From 619c320c0ee9ca39d0fada9113133724cc2a11fe Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Thu, 10 Jan 2013 03:41:12 -0500
Subject: [PATCH] Avoid direct execution of installer includes (#1488895)
---
installer/rcube_install.php | 93 +++++++++++++++++++++++-----------------------
1 files changed, 46 insertions(+), 47 deletions(-)
diff --git a/installer/rcube_install.php b/installer/rcube_install.php
index bfb111f..6ef105b 100644
--- a/installer/rcube_install.php
+++ b/installer/rcube_install.php
@@ -35,13 +35,14 @@
var $obsolete_config = array('db_backend', 'double_auth');
var $replaced_config = array(
- 'skin_path' => 'skin',
- 'locale_string' => 'language',
- 'multiple_identities' => 'identities_level',
+ 'skin_path' => 'skin',
+ 'locale_string' => 'language',
+ 'multiple_identities' => 'identities_level',
'addrbook_show_images' => 'show_images',
- 'imap_root' => 'imap_ns_personal',
- 'pagesize' => 'mail_pagesize',
+ 'imap_root' => 'imap_ns_personal',
+ 'pagesize' => 'mail_pagesize',
'default_imap_folders' => 'default_folders',
+ 'top_posting' => 'reply_mode',
);
// these config options are required for a working system
@@ -69,20 +70,20 @@
$this->step = intval($_REQUEST['_step']);
$this->is_post = $_SERVER['REQUEST_METHOD'] == 'POST';
}
-
+
/**
* Singleton getter
*/
function get_instance()
{
static $inst;
-
+
if (!$inst)
$inst = new rcube_install();
-
+
return $inst;
}
-
+
/**
* Read the default config files and store properties
*/
@@ -108,19 +109,19 @@
*/
function _load_config($suffix)
{
- if (is_readable($main_inc = RCMAIL_CONFIG_DIR . '/main.inc' . $suffix)) {
+ if (is_readable($main_inc = RCUBE_CONFIG_DIR . 'main.inc' . $suffix)) {
include($main_inc);
if (is_array($rcmail_config))
$this->config += $rcmail_config;
}
- if (is_readable($db_inc = RCMAIL_CONFIG_DIR . '/db.inc'. $suffix)) {
+ if (is_readable($db_inc = RCUBE_CONFIG_DIR . 'db.inc'. $suffix)) {
include($db_inc);
if (is_array($rcmail_config))
$this->config += $rcmail_config;
}
}
-
-
+
+
/**
* Getter for a certain config property
*
@@ -131,10 +132,10 @@
function getprop($name, $default = '')
{
$value = $this->config[$name];
-
+
if ($name == 'des_key' && !$this->configured && !isset($_REQUEST["_$name"]))
$value = rcube_install::random_key(24);
-
+
return $value !== null && $value !== '' ? $value : $default;
}
@@ -148,7 +149,7 @@
*/
function create_config($which, $force = false)
{
- $out = @file_get_contents(RCMAIL_CONFIG_DIR . "/{$which}.inc.php.dist");
+ $out = @file_get_contents(RCUBE_CONFIG_DIR . $which . '.inc.php.dist');
if (!$out)
return '[Warning: could not read the config template file]';
@@ -192,16 +193,16 @@
$value = '%p';
}
else if ($prop == 'default_folders') {
- $value = array();
- foreach ($this->config['default_folders'] as $_folder) {
- switch ($_folder) {
- case 'Drafts': $_folder = $this->config['drafts_mbox']; break;
- case 'Sent': $_folder = $this->config['sent_mbox']; break;
- case 'Junk': $_folder = $this->config['junk_mbox']; break;
- case 'Trash': $_folder = $this->config['trash_mbox']; break;
+ $value = array();
+ foreach ($this->config['default_folders'] as $_folder) {
+ switch ($_folder) {
+ case 'Drafts': $_folder = $this->config['drafts_mbox']; break;
+ case 'Sent': $_folder = $this->config['sent_mbox']; break;
+ case 'Junk': $_folder = $this->config['junk_mbox']; break;
+ case 'Trash': $_folder = $this->config['trash_mbox']; break;
}
- if (!in_array($_folder, $value))
- $value[] = $_folder;
+ if (!in_array($_folder, $value))
+ $value[] = $_folder;
}
}
