From 3a4c9f424bff7fc937334ac230217ffe5b2e246c Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Mon, 26 Jul 2010 04:54:03 -0400
Subject: [PATCH] - Support HTTP_X_FORWARDED_PROTO header for HTTPS detecting (#1486866)
---
index.php | 84 +++++++++++++++++++++++------------------
1 files changed, 47 insertions(+), 37 deletions(-)
diff --git a/index.php b/index.php
index a0210da..6a9a748 100644
--- a/index.php
+++ b/index.php
@@ -30,14 +30,8 @@
// include environment
require_once 'program/include/iniset.php';
-// init application and start session with requested task
+// init application, start session, init output class, etc.
$RCMAIL = rcmail::get_instance();
-
-// init output class
-$OUTPUT = !empty($_REQUEST['_remote']) ? $RCMAIL->init_json() : $RCMAIL->load_gui(!empty($_REQUEST['_framed']));
-
-// init plugin API
-$RCMAIL->plugins->init();
// turn on output buffering
ob_start();
@@ -64,9 +58,14 @@
}
// check if https is required (for login) and redirect if necessary
-if ($RCMAIL->config->get('force_https', false) && empty($_SESSION['user_id']) && !(isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == 443)) {
- header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
- exit;
+if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
+ $https_port = is_bool($force_https) ? 443 : $force_https;
+ if (!rcube_https_check($https_port)) {
+ $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
+ $host .= ($https_port != 443 ? ':' . $https_port : '');
+ header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
+ exit;
+ }
}
// trigger startup plugin hook
@@ -74,9 +73,8 @@
$RCMAIL->set_task($startup['task']);
$RCMAIL->action = $startup['action'];
-
// try to log in
-if ($RCMAIL->action=='login' && $RCMAIL->task=='mail') {
+if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
// purge the session in case of new login when a session already exists
$RCMAIL->kill_session();
@@ -84,37 +82,36 @@
'host' => $RCMAIL->autoselect_host(),
'user' => trim(get_input_value('_user', RCUBE_INPUT_POST)),
'cookiecheck' => true,
- )) + array('pass' => get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'));
+ ));
+
+ if (!isset($auth['pass']))
+ $auth['pass'] = get_input_value('_pass', RCUBE_INPUT_POST, true,
+ $RCMAIL->config->get('password_charset', 'ISO-8859-1'));
// check if client supports cookies
if ($auth['cookiecheck'] && empty($_COOKIE)) {
$OUTPUT->show_message("cookiesdisabled", 'warning');
}
- else if ($_SESSION['temp'] && !$auth['abort'] && !empty($auth['host']) &&
- !empty($auth['user']) && isset($auth['pass']) &&
- $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])) {
+ else if ($_SESSION['temp'] && !$auth['abort'] &&
+ !empty($auth['host']) && !empty($auth['user']) &&
+ $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])) {
// create new session ID
- rcube_sess_unset('temp');
- rcube_sess_regenerate_id();
+ $RCMAIL->session->remove('temp');
+ $RCMAIL->session->regenerate_id();
// send auth cookie if necessary
$RCMAIL->authenticate_session();
// log successful login
- if ($RCMAIL->config->get('log_logins')) {
- write_log('userlogins', sprintf('Successful login for %s (id %d) from %s',
- $RCMAIL->user->get_username(),
- $RCMAIL->user->ID,
- $_SERVER['REMOTE_ADDR']));
- }
-
+ rcmail_log_login();
+
// restore original request parameters
$query = array();
if ($url = get_input_value('_url', RCUBE_INPUT_POST))
parse_str($url, $query);
// allow plugins to control the redirect url after login success
- $redir = $RCMAIL->plugins->exec_hook('login_after', $query + array('task' => $RCMAIL->task));
+ $redir = $RCMAIL->plugins->exec_hook('login_after', $query);
unset($redir['abort']);
// send redirect
@@ -128,15 +125,16 @@
}
// end session
-else if ($RCMAIL->task=='logout' && isset($_SESSION['user_id'])) {
+else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])) {
+ $userdata = array('user' => $_SESSION['username'], 'host' => $_SESSION['imap_host'], 'lang' => $RCMAIL->user->language);
$OUTPUT->show_message('loggedout');
$RCMAIL->logout_actions();
$RCMAIL->kill_session();
- $RCMAIL->plugins->exec_hook('logout_after', array());
+ $RCMAIL->plugins->exec_hook('logout_after', $userdata);
}
// check session and auth cookie
-else if ($RCMAIL->action != 'login' && $_SESSION['user_id'] && $RCMAIL->action != 'send') {
+else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action != 'send') {
if (!$RCMAIL->authenticate_session()) {
$OUTPUT->show_message('sessionerror', 'error');
$RCMAIL->kill_session();
@@ -148,7 +146,7 @@
// check client X-header to verify request origin
if ($OUTPUT->ajax_call) {
- if (!$RCMAIL->config->get('devel_mode') && rc_request_header('X-RoundCube-Request') != $RCMAIL->get_request_token()) {
+ if (!$RCMAIL->config->get('devel_mode') && rc_request_header('X-RoundCube-Request') != $RCMAIL->get_request_token() && !empty($RCMAIL->user->ID)) {
header('HTTP/1.1 404 Not Found');
die("Invalid Request");
}
@@ -159,13 +157,14 @@
$OUTPUT->send($RCMAIL->task);
}
-
// not logged in -> show login page
if (empty($RCMAIL->user->ID)) {
-
if ($OUTPUT->ajax_call)
$OUTPUT->redirect(array(), 2000);
-
+
+ if (!empty($_REQUEST['_framed']))
+ $OUTPUT->command('redirect', '?');
+
// check if installer is still active
if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
$OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
@@ -209,10 +208,16 @@
'remove-attachment' => 'attachments.inc',
'display-attachment' => 'attachments.inc',
'upload' => 'attachments.inc',
+ 'group-expand' => 'autocomplete.inc',
),
'addressbook' => array(
'add' => 'edit.inc',
+ 'group-create' => 'groups.inc',
+ 'group-rename' => 'groups.inc',
+ 'group-delete' => 'groups.inc',
+ 'group-addmembers' => 'groups.inc',
+ 'group-delmembers' => 'groups.inc',
),
'settings' => array(
@@ -222,6 +227,8 @@
'delete-folder' => 'manage_folders.inc',
'subscribe' => 'manage_folders.inc',
'unsubscribe' => 'manage_folders.inc',
+ 'enable-threading' => 'manage_folders.inc',
+ 'disable-threading' => 'manage_folders.inc',
'add-identity' => 'edit_identity.inc',
)
);
@@ -235,9 +242,13 @@
while ($redirects < 5) {
$stepfile = !empty($action_map[$RCMAIL->task][$RCMAIL->action]) ?
$action_map[$RCMAIL->task][$RCMAIL->action] : strtr($RCMAIL->action, '-', '_') . '.inc';
-
+
// execute a plugin action
- if (preg_match('/^plugin\./', $RCMAIL->action)) {
+ if ($RCMAIL->plugins->is_plugin_task($RCMAIL->task)) {
+ $RCMAIL->plugins->exec_action($RCMAIL->task.'.'.$RCMAIL->action);
+ break;
+ }
+ else if (preg_match('/^plugin\./', $RCMAIL->action)) {
$RCMAIL->plugins->exec_action($RCMAIL->action);
break;
}
@@ -263,5 +274,4 @@
'line' => __LINE__,
'file' => __FILE__,
'message' => "Invalid request"), true, true);
-
-?>
+
--
Gitblit v1.9.1