From e48a10a0d7ba44261ce118c024596f61266ff20a Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 02 Jul 2009 02:38:26 -0400
Subject: [PATCH] Add option to enforce https connections

---
 CHANGELOG                |    1 +
 index.php                |    7 ++++++-
 config/main.inc.php.dist |    4 ++++
 3 files changed, 11 insertions(+), 1 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index b88aa3f..a613b66 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG RoundCube Webmail
 ===========================
 
+- Added config option to enforce HTTPS connections
 - Fix non-unicode characters caching in unicode database (#1484608)
 - Performance improvements of messages caching
 - Fix empty Date header issue (#1485923)
diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist
index 29f6e12..f5e4c7c 100644
--- a/config/main.inc.php.dist
+++ b/config/main.inc.php.dist
@@ -50,6 +50,10 @@
 // possible units: s, m, h, d, w
 $rcmail_config['message_cache_lifetime'] = '10d';
 
+// enforce connections over https
+// with this option enabled, all non-secure connections will be redirected
+$rcmail_config['force_https'] = FALSE;
+
 // automatically create a new RoundCube user when log-in the first time.
 // a new user will be created once the IMAP login succeeds.
 // set to false if only registered users can use this service
diff --git a/index.php b/index.php
index e8111b1..2767277 100644
--- a/index.php
+++ b/index.php
@@ -2,7 +2,7 @@
 /*
  +-------------------------------------------------------------------------+
  | RoundCube Webmail IMAP Client                                           |
- | Version 0.3-20090419                                                    |
+ | Version 0.3-20090702                                                    |
  |                                                                         |
  | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                   |
  |                                                                         |
@@ -63,6 +63,11 @@
   raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
 }
 
+// check if https is required (for login) and redirect if necessary
+if ($RCMAIL->config->get('force_https', false) && empty($_SESSION['user_id']) && !(isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == 443)) {
+  header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
+  exit;
+}
 
 // trigger startup plugin hook
 $startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));

--
Gitblit v1.9.1