From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 installer/config.php |   24 ++++++++++--------------
 1 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/installer/config.php b/installer/config.php
index 905fb06..ed9adf9 100644
--- a/installer/config.php
+++ b/installer/config.php
@@ -1,3 +1,10 @@
+<?php
+
+if (!class_exists('rcube_install') || !is_object($RCI)) {
+    die("Not allowed! Please open installer/index.php instead.");
+}
+
+?>
 <form action="index.php" method="post">
 <input type="hidden" name="_step" value="2" />
 <?php
@@ -8,7 +15,6 @@
 // register these boolean fields
 $RCI->bool_config_props = array(
   'ip_check' => 1,
-  'enable_caching' => 1,
   'enable_spellcheck' => 1,
   'auto_create_user' => 1,
   'smtp_log' => 1,
@@ -23,8 +29,8 @@
 if (!empty($_POST['submit'])) {
   
   echo '<p class="notice">Copy or download the following configurations and save them in two files';
-  echo ' (names above the text box) within the <tt>'.RCMAIL_CONFIG_DIR.'</tt> directory of your Roundcube installation.<br/>';
-  echo ' Make sure that there are no characters outside the <tt>&lt;?php ?&gt;</tt> brackets when saving the files.</p>';
+  echo ' (names above the text box) within the <tt>'.RCMAIL_CONFIG_DIR.'</tt> directory of your Roundcube installation.';
+  echo '</p>';
   
   $textbox = new html_textarea(array('rows' => 16, 'cols' => 60, 'class' => "configfile"));
   
@@ -120,16 +126,6 @@
 <p class="hint">This increases security but can cause sudden logouts when someone uses a proxy with changing IPs.</p>
 </dd>
 
-<dt class="propname">enable_caching</dt>
-<dd>
-<?php
-
-$check_caching = new html_checkbox(array('name' => '_enable_caching', 'id' => "cfgcache"));
-echo $check_caching->show(intval($RCI->getprop('enable_caching')), array('value' => 1));
-
-?>
-<label for="cfgcache">Cache messages in local database</label><br />
-</dd>
 
 <dt class="propname">enable_spellcheck</dt>
 <dd>
@@ -270,7 +266,7 @@
 $select_dbtype = new html_select(array('name' => '_dbtype', 'id' => "cfgdbtype"));
 foreach ($RCI->supported_dbs as $database => $ext) {
     if (extension_loaded($ext)) {
-        $select_dbtype->add($database, $ext);
+        $select_dbtype->add($database, substr($ext, 4));
     }
 }
 

--
Gitblit v1.9.1