From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 program/lib/Roundcube/rcube_plugin.php |   38 ++++++++++++++++++++++++++++++++++----
 1 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/program/lib/Roundcube/rcube_plugin.php b/program/lib/Roundcube/rcube_plugin.php
index f0af953..baa4a31 100644
--- a/program/lib/Roundcube/rcube_plugin.php
+++ b/program/lib/Roundcube/rcube_plugin.php
@@ -1,9 +1,9 @@
 <?php
 
-/*
+/**
  +-----------------------------------------------------------------------+
  | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2008-2012, The Roundcube Dev Team                       |
+ | Copyright (C) 2008-2014, The Roundcube Dev Team                       |
  |                                                                       |
  | Licensed under the GNU General Public License version 3 or            |
  | any later version with exceptions for skins & plugins.                |
@@ -71,6 +71,7 @@
     protected $home;
     protected $urlbase;
     private $mytask;
+    private $loaded_config = array();
 
 
     /**
@@ -94,7 +95,15 @@
     /**
      * Provide information about this
      *
-     * @return array Meta information about a plugin or false if not implemented
+     * @return array Meta information about a plugin or false if not implemented:
+     * As hash array with the following keys:
+     *      name: The plugin name
+     *    vendor: Name of the plugin developer
+     *   version: Plugin version name
+     *   license: License name (short form according to http://spdx.org/licenses/)
+     *       uri: The URL to the plugin homepage or source repository
+     *   src_uri: Direct download URL to the source code of this plugin
+     *   require: List of plugins required for this one (as array of plugin names)
      */
     public static function info()
     {
@@ -113,6 +122,17 @@
     }
 
     /**
+     * Attempt to load the given plugin which is optional for the current plugin
+     *
+     * @param string Plugin name
+     * @return boolean True on success, false on failure
+     */
+    public function include_plugin($plugin_name)
+    {
+        return $this->api->load_plugin($plugin_name, true, false);
+    }
+
+    /**
      * Load local config file from plugins directory.
      * The loaded values are patched over the global configuration.
      *
@@ -122,6 +142,12 @@
      */
     public function load_config($fname = 'config.inc.php')
     {
+        if (in_array($fname, $this->loaded_config)) {
+            return true;
+        }
+
+        $this->loaded_config[] = $fname;
+
         $fpath = $this->home.'/'.$fname;
         $rcube = rcube::get_instance();
 
@@ -394,7 +420,11 @@
     public function local_skin_path()
     {
         $rcube = rcube::get_instance();
-        foreach (array($rcube->config->get('skin'), 'larry') as $skin) {
+        $skins = array_keys((array)$rcube->output->skins);
+        if (empty($skins)) {
+            $skins = (array) $rcube->config->get('skin');
+        }
+        foreach ($skins as $skin) {
             $skin_path = 'skins/' . $skin;
             if (is_dir(realpath(slashify($this->home) . $skin_path))) {
                 break;

--
Gitblit v1.9.1