Mirror
/
RoundcubeMail
mirror of https://github.com/roundcube/roundcubemail.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

CS fixes

pull/160/head
Aleksander Machniak 12 years ago
parent
d575e46067
commit
0301d9347f
8 changed files with 1064 additions and 1047 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 379
      index.php
  2. 2
      program/include/clisetup.php
  3. 1
      program/include/iniset.php
  4. 1689
      program/include/rcmail.php
  5. 5
      program/include/rcmail_html_page.php
  6. 7
      program/include/rcmail_output_html.php
  7. 21
      program/include/rcmail_string_replacer.php
  8. 7
      program/lib/Roundcube/rcube.php

379
index.php
View File

@ -32,6 +32,7 @@
| |
+-------------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
| Author: Aleksander Machniak <alec@alec.pl> |
+-------------------------------------------------------------------------+
*/
@ -49,34 +50,36 @@ ob_start();
// check if config files had errors
if ($err_str = $RCMAIL->config->get_error()) {
rcmail::raise_error(array(
'code' => 601,
'type' => 'php',
'message' => $err_str), false, true);
rcmail::raise_error(array(
'code' => 601,
'type' => 'php',
'message' => $err_str), false, true);
}
// check DB connections and exit on failure
if ($err_str = $RCMAIL->db->is_error()) {
rcmail::raise_error(array(
'code' => 603,
'type' => 'db',
'message' => $err_str), FALSE, TRUE);
rcmail::raise_error(array(
'code' => 603,
'type' => 'db',
'message' => $err_str), FALSE, TRUE);
}
// error steps
if ($RCMAIL->action == 'error' && !empty($_GET['_code'])) {
rcmail::raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
rcmail::raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
}
// check if https is required (for login) and redirect if necessary
if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
$https_port = is_bool($force_https) ? 443 : $force_https;
if (!rcube_utils::https_check($https_port)) {
$host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
$host .= ($https_port != 443 ? ':' . $https_port : '');
header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
exit;
}
$https_port = is_bool($force_https) ? 443 : $force_https;
if (!rcube_utils::https_check($https_port)) {
$host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
$host .= ($https_port != 443 ? ':' . $https_port : '');
header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
exit;
}
}
// trigger startup plugin hook
@ -86,165 +89,176 @@ $RCMAIL->action = $startup['action'];
// try to log in
if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
$request_valid = $_SESSION['temp'] && $RCMAIL->check_request(rcube_utils::INPUT_POST, 'login');
// purge the session in case of new login when a session already exists
$RCMAIL->kill_session();
$auth = $RCMAIL->plugins->exec_hook('authenticate', array(
'host' => $RCMAIL->autoselect_host(),
'user' => trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)),
'pass' => rcube_utils::get_input_value('_pass', rcube_utils::INPUT_POST, true,
$RCMAIL->config->get('password_charset', 'ISO-8859-1')),
'cookiecheck' => true,
'valid' => $request_valid,
));
// Login
if ($auth['valid'] && !$auth['abort'] &&
$RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck'])
) {
// create new session ID, don't destroy the current session
// it was destroyed already by $RCMAIL->kill_session() above
$RCMAIL->session->remove('temp');
$RCMAIL->session->regenerate_id(false);
// send auth cookie if necessary
$RCMAIL->session->set_auth_cookie();
// log successful login
$RCMAIL->log_login();
// restore original request parameters
$query = array();
if ($url = rcube_utils::get_input_value('_url', rcube_utils::INPUT_POST)) {
parse_str($url, $query);
// prevent endless looping on login page
if ($query['_task'] == 'login')
unset($query['_task']);
// prevent redirect to compose with specified ID (#1488226)
