| | |
| | | } |
| | | |
| | | ini_set('session.cookie_secure', $is_secure); |
| | | ini_set('session.name', $sess_name ? $sess_name : 'roundcube_sessid'); |
| | | ini_set('session.name', $sess_name ?: 'roundcube_sessid'); |
| | | ini_set('session.use_cookies', 1); |
| | | ini_set('session.use_only_cookies', 1); |
| | | ini_set('session.cookie_httponly', 1); |
| | |
| | | $attrib = array('name' => $attrib); |
| | | } |
| | | |
| | | $name = $attrib['name'] ? $attrib['name'] : ''; |
| | | $name = (string) $attrib['name']; |
| | | |
| | | // attrib contain text values: use them from now |
| | | if (($setval = $attrib[strtolower($_SESSION['language'])]) || ($setval = $attrib['en_us'])) { |
| | |
| | | // replace vars in text |
| | | if (is_array($attrib['vars'])) { |
| | | foreach ($attrib['vars'] as $var_key => $var_value) { |
| | | $text = str_replace($var_key[0]!='$' ? '$'.$var_key : $var_key, $var_value, $text); |
| | | $text = str_replace($var_key[0] != '$' ? '$'.$var_key : $var_key, $var_value, $text); |
| | | } |
| | | } |
| | | |
| | |
| | | */ |
| | | public function load_language($lang = null, $add = array(), $merge = array()) |
| | | { |
| | | $lang = $this->language_prop(($lang ? $lang : $_SESSION['language'])); |
| | | $lang = $this->language_prop($lang ?: $_SESSION['language']); |
| | | |
| | | // load localized texts |
| | | if (empty($this->texts) || $lang != $_SESSION['language']) { |
| | |
| | | } |
| | | |
| | | /** |
| | | * Encrypt using 3DES |
| | | * Encrypt a string |
| | | * |
| | | * @param string $clear Clear text input |
| | | * @param string $key Encryption key to retrieve from the configuration, defaults to 'des_key' |
| | | * @param boolean $base64 Whether or not to base64_encode() the result before returning |
| | | * |
| | | * @return string encrypted text |
| | | * @return string Encrypted text |
| | | */ |
| | | public function encrypt($clear, $key = 'des_key', $base64 = true) |
| | | { |
| | | if (!$clear) { |
| | | if (!is_string($clear) || !strlen($clear)) { |
| | | return ''; |
| | | } |
| | | |
| | | // Add a single canary byte to the end of the clear text, which |
| | | // will help find out how much of padding will need to be removed |
| | | // upon decryption; see http://php.net/mcrypt_generic#68082. |
| | | $clear = pack("a*H2", $clear, "80"); |
| | | $ckey = $this->config->get_crypto_key($key); |
| | | $method = 'DES-EDE3-CBC'; |
| | | $method = $this->config->get_crypto_method(); |
| | | $opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true; |
| | | $iv = rcube_utils::random_bytes(openssl_cipher_iv_length($method), true); |
| | | $cipher = $iv . openssl_encrypt($clear, $method, $ckey, $opts, $iv); |
| | |
| | | } |
| | | |
| | | /** |
| | | * Decrypt 3DES-encrypted string |
| | | * Decrypt a string |
| | | * |
| | | * @param string $cipher Encrypted text |
| | | * @param string $key Encryption key to retrieve from the configuration, defaults to 'des_key' |
| | | * @param boolean $base64 Whether or not input is base64-encoded |
| | | * |
| | | * @return string decrypted text |
| | | * @return string Decrypted text |
| | | */ |
| | | public function decrypt($cipher, $key = 'des_key', $base64 = true) |
| | | { |
| | |
| | | return ''; |
| | | } |
| | | |
| | | $cipher = $base64 ? base64_decode($cipher) : $cipher; |
| | | $ckey = $this->config->get_crypto_key($key); |
| | | |
| | | $method = 'DES-EDE3-CBC'; |
| | | $cipher = $base64 ? base64_decode($cipher) : $cipher; |
| | | $ckey = $this->config->get_crypto_key($key); |
| | | $method = $this->config->get_crypto_method(); |
| | | $opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true; |
| | | $iv_size = openssl_cipher_iv_length($method); |
| | | $iv = substr($cipher, 0, $iv_size); |
| | |
| | | |
| | | $cipher = substr($cipher, $iv_size); |
| | | $clear = openssl_decrypt($cipher, $method, $ckey, $opts, $iv); |
| | | |
| | | // Trim PHP's padding and the canary byte; see note in |
| | | // rcube::encrypt() and http://php.net/mcrypt_generic#68082 |
| | | $clear = substr(rtrim($clear, "\0"), 0, -1); |
| | | |
| | | return $clear; |
| | | } |
| | |
| | | */ |
| | | public function get_request_token() |
| | | { |
| | | $sess_id = $_COOKIE[ini_get('session.name')]; |
| | | if (!$sess_id) { |
| | | $sess_id = session_id(); |
| | | if (empty($_SESSION['request_token'])) { |
| | | $plugin = $this->plugins->exec_hook('request_token', array( |
