rcube
// We are using the DB address book or a plugin address book // We are using the DB address book or a plugin address book
if (!empty($abook_type) && strtolower($abook_type) != 'ldap') { if (!empty($abook_type) && strtolower($abook_type) != 'ldap') {
if (!isset($this->address_books['0'])) if (!isset($this->address_books['0'])) {
$this->address_books['0'] = new rcube_contacts($this->db, $this->get_user_id()); $this->address_books['0'] = new rcube_contacts($this->db, $this->get_user_id());
}
$list['0'] = array( $list['0'] = array(
'id' => '0', 'id' => '0',
'name' => $this->gettext('personaladrbook'), 'name' => $this->gettext('personaladrbook'),
'groups' => $this->address_books['0']->groups, 'groups' => $this->address_books['0']->groups,
'readonly' => $this->address_books['0']->readonly, 'readonly' => $this->address_books['0']->readonly,
'autocomplete' => in_array('sql', $autocomplete),
'undelete' => $this->address_books['0']->undelete && $this->config->get('undo_timeout'), 'undelete' => $this->address_books['0']->undelete && $this->config->get('undo_timeout'),
'autocomplete' => in_array('sql', $autocomplete),
); );
} }
@ -314,6 +319,7 @@ class rcmail extends rcube
if (empty($prop) || !is_array($prop)) { if (empty($prop) || !is_array($prop)) {
continue; continue;
} }
$list[$id] = array( $list[$id] = array(
'id' => $id, 'id' => $id,
'name' => html::quote($prop['name']), 'name' => html::quote($prop['name']),
@ -352,6 +358,7 @@ class rcmail extends rcube
* *
* @param boolean True to sort the list alphabetically * @param boolean True to sort the list alphabetically
* @param boolean True if only this user's responses shall be listed * @param boolean True if only this user's responses shall be listed
*
* @return array List of the current user's stored responses * @return array List of the current user's stored responses
*/ */
public function get_compose_responses($sorted = false, $user_only = false) public function get_compose_responses($sorted = false, $user_only = false)
@ -360,18 +367,23 @@ class rcmail extends rcube
if (!$user_only) { if (!$user_only) {
foreach ($this->config->get('compose_responses_static', array()) as $response) { foreach ($this->config->get('compose_responses_static', array()) as $response) {
if (empty($response['key'])) if (empty($response['key'])) {
$response['key'] = substr(md5($response['name']), 0, 16); $response['key'] = substr(md5($response['name']), 0, 16);
}
$response['static'] = true; $response['static'] = true;
$response['class'] = 'readonly'; $response['class'] = 'readonly';
$k = $sorted ? '0000-' . strtolower($response['name']) : $response['key']; $k = $sorted ? '0000-' . strtolower($response['name']) : $response['key'];
$responses[$k] = $response; $responses[$k] = $response;
} }
} }
foreach ($this->config->get('compose_responses', array()) as $response) { foreach ($this->config->get('compose_responses', array()) as $response) {
if (empty($response['key'])) if (empty($response['key'])) {
$response['key'] = substr(md5($response['name']), 0, 16); $response['key'] = substr(md5($response['name']), 0, 16);
}
$k = $sorted ? strtolower($response['name']) : $response['key']; $k = $sorted ? strtolower($response['name']) : $response['key'];
$responses[$k] = $response; $responses[$k] = $response;
} }
@ -384,20 +396,21 @@ class rcmail extends rcube
return array_values($responses); return array_values($responses);
} }
/** /**
* Init output object for GUI and add common scripts. * Init output object for GUI and add common scripts.
