From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 bin/installto.sh |   33 +++++++++++++++++++++++++++++----
 1 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/bin/installto.sh b/bin/installto.sh
index d239c63..4bbf462 100755
--- a/bin/installto.sh
+++ b/bin/installto.sh
@@ -5,7 +5,7 @@
  | bin/installto.sh                                                      |
  |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2012, The Roundcube Dev Team                            |
+ | Copyright (C) 2014, The Roundcube Dev Team                            |
  |                                                                       |
  | Licensed under the GNU General Public License version 3 or            |
  | any later version with exceptions for skins & plugins.                |
@@ -44,19 +44,44 @@
 if (strtolower($input) == 'y') {
   $err = false;
   echo "Copying files to target location...";
-  foreach (array('program','installer','bin','SQL','plugins','skins') as $dir) {
+
+  // Save a copy of original .htaccess file (#1490623)
+  if (file_exists("$target_dir/.htaccess")) {
+    $htaccess_copied = copy("$target_dir/.htaccess", "$target_dir/.htaccess.orig");
+  }
+
+  $dirs = array('program','installer','bin','SQL','plugins','skins');
+  if (is_dir(INSTALL_PATH . 'vendor') && !is_file(INSTALL_PATH . 'composer.json')) {
+    $dirs[] = 'vendor';
+  }
+  foreach ($dirs as $dir) {
     if (!system("rsync -avC " . INSTALL_PATH . "$dir/* $target_dir/$dir/")) {
       $err = true;
       break;
     }
   }
-  foreach (array('index.php','.htaccess','config/defaults.inc.php','CHANGELOG','README.md','UPGRADING','LICENSE') as $file) {
+  foreach (array('index.php','.htaccess','config/defaults.inc.php','composer.json-dist','CHANGELOG','README.md','UPGRADING','LICENSE','INSTALL') as $file) {
     if (!system("rsync -av " . INSTALL_PATH . "$file $target_dir/$file")) {
       $err = true;
       break;
     }
   }
-  echo "done.\n\n";
+
+  // remove old (<1.0) .htaccess file
+  @unlink("$target_dir/program/.htaccess");
+  echo "done.";
+
+  // Inform the user about .htaccess change
+  if (!empty($htaccess_copied)) {
+    if (file_get_contents("$target_dir/.htaccess") != file_get_contents("$target_dir/.htaccess.orig")) {
+      echo "\n!! Old .htaccess file saved as .htaccess.orig !!";
+    }
+    else {
+      @unlink("$target_dir/.htaccess.orig");
+    }
+  }
+
+  echo "\n\n";
 
   if (is_dir("$target_dir/skins/default")) {
       echo "Removing old default skin...";

--
Gitblit v1.9.1