From 0bd99db08d1660e02e3b7589c78785ab6be0794d Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 23 Mar 2015 13:33:40 -0400
Subject: [PATCH] Localize common error messages; improve explanation for CSRF check failures
---
program/include/rcmail_output_html.php | 2 +-
program/steps/utils/error.inc | 46 ++++++++++++++++++++++++++++------------------
program/localization/en_US/messages.inc | 9 +++++++++
3 files changed, 38 insertions(+), 19 deletions(-)
diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php
index c6c43b5..365c403 100644
--- a/program/include/rcmail_output_html.php
+++ b/program/include/rcmail_output_html.php
@@ -584,7 +584,7 @@
// read template file
if (!$path || ($templ = @file_get_contents($path)) === false) {
rcube::raise_error(array(
- 'code' => 501,
+ 'code' => 404,
'type' => 'php',
'line' => __LINE__,
'file' => __FILE__,
diff --git a/program/localization/en_US/messages.inc b/program/localization/en_US/messages.inc
index e0de365..bcf89a4 100644
--- a/program/localization/en_US/messages.inc
+++ b/program/localization/en_US/messages.inc
@@ -180,5 +180,14 @@
$messages['attachmentvalidationerror'] = 'WARNING! This attachment is suspicious because its type doesn\'t match the type declared in the message. If you do not trust the sender, you shouldn\'t open it in the browser because it may contain malicious contents.<br/><br/><em>Expected: $expected; found: $detected</em>';
$messages['noscriptwarning'] = 'Warning: This webmail service requires Javascript! In order to use it please enable Javascript in your browser\'s settings.';
$messages['messageissent'] = 'The message was already sent, but not saved yet. Do you want to save it now?';
+$messages['errnotfound'] = 'File Not Found';
+$messages['errnotfoundexplain'] = 'The requested resource was not found!';
+$messages['errfailedrequest'] = 'Failed request';
+$messages['errauthorizationfailed'] = 'Authorization Failed';
+$messages['errunauthorizedexplain'] = 'Could not verify that you are authorized to access this service!';
+$messages['errrequestcheckfailed'] = 'Request Check Failed';
+$messages['errcsrfprotectionexplain'] = "For your protection, access to this resource is secured against CSRF.\nYou probably didn't log out before leaving the web application.\n\nHuman interaction is now required to continue.";
+$messages['errcontactserveradmin'] = 'Please contact your server-administrator.';
+$messages['clicktoresumesession'] = 'Click here to resume your previous session';
?>
diff --git a/program/steps/utils/error.inc b/program/steps/utils/error.inc
index 6bbc57f..16fbb03 100644
--- a/program/steps/utils/error.inc
+++ b/program/steps/utils/error.inc
@@ -5,7 +5,7 @@
| program/steps/utils/error.inc |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2013, The Roundcube Dev Team |
+ | Copyright (C) 2005-2015, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@@ -43,37 +43,33 @@
// authorization error
else if ($ERROR_CODE == 401) {
- $__error_title = "AUTHORIZATION FAILED";
- $__error_text = "Could not verify that you are authorized to access this service!<br />\n"
- . "Please contact your server-administrator.";
+ $__error_title = strtoupper($rcmail->gettext('errauthorizationfailed'));
+ $__error_text = nl2br($rcmail->gettext('errunauthorizedexplain') . "\n" .
+ $rcmail->gettext('errcontactserveradmin'));
}
// forbidden due to request check
else if ($ERROR_CODE == 403) {
if ($_SERVER['REQUEST_METHOD'] == 'GET' && $rcmail->request_status == rcube::REQUEST_ERROR_URL) {
- parse_str($_SERVER['QUERY_STRING'], $url);
- $url = $rcmail->url($url, true, false, true);
- $add = "<br /><a href=\"$url\">Click here to try again.<a/>";
+ $url = $rcmail->url($_GET, true, false, true);
+ $add = html::a($url, $rcmail->gettext('clicktoresumesession'));
}
else {
- $add = "Please contact your server-administrator.";
+ $add = $rcmail->gettext('errcontactserveradmin');
}
- $__error_title = "REQUEST CHECK FAILED";
- $__error_text = "Access to this service was denied due to failing security checks!<br />\n$add";
+ $__error_title = strtoupper($rcmail->gettext('errrequestcheckfailed'));
+ $__error_text = nl2br($rcmail->gettext('errcsrfprotectionexplain')) . '<p>' . $add . '</p>';
}
// failed request (wrong step in URL)
else if ($ERROR_CODE == 404) {
$request_url = htmlentities($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
- $__error_title = "REQUEST FAILED/FILE NOT FOUND";
- $__error_text = <<<EOF
-The requested page was not found!<br />
-Please contact your server-administrator.
+ $__error_title = strtoupper($rcmail->gettext('errnotfound'));
+ $__error_text = nl2br($rcmail->gettext('errnotfoundexplain') . "\n" .
+ $rcmail->gettext('errcontactserveradmin'));
-<p><i>Failed request:</i><br />
-http://$request_url</p>
-EOF;
+ $__error_text .= '<p><i>' . $rcmail->gettext('errfailedrequest') . ":</i><br />\n<tt>//$request_url</tt></p>";
}
// database connection error
@@ -101,6 +97,20 @@
}
}
+// inform plugins
+if ($rcmail && $rcmail->plugins) {
+ $plugin = $rcmail->plugins->exec_hook('error_page', array(
+ 'code' => $ERROR_CODE,
+ 'title' => $__error_title,
+ 'text' => $__error_text,
+ ));
+
+ if (!empty($plugin['title']))
+ $__error_title = $plugin['title'];
+ if (!empty($plugin['text']))
+ $__error_text = $plugin['text'];
+}
+
$HTTP_ERR_CODE = $ERROR_CODE && $ERROR_CODE < 600 ? $ERROR_CODE : 500;
// Ajax request
@@ -113,7 +123,7 @@
$__page_content = <<<EOF
<div>
<h3 class="error-title">$__error_title</h3>
-<p class="error-text">$__error_text</p>
+<div class="error-text">$__error_text</div>
</div>
EOF;
--
Gitblit v1.9.1