githubFork/roundcubemail.git

Fix XSS issue in href attribute on area tag (#5240, #5241)

Aleksander Machniak

2016-05-06 acf633c73bc8df9a5036bc52d7568f4213ab73c7

commit \| author \| age
619c32	1	<?php
TB	2
	3	if (!class_exists('rcube_install') \|\| !is_object($RCI)) {
	4	die("Not allowed! Please open installer/index.php instead.");
	5	}
	6
	7	?>
c5042d	8	<form action="index.php?_step=3" method="post">
T	9
461a30	10	<h3>Check config file</h3>
354978	11	<?php
T	12
461a30	13	if ($read_config = is_readable(RCUBE_CONFIG_DIR . 'defaults.inc.php')) {
AM	14	$config = $RCI->load_config_file(RCUBE_CONFIG_DIR . 'defaults.inc.php');
	15	if (!empty($config)) {
	16	$RCI->pass('defaults.inc.php');
	17	}
	18	else {
	19	$RCI->fail('defaults.inc.php', 'Syntax error');
	20	}
c5042d	21	}
461a30	22	else {
AM	23	$RCI->fail('defaults.inc.php', 'Unable to read default config file?');
c5042d	24	}
T	25	echo '<br />';
	26
461a30	27	if ($read_config = is_readable(RCUBE_CONFIG_DIR . 'config.inc.php')) {
AM	28	$config = $RCI->load_config_file(RCUBE_CONFIG_DIR . 'config.inc.php');
	29	if (!empty($config)) {
	30	$RCI->pass('config.inc.php');
	31	}
	32	else {
	33	$RCI->fail('config.inc.php', 'Syntax error');
	34	}
c5042d	35	}
461a30	36	else {
AM	37	$RCI->fail('config.inc.php', 'Unable to read file. Did you create the config file?');
c5042d	38	}
461a30	39	echo '<br />';
AM	40
354978	41
e10712	42	if ($RCI->configured && ($messages = $RCI->check_config())) {
T	43	if (is_array($messages['replaced'])) {
	44	echo '<h3 class="warning">Replaced config options</h3>';
	45	echo '<p class="hint">The following config options have been replaced or renamed. ';
	46	echo 'Please update them accordingly in your config files.</p>';
461a30	47
e10712	48	echo '<ul class="configwarings">';
T	49	foreach ($messages['replaced'] as $msg) {
	50	echo html::tag('li', null, html::span('propname', $msg['prop']) .
	51	' was replaced by ' . html::span('propname', $msg['replacement']));
	52	}
	53	echo '</ul>';
	54	}
	55
	56	if (is_array($messages['obsolete'])) {
	57	echo '<h3>Obsolete config options</h3>';
	58	echo '<p class="hint">You still have some obsolete or inexistent properties set. This isn\'t a problem but should be noticed.</p>';
461a30	59
e10712	60	echo '<ul class="configwarings">';
T	61	foreach ($messages['obsolete'] as $msg) {
	62	echo html::tag('li', null, html::span('propname', $msg['prop']) . ($msg['name'] ? ': ' . $msg['name'] : ''));
	63	}
	64	echo '</ul>';
	65	}
461a30	66
AM	67	echo '<p class="suggestion">OK, lazy people can download the updated config file here: ';
	68	echo html::a(array('href' => './?_mergeconfig=1'), 'config.inc.php') . '  ';
e10712	69	echo "</p>";
461a30	70
871ca9	71	if (is_array($messages['dependencies'])) {
T	72	echo '<h3 class="warning">Dependency check failed</h3>';
	73	echo '<p class="hint">Some of your configuration settings require other options to be configured or additional PHP modules to be installed</p>';
461a30	74
871ca9	75	echo '<ul class="configwarings">';
T	76	foreach ($messages['dependencies'] as $msg) {
	77	echo html::tag('li', null, html::span('propname', $msg['prop']) . ': ' . $msg['explain']);
	78	}
	79	echo '</ul>';
	80	}
e10712	81	}
T	82
354978	83	?>
c5042d	84
