Fix bug where new_user_dialog email check could have been circumvented by deleting / abandoning session (#5929)

pull/6256/head
Aleksander Machniak 7 years ago
parent 2faf7185db
commit f9a5d03e5a

@ -69,6 +69,7 @@ CHANGELOG Roundcube Webmail
- Handle inline images also inside multipart/mixed messages (#5905) - Handle inline images also inside multipart/mixed messages (#5905)
- Allow style tags in HTML editor on composed/reply messages (#5751) - Allow style tags in HTML editor on composed/reply messages (#5751)
- Use Github API as a fallback to fetch js dependencies to workaround throttling issues (#6248) - Use Github API as a fallback to fetch js dependencies to workaround throttling issues (#6248)
- Fix bug where new_user_dialog email check could have been circumvented by deleting / abandoning session (#5929)
- Fix skin extending for assets (#5115) - Fix skin extending for assets (#5115)
- Fix handling of forwarded messages inside of a TNEF message (#5632) - Fix handling of forwarded messages inside of a TNEF message (#5632)
- Fix bug where attachment size wasn't visible when the filename was too long (#6033) - Fix bug where attachment size wasn't visible when the filename was too long (#6033)

@ -3,7 +3,7 @@
"type": "roundcube-plugin", "type": "roundcube-plugin",
"description": "When a new user is created, this plugin checks the default identity and sets a session flag in case it is incomplete. An overlay box will appear on the screen until the user has reviewed/completed his identity.", "description": "When a new user is created, this plugin checks the default identity and sets a session flag in case it is incomplete. An overlay box will appear on the screen until the user has reviewed/completed his identity.",
"license": "GPLv3+", "license": "GPLv3+",
"version": "2.3", "version": "2.4",
"authors": [ "authors": [
{ {
"name": "Thomas Bruederli", "name": "Thomas Bruederli",

@ -20,12 +20,8 @@ class new_user_dialog extends rcube_plugin
function init() function init()
{ {
$this->add_hook('identity_create', array($this, 'create_identity')); $this->add_hook('identity_create', array($this, 'create_identity'));
$this->add_hook('render_page', array($this, 'render_page'));
$this->register_action('plugin.newusersave', array($this, 'save_data')); $this->register_action('plugin.newusersave', array($this, 'save_data'));
// register additional hooks if session flag is set
if ($_SESSION['plugin.newuserdialog']) {
$this->add_hook('render_page', array($this, 'render_page'));
}
} }
/** /**
@ -35,7 +31,8 @@ class new_user_dialog extends rcube_plugin
{ {
// set session flag when a new user was created and the default identity seems to be incomplete // set session flag when a new user was created and the default identity seems to be incomplete
if ($p['login'] && !$p['complete']) { if ($p['login'] && !$p['complete']) {
$_SESSION['plugin.newuserdialog'] = true; $rcmail = rcmail::get_instance();
$rcmail->user->save_prefs(array('newuserdialog' => true));
} }
} }
@ -45,10 +42,10 @@ class new_user_dialog extends rcube_plugin
*/ */
function render_page($p) function render_page($p)
{ {
if ($_SESSION['plugin.newuserdialog']) { $rcmail = rcmail::get_instance();
if ($p['template'] != 'login' && $rcmail->config->get('newuserdialog')) {
$this->add_texts('localization'); $this->add_texts('localization');
$rcmail = rcmail::get_instance();
$identity = $rcmail->user->get_identity(); $identity = $rcmail->user->get_identity();
$identities_level = intval($rcmail->config->get('identities_level', 0)); $identities_level = intval($rcmail->config->get('identities_level', 0));
@ -172,7 +169,7 @@ rcube_webmail.prototype.new_user_dialog_close = function() { newuserdialog.dialo
else { else {
// save data // save data
$rcmail->user->update_identity($identity['identity_id'], $save_data); $rcmail->user->update_identity($identity['identity_id'], $save_data);
$rcmail->session->remove('plugin.newuserdialog'); $rcmail->user->save_prefs(array('newuserdialog' => null));
// hide dialog // hide dialog
$rcmail->output->command('new_user_dialog_close'); $rcmail->output->command('new_user_dialog_close');
$rcmail->output->show_message('successfullysaved', 'confirmation'); $rcmail->output->show_message('successfullysaved', 'confirmation');

Loading…
Cancel
Save