From 11526305f506245af55e8ae7ea31faec49dfd98d Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Mon, 02 Mar 2009 12:34:18 -0500
Subject: [PATCH] Revert r2322; this is done in rcmail_html4inline() and now secured + fix tests
---
index.php | 70 ++++++++++++++++++-----------------
1 files changed, 36 insertions(+), 34 deletions(-)
diff --git a/index.php b/index.php
index 699cf19..172d57c 100644
--- a/index.php
+++ b/index.php
@@ -2,9 +2,9 @@
/*
+-------------------------------------------------------------------------+
| RoundCube Webmail IMAP Client |
- | Version 0.2-20080619 |
+ | Version 0.2-20080829 |
| |
- | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland |
+ | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
| |
| This program is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License version 2 |
@@ -30,9 +30,6 @@
// include environment
require_once 'program/include/iniset.php';
-// define global vars
-$OUTPUT_TYPE = 'html';
-
// init application and start session with requested task
$RCMAIL = rcmail::get_instance();
@@ -52,6 +49,14 @@
}
}
+// check if config files had errors
+if ($err_str = $RCMAIL->config->get_error()) {
+ raise_error(array(
+ 'code' => 601,
+ 'type' => 'php',
+ 'message' => $err_str), false, true);
+}
+
// check DB connections and exit on failure
if ($err_str = $DB->is_error()) {
raise_error(array(
@@ -60,7 +65,6 @@
'message' => $err_str), FALSE, TRUE);
}
-
// error steps
if ($RCMAIL->action=='error' && !empty($_GET['_code'])) {
raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
@@ -68,35 +72,39 @@
// try to log in
if ($RCMAIL->action=='login' && $RCMAIL->task=='mail') {
+ // purge the session in case of new login when a session already exists
+ $RCMAIL->kill_session();
+
+ // set IMAP host
$host = $RCMAIL->autoselect_host();
// check if client supports cookies
if (empty($_COOKIE)) {
$OUTPUT->show_message("cookiesdisabled", 'warning');
}
- else if ($_SESSION['temp'] && !empty($_POST['_user']) && isset($_POST['_pass']) &&
+ else if ($_SESSION['temp'] && !empty($_POST['_user']) && !empty($_POST['_pass']) &&
$RCMAIL->login(trim(get_input_value('_user', RCUBE_INPUT_POST), ' '),
get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'), $host)) {
// create new session ID
unset($_SESSION['temp']);
- sess_regenerate_id();
+ rcube_sess_regenerate_id();
// send auth cookie if necessary
$RCMAIL->authenticate_session();
// log successful login
- if ($RCMAIL->config->get('log_logins') && $RCMAIL->config->get('debug_level') & 1)
- console(sprintf('Successful login for %s (id %d) from %s',
- trim(get_input_value('_user', RCUBE_INPUT_POST), ' '),
- $_SESSION['user_id'],
- $_SERVER['REMOTE_ADDR']));
+ if ($RCMAIL->config->get('log_logins')) {
+ write_log('userlogins', sprintf('Successful login for %s (id %d) from %s',
+ $RCMAIL->user->get_username(),
+ $RCMAIL->user->ID,
+ $_SERVER['REMOTE_ADDR']));
+ }
// send redirect
- header("Location: {$RCMAIL->comm_path}");
- exit;
+ $OUTPUT->redirect();
}
else {
- $OUTPUT->show_message($IMAP->error_code == -1 ? 'imaperror' : 'loginfailed', 'warning');
+ $OUTPUT->show_message($IMAP->error_code < -1 ? 'imaperror' : 'loginfailed', 'warning');
$RCMAIL->kill_session();
}
}
@@ -117,17 +125,9 @@
}
-// log in to imap server
-if (!empty($RCMAIL->user->ID) && $RCMAIL->task == 'mail') {
- if (!$RCMAIL->imap_connect()) {
- $RCMAIL->kill_session();
- }
-}
-
-
// check client X-header to verify request origin
if ($OUTPUT->ajax_call) {
- if ($RCMAIL->config->get('devel_mode') && !rc_request_header('X-RoundCube-Referer')) {
+ if (!$RCMAIL->config->get('devel_mode') && !rc_request_header('X-RoundCube-Referer')) {
header('HTTP/1.1 404 Not Found');
die("Invalid Request");
}
@@ -138,7 +138,7 @@
if (empty($RCMAIL->user->ID)) {
if ($OUTPUT->ajax_call)
- $OUTPUT->remote_response("setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);");
+ $OUTPUT->redirect(array(), 2000);
// check if installer is still active
if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
@@ -158,7 +158,13 @@
// handle keep-alive signal
-if ($RCMAIL->action=='keep-alive') {
+if ($RCMAIL->action == 'keep-alive') {
+ $OUTPUT->reset();
+ $OUTPUT->send();
+}
+// save preference value
+else if ($RCMAIL->action == 'save-pref') {
+ $RCMAIL->user->save_prefs(array(get_input_value('_name', RCUBE_INPUT_POST) => get_input_value('_value', RCUBE_INPUT_POST)));
$OUTPUT->reset();
$OUTPUT->send();
}
@@ -174,8 +180,9 @@
'send' => 'sendmail.inc',
'expunge' => 'folders.inc',
'purge' => 'folders.inc',
- 'remove-attachment' => 'compose.inc',
- 'display-attachment' => 'compose.inc',
+ 'remove-attachment' => 'attachments.inc',
+ 'display-attachment' => 'attachments.inc',
+ 'upload' => 'attachments.inc',
),
'addressbook' => array(
@@ -212,11 +219,6 @@
}
}
-
-// make sure the message count is refreshed (for default view)
-if ($RCMAIL->task == 'mail') {
- $IMAP->messagecount($_SESSION['mbox'], 'ALL', true);
-}
// parse main template (default)
$OUTPUT->send($RCMAIL->task);
--
Gitblit v1.9.1