if ($query['_action'] == 'compose' && !empty($query['_id']))
$query = array();
}
$request_valid = $_SESSION['temp'] && $RCMAIL->check_request(rcube_utils::INPUT_POST, 'login');
// allow plugins to control the redirect url after login success
$redir = $RCMAIL->plugins->exec_hook('login_after', $query + array('_task' => 'mail'));
unset($redir['abort'], $redir['_err']);
// purge the session in case of new login when a session already exists
$RCMAIL->kill_session();
// send redirect
$OUTPUT->redirect($redir);
}
else {
if (!$auth['valid']) {
$error_code = RCMAIL::ERROR_INVALID_REQUEST;
$auth = $RCMAIL->plugins->exec_hook('authenticate', array(
'host' => $RCMAIL->autoselect_host(),
'user' => trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)),
'pass' => rcube_utils::get_input_value('_pass', rcube_utils::INPUT_POST, true,
$RCMAIL->config->get('password_charset', 'ISO-8859-1')),
'cookiecheck' => true,
'valid' => $request_valid,
));
// Login
if ($auth['valid'] && !$auth['abort']
&& $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck'])
) {
// create new session ID, don't destroy the current session
// it was destroyed already by $RCMAIL->kill_session() above
$RCMAIL->session->remove('temp');
$RCMAIL->session->regenerate_id(false);
// send auth cookie if necessary
$RCMAIL->session->set_auth_cookie();
// log successful login
$RCMAIL->log_login();
// restore original request parameters
$query = array();
if ($url = rcube_utils::get_input_value('_url', rcube_utils::INPUT_POST)) {
parse_str($url, $query);
// prevent endless looping on login page
if ($query['_task'] == 'login') {
unset($query['_task']);
}
// prevent redirect to compose with specified ID (#1488226)
if ($query['_action'] == 'compose' && !empty($query['_id'])) {
$query = array();
}
}
// allow plugins to control the redirect url after login success
$redir = $RCMAIL->plugins->exec_hook('login_after', $query + array('_task' => 'mail'));
unset($redir['abort'], $redir['_err']);
// send redirect
$OUTPUT->redirect($redir);
}
else {
$error_code = $auth['error'] ? $auth['error'] : $RCMAIL->login_error();
}
if (!$auth['valid']) {
$error_code = RCMAIL::ERROR_INVALID_REQUEST;
}
else {
$error_code = $auth['error'] ? $auth['error'] : $RCMAIL->login_error();
}
$error_labels = array(
RCMAIL::ERROR_STORAGE => 'storageerror',
RCMAIL::ERROR_COOKIES_DISABLED => 'cookiesdisabled',
RCMAIL::ERROR_INVALID_REQUEST => 'invalidrequest',
RCMAIL::ERROR_INVALID_HOST => 'invalidhost',
);
$error_labels = array(
RCMAIL::ERROR_STORAGE => 'storageerror',
RCMAIL::ERROR_COOKIES_DISABLED => 'cookiesdisabled',
RCMAIL::ERROR_INVALID_REQUEST => 'invalidrequest',
RCMAIL::ERROR_INVALID_HOST => 'invalidhost',
);
$error_message = $error_labels[$error_code] ? $error_labels[$error_code] : 'loginfailed';
$error_message = $error_labels[$error_code] ? $error_labels[$error_code] : 'loginfailed';
// log failed login
$RCMAIL->log_login($auth['user'], true, $error_code);
$OUTPUT->show_message($error_message, 'warning');
$OUTPUT->show_message($error_message, 'warning');
$RCMAIL->plugins->exec_hook('login_failed', array(
'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user']));
$RCMAIL->kill_session();
}
// log failed login
$RCMAIL->log_login($auth['user'], true, $error_code);
$RCMAIL->plugins->exec_hook('login_failed', array(
'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user']));
$RCMAIL->kill_session();
}
}
// end session (after optional referer check)
else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id']) && (!$RCMAIL->config->get('referer_check') || rcube_utils::check_referer())) {
$userdata = array(
'user' => $_SESSION['username'],
'host' => $_SESSION['storage_host'],
'lang' => $RCMAIL->user->language,
);
$OUTPUT->show_message('loggedout');
$RCMAIL->logout_actions();
$RCMAIL->kill_session();
$RCMAIL->plugins->exec_hook('logout_after', $userdata);
else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])