* This will instantiate a rcmail_output_html object and set * This will instantiate a rcmail_output_html object and set
* environment vars according to the current session and configuration * environment vars according to the current session and configuration
* *
* @param boolean True if this request is loaded in a (i)frame * @param boolean True if this request is loaded in a (i)frame
*
* @return rcube_output Reference to HTML output object * @return rcube_output Reference to HTML output object
*/ */
public function load_gui($framed = false) public function load_gui($framed = false)
{ {
// init output page // init output page
if (!($this->output instanceof rcmail_output_html)) if (!($this->output instanceof rcmail_output_html)) {
$this->output = new rcmail_output_html($this->task, $framed); $this->output = new rcmail_output_html($this->task, $framed);
}
// set refresh interval // set refresh interval
$this->output->set_env('refresh_interval', $this->config->get('refresh_interval', 0)); $this->output->set_env('refresh_interval', $this->config->get('refresh_interval', 0));
@ -413,8 +426,9 @@ class rcmail extends rcube
$this->output->set_env('comm_path', $this->comm_path); $this->output->set_env('comm_path', $this->comm_path);
$this->output->set_charset(RCUBE_CHARSET); $this->output->set_charset(RCUBE_CHARSET);
if ($this->user && $this->user->ID) if ($this->user && $this->user->ID) {
$this->output->set_env('user_id', $this->user->get_hash()); $this->output->set_env('user_id', $this->user->get_hash());
}
// add some basic labels to client // add some basic labels to client
$this->output->add_label('loading', 'servererror', 'requesttimedout', 'refreshing'); $this->output->add_label('loading', 'servererror', 'requesttimedout', 'refreshing');
@ -422,7 +436,6 @@ class rcmail extends rcube
return $this->output; return $this->output;
} }
/** /**
* Create an output object for JSON responses * Create an output object for JSON responses
* *
@ -430,13 +443,13 @@ class rcmail extends rcube
*/ */
public function json_init() public function json_init()
{ {
if (!($this->output instanceof rcmail_output_json)) if (!($this->output instanceof rcmail_output_json)) {
$this->output = new rcmail_output_json($this->task); $this->output = new rcmail_output_json($this->task);
}
return $this->output; return $this->output;
} }
/** /**
* Create session object and start the session. * Create session object and start the session.
*/ */
@ -445,14 +458,15 @@ class rcmail extends rcube
parent::session_init(); parent::session_init();
// set initial session vars // set initial session vars
if (!$_SESSION['user_id']) if (!$_SESSION['user_id']) {
$_SESSION['temp'] = true; $_SESSION['temp'] = true;
}
// restore skin selection after logout // restore skin selection after logout
if ($_SESSION['temp'] && !empty($_SESSION['skin'])) if ($_SESSION['temp'] && !empty($_SESSION['skin'])) {
$this->config->set('skin', $_SESSION['skin']); $this->config->set('skin', $_SESSION['skin']);
} }
}
/** /**
* Perfom login to the mail server and to the webmail service. * Perfom login to the mail server and to the webmail service.
@ -480,20 +494,24 @@ class rcmail extends rcube
$config = $this->config->all(); $config = $this->config->all();
if (!$host) if (!$host) {
$host = $config['default_host']; $host = $config['default_host'];
}
// Validate that selected host is in the list of configured hosts // Validate that selected host is in the list of configured hosts
if (is_array($config['default_host'])) { if (is_array($config['default_host'])) {
$allowed = false; $allowed = false;
foreach ($config['default_host'] as $key => $host_allowed) { foreach ($config['default_host'] as $key => $host_allowed) {
if (!is_numeric($key)) if (!is_numeric($key)) {
$host_allowed = $key; $host_allowed = $key;
}
if ($host == $host_allowed) { if ($host == $host_allowed) {
$allowed = true; $allowed = true;
break; break;
} }
} }
if (!$allowed) { if (!$allowed) {
$host = null; $host = null;
} }
@ -512,6 +530,7 @@ class rcmail extends rcube
if ($a_host['host']) { if ($a_host['host']) {
$host = $a_host['host']; $host = $a_host['host'];
$ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? $a_host['scheme'] : null; $ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? $a_host['scheme'] : null;
if (!empty($a_host['port'])) if (!empty($a_host['port']))
$port = $a_host['port']; $port = $a_host['port'];
else if ($ssl && $ssl != 'tls' && (!$config['default_port'] || $config['default_port'] == 143)) else if ($ssl && $ssl != 'tls' && (!$config['default_port'] || $config['default_port'] == 143))
@ -591,18 +610,22 @@ class rcmail extends rcube
} }
else { else {
self::raise_error(array( self::raise_error(array(
'code' => 620, 'type' => 'php', 'code' => 620,
'file' => __FILE__, 'line' => __LINE__, 'file' => __FILE__,
'line' => __LINE__,
'message' => "Failed to create a user record. Maybe aborted by a plugin?" 'message' => "Failed to create a user record. Maybe aborted by a plugin?"