308f41	85	<h3>Check if directories are writable</h3>
e019f2	86	<p>Roundcube may need to write/save files into these directories</p>
308f41	87	<?php
T	88
461a30	89	$dirs[] = $RCI->config['temp_dir'] ? $RCI->config['temp_dir'] : 'temp';
AM	90	if ($RCI->config['log_driver'] != 'syslog')
	91	$dirs[] = $RCI->config['log_dir'] ? $RCI->config['log_dir'] : 'logs';
b77d0d	92
461a30	93	foreach ($dirs as $dir) {
f130f9	94	$dirpath = rcube_utils::is_absolute_path($dir) ? $dir : INSTALL_PATH . $dir;
461a30	95	if (is_writable(realpath($dirpath))) {
AM	96	$RCI->pass($dir);
	97	$pass = true;
308f41	98	}
461a30	99	else {
AM	100	$RCI->fail($dir, 'not writeable for the webserver');
	101	}
	102	echo '<br />';
308f41	103	}
461a30	104
AM	105	if (!$pass) {
	106	echo '<p class="hint">Use <tt>chmod</tt> or <tt>chown</tt> to grant write privileges to the webserver</p>';
308f41	107	}
T	108
	109	?>
	110
256361	111	<h3>Check DB config</h3>
c5042d	112	<?php
T	113
	114	$db_working = false;
308f41	115	if ($RCI->configured) {
9e8e5f	116	if (!empty($RCI->config['db_dsnw'])) {
91f227	117	$DB = rcube_db::factory($RCI->config['db_dsnw'], '', false);
720e7d	118	$DB->set_debug((bool)$RCI->config['sql_debug']);
c5042d	119	$DB->db_connect('w');
398bff	120
c5042d	121	if (!($db_error_msg = $DB->is_error())) {
T	122	$RCI->pass('DSN (write)');
190e97	123	echo '<br />';
c5042d	124	$db_working = true;
T	125	}
	126	else {
190e97	127	$RCI->fail('DSN (write)', $db_error_msg);
34eab0	128	echo '<p class="hint">Make sure that the configured database exists and that the user has write privileges<br />';
190e97	129	echo 'DSN: ' . $RCI->config['db_dsnw'] . '</p>';
c5042d	130	}
T	131	}
	132	else {
	133	$RCI->fail('DSN (write)', 'not set');
	134	}
	135	}
	136	else {
461a30	137	$RCI->fail('DSN (write)', 'Could not read config file');
c5042d	138	}
T	139
	140	// initialize db with schema found in /SQL/*
	141	if ($db_working && $_POST['initdb']) {
190e97	142	if (!($success = $RCI->init_db($DB))) {
c5042d	143	$db_working = false;
190e97	144	echo '<p class="warning">Please try to inizialize the database manually as described in the INSTALL guide.
T	145	Make sure that the configured database extists and that the user as write privileges</p>';
c5042d	146	}
T	147	}
	148
e6bb83	149	else if ($db_working && $_POST['updatedb']) {
4490d0	150	if (!($success = $RCI->update_db($_POST['version']))) {
AM	151	echo '<p class="warning">Database schema update failed.</p>';
	152	}
e6bb83	153	}
T	154
190e97	155	// test database
c5042d	156	if ($db_working) {
399db1	157	$db_read = $DB->query("SELECT count(*) FROM {$RCI->config['db_prefix']}users");
159691	158	if ($DB->is_error()) {
c5042d	159	$RCI->fail('DB Schema', "Database not initialized");
T	160	echo '<p><input type="submit" name="initdb" value="Initialize database" /></p>';
871ca9	161	$db_working = false;
c5042d	162	}
e6bb83	163	else if ($err = $RCI->db_schema_check($DB, $update = !empty($_POST['updatedb']))) {
871ca9	164	$RCI->fail('DB Schema', "Database schema differs");
e6bb83	165	echo '<ul style="margin:0"><li>' . join("</li>\n<li>", $err) . "</li></ul>";
T	166	$select = $RCI->versions_select(array('name' => 'version'));
4490d0	167	$select->add('0.9 or newer', '');
