From 967b342039261ab294fe85d806fe49ce16391ada Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 28 Mar 2008 15:42:35 -0400
Subject: [PATCH] Disable installer by default; add config option to enable it again

---
 index.php                   |    4 ++--
 INSTALL                     |    2 +-
 installer/rcube_install.php |    2 +-
 installer/config.php        |    3 +++
 config/main.inc.php.dist    |   11 +++++++++--
 installer/index.php         |   15 +++++++++++++--
 6 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/INSTALL b/INSTALL
index f40bb1f..a88f4f9 100644
--- a/INSTALL
+++ b/INSTALL
@@ -35,7 +35,7 @@
    - /temp
    - /logs
 3. Create a new database and a database user for RoundCube (see DATABASE SETUP)
-4. Point your browser to http:///url-to-roundcube/installer/
+4. Point your browser to http://url-to-roundcube/installer/
 5. Follow the instructions of the install script (or see MANUAL CONFINGURATION)
 6. After creating and testing the configuration, remove the installer directory
 7. Done!
diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist
index ab98da8..962fb4e 100644
--- a/config/main.inc.php.dist
+++ b/config/main.inc.php.dist
@@ -180,7 +180,7 @@
 // 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask)
 $rcmail_config['mdn_requests'] = 0;
 
-// Use this as charset as fallback for message decoding
+// Use this charset as fallback for message decoding
 $rcmail_config['default_charset'] = 'ISO-8859-1';
 
 // Make use of the built-in spell checker. It is based on GoogieSpell.
@@ -202,6 +202,9 @@
 // path to a text file which will be added to each sent message
 // paths are relative to the RoundCube root folder
 $rcmail_config['generic_message_footer'] = '';
+
+// add a received header to outgoing mails containing the creators IP and hostname
+$rcmail_config['http_received_header'] = false;
 
 // this string is used as a delimiter for message headers when sending
 // leave empty for auto-detection
@@ -241,7 +244,11 @@
 $rcmail_config['javascript_config'] = array('read_when_deleted', 'flag_for_deletion');
 
 // try to load host-specific configuration
-$rcmail_config['include_host_config'] = FALSE;
+$rcmail_config['include_host_config'] = false;
+
+// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA.
+// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING!
+$rcmail_config['enable_installer'] = false;
 
 
 /***** these settings can be overwritten by user's preferences *****/
diff --git a/index.php b/index.php
index 7d12d9d..0687763 100644
--- a/index.php
+++ b/index.php
@@ -2,7 +2,7 @@
 /*
  +-----------------------------------------------------------------------+
  | RoundCube Webmail IMAP Client                                         |
- | Version 0.1-20080314                                                  |
+ | Version 0.1-20080328                                                  |
  |                                                                       |
  | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland                 |
  | Licensed under the GNU GPL                                            |
@@ -245,7 +245,7 @@
 if (empty($USER->ID))
 {
   // check if installer is still active
-  if (!$CONFIG['installer_disable_warning'] && is_readable('./installer/index.php'))
+  if ($CONFIG['enable_installer'] && is_readable('./installer/index.php'))
     $OUTPUT->add_footer('
   <div style="background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em">
   <h2 style="margin-top:0.2em">Installer script is still accessible</h2>
diff --git a/installer/config.php b/installer/config.php
index 5b365a5..9845bb3 100644
--- a/installer/config.php
+++ b/installer/config.php
@@ -20,6 +20,9 @@
   'htmleditor' => 1,
 );
 
+// allow the current user to get to the next step
+$_SESSION['allowinstaller'] = true;
+
 if (!empty($_POST['submit'])) {
   
   echo '<p class="notice">Copy the following configurations and save them in two files (names above the text box)';
diff --git a/installer/index.php b/installer/index.php
index 3b144df..69e33f8 100644
--- a/installer/index.php
+++ b/installer/index.php
@@ -22,11 +22,11 @@
 
 <div id="content">
 
-<h1>RoundCube Webmail Installer</h1>
-
 <?php
   ini_set('error_reporting', E_ALL&~E_NOTICE);
   ini_set('display_errors', 1);
+  
+  session_start();
 
   $docroot = realpath(dirname(__FILE__) . '/../');
   $include_path  = $docroot . '/program/lib' . PATH_SEPARATOR . $docroot . '/program' . PATH_SEPARATOR . ini_get('include_path');
@@ -35,9 +35,20 @@
   require_once 'rcube_install.php';
   $RCI = rcube_install::get_instance();
   $RCI->load_config();
+
+  // exit if installation is complete
+  if ($RCI->configured && !$RCI->getprop('enable_installer') && !$_SESSION['allowinstaller']) {
+    header("HTTP/1.0 404 Not Found");
+    echo '<h2 class="error">The installer is disabled!</h2>';
+    echo '<p>To enable it again, set <tt>$rcmail_config[\'enable_installer\'] = true;</tt> in config/main.inc.php</p>';
+    echo '</div></body></html>';
+    exit;
+  }
   
 ?>
 
+<h1>RoundCube Webmail Installer</h1>
+
 <ol id="progress">
 <?php
   
diff --git a/installer/rcube_install.php b/installer/rcube_install.php
index 8caa79d..07a9922 100644
--- a/installer/rcube_install.php
+++ b/installer/rcube_install.php
@@ -171,7 +171,7 @@
         $out);
     }
     
-    return $out;
+    return trim($out);
   }
   
   

--
Gitblit v1.9.1