), true, false); ),
true, false);
} }
} }
else { else {
self::raise_error(array( self::raise_error(array(
'code' => 621, 'type' => 'php', 'code' => 621,
'file' => __FILE__, 'line' => __LINE__, 'file' => __FILE__,
'line' => __LINE__,
'message' => "Access denied for new user $username. 'auto_create_user' is disabled" 'message' => "Access denied for new user $username. 'auto_create_user' is disabled"
), true, false); ),
true, false);
} }
// login succeeded // login succeeded
@ -628,8 +651,9 @@ class rcmail extends rcube
$_SESSION['password'] = $this->encrypt($pass); $_SESSION['password'] = $this->encrypt($pass);
$_SESSION['login_time'] = time(); $_SESSION['login_time'] = time();
if (isset($_REQUEST['_timezone']) && $_REQUEST['_timezone'] != '_default_') if (isset($_REQUEST['_timezone']) && $_REQUEST['_timezone'] != '_default_') {
$_SESSION['timezone'] = rcube_utils::get_input_value('_timezone', rcube_utils::INPUT_GPC); $_SESSION['timezone'] = rcube_utils::get_input_value('_timezone', rcube_utils::INPUT_GPC);
}
// force reloading complete list of subscribed mailboxes // force reloading complete list of subscribed mailboxes
$storage->clear_cache('mailboxes', true); $storage->clear_cache('mailboxes', true);
@ -640,7 +664,6 @@ class rcmail extends rcube
return false; return false;
} }
/** /**
* Returns error code of last login operation * Returns error code of last login operation
* *
@ -657,7 +680,6 @@ class rcmail extends rcube
} }
} }
/** /**
* Auto-select IMAP host based on the posted login information * Auto-select IMAP host based on the posted login information
* *
@ -701,13 +723,13 @@ class rcmail extends rcube
else if (empty($default_host)) { else if (empty($default_host)) {
$host = rcube_utils::get_input_value('_host', rcube_utils::INPUT_POST); $host = rcube_utils::get_input_value('_host', rcube_utils::INPUT_POST);
} }
else else {
$host = rcube_utils::parse_host($default_host); $host = rcube_utils::parse_host($default_host);
}
return $host; return $host;
} }
/** /**
* Destroy session data and remove cookie * Destroy session data and remove cookie
*/ */
@ -720,7 +742,6 @@ class rcmail extends rcube
$this->user->reset(); $this->user->reset();
} }
/** /**
* Do server side actions on logout * Do server side actions on logout
*/ */
@ -743,7 +764,6 @@ class rcmail extends rcube
} }
} }
/** /**
* Generate a unique token to be used in a form request * Generate a unique token to be used in a form request
* *
@ -752,7 +772,10 @@ class rcmail extends rcube
public function get_request_token() public function get_request_token()
{ {
$sess_id = $_COOKIE[ini_get('session.name')]; $sess_id = $_COOKIE[ini_get('session.name')];
if (!$sess_id) $sess_id = session_id();
if (!$sess_id) {
$sess_id = session_id();
}
$plugin = $this->plugins->exec_hook('request_token', array( $plugin = $this->plugins->exec_hook('request_token', array(
'value' => md5('RT' . $this->get_user_id() . $this->config->get('des_key') . $sess_id))); 'value' => md5('RT' . $this->get_user_id() . $this->config->get('des_key') . $sess_id)));
@ -760,21 +783,21 @@ class rcmail extends rcube