&& (!$RCMAIL->config->get('referer_check') || rcube_utils::check_referer())
) {
$userdata = array(
'user' => $_SESSION['username'],
'host' => $_SESSION['storage_host'],
'lang' => $RCMAIL->user->language,
);
$OUTPUT->show_message('loggedout');
$RCMAIL->logout_actions();
$RCMAIL->kill_session();
$RCMAIL->plugins->exec_hook('logout_after', $userdata);
}
// check session and auth cookie
else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action != 'send') {
if (!$RCMAIL->session->check_auth()) {
$RCMAIL->kill_session();
$session_error = true;
}
if (!$RCMAIL->session->check_auth()) {
$RCMAIL->kill_session();
$session_error = true;
}
}
// not logged in -> show login page
if (empty($RCMAIL->user->ID)) {
// log session failures
$task = rcube_utils::get_input_value('_task', rcube_utils::INPUT_GPC);
if ($task && !in_array($task, array('login','logout')) && !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])) {
$RCMAIL->session->log("Aborted session " . $sess_id . "; no valid session data found");
$session_error = true;
}
// check if installer is still active
if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
$OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
html::tag('h2', array('style' => "margin-top:0.2em"), "Installer script is still accessible") .
html::p(null, "The install script of your Roundcube installation is still stored in its default location!") .
html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because .
these files may expose sensitive configuration data like server passwords and encryption keys
to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.")
)
);
}
// log session failures
$task = rcube_utils::get_input_value('_task', rcube_utils::INPUT_GPC);
if ($task && !in_array($task, array('login','logout'))
&& !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])
) {
$RCMAIL->session->log("Aborted session $sess_id; no valid session data found");
$session_error = true;
}
// check if installer is still active
if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
$OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
html::tag('h2', array('style' => "margin-top:0.2em"), "Installer script is still accessible") .
html::p(null, "The install script of your Roundcube installation is still stored in its default location!") .
html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because .
these files may expose sensitive configuration data like server passwords and encryption keys
to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.")
));
}
if ($session_error || $_REQUEST['_err'] == 'session') {
$OUTPUT->show_message('sessionerror', 'error', null, true, -1);
}
if ($session_error || $_REQUEST['_err'] == 'session') {
$OUTPUT->show_message('sessionerror', 'error', null, true, -1);
}
if ($OUTPUT->ajax_call || !empty($_REQUEST['_framed'])) {
$OUTPUT->command('session_error', $RCMAIL->url(array('_err' => 'session')));
$OUTPUT->send('iframe');
}
if ($OUTPUT->ajax_call || !empty($_REQUEST['_framed'])) {
$OUTPUT->command('session_error', $RCMAIL->url(array('_err' => 'session')));
$OUTPUT->send('iframe');
}
$plugin = $RCMAIL->plugins->exec_hook('unauthenticated', array('task' => 'login', 'error' => $session_error));
$plugin = $RCMAIL->plugins->exec_hook('unauthenticated', array('task' => 'login', 'error' => $session_error));
$RCMAIL->set_task($plugin['task']);
$RCMAIL->set_task($plugin['task']);
$OUTPUT->send($plugin['task']);
$OUTPUT->send($plugin['task']);
}
// CSRF prevention
else {
// don't check for valid request tokens in these actions
$request_check_whitelist = array('login'=>1, 'spell'=>1, 'spell_html'=>1);
if (!$request_check_whitelist[$RCMAIL->action]) {
// check client X-header to verify request origin
if ($OUTPUT->ajax_call) {
if (rcube_utils::request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
header('HTTP/1.1 403 Forbidden');
die("Invalid Request");
}
}
