From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 installer/index.php |   38 ++++++++++++++++++--------------------
 1 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/installer/index.php b/installer/index.php
index e46ef19..0e80b1c 100644
--- a/installer/index.php
+++ b/installer/index.php
@@ -34,29 +34,25 @@
  +-------------------------------------------------------------------------+
  | Author: Thomas Bruederli <roundcube@gmail.com>                          |
  +-------------------------------------------------------------------------+
-
- $Id$
-
 */
 
 ini_set('error_reporting', E_ALL &~ (E_NOTICE | E_STRICT));
 ini_set('display_errors', 1);
 
 define('INSTALL_PATH', realpath(dirname(__FILE__) . '/../').'/');
-define('RCMAIL_CONFIG_DIR', INSTALL_PATH . 'config');
-define('RCMAIL_CHARSET', 'UTF-8');
+define('RCUBE_INSTALL_PATH', INSTALL_PATH);
+define('RCUBE_CONFIG_DIR', INSTALL_PATH . 'config/');
 
 $include_path  = INSTALL_PATH . 'program/lib' . PATH_SEPARATOR;
-$include_path .= INSTALL_PATH . 'program' . PATH_SEPARATOR;
 $include_path .= INSTALL_PATH . 'program/include' . PATH_SEPARATOR;
 $include_path .= ini_get('include_path');
 
 set_include_path($include_path);
 
-require_once 'utils.php';
-require_once 'rcube_shared.inc';
+require_once 'Roundcube/bootstrap.php';
+require_once 'rcube_install.php';
 // deprecated aliases (to be removed)
-require_once 'rcube_bc.inc';
+require_once 'bc.php';
 
 session_start();
 
@@ -126,18 +122,27 @@
   if ($RCI->configured && !$RCI->getprop('enable_installer') && !$_SESSION['allowinstaller']) {
     // header("HTTP/1.0 404 Not Found");
     echo '<h2 class="error">The installer is disabled!</h2>';
-    echo '<p>To enable it again, set <tt>$rcmail_config[\'enable_installer\'] = true;</tt> in RCMAIL_CONFIG_DIR/main.inc.php</p>';
+    echo '<p>To enable it again, set <tt>$rcmail_config[\'enable_installer\'] = true;</tt> in RCUBE_CONFIG_DIR/main.inc.php</p>';
     echo '</div></body></html>';
     exit;
   }
-  
+
 ?>
 
 <h1>Roundcube Webmail Installer</h1>
 
 <ol id="progress">
 <?php
-  
+  $include_steps = array(
+    1 => './check.php',
+    2 => './config.php',
+    3 => './test.php',
+  );
+
+  if (!in_array($RCI->step, array_keys($include_steps))) {
+    $RCI->step = 1;
+  }
+
   foreach (array('Check environment', 'Create config', 'Test config') as $i => $item) {
     $j = $i + 1;
     $link = ($RCI->step >= $j || $RCI->configured) ? '<a href="./index.php?_step='.$j.'">' . Q($item) . '</a>' : Q($item);
@@ -147,15 +152,8 @@
 </ol>
 
 <?php
-$include_steps = array('', './check.php', './config.php', './test.php');
 
-if ($include_steps[$RCI->step]) {
-  include $include_steps[$RCI->step];
-}
-else {
-  header("HTTP/1.0 404 Not Found");
-  echo '<h2 class="error">Invalid step</h2>';
-}
+include $include_steps[$RCI->step];
 
 ?>
 </div>

--
Gitblit v1.9.1