return $plugin['value']; return $plugin['value'];
} }
/** /**
* Check if the current request contains a valid token * Check if the current request contains a valid token
* *
* @param int Request method * @param int Request method
*
* @return boolean True if request token is valid false if not * @return boolean True if request token is valid false if not
*/ */
public function check_request($mode = rcube_utils::INPUT_POST) public function check_request($mode = rcube_utils::INPUT_POST)
{ {
$token = rcube_utils::get_input_value('_token', $mode); $token = rcube_utils::get_input_value('_token', $mode);
$sess_id = $_COOKIE[ini_get('session.name')]; $sess_id = $_COOKIE[ini_get('session.name')];
return !empty($sess_id) && $token == $this->get_request_token(); return !empty($sess_id) && $token == $this->get_request_token();
} }
/** /**
* Build a valid URL to this instance of Roundcube * Build a valid URL to this instance of Roundcube
* *
@ -785,8 +808,9 @@ class rcmail extends rcube
public function url($p) public function url($p)
{ {
if (!is_array($p)) { if (!is_array($p)) {
if (strpos($p, 'http') === 0) if (strpos($p, 'http') === 0) {
return $p; return $p;
}
$p = array('_action' => @func_get_arg(0)); $p = array('_action' => @func_get_arg(0));
} }
@ -797,6 +821,7 @@ class rcmail extends rcube
$url = './' . $this->filename; $url = './' . $this->filename;
$delm = '?'; $delm = '?';
foreach (array_reverse($p) as $key => $val) { foreach (array_reverse($p) as $key => $val) {
if ($val !== '' && $val !== null) { if ($val !== '' && $val !== null) {
$par = $key[0] == '_' ? $key : '_'.$key; $par = $key[0] == '_' ? $key : '_'.$key;
@ -804,10 +829,10 @@ class rcmail extends rcube
$delm = '&'; $delm = '&';
} }
} }
return $url; return $url;
} }
/** /**
* Function to be executed in script shutdown * Function to be executed in script shutdown
*/ */
@ -828,6 +853,7 @@ class rcmail extends rcube
$mem .= '/'.$this->show_bytes(memory_get_peak_usage()); $mem .= '/'.$this->show_bytes(memory_get_peak_usage());
$log = $this->task . ($this->action ? '/'.$this->action : '') . ($mem ? " [$mem]" : ''); $log = $this->task . ($this->action ? '/'.$this->action : '') . ($mem ? " [$mem]" : '');
if (defined('RCMAIL_START')) if (defined('RCMAIL_START'))
self::print_timer(RCMAIL_START, $log); self::print_timer(RCMAIL_START, $log);
else else
@ -835,7 +861,6 @@ class rcmail extends rcube
} }
} }
/** /**
* Registers action aliases for current task * Registers action aliases for current task
* *
@ -850,7 +875,6 @@ class rcmail extends rcube
} }
} }
/** /**
* Returns current action filename * Returns current action filename
* *
@ -865,7 +889,6 @@ class rcmail extends rcube
return strtr($this->action, '-', '_') . '.inc'; return strtr($this->action, '-', '_') . '.inc';
} }
/** /**
* Fixes some user preferences according to namespace handling change. * Fixes some user preferences according to namespace handling change.
* Old Roundcube versions were using folder names with removed namespace prefix. * Old Roundcube versions were using folder names with removed namespace prefix.
