Installer: Move logon warning code into rcmail_install, change colors, fix link

1 month ago · ded28db823
4 changed files with 23 additions and 11 deletions
--- a/installer/styles.css
+++ b/installer/styles.css
@ -224,8 +224,8 @@ a.removelink {
 p.warning,
 div.warning {
  padding: 1em;
-  background-color: #ef9398;
-  border: 2px solid #dc5757;
+  background-color: #ffff66;
+  border: 1px solid #ffc300;
 }

 h3.warning {
--- a/program/include/rcmail_install.php
+++ b/program/include/rcmail_install.php
@ -1031,6 +1031,21 @@ class rcmail_install
        $this->last_error = $p;
    }

+    /**
+     * Content of the logon warning about enabled installer
+     */
+    public static function logonWarning()
+    {
+        return html::div(
+            ['id' => 'login-addon', 'style' => 'background:#ffff66; border:1px solid #ffc300; padding:0.5em; margin:2em auto; width:50em'],
+            '<h2>The Installer is still accessible</h2>'
+            . '<p>The install script of your Roundcube installation is still available to everyone!</p>'
+            . '<p>Please <b>remove</b> the <tt>public_html/installer.php</tt> file from the Roundcube directory because'
+            . ' it may expose sensitive configuration data like server passwords and encryption keys'
+            . ' to the public. Make sure you cannot access <a href="installer.php">the script</a> from your browser.</p>'
+        );
+    }
+
    /**
     * Check if vendor/autoload.php was created by Roundcube and left untouched
     *
--- a/program/include/rcmail_output_html.php
+++ b/program/include/rcmail_output_html.php
@ -1084,7 +1084,10 @@ class rcmail_output_html extends rcmail_output
                $prefix = str_repeat('../', count($path) + 1);
            }

-            if (!str_starts_with($location, $prefix . 'static.php') && !str_starts_with($location, 'data:')) {
+            if (!str_starts_with($location, $prefix . 'static.php')
+                && !str_starts_with($location, 'data:')
+                && !str_ends_with($location, '.php')
+            ) {
                $location = $prefix . 'static.php/' . $location;
            }
        }
--- a/public_html/index.php
+++ b/public_html/index.php
@ -229,15 +229,9 @@ if (empty($RCMAIL->user->ID)) {
        $RCMAIL->output->send('iframe');
    }

-    // check if installer is still active
+    // Display a warning if installer is active
    if ($RCMAIL->config->get('enable_installer') && is_readable(__DIR__ . '/installer.php')) {
-        $RCMAIL->output->add_footer(html::div(['id' => 'login-addon', 'style' => 'background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em'],
-            html::tag('h2', ['style' => 'margin-top:0.2em'], 'The Installer is still accessible')
-            . html::p(null, 'The install script of your Roundcube installation is still available to everyone!')
-            . html::p(null, 'Please <b>remove</b> the <tt>public_html/installer.php</tt> file from the Roundcube directory because
-                it may expose sensitive configuration data like server passwords and encryption keys
-                to the public. Make sure you cannot access <a href="installer.php">the script</a> from your browser.')
-        ));
+        $RCMAIL->output->add_footer(rcmail_install::logonWarning());
    }

    $plugin = $RCMAIL->plugins->exec_hook('unauthenticated', [