Roundcubemail devel
blame | history | patch | commit | commitdiff | ignore whitespace
thomascube
2009-07-23 efbe9ea781154c32ff8913eae95965c2f2ae8d9a 
 index.php


@@ -2,7 +2,7 @@


/*


 +-------------------------------------------------------------------------+


 | RoundCube Webmail IMAP Client                                           |


 | Version 0.3-20090419                                                    |


 | Version 0.3-20090721                                                    |


 |                                                                         |


 | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                   |


 |                                                                         |


@@ -63,6 +63,11 @@


  raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);


}




// check if https is required (for login) and redirect if necessary


if ($RCMAIL->config->get('force_https', false) && empty($_SESSION['user_id']) && !(isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == 443)) {


  header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);


  exit;


}




// trigger startup plugin hook


$startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));


@@ -121,7 +126,7 @@


}




// end session


else if (($RCMAIL->task=='logout' || $RCMAIL->action=='logout') && isset($_SESSION['user_id'])) {


else if ($RCMAIL->task=='logout' && isset($_SESSION['user_id'])) {


  $OUTPUT->show_message('loggedout');


  $RCMAIL->logout_actions();


  $RCMAIL->kill_session();


@@ -138,10 +143,15 @@




// check client X-header to verify request origin


if ($OUTPUT->ajax_call) {


  if (!$RCMAIL->config->get('devel_mode') && !rc_request_header('X-RoundCube-Referer')) {


  if (!$RCMAIL->config->get('devel_mode') && rc_request_header('X-RoundCube-Request') != $RCMAIL->get_request_token()) {


    header('HTTP/1.1 404 Not Found');


    die("Invalid Request");


  }


}


// check request token in POST form submissions


else if (!empty($_POST) && !$RCMAIL->check_request()) {


  $OUTPUT->show_message('invalidrequest', 'error');


  $OUTPUT->send($RCMAIL->task);


}






@@ -212,7 +222,8 @@


);




// include task specific functions


include_once 'program/steps/'.$RCMAIL->task.'/func.inc';


if (is_file($incfile = 'program/steps/'.$RCMAIL->task.'/func.inc'))


  include_once($incfile);




// allow 5 "redirects" to another action


$redirects = 0; $incstep = null;


@@ -226,7 +237,7 @@


    break;


  }


  // try to include the step file


  else if (is_file(($incfile = 'program/steps/'.$RCMAIL->task.'/'.$stepfile))) {


  else if (is_file($incfile = 'program/steps/'.$RCMAIL->task.'/'.$stepfile)) {


    include($incfile);


    $redirects++;


  }