Localize common error messages; improve explanation for CSRF check failures

9 years ago · c7a88ff0c2
parent 91d3545193
commit c7a88ff0c2
3 changed files with 38 additions and 19 deletions
--- a/program/include/rcmail_output_html.php
+++ b/program/include/rcmail_output_html.php
@ -584,7 +584,7 @@ EOF;
        // read template file
        if (!$path || ($templ = @file_get_contents($path)) === false) {
            rcube::raise_error(array(
-                'code' => 501,
+                'code' => 404,
                'type' => 'php',
                'line' => __LINE__,
                'file' => __FILE__,
--- a/program/localization/en_US/messages.inc
+++ b/program/localization/en_US/messages.inc
@ -180,5 +180,14 @@ $messages['messagetoobig'] = 'The message part is too big to process it.';
 $messages['attachmentvalidationerror'] = 'WARNING! This attachment is suspicious because its type doesn\'t match the type declared in the message. If you do not trust the sender, you shouldn\'t open it in the browser because it may contain malicious contents.<br/><br/><em>Expected: $expected; found: $detected</em>';
 $messages['noscriptwarning'] = 'Warning: This webmail service requires Javascript! In order to use it please enable Javascript in your browser\'s settings.';
 $messages['messageissent'] = 'The message was already sent, but not saved yet. Do you want to save it now?';
+$messages['errnotfound'] = 'File Not Found';
+$messages['errnotfoundexplain'] = 'The requested resource was not found!';
+$messages['errfailedrequest'] = 'Failed request';
+$messages['errauthorizationfailed'] = 'Authorization Failed';
+$messages['errunauthorizedexplain'] = 'Could not verify that you are authorized to access this service!';
+$messages['errrequestcheckfailed'] = 'Request Check Failed';
+$messages['errcsrfprotectionexplain'] = "For your protection, access to this resource is secured against CSRF.\nYou probably didn't log out before leaving the web application.\n\nHuman interaction is now required to continue.";
+$messages['errcontactserveradmin'] = 'Please contact your server-administrator.';
+$messages['clicktoresumesession'] = 'Click here to resume your previous session';

 ?>
--- a/program/steps/utils/error.inc
+++ b/program/steps/utils/error.inc
@ -5,7 +5,7 @@
 | program/steps/utils/error.inc                                         |
 |                                                                       |
 | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2005-2013, The Roundcube Dev Team                       |
+ | Copyright (C) 2005-2015, The Roundcube Dev Team                       |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
@ -43,37 +43,33 @@ EOF;

 // authorization error
 else if ($ERROR_CODE == 401) {
-    $__error_title = "AUTHORIZATION FAILED";
-    $__error_text  = "Could not verify that you are authorized to access this service!<br />\n"
-        . "Please contact your server-administrator.";
+    $__error_title = strtoupper($rcmail->gettext('errauthorizationfailed'));
+    $__error_text  = nl2br($rcmail->gettext('errunauthorizedexplain') . "\n" .
+                        $rcmail->gettext('errcontactserveradmin'));
 }

 // forbidden due to request check
 else if ($ERROR_CODE == 403) {
    if ($_SERVER['REQUEST_METHOD'] == 'GET' && $rcmail->request_status == rcube::REQUEST_ERROR_URL) {
-        parse_str($_SERVER['QUERY_STRING'], $url);
-        $url = $rcmail->url($url, true, false, true);
-        $add = "<br /><a href=\"$url\">Click here to try again.<a/>";
+        $url = $rcmail->url($_GET, true, false, true);
+        $add = html::a($url, $rcmail->gettext('clicktoresumesession'));
    }
    else {
-        $add = "Please contact your server-administrator.";
+        $add = $rcmail->gettext('errcontactserveradmin');
    }

-    $__error_title = "REQUEST CHECK FAILED";
-    $__error_text  = "Access to this service was denied due to failing security checks!<br />\n$add";
+    $__error_title = strtoupper($rcmail->gettext('errrequestcheckfailed'));
+    $__error_text  = nl2br($rcmail->gettext('errcsrfprotectionexplain')) . '<p>' . $add . '</p>';
 }

 // failed request (wrong step in URL)
 else if ($ERROR_CODE == 404) {
    $request_url   = htmlentities($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
-    $__error_title = "REQUEST FAILED/FILE NOT FOUND";
-    $__error_text  = <<<EOF
-The requested page was not found!<br />
-Please contact your server-administrator.
+    $__error_title = strtoupper($rcmail->gettext('errnotfound'));
+    $__error_text  = nl2br($rcmail->gettext('errnotfoundexplain') . "\n" .
+                        $rcmail->gettext('errcontactserveradmin'));

-<p><i>Failed request:</i><br />
-http://$request_url</p>
-EOF;
+    $__error_text .= '<p><i>' . $rcmail->gettext('errfailedrequest') . ":</i><br />\n<tt>//$request_url</tt></p>";
 }

 // database connection error
@ -101,6 +97,20 @@ else {
    }
 }

+// inform plugins
+if ($rcmail && $rcmail->plugins) {
+    $plugin = $rcmail->plugins->exec_hook('error_page', array(
+        'code' => $ERROR_CODE,
+        'title' => $__error_title,
+        'text' => $__error_text,
+    ));
+
+    if (!empty($plugin['title']))
+        $__error_title = $plugin['title'];
+    if (!empty($plugin['text']))
+        $__error_text = $plugin['text'];
+}
+
 $HTTP_ERR_CODE = $ERROR_CODE && $ERROR_CODE < 600 ? $ERROR_CODE : 500;

 // Ajax request
@ -113,7 +123,7 @@ if ($rcmail->output && $rcmail->output->type == 'js') {
 $__page_content = <<<EOF
 <div>
 <h3 class="error-title">$__error_title</h3>
-<p class="error-text">$__error_text</p>
+<div class="error-text">$__error_text</div>
 </div>
 EOF;