AM	168	echo '<p class="suggestion">You should run the update queries to get the schema fixed.<br/><br/>Version to update from: ' . $select->show() . ' <input type="submit" name="updatedb" value="Update" /></p>';
871ca9	169	$db_working = false;
T	170	}
c5042d	171	else {
T	172	$RCI->pass('DB Schema');
871ca9	173	echo '<br />';
c5042d	174	}
190e97	175	}
T	176
	177	// more database tests
	178	if ($db_working) {
	179	// write test
50e5ee	180	$insert_id = md5(uniqid());
399db1	181	$db_write = $DB->query("INSERT INTO {$RCI->config['db_prefix']}session (sess_id, created, ip, vars) VALUES (?, ".$DB->now().", '127.0.0.1', 'foo')", $insert_id);
50e5ee	182
T	183	if ($db_write) {
190e97	184	$RCI->pass('DB Write');
399db1	185	$DB->query("DELETE FROM {$RCI->config['db_prefix']}session WHERE sess_id=?", $insert_id);
190e97	186	}
T	187	else {
	188	$RCI->fail('DB Write', $RCI->get_error());
	189	}
871ca9	190	echo '<br />';
190e97	191
T	192	// check timezone settings
c5042d	193	$tz_db = 'SELECT ' . $DB->unixtimestamp($DB->now()) . ' AS tz_db';
T	194	$tz_db = $DB->query($tz_db);
	195	$tz_db = $DB->fetch_assoc($tz_db);
	196	$tz_db = (int) $tz_db['tz_db'];
	197	$tz_local = (int) time();
	198	$tz_diff = $tz_local - $tz_db;
	199
	200	// sometimes db and web servers are on separate hosts, so allow a 30 minutes delta
	201	if (abs($tz_diff) > 1800) {
	202	$RCI->fail('DB Time', "Database time differs {$td_ziff}s from PHP time");
190e97	203	}
T	204	else {
c5042d	205	$RCI->pass('DB Time');
T	206	}
	207	}
	208
	209	?>
	210
8f49e4	211	<h3>Test filetype detection</h3>
TB	212
	213	<?php
	214
	215	if ($errors = $RCI->check_mime_detection()) {
	216	$RCI->fail('Fileinfo/mime_content_type configuration');
	217	if (!empty($RCI->config['mime_magic'])) {
	218	echo '<p class="hint">Try setting the <tt>mime_magic</tt> config option to <tt>null</tt>.</p>';
	219	}
	220	else {
	221	echo '<p class="hint">Check the <a href="http://www.php.net/manual/en/function.finfo-open.php">Fileinfo functions</a> of your PHP installation.<br/>';
	222	echo 'The path to the magic.mime file can be set using the <tt>mime_magic</tt> config option in Roundcube.</p>';
	223	}
	224	}
	225	else {
	226	$RCI->pass('Fileinfo/mime_content_type configuration');
9cf50d	227	echo "<br/>";
8f49e4	228	}
TB	229
	230
	231	if ($errors = $RCI->check_mime_extensions()) {
	232	$RCI->fail('Mimetype to file extension mapping');
	233	echo '<p class="hint">Please set a valid path to your webserver\'s mime.types file to the <tt>mime_types</tt> config option.<br/>';
	234	echo 'If you can\'t find such a file, download it from <a href="http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types">svn.apache.org</a>.</p>';
	235	}
	236	else {
	237	$RCI->pass('Mimetype to file extension mapping');
9cf50d	238	echo "<br/>";
8f49e4	239	}
TB	240
	241	?>
	242
	243
256361	244	<h3>Test SMTP config</h3>
ad43e6	245
T	246	<p>
058eb6	247	Server: <?php echo rcube_parse_host($RCI->getprop('smtp_server', 'PHP mail()')); ?><br />
ad43e6	248	Port: <?php echo $RCI->getprop('smtp_port'); ?><br />
fa7539	249
T	250	<?php
	251
	252	if ($RCI->getprop('smtp_server')) {
	253	$user = $RCI->getprop('smtp_user', '(none)');
	254	$pass = $RCI->getprop('smtp_pass', '(none)');
	255
	256	if ($user == '%u') {