@ -926,6 +949,7 @@ class rcmail extends rcube
} }
$folders[$idx] = $value; $folders[$idx] = $value;
} }
$prefs['search_mods'] = $folders; $prefs['search_mods'] = $folders;
} }
@ -937,6 +961,7 @@ class rcmail extends rcube
} }
$folders[$prefix.$idx] = $value; $folders[$prefix.$idx] = $value;
} }
$prefs['message_threading'] = $folders; $prefs['message_threading'] = $folders;
} }
@ -956,6 +981,7 @@ class rcmail extends rcube
} }
$folders_str .= '&'.$value.'&'; $folders_str .= '&'.$value.'&';
} }
$prefs['collapsed_folders'] = $folders_str; $prefs['collapsed_folders'] = $folders_str;
} }
@ -966,7 +992,6 @@ class rcmail extends rcube
$this->set_storage_prop(); $this->set_storage_prop();
} }
/** /**
* Overwrite action variable * Overwrite action variable
* *
@ -978,7 +1003,6 @@ class rcmail extends rcube
$this->output->set_env('action', $action); $this->output->set_env('action', $action);
} }
/** /**
* Set environment variables for specified config options * Set environment variables for specified config options
*/ */
@ -991,7 +1015,6 @@ class rcmail extends rcube
} }
} }
/** /**
* Returns RFC2822 formatted current date in user's timezone * Returns RFC2822 formatted current date in user's timezone
* *
@ -1011,7 +1034,6 @@ class rcmail extends rcube
return $date->format('r'); return $date->format('r');
} }
/** /**
* Write login data (name, ID, IP address) to the 'userlogins' log file. * Write login data (name, ID, IP address) to the 'userlogins' log file.
*/ */
@ -1043,7 +1065,6 @@ class rcmail extends rcube
self::write_log('userlogins', $message); self::write_log('userlogins', $message);
} }
/** /**
* Create a HTML table based on the given data * Create a HTML table based on the given data
* *
@ -1093,7 +1114,6 @@ class rcmail extends rcube
return $table->show($attrib); return $table->show($attrib);
} }
/** /**
* Convert the given date to a human readable form * Convert the given date to a human readable form
* This uses the date formatting properties from config * This uses the date formatting properties from config
@ -1223,7 +1243,6 @@ class rcmail extends rcube
return $out; return $out;
} }
/** /**
* Return folders list in HTML * Return folders list in HTML
* *
@ -1316,7 +1335,6 @@ class rcmail extends rcube
return $out; return $out;
} }
/** /**
* Return folders list as html_select object * Return folders list as html_select object
* *
@ -1360,7 +1378,6 @@ class rcmail extends rcube
return $select; return $select;
} }
/** /**
* Create a hierarchical array of the mailbox list * Create a hierarchical array of the mailbox list
*/ */
@ -1418,7 +1435,6 @@ class rcmail extends rcube
} }
} }
/** /**
* Return html for a structured list &lt;ul&gt; for the mailbox tree * Return html for a structured list &lt;ul&gt; for the mailbox tree
*/ */
@ -1513,7 +1529,6 @@ class rcmail extends rcube
return $out; return $out;
} }
/** /**
* Return html for a flat list <select> for the mailbox tree * Return html for a flat list <select> for the mailbox tree
*/ */
@ -1558,7 +1573,6 @@ class rcmail extends rcube
return $out; return $out;
} }
/** /**
* Return internal name for the given folder if it matches the configured special folders * Return internal name for the given folder if it matches the configured special folders
*/ */
@ -1577,7 +1591,6 @@ class rcmail extends rcube
} }
} }
/** /**
* Try to localize the given IMAP folder name. * Try to localize the given IMAP folder name.
