From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
installer/index.php | 62 ++++++++++++++++++++-----------
1 files changed, 40 insertions(+), 22 deletions(-)
diff --git a/installer/index.php b/installer/index.php
index 5e7d318..3e9c6b7 100644
--- a/installer/index.php
+++ b/installer/index.php
@@ -1,11 +1,11 @@
<?php
-/*
+/**
+-------------------------------------------------------------------------+
| Roundcube Webmail setup tool |
- | Version 0.9-git |
+ | Version 1.2-git |
| |
- | Copyright (C) 2009-2012, The Roundcube Dev Team |
+ | Copyright (C) 2009-2015, The Roundcube Dev Team |
| |
| This program is free software: you can redistribute it and/or modify |
| it under the terms of the GNU General Public License (with exceptions |
@@ -39,33 +39,43 @@
ini_set('error_reporting', E_ALL &~ (E_NOTICE | E_STRICT));
ini_set('display_errors', 1);
-define('INSTALL_PATH', realpath(dirname(__FILE__) . '/../').'/');
-define('RCMAIL_CONFIG_DIR', INSTALL_PATH . 'config');
-define('RCMAIL_CHARSET', 'UTF-8');
+define('INSTALL_PATH', realpath(__DIR__ . '/../').'/');
+define('RCUBE_INSTALL_PATH', INSTALL_PATH);
+define('RCUBE_CONFIG_DIR', INSTALL_PATH . 'config/');
$include_path = INSTALL_PATH . 'program/lib' . PATH_SEPARATOR;
-$include_path .= INSTALL_PATH . 'program' . PATH_SEPARATOR;
$include_path .= INSTALL_PATH . 'program/include' . PATH_SEPARATOR;
$include_path .= ini_get('include_path');
set_include_path($include_path);
-require_once 'utils.php';
-require_once 'rcube_shared.inc';
+// include composer autoloader (if available)
+if (@file_exists(INSTALL_PATH . 'vendor/autoload.php')) {
+ require INSTALL_PATH . 'vendor/autoload.php';
+}
+
+require_once 'Roundcube/bootstrap.php';
// deprecated aliases (to be removed)
-require_once 'rcube_bc.inc';
+require_once 'bc.php';
-session_start();
+if (function_exists('session_start'))
+ session_start();
-$RCI = rcube_install::get_instance();
+$RCI = rcmail_install::get_instance();
$RCI->load_config();
-if (isset($_GET['_getfile']) && in_array($_GET['_getfile'], array('main', 'db'))) {
- $filename = $_GET['_getfile'] . '.inc.php';
- if (!empty($_SESSION[$filename])) {
+if (isset($_GET['_getconfig'])) {
+ $filename = 'config.inc.php';
+ if (!empty($_SESSION['config']) && $_GET['_getconfig'] == 2) {
+ $path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . $filename;
+ @unlink($path);
+ file_put_contents($path, $_SESSION['config']);
+ exit;
+ }
+ else if (!empty($_SESSION['config'])) {
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="'.$filename.'"');
- echo $_SESSION[$filename];
+ echo $_SESSION['config'];
exit;
}
else {
@@ -75,14 +85,14 @@
}
if ($RCI->configured && ($RCI->getprop('enable_installer') || $_SESSION['allowinstaller']) &&
- isset($_GET['_mergeconfig']) && in_array($_GET['_mergeconfig'], array('main', 'db'))) {
- $filename = $_GET['_mergeconfig'] . '.inc.php';
+ !empty($_GET['_mergeconfig'])) {
+ $filename = 'config.inc.php';
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="'.$filename.'"');
$RCI->merge_config();
- echo $RCI->create_config($_GET['_mergeconfig'], true);
+ echo $RCI->create_config();
exit;
}
@@ -122,8 +132,16 @@
// exit if installation is complete
if ($RCI->configured && !$RCI->getprop('enable_installer') && !$_SESSION['allowinstaller']) {
// header("HTTP/1.0 404 Not Found");
- echo '<h2 class="error">The installer is disabled!</h2>';
- echo '<p>To enable it again, set <tt>$rcmail_config[\'enable_installer\'] = true;</tt> in RCMAIL_CONFIG_DIR/main.inc.php</p>';
+ if ($RCI->configured && $RCI->legacy_config) {
+ echo '<h2 class="error">Your configuration needs to be migrated!</h2>';
+ echo '<p>We changed the configuration files structure and your installation needs to be updated accordingly.</p>';
+ echo '<p>Please run the <tt>bin/update.sh</tt> script from the command line or set <p> <tt>$rcube_config[\'enable_installer\'] = true;</tt></p>';
+ echo ' in your RCUBE_CONFIG_DIR/main.inc.php to let the installer help you migrating it.</p>';
+ }
+ else {
+ echo '<h2 class="error">The installer is disabled!</h2>';
+ echo '<p>To enable it again, set <tt>$config[\'enable_installer\'] = true;</tt> in RCUBE_CONFIG_DIR/config.inc.php</p>';
+ }
echo '</div></body></html>';
exit;
}
@@ -146,7 +164,7 @@
foreach (array('Check environment', 'Create config', 'Test config') as $i => $item) {
$j = $i + 1;
- $link = ($RCI->step >= $j || $RCI->configured) ? '<a href="./index.php?_step='.$j.'">' . Q($item) . '</a>' : Q($item);
+ $link = ($RCI->step >= $j || $RCI->configured) ? '<a href="./index.php?_step='.$j.'">' . rcube::Q($item) . '</a>' : rcube::Q($item);
printf('<li class="step%d%s">%s</li>', $j+1, $RCI->step > $j ? ' passed' : ($RCI->step == $j ? ' current' : ''), $link);
}
?>
--
Gitblit v1.9.1