From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/lib/Roundcube/rcube_plugin.php | 46 ++++++++++++++++++++++++++++++++++++++++------
1 files changed, 40 insertions(+), 6 deletions(-)
diff --git a/program/lib/Roundcube/rcube_plugin.php b/program/lib/Roundcube/rcube_plugin.php
index 3153a84..baa4a31 100644
--- a/program/lib/Roundcube/rcube_plugin.php
+++ b/program/lib/Roundcube/rcube_plugin.php
@@ -1,9 +1,9 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2008-2012, The Roundcube Dev Team |
+ | Copyright (C) 2008-2014, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@@ -71,6 +71,7 @@
protected $home;
protected $urlbase;
private $mytask;
+ private $loaded_config = array();
/**
@@ -94,7 +95,15 @@
/**
* Provide information about this
*
- * @return array Meta information about a plugin or false if not implemented
+ * @return array Meta information about a plugin or false if not implemented:
+ * As hash array with the following keys:
+ * name: The plugin name
+ * vendor: Name of the plugin developer
+ * version: Plugin version name
+ * license: License name (short form according to http://spdx.org/licenses/)
+ * uri: The URL to the plugin homepage or source repository
+ * src_uri: Direct download URL to the source code of this plugin
+ * require: List of plugins required for this one (as array of plugin names)
*/
public static function info()
{
@@ -109,7 +118,18 @@
*/
public function require_plugin($plugin_name)
{
- return $this->api->load_plugin($plugin_name);
+ return $this->api->load_plugin($plugin_name, true);
+ }
+
+ /**
+ * Attempt to load the given plugin which is optional for the current plugin
+ *
+ * @param string Plugin name
+ * @return boolean True on success, false on failure
+ */
+ public function include_plugin($plugin_name)
+ {
+ return $this->api->load_plugin($plugin_name, true, false);
}
/**
@@ -122,15 +142,25 @@
*/
public function load_config($fname = 'config.inc.php')
{
+ if (in_array($fname, $this->loaded_config)) {
+ return true;
+ }
+
+ $this->loaded_config[] = $fname;
+
$fpath = $this->home.'/'.$fname;
$rcube = rcube::get_instance();
- if (is_file($fpath) && !$rcube->config->load_from_file($fpath)) {
+ if (($is_local = is_file($fpath)) && !$rcube->config->load_from_file($fpath)) {
rcube::raise_error(array(
'code' => 527, 'type' => 'php',
'file' => __FILE__, 'line' => __LINE__,
'message' => "Failed to load config from $fpath"), true, false);
return false;
+ }
+ else if (!$is_local) {
+ // Search plugin_name.inc.php file in any configured path
+ return $rcube->config->load_from_file($this->ID . '.inc.php');
}
return true;
@@ -390,7 +420,11 @@
public function local_skin_path()
{
$rcube = rcube::get_instance();
- foreach (array($rcube->config->get('skin'), 'larry') as $skin) {
+ $skins = array_keys((array)$rcube->output->skins);
+ if (empty($skins)) {
+ $skins = (array) $rcube->config->get('skin');
+ }
+ foreach ($skins as $skin) {
$skin_path = 'skins/' . $skin;
if (is_dir(realpath(slashify($this->home) . $skin_path))) {
break;
--
Gitblit v1.9.1