* UTF-7 decode it in case no localized text was found * UTF-7 decode it in case no localized text was found
@ -1695,7 +1708,6 @@ class rcmail extends rcube
return $quota_result; return $quota_result;
} }
/** /**
* Outputs error message according to server error/response codes * Outputs error message according to server error/response codes
* *
@ -1749,7 +1761,6 @@ class rcmail extends rcube
} }
} }
/** /**
* Output HTML editor scripts * Output HTML editor scripts
* *
@ -1790,7 +1801,6 @@ class rcmail extends rcube
$this->output->add_script("rcmail_editor_init($script)", 'docready'); $this->output->add_script("rcmail_editor_init($script)", 'docready');
} }
/** /**
* Replaces TinyMCE's emoticon images with plain-text representation * Replaces TinyMCE's emoticon images with plain-text representation
* *
@ -1828,7 +1838,6 @@ class rcmail extends rcube
return preg_replace($search, $replace, $html); return preg_replace($search, $replace, $html);
} }
/** /**
* File upload progress handler. * File upload progress handler.
*/ */
@ -1860,7 +1869,6 @@ class rcmail extends rcube
$this->output->send(); $this->output->send();
} }
/** /**
* Initializes file uploading interface. * Initializes file uploading interface.
*/ */
@ -1878,6 +1886,7 @@ class rcmail extends rcube
// find max filesize value // find max filesize value
$max_filesize = parse_bytes(ini_get('upload_max_filesize')); $max_filesize = parse_bytes(ini_get('upload_max_filesize'));
$max_postsize = parse_bytes(ini_get('post_max_size')); $max_postsize = parse_bytes(ini_get('post_max_size'));
if ($max_postsize && $max_postsize < $max_filesize) { if ($max_postsize && $max_postsize < $max_filesize) {
$max_filesize = $max_postsize; $max_filesize = $max_postsize;
} }
@ -1890,7 +1899,6 @@ class rcmail extends rcube
return $max_filesize; return $max_filesize;
} }
/** /**
* Initializes client-side autocompletion. * Initializes client-side autocompletion.
*/ */
@ -1917,7 +1925,6 @@ class rcmail extends rcube
$this->output->add_label('autocompletechars', 'autocompletemore'); $this->output->add_label('autocompletechars', 'autocompletemore');
} }
/** /**
* Returns supported font-family specifications * Returns supported font-family specifications
* *
@ -1950,7 +1957,6 @@ class rcmail extends rcube
return $fonts; return $fonts;
} }
/** /**
* Create a human readable string for a number of bytes * Create a human readable string for a number of bytes
* *
@ -1978,7 +1984,6 @@ class rcmail extends rcube
return $str; return $str;
} }
/** /**
* Returns real size (calculated) of the message part * Returns real size (calculated) of the message part
* *

3
program/include/rcmail_html_page.php
Unescape Escape View File

@ -38,7 +38,8 @@ class rcmail_html_page extends rcmail_output_html
} }
else { // set default styles for warning blocks inside the attachment part frame else { // set default styles for warning blocks inside the attachment part frame
$this->add_header(html::tag('style', array('type' => 'text/css'), $this->add_header(html::tag('style', array('type' => 'text/css'),
".rcmail-inline-message { font-family: sans-serif; border:2px solid #ffdf0e; background:#fef893; padding:0.6em 1em; margin-bottom:0.6em }\n" . ".rcmail-inline-message { font-family: sans-serif; border:2px solid #ffdf0e;"
. "background:#fef893; padding:0.6em 1em; margin-bottom:0.6em }\n" .
