Roundcubemail devel
blame | history | patch | commit | commitdiff | ignore whitespace
yllar
2009-08-12 3c69a7a24a76ec5ecf5df91dfdc2ac18010e2694 
 index.php


@@ -2,7 +2,7 @@


/*


 +-------------------------------------------------------------------------+


 | RoundCube Webmail IMAP Client                                           |


 | Version 0.3-20090702                                                    |


 | Version 0.3-20090805                                                    |


 |                                                                         |


 | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                   |


 |                                                                         |


@@ -83,13 +83,15 @@


  $auth = $RCMAIL->plugins->exec_hook('authenticate', array(


    'host' => $RCMAIL->autoselect_host(),


    'user' => trim(get_input_value('_user', RCUBE_INPUT_POST)),


    'cookiecheck' => true,


  )) + array('pass' => get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'));




  // check if client supports cookies


  if (empty($_COOKIE)) {


  if ($auth['cookiecheck'] && empty($_COOKIE)) {


    $OUTPUT->show_message("cookiesdisabled", 'warning');


  }


  else if ($_SESSION['temp'] && !empty($auth['user']) && !empty($auth['host']) && isset($auth['pass']) && 


  else if ($_SESSION['temp'] && !$auth['abort'] && !empty($auth['host']) &&


            !empty($auth['user']) && isset($auth['pass']) && 


            $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])) {


    // create new session ID


    rcube_sess_unset('temp');


@@ -140,13 +142,20 @@


  }


}




// don't check for valid request tokens in these actions


$request_check_whitelist = array('login'=>1, 'spell'=>1);




// check client X-header to verify request origin


if ($OUTPUT->ajax_call) {


  if (!$RCMAIL->config->get('devel_mode') && !rc_request_header('X-RoundCube-Referer')) {


  if (!$RCMAIL->config->get('devel_mode') && rc_request_header('X-RoundCube-Request') != $RCMAIL->get_request_token()) {


    header('HTTP/1.1 404 Not Found');


    die("Invalid Request");


  }


}


// check request token in POST form submissions


else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) {


  $OUTPUT->show_message('invalidrequest', 'error');


  $OUTPUT->send($RCMAIL->task);


}






@@ -217,7 +226,8 @@


);




// include task specific functions


include_once 'program/steps/'.$RCMAIL->task.'/func.inc';


if (is_file($incfile = 'program/steps/'.$RCMAIL->task.'/func.inc'))


  include_once($incfile);




// allow 5 "redirects" to another action


$redirects = 0; $incstep = null;


@@ -231,7 +241,7 @@


    break;


  }


  // try to include the step file


  else if (is_file(($incfile = 'program/steps/'.$RCMAIL->task.'/'.$stepfile))) {


  else if (is_file($incfile = 'program/steps/'.$RCMAIL->task.'/'.$stepfile)) {


    include($incfile);


    $redirects++;


  }