From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/lib/Roundcube/rcube_plugin_api.php | 99 +++++++++++++++++++++++++------------------------
1 files changed, 50 insertions(+), 49 deletions(-)
diff --git a/program/lib/Roundcube/rcube_plugin_api.php b/program/lib/Roundcube/rcube_plugin_api.php
index 8fd3253..704f416 100644
--- a/program/lib/Roundcube/rcube_plugin_api.php
+++ b/program/lib/Roundcube/rcube_plugin_api.php
@@ -1,6 +1,6 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2008-2012, The Roundcube Dev Team |
@@ -43,6 +43,7 @@
public $active_plugins = array();
protected $plugins = array();
+ protected $plugins_initialized = array();
protected $tasks = array();
protected $actions = array();
protected $actionmap = array();
@@ -94,8 +95,9 @@
foreach ($this->plugins as $plugin) {
// ... task, request type and framed mode
- if (!$this->filter($plugin)) {
+ if (!$this->plugins_initialized[$plugin->ID] && !$this->filter($plugin)) {
$plugin->init();
+ $this->plugins_initialized[$plugin->ID] = $plugin;
}
}
@@ -146,7 +148,7 @@
/**
* Load the specified plugin
*
- * @param string Plugin name
+ * @param string Plugin name
* @param boolean Force loading of the plugin even if it doesn't match the filter
* @param boolean Require loading of the plugin, error if it doesn't exist
*
@@ -161,63 +163,62 @@
$plugins_dir = unslashify($dir->path);
}
- // plugin already loaded
- if ($this->plugins[$plugin_name]) {
- return true;
- }
+ // plugin already loaded?
+ if (!$this->plugins[$plugin_name]) {
+ $fn = "$plugins_dir/$plugin_name/$plugin_name.php";
- $fn = "$plugins_dir/$plugin_name/$plugin_name.php";
+ if (!is_readable($fn)) {
+ if ($require) {
+ rcube::raise_error(array('code' => 520, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Failed to load plugin file $fn"), true, false);
+ }
- if (is_readable($fn)) {
+ return false;
+ }
+
if (!class_exists($plugin_name, false)) {
include $fn;
}
// instantiate class if exists
- if (class_exists($plugin_name, false)) {
- $plugin = new $plugin_name($this);
- $this->active_plugins[] = $plugin_name;
-
- // check inheritance...
- if (is_subclass_of($plugin, 'rcube_plugin')) {
- // ... task, request type and framed mode
-
- // call onload method on plugin if it exists.
- // this is useful if you want to be called early in the boot process
- if (method_exists($plugin, 'onload')) {
- $plugin->onload();
- }
-
- // init a plugin only if $force is set or if we're called after initialization
- if (($force || $this->initialized)
- && !$this->filter($plugin))
- {
- $plugin->init();
- }
-
- $this->plugins[$plugin_name] = $plugin;
-
- if (!empty($plugin->allowed_prefs)) {
- $this->allowed_prefs = array_merge($this->allowed_prefs, $plugin->allowed_prefs);
- }
-
- return true;
- }
- }
- else {
+ if (!class_exists($plugin_name, false)) {
rcube::raise_error(array('code' => 520, 'type' => 'php',
'file' => __FILE__, 'line' => __LINE__,
'message' => "No plugin class $plugin_name found in $fn"),
true, false);
+
+ return false;
+ }
+
+ $plugin = new $plugin_name($this);
+ $this->active_plugins[] = $plugin_name;
+
+ // check inheritance...
+ if (is_subclass_of($plugin, 'rcube_plugin')) {
+ // call onload method on plugin if it exists.
+ // this is useful if you want to be called early in the boot process
+ if (method_exists($plugin, 'onload')) {
+ $plugin->onload();
+ }
+
+ if (!empty($plugin->allowed_prefs)) {
+ $this->allowed_prefs = array_merge($this->allowed_prefs, $plugin->allowed_prefs);
+ }
+
+ $this->plugins[$plugin_name] = $plugin;
}
}
- else if ($require) {
- rcube::raise_error(array('code' => 520, 'type' => 'php',
- 'file' => __FILE__, 'line' => __LINE__,
- 'message' => "Failed to load plugin file $fn"), true, false);
+
+ if ($plugin = $this->plugins[$plugin_name]) {
+ // init a plugin only if $force is set or if we're called after initialization
+ if (($force || $this->initialized) && !$this->plugins_initialized[$plugin_name] && ($force || !$this->filter($plugin))) {
+ $plugin->init();
+ $this->plugins_initialized[$plugin_name] = $plugin;
+ }
}
- return false;
+ return true;
}
/**
@@ -228,9 +229,9 @@
*/
private function filter($plugin)
{
- return (($plugin->noajax && !(is_object($this->output) && $this->output->type == 'html') )
+ return ($plugin->noajax && !(is_object($this->output) && $this->output->type == 'html'))
|| ($plugin->task && !preg_match('/^('.$plugin->task.')$/i', $this->task))
- || ($plugin->noframe && !empty($_REQUEST['_framed']))) ? true : false;
+ || ($plugin->noframe && !empty($_REQUEST['_framed']));
}
/**
@@ -324,8 +325,8 @@
// load additional information from local composer.lock file
if ($lock = $composer_lock['installed'][$json['name']]) {
$info['version'] = $lock['version'];
- $info['uri'] = $lock['homepage'] ? $lock['homepage'] : $lock['source']['uri'];
- $info['src_uri'] = $lock['dist']['uri'] ? $lock['dist']['uri'] : $lock['source']['uri'];
+ $info['uri'] = $lock['homepage'] ?: $lock['source']['uri'];
+ $info['src_uri'] = $lock['dist']['uri'] ?: $lock['source']['uri'];
}
}
--
Gitblit v1.9.1