From b9ac6ec263630abd3ac025fc000a52250e44c658 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 23 Mar 2015 13:35:51 -0400
Subject: [PATCH] Allow help plugin to append a link to the error page for more information about CSRF protection
---
plugins/help/localization/en_US.inc | 1 +
plugins/help/help.php | 11 +++++++++++
plugins/help/config.inc.php.dist | 2 ++
3 files changed, 14 insertions(+), 0 deletions(-)
diff --git a/plugins/help/config.inc.php.dist b/plugins/help/config.inc.php.dist
index e7eaf7a..f135eef 100644
--- a/plugins/help/config.inc.php.dist
+++ b/plugins/help/config.inc.php.dist
@@ -33,3 +33,5 @@
// Determine whether to open the help in a new window
$config['help_open_extwin'] = false;
+// URL to additional information about CSRF protection
+$config['help_csrf_info'] = null;
diff --git a/plugins/help/help.php b/plugins/help/help.php
index d71cd0e..5387c9f 100644
--- a/plugins/help/help.php
+++ b/plugins/help/help.php
@@ -34,6 +34,7 @@
$this->register_action('license', array($this, 'action'));
$this->add_hook('startup', array($this, 'startup'));
+ $this->add_hook('error_page', array($this, 'error_page'));
}
function startup($args)
@@ -140,6 +141,16 @@
return $rcmail->output->frame($attrib);
}
+ function error_page($args)
+ {
+ $rcmail = rcmail::get_instance();
+
+ if ($args['code'] == 403 && $rcmail->request_status == rcube::REQUEST_ERROR_URL && ($url = $rcmail->config->get('help_csrf_info'))) {
+ $args['text'] .= '<p>' . html::a(array('href' => $url, 'target' => '_blank'), $this->gettext('csrfinfo')) . '</p>';
+ }
+
+ return $args;
+ }
private function resolve_language($path)
{
diff --git a/plugins/help/localization/en_US.inc b/plugins/help/localization/en_US.inc
index b81f02f..d44b9a8 100644
--- a/plugins/help/localization/en_US.inc
+++ b/plugins/help/localization/en_US.inc
@@ -20,5 +20,6 @@
$labels['help'] = 'Help';
$labels['about'] = 'About';
$labels['license'] = 'License';
+$labels['csrfinfo'] = 'Read more about CSRF and how we protect you';
?>
--
Gitblit v1.9.1