| | | 'value' => rcube_utils::random_bytes(32))); |
| | | |
| | | $_SESSION['request_token'] = $plugin['value']; |
| | | } |
| | | |
| | | $plugin = $this->plugins->exec_hook('request_token', array( |
| | | 'value' => md5('RT' . $this->get_user_id() . $this->config->get('des_key') . $sess_id))); |
| | | |
| | | return $plugin['value']; |
| | | return $_SESSION['request_token']; |
| | | } |
| | | |
| | | /** |
| | |
| | | |
| | | // trigger logging hook |
| | | if (is_object(self::$instance) && is_object(self::$instance->plugins)) { |
| | | $log = self::$instance->plugins->exec_hook('write_log', array('name' => $name, 'date' => $date, 'line' => $line)); |
| | | $log = self::$instance->plugins->exec_hook('write_log', |
| | | array('name' => $name, 'date' => $date, 'line' => $line)); |
| | | |
| | | $name = $log['name']; |
| | | $line = $log['line']; |
| | | $date = $log['date']; |
| | | if ($log['abort']) |
| | | |
| | | if ($log['abort']) { |
| | | return true; |
| | | } |
| | | } |
| | | |
| | | // add session ID to the log |
| | |
| | | // per-user logging is activated |
| | | if (self::$instance && self::$instance->config->get('per_user_logging', false) && self::$instance->get_user_id()) { |
| | | $log_dir = self::$instance->get_user_log_dir(); |
| | | if (empty($log_dir)) |
| | | if (empty($log_dir) && $name != 'errors') { |
| | | return false; |
| | | } |
| | | } |
| | | else if (!empty($log['dir'])) { |
| | | $log_dir = $log['dir']; |
| | | } |
| | | else if (self::$instance) { |
| | | $log_dir = self::$instance->config->get('log_dir'); |
| | | |
| | | if (empty($log_dir)) { |
| | | if (!empty($log['dir'])) { |
| | | $log_dir = $log['dir']; |
| | | } |
| | | else if (self::$instance) { |
| | | $log_dir = self::$instance->config->get('log_dir'); |
| | | } |
| | | } |
| | | |
| | | if (empty($log_dir)) { |
| | | $log_dir = RCUBE_INSTALL_PATH . 'logs'; |
| | | } |
| | | |
| | | // try to open specific log file for writing |
| | | $logfile = $log_dir.'/'.$name; |
| | | |
| | | if ($fp = @fopen($logfile, 'a')) { |
| | | fwrite($fp, $line); |
| | | fflush($fp); |
| | | fclose($fp); |
| | | return true; |
| | | } |
| | | |
| | | trigger_error("Error writing to log file $logfile; Please check permissions", E_USER_WARNING); |
| | | return false; |
| | | return file_put_contents("$log_dir/$name", $line, FILE_APPEND) !== false; |
| | | } |
| | | |
| | | /** |
| | |
| | | */ |
| | | public static function log_bug($arg_arr) |
| | | { |
| | | $program = strtoupper(!empty($arg_arr['type']) ? $arg_arr['type'] : 'php'); |
| | | $program = strtoupper($arg_arr['type'] ?: 'php'); |
| | | $level = self::get_instance()->config->get('debug_level'); |
| | | |
| | | // disable errors for ajax requests, write to log instead (#1487831) |
| | |
| | | |
| | | // write error to local log file |
| | | if (($level & 1) || !empty($arg_arr['fatal'])) { |
| | | $post_query = ''; |
| | | if ($_SERVER['REQUEST_METHOD'] == 'POST') { |
| | | $post_query = '?_task='.urlencode($_POST['_task']).'&_action='.urlencode($_POST['_action']); |
| | | } |
| | | else { |
| | | $post_query = ''; |
| | | foreach (array('_task', '_action') as $arg) { |
| | | if ($_POST[$arg] && !$_GET[$arg]) { |
| | | $post_query[$arg] = $_POST[$arg]; |
| | | } |
| | | } |
| | | |
| | | if (!empty($post_query)) { |
| | | $post_query = (strpos($_SERVER['REQUEST_URI'], '?') != false ? '&' : '?') |
| | | . http_build_query($post_query, '', '&'); |
| | | } |
| | | } |
| | | |
| | | $log_entry = sprintf("%s Error: %s%s (%s %s)", |
| | |
| | | $host = preg_replace('/:[0-9]+$/', '', $host); |
| | | if ($host && preg_match('/\.[a-z]+$/i', $host)) { |
| | | $domain_part = $host; |
| | | break; |
| | | } |
| | | } |
| | | } |
| | |
| | | */ |
| | | protected function message_head($message, $unset = array()) |
| | | { |
| | | // Mail_mime >= 1.9.0 |
| | | if (method_exists($message, 'isMultipart')) { |
| | | foreach ($unset as $header) { |
| | | $headers[$header] = null; |
| | | } |
| | | } |
| | | else { |
| | | $headers = $message->headers(); |
| | | foreach ($unset as $header) { |
| | | unset($headers[$header]); |
| | | } |
| | | $message->_headers = array(); |
| | | // requires Mail_mime >= 1.9.0 |
| | | $headers = array(); |
| | | foreach ((array) $unset as $header) { |
| | | $headers[$header] = null; |
| | | } |
| | | |
| | | return $message->txtHeaders($headers, true); |