From 445a4ca04dfcd255f9d89ee76757b04c2d87bbfc Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 13 May 2011 13:51:28 -0400
Subject: [PATCH] Fix empty name in search results and error when creating a new contact
---
index.php | 35 +++++++++++++++++++++++------------
1 files changed, 23 insertions(+), 12 deletions(-)
diff --git a/index.php b/index.php
index bf38874..8888958 100644
--- a/index.php
+++ b/index.php
@@ -95,10 +95,12 @@
}
else if ($auth['valid'] && !$auth['abort'] &&
!empty($auth['host']) && !empty($auth['user']) &&
- $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])) {
- // create new session ID
+ $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])
+ ) {
+ // create new session ID, don't destroy the current session
+ // it was destroyed already by $RCMAIL->kill_session() above
$RCMAIL->session->remove('temp');
- $RCMAIL->session->regenerate_id();
+ $RCMAIL->session->regenerate_id(false);
// send auth cookie if necessary
$RCMAIL->session->set_auth_cookie();
@@ -110,7 +112,7 @@
$query = array();
if ($url = get_input_value('_url', RCUBE_INPUT_POST)) {
parse_str($url, $query);
-
+
// prevent endless looping on login page
if ($query['_task'] == 'login')
unset($query['_task']);
@@ -133,8 +135,8 @@
}
}
-// end session
-else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])) {
+// end session (after optional referer check)
+else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id']) && (!$RCMAIL->config->get('referer_check') || rcube_check_referer())) {
$userdata = array('user' => $_SESSION['username'], 'host' => $_SESSION['imap_host'], 'lang' => $RCMAIL->user->language);
$OUTPUT->show_message('loggedout');
$RCMAIL->logout_actions();
@@ -180,7 +182,7 @@
// check client X-header to verify request origin
if ($OUTPUT->ajax_call) {
- if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
+ if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
header('HTTP/1.1 404 Not Found');
die("Invalid Request");
}
@@ -190,6 +192,14 @@
$OUTPUT->show_message('invalidrequest', 'error');
$OUTPUT->send($RCMAIL->task);
}
+
+ // check referer if configured
+ if (!$request_check_whitelist[$RCMAIL->action] && $RCMAIL->config->get('referer_check') && !rcube_check_referer()) {
+ raise_error(array(
+ 'code' => 403,
+ 'type' => 'php',
+ 'message' => "Referer check failed"), true, true);
+ }
}
// handle special actions
@@ -198,19 +208,20 @@
$OUTPUT->send();
}
else if ($RCMAIL->action == 'save-pref') {
- include 'steps/utils/save_pref.inc';
+ include INSTALL_PATH . 'program/steps/utils/save_pref.inc';
}
// include task specific functions
-if (is_file($incfile = 'program/steps/'.$RCMAIL->task.'/func.inc'))
- include_once($incfile);
+if (is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/func.inc'))
+ include_once $incfile;
// allow 5 "redirects" to another action
$redirects = 0; $incstep = null;
while ($redirects < 5) {
// execute a plugin action
if ($RCMAIL->plugins->is_plugin_task($RCMAIL->task)) {
+ if (!$RCMAIL->action) $RCMAIL->action = 'index';
$RCMAIL->plugins->exec_action($RCMAIL->task.'.'.$RCMAIL->action);
break;
}
@@ -220,9 +231,9 @@
}
// try to include the step file
else if (($stepfile = $RCMAIL->get_action_file())
- && is_file($incfile = 'program/steps/'.$RCMAIL->task.'/'.$stepfile)
+ && is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/'.$stepfile)
) {
- include($incfile);
+ include $incfile;
$redirects++;
}
else {
--
Gitblit v1.9.1