From 96e24fab880754858dfe9d3864d400102209918f Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Mon, 27 Jun 2011 05:30:01 -0400
Subject: [PATCH] - Fix parsing URLs containing commas (#1487970)

---
 index.php |   28 ++++++++++++++++------------
 1 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/index.php b/index.php
index f50cf2b..2cf5814 100644
--- a/index.php
+++ b/index.php
@@ -95,10 +95,12 @@
   }
   else if ($auth['valid'] && !$auth['abort'] &&
         !empty($auth['host']) && !empty($auth['user']) &&
-        $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])) {
-    // create new session ID
+        $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])
+  ) {
+    // create new session ID, don't destroy the current session
+    // it was destroyed already by $RCMAIL->kill_session() above
     $RCMAIL->session->remove('temp');
-    $RCMAIL->session->regenerate_id();
+    $RCMAIL->session->regenerate_id(false);
 
     // send auth cookie if necessary
     $RCMAIL->session->set_auth_cookie();
@@ -110,7 +112,7 @@
     $query = array();
     if ($url = get_input_value('_url', RCUBE_INPUT_POST)) {
       parse_str($url, $query);
-      
+
       // prevent endless looping on login page
       if ($query['_task'] == 'login')
         unset($query['_task']);
@@ -133,8 +135,8 @@
   }
 }
 
-// end session
-else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])) {
+// end session (after optional referer check)
+else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id']) && (!$RCMAIL->config->get('referer_check') || rcube_check_referer())) {
   $userdata = array('user' => $_SESSION['username'], 'host' => $_SESSION['imap_host'], 'lang' => $RCMAIL->user->language);
   $OUTPUT->show_message('loggedout');
   $RCMAIL->logout_actions();
@@ -180,7 +182,7 @@
 
   // check client X-header to verify request origin
   if ($OUTPUT->ajax_call) {
-    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
+    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
       header('HTTP/1.1 404 Not Found');
       die("Invalid Request");
     }
@@ -203,22 +205,24 @@
 // handle special actions
 if ($RCMAIL->action == 'keep-alive') {
   $OUTPUT->reset();
+  $RCMAIL->plugins->exec_hook('keep_alive', array());
   $OUTPUT->send();
 }
 else if ($RCMAIL->action == 'save-pref') {
-  include 'steps/utils/save_pref.inc';
+  include INSTALL_PATH . 'program/steps/utils/save_pref.inc';
 }
 
 
 // include task specific functions
-if (is_file($incfile = 'program/steps/'.$RCMAIL->task.'/func.inc'))
-  include_once($incfile);
+if (is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/func.inc'))
+  include_once $incfile;
 
 // allow 5 "redirects" to another action
 $redirects = 0; $incstep = null;
 while ($redirects < 5) {
   // execute a plugin action
   if ($RCMAIL->plugins->is_plugin_task($RCMAIL->task)) {
+    if (!$RCMAIL->action) $RCMAIL->action = 'index';
     $RCMAIL->plugins->exec_action($RCMAIL->task.'.'.$RCMAIL->action);
     break;
   }
@@ -228,9 +232,9 @@
   }
   // try to include the step file
   else if (($stepfile = $RCMAIL->get_action_file())
-    && is_file($incfile = 'program/steps/'.$RCMAIL->task.'/'.$stepfile)
+    && is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/'.$stepfile)
   ) {
-    include($incfile);
+    include $incfile;
     $redirects++;
   }
   else {

--
Gitblit v1.9.1