From 6fff3c8e028af438f3e7857f29991687561cc67d Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Tue, 06 Oct 2009 06:00:33 -0400
Subject: [PATCH] - more css unification for boxes + toolbarmenu moved to common.css (#1486198)
---
index.php | 27 ++++++++++++++++++++-------
1 files changed, 20 insertions(+), 7 deletions(-)
diff --git a/index.php b/index.php
index 2767277..fc5926d 100644
--- a/index.php
+++ b/index.php
@@ -2,7 +2,7 @@
/*
+-------------------------------------------------------------------------+
| RoundCube Webmail IMAP Client |
- | Version 0.3-20090702 |
+ | Version 0.3-20090814 |
| |
| Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
| |
@@ -64,7 +64,8 @@
}
// check if https is required (for login) and redirect if necessary
-if ($RCMAIL->config->get('force_https', false) && empty($_SESSION['user_id']) && !(isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == 443)) {
+if ($RCMAIL->config->get('force_https', false) && empty($_SESSION['user_id'])
+ && !(isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == 443 || $RCMAIL->config->get('use_https'))) {
header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
@@ -83,13 +84,15 @@
$auth = $RCMAIL->plugins->exec_hook('authenticate', array(
'host' => $RCMAIL->autoselect_host(),
'user' => trim(get_input_value('_user', RCUBE_INPUT_POST)),
+ 'cookiecheck' => true,
)) + array('pass' => get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'));
// check if client supports cookies
- if (empty($_COOKIE)) {
+ if ($auth['cookiecheck'] && empty($_COOKIE)) {
$OUTPUT->show_message("cookiesdisabled", 'warning');
}
- else if ($_SESSION['temp'] && !empty($auth['user']) && !empty($auth['host']) && isset($auth['pass']) &&
+ else if ($_SESSION['temp'] && !$auth['abort'] && !empty($auth['host']) &&
+ !empty($auth['user']) && isset($auth['pass']) &&
$RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])) {
// create new session ID
rcube_sess_unset('temp');
@@ -127,9 +130,11 @@
// end session
else if ($RCMAIL->task=='logout' && isset($_SESSION['user_id'])) {
+ $userdata = array('user' => $_SESSION['username'], 'host' => $_SESSION['imap_host'], 'lang' => $RCMAIL->user->language);
$OUTPUT->show_message('loggedout');
$RCMAIL->logout_actions();
$RCMAIL->kill_session();
+ $RCMAIL->plugins->exec_hook('logout_after', $userdata);
}
// check session and auth cookie
@@ -140,13 +145,20 @@
}
}
+// don't check for valid request tokens in these actions
+$request_check_whitelist = array('login'=>1, 'spell'=>1);
// check client X-header to verify request origin
if ($OUTPUT->ajax_call) {
- if (!$RCMAIL->config->get('devel_mode') && !rc_request_header('X-RoundCube-Referer')) {
+ if (!$RCMAIL->config->get('devel_mode') && rc_request_header('X-RoundCube-Request') != $RCMAIL->get_request_token()) {
header('HTTP/1.1 404 Not Found');
die("Invalid Request");
}
+}
+// check request token in POST form submissions
+else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) {
+ $OUTPUT->show_message('invalidrequest', 'error');
+ $OUTPUT->send($RCMAIL->task);
}
@@ -217,7 +229,8 @@
);
// include task specific functions
-include_once 'program/steps/'.$RCMAIL->task.'/func.inc';
+if (is_file($incfile = 'program/steps/'.$RCMAIL->task.'/func.inc'))
+ include_once($incfile);
// allow 5 "redirects" to another action
$redirects = 0; $incstep = null;
@@ -231,7 +244,7 @@
break;
}
// try to include the step file
- else if (is_file(($incfile = 'program/steps/'.$RCMAIL->task.'/'.$stepfile))) {
+ else if (is_file($incfile = 'program/steps/'.$RCMAIL->task.'/'.$stepfile)) {
include($incfile);
$redirects++;
}
--
Gitblit v1.9.1