- Option 'force_https' replaced by 'force_https' plugin
- added option 'force_https_port' in 'force_https' plugin (#1486091)
1 files added
3 files modified
| | |
|---|
| | | CHANGELOG RoundCube Webmail |
|---|
| | | =========================== |
|---|
| | | |
|---|
| | | - added option 'force_https_port' in 'force_https' plugin (#1486091) |
|---|
| | | - Option 'force_https' replaced by 'force_https' plugin |
|---|
| | | - Fix IE issue with non-UTF-8 characters in AJAX response (#1486159) |
|---|
| | | - Partially fixed "empty body" issue by showing raw body of malformed message (#1486166) |
|---|
| | | - Fix importing/sending to email address with whitespace (#1486214) |
|---|
| | |
|---|
| | | // possible units: s, m, h, d, w |
|---|
| | | $rcmail_config['message_cache_lifetime'] = '10d'; |
|---|
| | | |
|---|
| | | // enforce connections over https |
|---|
| | | // with this option enabled, all non-secure connections will be redirected |
|---|
| | | $rcmail_config['force_https'] = FALSE; |
|---|
| | | |
|---|
| | | // automatically create a new RoundCube user when log-in the first time. |
|---|
| | | // a new user will be created once the IMAP login succeeds. |
|---|
| | | // set to false if only registered users can use this service |
|---|
| | |
|---|
| | | raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // check if https is required (for login) and redirect if necessary |
|---|
| | | if ($RCMAIL->config->get('force_https', false) && empty($_SESSION['user_id']) |
|---|
| | | && !(isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == 443 || $RCMAIL->config->get('use_https'))) { |
|---|
| | | header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); |
|---|
| | | exit; |
|---|
| | | } |
|---|
| | | |
|---|
| | | // trigger startup plugin hook |
|---|
| | | $startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action)); |
|---|
| | | $RCMAIL->set_task($startup['task']); |
|---|
| | | $RCMAIL->action = $startup['action']; |
|---|
| | | |
|---|
| | | |
|---|
| | | // try to log in |
|---|
| | | if ($RCMAIL->action=='login' && $RCMAIL->task=='mail') { |
|---|
| | |
|---|
| | | $OUTPUT->show_message('invalidrequest', 'error'); |
|---|
| | | $OUTPUT->send($RCMAIL->task); |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | // not logged in -> show login page |
|---|
| | | if (empty($RCMAIL->user->ID)) { |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Enforce secure HTTPs connection for login |
|---|
| | | * |
|---|
| | | * Configuration: |
|---|
| | | * // Port for https connection |
|---|
| | | * $rcmail_config['force_https_port'] = 443; |
|---|
| | | * |
|---|
| | | * @version 1.0 |
|---|
| | | * @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl> |
|---|
| | | */ |
|---|
| | | class force_https extends rcube_plugin |
|---|
| | | { |
|---|
| | | function init() |
|---|
| | | { |
|---|
| | | $this->add_hook('startup', array($this, 'redirect')); |
|---|
| | | } |
|---|
| | | |
|---|
| | | function redirect($args) |
|---|
| | | { |
|---|
| | | $config = rcmail::get_instance()->config; |
|---|
| | | |
|---|
| | | $port = (int) $config->get('force_https_port', 443); |
|---|
| | | |
|---|
| | | // check if https is required (for login) and redirect if necessary |
|---|
| | | if (empty($_SESSION['user_id']) && !$config->get('use_https') |
|---|
| | | && (!isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] != $port)) |
|---|
| | | { |
|---|
| | | header('Location: https://' . $_SERVER['HTTP_HOST'] . ($port != 443 ? ":$port" : '') . $_SERVER['REQUEST_URI']); |
|---|
| | | exit; |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $args; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | ?> |
|---|