".rcmail-inline-buttons { margin-bottom:0 }" ".rcmail-inline-buttons { margin-bottom:0 }"
)); ));
} }

3
program/include/rcmail_output_html.php
Unescape Escape View File

@ -5,7 +5,7 @@
| program/include/rcmail_output_html.php | | program/include/rcmail_output_html.php |
| | | |
| This file is part of the Roundcube Webmail client | | This file is part of the Roundcube Webmail client |
| Copyright (C) 2006-2012, The Roundcube Dev Team | | Copyright (C) 2006-2013, The Roundcube Dev Team |
| | | |
| Licensed under the GNU General Public License version 3 or | | Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. | | any later version with exceptions for skins & plugins. |
@ -119,6 +119,7 @@ class rcmail_output_html extends rcmail_output
public function set_env($name, $value, $addtojs = true) public function set_env($name, $value, $addtojs = true)
{ {
$this->env[$name] = $value; $this->env[$name] = $value;
if ($addtojs || isset($this->js_env[$name])) { if ($addtojs || isset($this->js_env[$name])) {
$this->js_env[$name] = $value; $this->js_env[$name] = $value;
} }

7
program/include/rcmail_string_replacer.php
Unescape Escape View File

@ -5,7 +5,7 @@
| program/include/rcmail_string_replacer.php | | program/include/rcmail_string_replacer.php |
| | | |
| This file is part of the Roundcube Webmail client | | This file is part of the Roundcube Webmail client |
| Copyright (C) 2012, The Roundcube Dev Team | | Copyright (C) 2012-2013, The Roundcube Dev Team |
| | | |
| Licensed under the GNU General Public License version 3 or | | Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. | | any later version with exceptions for skins & plugins. |
@ -19,7 +19,6 @@
+-----------------------------------------------------------------------+ +-----------------------------------------------------------------------+
*/ */
/** /**
* Helper class for turning URLs and email addresses in plaintext content * Helper class for turning URLs and email addresses in plaintext content
* into clickable links. * into clickable links.
@ -46,9 +45,9 @@ class rcmail_string_replacer extends rcube_string_replacer
$i = $this->add(html::a(array( $i = $this->add(html::a(array(
'href' => 'mailto:' . $href, 'href' => 'mailto:' . $href,
'onclick' => "return ".rcmail_output::JS_OBJECT_NAME.".command('compose','".rcube::JQ($href)."',this)", 'onclick' => "return ".rcmail_output::JS_OBJECT_NAME.".command('compose','".rcube::JQ($href)."',this)",
), rcube::Q($href)) . $suffix); ),
rcube::Q($href)) . $suffix);
return $i >= 0 ? $this->get_replacement($i) : ''; return $i >= 0 ? $this->get_replacement($i) : '';
} }
} }

7
program/lib/Roundcube/rcube.php
Unescape Escape View File

@ -1152,7 +1152,6 @@ class rcube
// handle PHP exceptions // handle PHP exceptions
if (is_object($arg) && is_a($arg, 'Exception')) { if (is_object($arg) && is_a($arg, 'Exception')) {
$arg = array( $arg = array(
'type' => 'php',
'code' => $arg->getCode(), 'code' => $arg->getCode(),
'line' => $arg->getLine(), 'line' => $arg->getLine(),
'file' => $arg->getFile(), 'file' => $arg->getFile(),
@ -1160,7 +1159,7 @@ class rcube
); );
} }
else if (is_string($arg)) { else if (is_string($arg)) {
$arg = array('message' => $arg, 'type' => 'php'); $arg = array('message' => $arg);
} }
if (empty($arg['code'])) { if (empty($arg['code'])) {
@ -1176,7 +1175,7 @@ class rcube
$cli = php_sapi_name() == 'cli'; $cli = php_sapi_name() == 'cli';
if (($log || $terminate) && !$cli && $arg['type'] && $arg['message']) { if (($log || $terminate) && !$cli && $arg['message']) {
$arg['fatal'] = $terminate; $arg['fatal'] = $terminate;
self::log_bug($arg); self::log_bug($arg);
} }
@ -1204,7 +1203,7 @@ class rcube
*/ */
public static function log_bug($arg_arr) public static function log_bug($arg_arr)
{ {
$program = strtoupper($arg_arr['type']); $program = strtoupper(!empty($arg_arr['type']) ? $arg_arr['type'] : 'php');
$level = self::get_instance()->config->get('debug_level'); $level = self::get_instance()->config->get('debug_level');
// disable errors for ajax requests, write to log instead (#1487831) // disable errors for ajax requests, write to log instead (#1487831)

Write Preview
Loading…
Cancel
Save