47124c	257	$user_field = new html_inputfield(array('name' => '_smtp_user'));
7635d2	258	$user = $user_field->show($_POST['_smtp_user']);
fa7539	259	}
T	260	if ($pass == '%p') {
47124c	261	$pass_field = new html_passwordfield(array('name' => '_smtp_pass'));
fa7539	262	$pass = $pass_field->show();
T	263	}
	264
	265	echo "User: $user<br />";
	266	echo "Password: $pass<br />";
	267	}
27564f	268
47124c	269	$from_field = new html_inputfield(array('name' => '_from', 'id' => 'sendmailfrom'));
T	270	$to_field = new html_inputfield(array('name' => '_to', 'id' => 'sendmailto'));
fa7539	271
T	272	?>
ad43e6	273	</p>
T	274
	275	<?php
	276
256361	277	if (isset($_POST['sendmail'])) {
A	278
ad43e6	279	echo '<p>Trying to send email...<br />';
256361	280
e99991	281	$from = idn_to_ascii(trim($_POST['_from']));
A	282	$to = idn_to_ascii(trim($_POST['_to']));
2c3d81	283
e99991	284	if (preg_match('/^' . $RCI->email_pattern . '$/i', $from) &&
A	285	preg_match('/^' . $RCI->email_pattern . '$/i', $to)
	286	) {
ad43e6	287	$headers = array(
e99991	288	'From' => $from,
A	289	'To' => $to,
e019f2	290	'Subject' => 'Test message from Roundcube',
ad43e6	291	);
T	292
e019f2	293	$body = 'This is a test to confirm that Roundcube can send email.';
ad43e6	294	$smtp_response = array();
e99991	295
fa7539	296	// send mail using configured SMTP server
T	297	if ($RCI->getprop('smtp_server')) {
	298	$CONFIG = $RCI->config;
2c3d81	299
7635d2	300	if (!empty($_POST['_smtp_user'])) {
T	301	$CONFIG['smtp_user'] = $_POST['_smtp_user'];
	302	}
	303	if (!empty($_POST['_smtp_pass'])) {
	304	$CONFIG['smtp_pass'] = $_POST['_smtp_pass'];
	305	}
	306
e987db	307	$mail_object = new Mail_mime();
fa7539	308	$send_headers = $mail_object->headers($headers);
2c3d81	309
A	310	$SMTP = new rcube_smtp();
d1dd13	311	$SMTP->connect(rcube_parse_host($RCI->getprop('smtp_server')),
A	312	$RCI->getprop('smtp_port'), $CONFIG['smtp_user'], $CONFIG['smtp_pass']);
2c3d81	313
A	314	$status = $SMTP->send_mail($headers['From'], $headers['To'],
	315	($foo = $mail_object->txtHeaders($send_headers)), $body);
	316
	317	$smtp_response = $SMTP->get_response();
fa7539	318	}
T	319	else { // use mail()
	320	$header_str = 'From: ' . $headers['From'];
	321
	322	if (ini_get('safe_mode'))
	323	$status = mail($headers['To'], $headers['Subject'], $body, $header_str);
	324	else
	325	$status = mail($headers['To'], $headers['Subject'], $body, $header_str, '-f'.$headers['From']);
	326
	327	if (!$status)
	328	$smtp_response[] = 'Mail delivery with mail() failed. Check your error logs for details';
	329	}
ad43e6	330
T	331	if ($status) {
	332	$RCI->pass('SMTP send');
	333	}
	334	else {
	335	$RCI->fail('SMTP send', join('; ', $smtp_response));
	336	}
	337	}
	338	else {
	339	$RCI->fail('SMTP send', 'Invalid sender or recipient');
	340	}
97d659	341
T	342	echo '</p>';
ad43e6	343	}
T	344
	345	?>
	346
	347	<table>
	348	<tbody>
27564f	349	<tr>
T	350	<td><label for="sendmailfrom">Sender</label></td>
	351	<td><?php echo $from_field->show($_POST['_from']); ?></td>
	352	</tr>
	353	<tr>
	354	<td><label for="sendmailto">Recipient</label></td>
	355	<td><?php echo $to_field->show($_POST['_to']); ?></td>
	356	</tr>
ad43e6	357	</tbody>
T	358	</table>
	359
	360	<p><input type="submit" name="sendmail" value="Send test mail" /></p>