// check request token in POST form submissions
else if (!empty($_POST) && !$RCMAIL->check_request()) {
$OUTPUT->show_message('invalidrequest', 'error');
$OUTPUT->send($RCMAIL->task);
// don't check for valid request tokens in these actions
$request_check_whitelist = array('login'=>1, 'spell'=>1, 'spell_html'=>1);
if (!$request_check_whitelist[$RCMAIL->action]) {
// check client X-header to verify request origin
if ($OUTPUT->ajax_call) {
if (rcube_utils::request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
header('HTTP/1.1 403 Forbidden');
die("Invalid Request");
}
}
// check request token in POST form submissions
else if (!empty($_POST) && !$RCMAIL->check_request()) {
$OUTPUT->show_message('invalidrequest', 'error');
$OUTPUT->send($RCMAIL->task);
}
// check referer if configured
if ($RCMAIL->config->get('referer_check') && !rcube_utils::check_referer()) {
raise_error(array(
'code' => 403, 'type' => 'php',
'message' => "Referer check failed"), true, true);
}
}
// check referer if configured
if ($RCMAIL->config->get('referer_check') && !rcube_utils::check_referer()) {
raise_error(array(
'code' => 403, 'type' => 'php',
'message' => "Referer check failed"), true, true);
}
}
}
// we're ready, user is authenticated and the request is safe
@ -254,58 +268,57 @@ $RCMAIL->action = $plugin['action'];
// handle special actions
if ($RCMAIL->action == 'keep-alive') {
$OUTPUT->reset();
$RCMAIL->plugins->exec_hook('keep_alive', array());
$OUTPUT->send();
$OUTPUT->reset();
$RCMAIL->plugins->exec_hook('keep_alive', array());
$OUTPUT->send();
}
else if ($RCMAIL->action == 'save-pref') {
include INSTALL_PATH . 'program/steps/utils/save_pref.inc';
include INSTALL_PATH . 'program/steps/utils/save_pref.inc';
}
// include task specific functions
if (is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/func.inc'))
include_once $incfile;
if (is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/func.inc')) {
include_once $incfile;
}
// allow 5 "redirects" to another action
$redirects = 0; $incstep = null;
while ($redirects < 5) {
// execute a plugin action
if ($RCMAIL->plugins->is_plugin_task($RCMAIL->task)) {
if (!$RCMAIL->action) $RCMAIL->action = 'index';
$RCMAIL->plugins->exec_action($RCMAIL->task.'.'.$RCMAIL->action);
break;
}
else if (preg_match('/^plugin\./', $RCMAIL->action)) {
$RCMAIL->plugins->exec_action($RCMAIL->action);
break;
}
// try to include the step file
else if (($stepfile = $RCMAIL->get_action_file())
&& is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/'.$stepfile)
) {
// include action file only once (in case it don't exit)
include_once $incfile;
$redirects++;
}
else {
break;
}
// execute a plugin action
if ($RCMAIL->plugins->is_plugin_task($RCMAIL->task)) {
if (!$RCMAIL->action) $RCMAIL->action = 'index';
$RCMAIL->plugins->exec_action($RCMAIL->task.'.'.$RCMAIL->action);
break;
}
else if (preg_match('/^plugin\./', $RCMAIL->action)) {
$RCMAIL->plugins->exec_action($RCMAIL->action);
break;
}
// try to include the step file
else if (($stepfile = $RCMAIL->get_action_file())
&& is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/'.$stepfile)
) {
// include action file only once (in case it don't exit)
include_once $incfile;
$redirects++;
}
else {
break;
}
}
if ($RCMAIL->action == 'refresh') {
$RCMAIL->plugins->exec_hook('refresh', array('last' => intval(rcube_utils::get_input_value('_last', rcube_utils::INPUT_GPC))));
$RCMAIL->plugins->exec_hook('refresh', array('last' => intval(rcube_utils::get_input_value('_last', rcube_utils::INPUT_GPC))));
}
// parse main template (default)
$OUTPUT->send($RCMAIL->task);
// if we arrive here, something went wrong
rcmail::raise_error(array(
'code' => 404,
'type' => 'php',
'line' => __LINE__,
'file' => __FILE__,
'message' => "Invalid request"), true, true);
'code' => 404,
'type' => 'php',
'line' => __LINE__,
'file' => __FILE__,
'message' => "Invalid request"), true, true);

