From 72d25b1159a8b5aced407d793ed6056a88608c9d Mon Sep 17 00:00:00 2001
From: svncommit <devs@roundcube.net>
Date: Thu, 18 Sep 2008 08:05:15 -0400
Subject: [PATCH] Secure the other cookie, too.

---
 installer/index.php |   63 +++++++++++++++++++++++++------
 1 files changed, 50 insertions(+), 13 deletions(-)

diff --git a/installer/index.php b/installer/index.php
index 264cefc..4d0e6c4 100644
--- a/installer/index.php
+++ b/installer/index.php
@@ -1,3 +1,43 @@
+<?php
+ini_set('error_reporting', E_ALL&~E_NOTICE);
+ini_set('display_errors', 1);
+
+define('INSTALL_PATH', realpath(dirname(__FILE__) . '/../').'/');
+$include_path  = INSTALL_PATH . 'program/lib' . PATH_SEPARATOR;
+$include_path .= INSTALL_PATH . 'program' . PATH_SEPARATOR;
+$include_path .= INSTALL_PATH . 'program/include' . PATH_SEPARATOR;
+$include_path .= ini_get('include_path');
+
+set_include_path($include_path);
+
+session_start();
+
+/**
+ * Use PHP5 autoload for dynamic class loading
+ * (copy from program/incllude/iniset.php)
+ */
+function __autoload($classname)
+{
+  $filename = preg_replace(
+      array('/MDB2_(.+)/', '/Mail_(.+)/', '/^html_.+/', '/^utf8$/'),
+      array('MDB2/\\1', 'Mail/\\1', 'html', 'utf8.class'),
+      $classname
+  );
+  include_once $filename. '.php';
+}
+
+$RCI = rcube_install::get_instance();
+$RCI->load_config();
+
+if (isset($_GET['_getfile']) && in_array($_GET['_getfile'], array('main', 'db')))
+{
+  header('Content-type: text/plain');
+  header('Content-Disposition: attachment; filename="'.$_GET['_getfile'].'.inc.php"');
+  echo $RCI->create_config($_GET['_getfile']);
+  exit;
+}
+
+?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -22,22 +62,20 @@
 
 <div id="content">
 
-<h1>RoundCube Webmail Installer</h1>
-
 <?php
 
-  ini_set('error_reporting', E_ALL&~E_NOTICE);
-  ini_set('display_errors', 1);
-
-  $docroot = realpath(dirname(__FILE__) . '/../');
-  $include_path  = $docroot . '/program/lib' . PATH_SEPARATOR . $docroot . '/program' . PATH_SEPARATOR . ini_get('include_path');
-  set_include_path($include_path);
-
-  require_once 'rcube_install.php';
-  $RCI = rcube_install::get_instance();
-  $RCI->load_config();
+  // exit if installation is complete
+  if ($RCI->configured && !$RCI->getprop('enable_installer') && !$_SESSION['allowinstaller']) {
+    // header("HTTP/1.0 404 Not Found");
+    echo '<h2 class="error">The installer is disabled!</h2>';
+    echo '<p>To enable it again, set <tt>$rcmail_config[\'enable_installer\'] = true;</tt> in config/main.inc.php</p>';
+    echo '</div></body></html>';
+    exit;
+  }
   
 ?>
+
+<h1>RoundCube Webmail Installer</h1>
 
 <ol id="progress">
 <?php
@@ -51,7 +89,6 @@
 </ol>
 
 <?php
-
 $include_steps = array('welcome.html', 'check.php', 'config.php', 'test.php');
 
 if ($include_steps[$RCI->step]) {

--
Gitblit v1.9.1