githubFork/roundcubemail.git

			@@ -5,7 +5,7 @@
			\| program/steps/utils/modcss.inc \|
			\| \|
			\| This file is part of the Roundcube Webmail client \|
			\| Copyright (C) 2007-2011, The Roundcube Dev Team \|
			\| Copyright (C) 2007-2012, The Roundcube Dev Team \|
			\| \|
			\| Licensed under the GNU General Public License version 3 or \|
			\| any later version with exceptions for skins & plugins. \|
			@@ -16,83 +16,48 @@
			\| \|
			+-----------------------------------------------------------------------+
			\| Author: Thomas Bruederli <roundcube@gmail.com> \|
			\| Author: Aleksander Machniak <alec@alec.pl> \|
			+-----------------------------------------------------------------------+
			*/

			$source = '';

			$url = preg_replace('![^a-z0-9.-]!i', '', $_GET['_u']);

			if ($url === null \|\| !($realurl = $_SESSION['modcssurls'][$url])) {
			header('HTTP/1.1 403 Forbidden');
			echo "Unauthorized request";
			exit;
			exit("Unauthorized request");
			}

			$a_uri = parse_url($realurl);
			$port = $a_uri['port'] ? $a_uri['port'] : 80;
			$host = $a_uri['host'];
			$path = $a_uri['path'] . ($a_uri['query'] ? '?'.$a_uri['query'] : '');

			// don't allow any other connections than http(s)
			if (strtolower(substr($a_uri['scheme'], 0, 4)) != 'http') {
			if (!preg_match('~^(https?)://~i', $realurl, $matches)) {
			header('HTTP/1.1 403 Forbidden');
			echo "Invalid URL";
			exit;
			exit("Invalid URL");
			}

			// try to open socket connection
			if (!($fp = fsockopen($host, $port, $errno, $error, 15))) {
			header('HTTP/1.1 500 Internal Server Error');
			echo $error;
			exit;
			if (!ini_get('allow_url_fopen')) {
			header('HTTP/1.1 403 Forbidden');
			exit("HTTP connections disabled");
			}

			// set timeout for socket
			stream_set_timeout($fp, 30);
			$scheme = strtolower($matches[1]);
			$options = array(
			$scheme => array(
			'method' => 'GET',
			'timeout' => 15,
			)
			);

			// send request
			$out = "GET $path HTTP/1.0\r\n";
			$out .= "Host: $host\r\n";
			$out .= "Connection: Close\r\n\r\n";
			fwrite($fp, $out);
			$context = stream_context_create($options);
			$source = @file_get_contents($realurl, false, $context);

			// read response
			$header = true;
			$headers = array();
			while (!feof($fp)) {
			$line = trim(fgets($fp, 4048));
			// php.net/manual/en/reserved.variables.httpresponseheader.php
			$headers = implode("\n", (array)$http_response_header);
			$ctype = '~Content-Type:\s+text/(css\|plain)~i';

			if ($header) {
			if (preg_match('/^HTTP\/1\..\s+(\d+)/', $line, $regs)
			&& intval($regs[1]) != 200) {
			break;
			}
			else if (empty($line)) {
			$header = false;
			}
			else {
			list($key, $value) = explode(': ', $line);
			$headers[strtolower($key)] = $value;
			}
			}
			else {
			$source .= "$line\n";
			}
			}
			fclose($fp);

			// check content-type header and mod styles
			$mimetype = strtolower($headers['content-type']);
			if (!empty($source) && in_array($mimetype, array('text/css','text/plain'))) {
			if ($source !== false && preg_match($ctype, $headers)) {
			header('Content-Type: text/css');
			echo rcmail_mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['_c']));
			exit;
			}
			else
			$error = "Invalid response returned by server";

			header('HTTP/1.0 404 Not Found');
			echo $error;
			exit;


			exit("Invalid response returned by server");

	installer/check.php	4 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/utils/modcss.inc	81 ●●●●● patch \| view \| raw \| blame \| history

			@@ -45,7 +45,9 @@
			);

			$optional_checks = array(
			'date.timezone' => '-NOTEMPTY-',
			// required for utils/modcss.inc, should we require this?
			'allow_url_fopen' => 1,
			'date.timezone' => '-NOTEMPTY-',
			);

			$source_urls = array(