	361
	362
256361	363	<h3>Test IMAP config</h3>
27564f	364
T	365	<?php
	366
112c54	367	$default_hosts = $RCI->get_hostlist();
T	368	if (!empty($default_hosts)) {
47124c	369	$host_field = new html_select(array('name' => '_host', 'id' => 'imaphost'));
112c54	370	$host_field->add($default_hosts);
T	371	}
	372	else {
47124c	373	$host_field = new html_inputfield(array('name' => '_host', 'id' => 'imaphost'));
112c54	374	}
27564f	375
47124c	376	$user_field = new html_inputfield(array('name' => '_user', 'id' => 'imapuser'));
T	377	$pass_field = new html_passwordfield(array('name' => '_pass', 'id' => 'imappass'));
27564f	378
T	379	?>
	380
	381	<table>
	382	<tbody>
	383	<tr>
	384	<td><label for="imaphost">Server</label></td>
112c54	385	<td><?php echo $host_field->show($_POST['_host']); ?></td>
27564f	386	</tr>
T	387	<tr>
	388	<td>Port</td>
	389	<td><?php echo $RCI->getprop('default_port'); ?></td>
	390	</tr>
	391	<tr>
	392	<td><label for="imapuser">Username</label></td>
	393	<td><?php echo $user_field->show($_POST['_user']); ?></td>
	394	</tr>
	395	<tr>
	396	<td><label for="imappass">Password</label></td>
	397	<td><?php echo $pass_field->show(); ?></td>
	398	</tr>
	399	</tbody>
	400	</table>
	401
	402	<?php
	403
	404	if (isset($_POST['imaptest']) && !empty($_POST['_host']) && !empty($_POST['_user'])) {
3be904	405
27564f	406	echo '<p>Connecting to ' . Q($_POST['_host']) . '...<br />';
3be904	407
A	408	$imap_host = trim($_POST['_host']);
	409	$imap_port = $RCI->getprop('default_port');
	410	$a_host = parse_url($imap_host);
	411
27564f	412	if ($a_host['host']) {
T	413	$imap_host = $a_host['host'];
3be904	414	$imap_ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? $a_host['scheme'] : null;
A	415	if (isset($a_host['port']))
	416	$imap_port = $a_host['port'];
	417	else if ($imap_ssl && $imap_ssl != 'tls' && (!$imap_port \|\| $imap_port == 143))
	418	$imap_port = 993;
27564f	419	}
e99991	420
A	421	$imap_host = idn_to_ascii($imap_host);
	422	$imap_user = idn_to_ascii($_POST['_user']);
	423
27564f	424	$imap = new rcube_imap(null);
16ce14	425	$imap->set_options(array(
AM	426	'auth_type' => $RCI->getprop('imap_auth_type'),
	427	'debug' => $RCI->getprop('imap_debug'),
	428	));
	429
e99991	430	if ($imap->connect($imap_host, $imap_user, $_POST['_pass'], $imap_port, $imap_ssl)) {
27564f	431	$RCI->pass('IMAP connect', 'SORT capability: ' . ($imap->get_capability('SORT') ? 'yes' : 'no'));
T	432	$imap->close();
	433	}
	434	else {
	435	$RCI->fail('IMAP connect', $RCI->get_error());
	436	}
	437	}
	438
	439	?>
	440
	441	<p><input type="submit" name="imaptest" value="Check login" /></p>
c5042d	442
354978	443	</form>
T	444
27564f	445	<hr />
T	446
354978	447	<p class="warning">
T	448
	449	After completing the installation and the final tests please <b>remove</b> the whole
8062c0	450	installer folder from the document root of the webserver or make sure that
461a30	451	<tt>enable_installer</tt> option in <tt>config.inc.php</tt> is disabled.<br />
354978	452	<br />
T	453
	454	These files may expose sensitive configuration data like server passwords and encryption keys
	455	to the public. Make sure you cannot access this installer from your browser.
	456
	457	</p>