2
program/include/clisetup.php
View File

@ -20,7 +20,7 @@
*/
if (php_sapi_name() != 'cli') {
die('Not on the "shell" (php-cli).');
die('Not on the "shell" (php-cli).');
}
require_once INSTALL_PATH . 'program/include/iniset.php';

1
program/include/iniset.php
View File

@ -84,4 +84,3 @@ function rcmail_autoload($classname)
return false;
}

1689
program/include/rcmail.php
File diff suppressed because it is too large
View File

5
program/include/rcmail_html_page.php
View File

@ -38,11 +38,12 @@ class rcmail_html_page extends rcmail_output_html
}
else { // set default styles for warning blocks inside the attachment part frame
$this->add_header(html::tag('style', array('type' => 'text/css'),
".rcmail-inline-message { font-family: sans-serif; border:2px solid #ffdf0e; background:#fef893; padding:0.6em 1em; margin-bottom:0.6em }\n" .
".rcmail-inline-message { font-family: sans-serif; border:2px solid #ffdf0e;"
. "background:#fef893; padding:0.6em 1em; margin-bottom:0.6em }\n" .
".rcmail-inline-buttons { margin-bottom:0 }"
));
}
parent::write($contents);
}
}
}

7
program/include/rcmail_output_html.php
View File

@ -5,7 +5,7 @@
| program/include/rcmail_output_html.php |
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2006-2012, The Roundcube Dev Team |
| Copyright (C) 2006-2013, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@ -83,9 +83,9 @@ class rcmail_output_html extends rcmail_output
$this->set_env('skin', $skin);
if (!empty($_REQUEST['_extwin']))
$this->set_env('extwin', 1);
$this->set_env('extwin', 1);
if ($this->framed || !empty($_REQUEST['_framed']))
$this->set_env('framed', 1);
$this->set_env('framed', 1);
// add common javascripts
$this->add_script('var '.self::JS_OBJECT_NAME.' = new rcube_webmail();', 'head_top');
@ -119,6 +119,7 @@ class rcmail_output_html extends rcmail_output
public function set_env($name, $value, $addtojs = true)
{
$this->env[$name] = $value;
if ($addtojs || isset($this->js_env[$name])) {
$this->js_env[$name] = $value;
}

21
program/include/rcmail_string_replacer.php
View File

@ -5,7 +5,7 @@
| program/include/rcmail_string_replacer.php |
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2012, The Roundcube Dev Team |
| Copyright (C) 2012-2013, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@ -19,7 +19,6 @@
+-----------------------------------------------------------------------+
*/
/**
* Helper class for turning URLs and email addresses in plaintext content
* into clickable links.
@ -40,15 +39,15 @@ class rcmail_string_replacer extends rcube_string_replacer
*/
public function mailto_callback($matches)
{
$href = $matches[1];
$suffix = $this->parse_url_brackets($href);
$href = $matches[1];
$suffix = $this->parse_url_brackets($href);
$i = $this->add(html::a(array(
'href' => 'mailto:' . $href,
'onclick' => "return ".rcmail_output::JS_OBJECT_NAME.".command('compose','".rcube::JQ($href)."',this)",
), rcube::Q($href)) . $suffix);
$i = $this->add(html::a(array(
'href' => 'mailto:' . $href,
'onclick' => "return ".rcmail_output::JS_OBJECT_NAME.".command('compose','".rcube::JQ($href)."',this)",
),
rcube::Q($href)) . $suffix);
return $i >= 0 ? $this->get_replacement($i) : '';
return $i >= 0 ? $this->get_replacement($i) : '';
}
}
}

7
program/lib/Roundcube/rcube.php
View File

@ -1152,7 +1152,6 @@ class rcube
// handle PHP exceptions
if (is_object($arg) && is_a($arg, 'Exception')) {
$arg = array(
'type' => 'php',
'code' => $arg->getCode(),
'line' => $arg->getLine(),
'file' => $arg->getFile(),
@ -1160,7 +1159,7 @@ class rcube
);
}
else if (is_string($arg)) {
$arg = array('message' => $arg, 'type' => 'php');
$arg = array('message' => $arg);
}
if (empty($arg['code'])) {
@ -1176,7 +1175,7 @@ class rcube
$cli = php_sapi_name() == 'cli';
if (($log || $terminate) && !$cli && $arg['type'] && $arg['message']) {
if (($log || $terminate) && !$cli && $arg['message']) {
$arg['fatal'] = $terminate;
self::log_bug($arg);
}
@ -1204,7 +1203,7 @@ class rcube
*/
public static function log_bug($arg_arr)
{
$program = strtoupper($arg_arr['type']);
$program = strtoupper(!empty($arg_arr['type']) ? $arg_arr['type'] : 'php');
$level = self::get_instance()->config->get('debug_level');
// disable errors for ajax requests, write to log instead (#1487831)

Write Preview
Loading…
Cancel
Save