else if (is_bool($default)) {
@@ -240,14 +241,14 @@
$this->config = array();
$this->load_defaults();
$defaults = $this->config;
-
+
$this->load_config();
if (!$this->configured)
return null;
-
+
$out = $seen = array();
$required = array_flip($this->required_config);
-
+
// iterate over the current configuration
foreach ($this->config as $prop => $value) {
if ($replacement = $this->replaced_config[$prop]) {
@@ -259,7 +260,7 @@
$seen[$prop] = true;
}
}
-
+
// iterate over default config
foreach ($defaults as $prop => $value) {
if (!isset($seen[$prop]) && isset($required[$prop]) && !(is_bool($this->config[$prop]) || strlen($this->config[$prop])))
@@ -279,7 +280,7 @@
'explain' => "You are missing pspell support for language $lang ($descr)");
}
}
-
+
if ($this->config['log_driver'] == 'syslog') {
if (!function_exists('openlog')) {
$out['dependencies'][] = array('prop' => 'log_driver',
@@ -290,7 +291,7 @@
'explain' => 'Using <tt>syslog</tt> for logging requires a syslog ID to be configured');
}
}
-
+
// check ldap_public sources having global_search enabled
if (is_array($this->config['ldap_public']) && !is_array($this->config['autocomplete_addressbooks'])) {
foreach ($this->config['ldap_public'] as $ldap_public) {
@@ -300,11 +301,11 @@
}
}
}
-
+
return $out;
}
-
-
+
+
/**
* Merge the current configuration with the defaults
* and copy replaced values to the new options.
@@ -326,11 +327,11 @@
}
unset($current[$prop]);
}
-
+
foreach ($this->obsolete_config as $prop) {
unset($current[$prop]);
}
-
+
// add all ldap_public sources having global_search enabled to autocomplete_addressbooks
if (is_array($current['ldap_public'])) {
foreach ($current['ldap_public'] as $key => $ldap_public) {
@@ -340,9 +341,6 @@
}
}
}
-
- if ($current['keep_alive'] && $current['session_lifetime'] < $current['keep_alive'])
- $current['session_lifetime'] = max(10, ceil($current['keep_alive'] / 60) * 2);
$this->config = array_merge($this->config, $current);
@@ -350,7 +348,7 @@
$this->config['ldap_public'][$key] = $current['ldap_public'][$key];
}
}
-
+
/**
* Compare the local database schema with the reference schema
* required for this version of Roundcube
@@ -362,11 +360,11 @@
{
if (!$this->configured)
return false;
-
+
// read reference schema from mysql.initial.sql
$db_schema = $this->db_read_schema(INSTALL_PATH . 'SQL/mysql.initial.sql');
$errors = array();
-
+
// check list of tables
$existing_tables = $DB->list_tables();
@@ -452,8 +450,9 @@
'0.4-beta', '0.4.2',
'0.5-beta', '0.5', '0.5.1',
'0.6-beta', '0.6',
- '0.7-beta', '0.7', '0.7.1', '0.7.2',
- '0.8-beta', '0.8-rc', '0.8.0',
+ '0.7-beta', '0.7', '0.7.1', '0.7.2', '0.7.3',
+ '0.8-beta', '0.8-rc', '0.8.0', '0.8.1', '0.8.2', '0.8.3', '0.8.4',
+ '0.9-beta',
));
return $select;
}
@@ -635,8 +634,8 @@
*/
function update_db($DB, $version)
{
- $version = strtolower($version);
- $engine = isset($this->db_map[$DB->db_provider]) ? $this->db_map[$DB->db_provider] : $DB->db_provider;
+ $version = version_parse(strtolower($version));
+ $engine = isset($this->db_map[$DB->db_provider]) ? $this->db_map[$DB->db_provider] : $DB->db_provider;
// read schema file from /SQL/*
$fname = INSTALL_PATH . "SQL/$engine.update.sql";
@@ -645,7 +644,7 @@
foreach ($lines as $line) {
$is_comment = preg_match('/^--/', $line);
if (!$from && $is_comment && preg_match('/from version\s([0-9.]+[a-z-]*)/', $line, $m)) {
- $v = strtolower($m[1]);
+ $v = version_parse(strtolower($m[1]));
if ($v == $version || version_compare($version, $v, '<='))
$from = true;
}
--
Gitblit v1.9.1