From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
installer/config.php | 36 ++++++++++++++++++++++--------------
1 files changed, 22 insertions(+), 14 deletions(-)
diff --git a/installer/config.php b/installer/config.php
index 82d7f55..7e93903 100644
--- a/installer/config.php
+++ b/installer/config.php
@@ -4,11 +4,6 @@
die("Not allowed! Please open installer/index.php instead.");
}
-?>
-<form action="index.php" method="post">
-<input type="hidden" name="_step" value="2" />
-<?php
-
// register these boolean fields
$RCI->bool_config_props = array(
'ip_check' => 1,
@@ -36,10 +31,20 @@
echo '</p>';
}
else {
+ if (($dir = sys_get_temp_dir()) && @is_writable($dir)) {
+ echo '<iframe name="getconfig" style="display:none"></iframe>';
+ echo '<form id="getconfig_form" action="index.php" method="get" target="getconfig" style="display:none">';
+ echo '<input name="_getconfig" value="2" /></form>';
+
+ $button_txt = html::quote('Save in ' . $dir);
+ $save_button = ' <input type="button" onclick="document.getElementById(\'getconfig_form\').submit()" value="' . $button_txt . '" />';
+ }
+
echo '<p class="notice">Copy or download the following configuration and save it';
echo ' as <tt><b>config.inc.php</b></tt> within the <tt>'.RCUBE_CONFIG_DIR.'</tt> directory of your Roundcube installation.<br/>';
echo ' Make sure that there are no characters outside the <tt><?php ?></tt> brackets when saving the file.';
echo ' <input type="button" onclick="location.href=\'index.php?_getconfig=1\'" value="Download" />';
+ echo $save_button;
if ($RCI->legacy_config) {
echo '<br/><br/>Afterwards, please <b>remove</b> the old configuration files <tt>main.inc.php</tt> and <tt>db.inc.php</tt> from the config directory.';
@@ -61,6 +66,9 @@
}
?>
+<form action="index.php" method="post">
+<input type="hidden" name="_step" value="2" />
+
<fieldset>
<legend>General configuration</legend>
<dl class="configblock">
@@ -85,7 +93,7 @@
?>
<div>Provide an URL where a user can get support for this Roundcube installation.<br/>PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!</div>
-<p class="hint">Enter an absolute URL (inculding http://) to a support page/form or a mailto: link.</p>
+<p class="hint">Enter an absolute URL (including http://) to a support page/form or a mailto: link.</p>
</dd>
<dt class="propname">skin_logo</dt>
@@ -120,8 +128,7 @@
?>
<div>This key is used to encrypt the users imap password before storing in the session record</div>
-<p class="hint">It's a random generated string to ensure that every installation has its own key.
-If you enter it manually please provide a string of exactly 24 chars.</p>
+<p class="hint">It's a random generated string to ensure that every installation has its own key.</p>
</dd>
<dt class="propname">ip_check</dt>
@@ -285,7 +292,7 @@
$input_dbhost = new html_inputfield(array('name' => '_dbhost', 'size' => 20, 'id' => "cfgdbhost"));
$input_dbname = new html_inputfield(array('name' => '_dbname', 'size' => 20, 'id' => "cfgdbname"));
$input_dbuser = new html_inputfield(array('name' => '_dbuser', 'size' => 20, 'id' => "cfgdbuser"));
-$input_dbpass = new html_passwordfield(array('name' => '_dbpass', 'size' => 20, 'id' => "cfgdbpass"));
+$input_dbpass = new html_inputfield(array('name' => '_dbpass', 'size' => 20, 'id' => "cfgdbpass"));
$dsnw = rcube_db::parse_dsn($RCI->getprop('db_dsnw'));
@@ -478,7 +485,7 @@
<?php
$text_smtpuser = new html_inputfield(array('name' => '_smtp_user', 'size' => 20, 'id' => "cfgsmtpuser"));
-$text_smtppass = new html_passwordfield(array('name' => '_smtp_pass', 'size' => 20, 'id' => "cfgsmtppass"));
+$text_smtppass = new html_inputfield(array('name' => '_smtp_pass', 'size' => 20, 'id' => "cfgsmtppass"));
echo $text_smtpuser->show($RCI->getprop('smtp_user'));
echo $text_smtppass->show($RCI->getprop('smtp_pass'));
@@ -680,10 +687,11 @@
$plugins = $RCI->list_plugins();
foreach($plugins as $p)
{
- $p_check = new html_checkbox(array('name' => '_plugins_'.$p['name'], 'id' => 'cfgplugin_'.$p['name']));
- echo '<dt class="propname">'.$p['name'].'</dt><dd>';
- echo $p_check->show(0, array('value' => $p['name']));
- echo '<label for="cfgplugin_'.$p['name'].'">'.$p['desc'].'</label><br/></dd>';
+ $p_check = new html_checkbox(array('name' => '_plugins_'.$p['name'], 'id' => 'cfgplugin_'.$p['name'], 'value' => $p['name']));
+ echo '<dt class="propname"><label>';
+ echo $p_check->show($p['enabled'] ? $p['name'] : 0);
+ echo ' ' . $p['name'] . '</label></dt><dd>';
+ echo '<label for="cfgplugin_'.$p['name'].'" class="hint">' . $p['desc'] . '</label><br/></dd>';
}
?>
--
Gitblit v1.9.1