- Option 'force_https' replaced by 'force_https' plugin

- added option 'force_https_port' in 'force_https' plugin (#1486091)
release-0.6
alecpl 15 years ago
parent f281242fa4
commit 65c0a0e591

@ -1,6 +1,8 @@
CHANGELOG RoundCube Webmail
===========================
- added option 'force_https_port' in 'force_https' plugin (#1486091)
- Option 'force_https' replaced by 'force_https' plugin
- Fix IE issue with non-UTF-8 characters in AJAX response (#1486159)
- Partially fixed "empty body" issue by showing raw body of malformed message (#1486166)
- Fix importing/sending to email address with whitespace (#1486214)

@ -49,10 +49,6 @@ $rcmail_config['enable_caching'] = FALSE;
// possible units: s, m, h, d, w
$rcmail_config['message_cache_lifetime'] = '10d';
// enforce connections over https
// with this option enabled, all non-secure connections will be redirected
$rcmail_config['force_https'] = FALSE;
// automatically create a new RoundCube user when log-in the first time.
// a new user will be created once the IMAP login succeeds.
// set to false if only registered users can use this service

@ -63,19 +63,11 @@ if ($RCMAIL->action=='error' && !empty($_GET['_code'])) {
raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
}
// check if https is required (for login) and redirect if necessary
if ($RCMAIL->config->get('force_https', false) && empty($_SESSION['user_id'])
&& !(isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == 443 || $RCMAIL->config->get('use_https'))) {
header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
// trigger startup plugin hook
$startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));
$RCMAIL->set_task($startup['task']);
$RCMAIL->action = $startup['action'];
// try to log in
if ($RCMAIL->action=='login' && $RCMAIL->task=='mail') {
// purge the session in case of new login when a session already exists
@ -161,7 +153,6 @@ else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAI
$OUTPUT->send($RCMAIL->task);
}
// not logged in -> show login page
if (empty($RCMAIL->user->ID)) {

@ -0,0 +1,38 @@
<?php
/**
* Enforce secure HTTPs connection for login
*
* Configuration:
* // Port for https connection
* $rcmail_config['force_https_port'] = 443;
*
* @version 1.0
* @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl>
*/
class force_https extends rcube_plugin
{
function init()
{
$this->add_hook('startup', array($this, 'redirect'));
}
function redirect($args)
{
$config = rcmail::get_instance()->config;
$port = (int) $config->get('force_https_port', 443);
// check if https is required (for login) and redirect if necessary
if (empty($_SESSION['user_id']) && !$config->get('use_https')
&& (!isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] != $port))
{
header('Location: https://' . $_SERVER['HTTP_HOST'] . ($port != 443 ? ":$port" : '') . $_SERVER['REQUEST_URI']);
exit;
}
return $args;
}
}
?>
Loading…
Cancel
Save