From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
installer/test.php | 94 +++++++++++++++++++++++++++++------------------
1 files changed, 58 insertions(+), 36 deletions(-)
diff --git a/installer/test.php b/installer/test.php
index a465e2f..340fe26 100644
--- a/installer/test.php
+++ b/installer/test.php
@@ -1,10 +1,17 @@
+<?php
+
+if (!class_exists('rcube_install') || !is_object($RCI)) {
+ die("Not allowed! Please open installer/index.php instead.");
+}
+
+?>
<form action="index.php?_step=3" method="post">
<h3>Check config files</h3>
<?php
-$read_main = is_readable(RCMAIL_CONFIG_DIR.'/main.inc.php');
-$read_db = is_readable(RCMAIL_CONFIG_DIR.'/db.inc.php');
+$read_main = is_readable(RCUBE_CONFIG_DIR . 'main.inc.php');
+$read_db = is_readable(RCUBE_CONFIG_DIR . 'db.inc.php');
if ($read_main && !empty($RCI->config)) {
$RCI->pass('main.inc.php');
@@ -31,13 +38,13 @@
if (is_array($messages['missing'])) {
echo '<h3 class="warning">Missing config options</h3>';
- echo '<p class="hint">The following config options are not present in the current configuration.<br/>';
- echo 'Please check the default config files and add the missing properties to your local config files.</p>';
-
- echo '<ul class="configwarings">';
+ echo '<p class="hint">The following config options are not set (not present or empty) in the current configuration.<br/>';
+ echo 'Please check the default config files and set the missing properties in your local config files.</p>';
+
+ echo '<ul class="configwarnings">';
foreach ($messages['missing'] as $msg) {
echo html::tag('li', null, html::span('propname', $msg['prop']) . ($msg['name'] ? ': ' . $msg['name'] : ''));
- }
+ }
echo '</ul>';
}
@@ -88,7 +95,7 @@
?>
<h3>Check if directories are writable</h3>
-<p>RoundCube may need to write/save files into these directories</p>
+<p>Roundcube may need to write/save files into these directories</p>
<?php
if ($RCI->configured) {
@@ -125,9 +132,9 @@
$db_working = false;
if ($RCI->configured) {
if (!empty($RCI->config['db_dsnw'])) {
-
- $DB = new rcube_mdb2($RCI->config['db_dsnw'], '', false);
+ $DB = rcube_db::factory($RCI->config['db_dsnw'], '', false);
$DB->db_connect('w');
+
if (!($db_error_msg = $DB->is_error())) {
$RCI->pass('DSN (write)');
echo '<br />';
@@ -156,20 +163,26 @@
}
}
+else if ($db_working && $_POST['updatedb']) {
+ if (!($success = $RCI->update_db($_POST['version']))) {
+ echo '<p class="warning">Database schema update failed.</p>';
+ }
+}
+
// test database
if ($db_working) {
$db_read = $DB->query("SELECT count(*) FROM {$RCI->config['db_table_users']}");
- if ($DB->db_error) {
+ if ($DB->is_error()) {
$RCI->fail('DB Schema', "Database not initialized");
echo '<p><input type="submit" name="initdb" value="Initialize database" /></p>';
$db_working = false;
}
- else if ($RCI->db_schema_check($DB, $update = !empty($_POST['updatedb']))) {
+ else if ($err = $RCI->db_schema_check($DB, $update = !empty($_POST['updatedb']))) {
$RCI->fail('DB Schema', "Database schema differs");
- $db_map = array('pgsql' => 'postgres', 'mysqli' => 'mysql', 'sqlsrv' => 'mssql');
- $updatefile = INSTALL_PATH . 'SQL/' . (isset($db_map[$DB->db_provider]) ? $db_map[$DB->db_provider] : $DB->db_provider) . '.update.sql';
- echo '<p class="warning">Please manually execute the SQL statements from '.$updatefile.' on your database.<br/>';
- echo 'See comments in the file and execute queries that are superscribed with the currently installed version number.</p>';
+ echo '<ul style="margin:0"><li>' . join("</li>\n<li>", $err) . "</li></ul>";
+ $select = $RCI->versions_select(array('name' => 'version'));
+ $select->add('0.9 or newer', '');
+ echo '<p class="suggestion">You should run the update queries to get the schema fixed.<br/><br/>Version to update from: ' . $select->show() . ' <input type="submit" name="updatedb" value="Update" /></p>';
$db_working = false;
}
else {
@@ -249,18 +262,21 @@
echo '<p>Trying to send email...<br />';
- if (preg_match('/^' . $RCI->email_pattern . '$/i', trim($_POST['_from'])) &&
- preg_match('/^' . $RCI->email_pattern . '$/i', trim($_POST['_to']))) {
+ $from = idn_to_ascii(trim($_POST['_from']));
+ $to = idn_to_ascii(trim($_POST['_to']));
+ if (preg_match('/^' . $RCI->email_pattern . '$/i', $from) &&
+ preg_match('/^' . $RCI->email_pattern . '$/i', $to)
+ ) {
$headers = array(
- 'From' => trim($_POST['_from']),
- 'To' => trim($_POST['_to']),
- 'Subject' => 'Test message from RoundCube',
+ 'From' => $from,
+ 'To' => $to,
+ 'Subject' => 'Test message from Roundcube',
);
- $body = 'This is a test to confirm that RoundCube can send email.';
+ $body = 'This is a test to confirm that Roundcube can send email.';
$smtp_response = array();
-
+
// send mail using configured SMTP server
if ($RCI->getprop('smtp_server')) {
$CONFIG = $RCI->config;
@@ -276,7 +292,8 @@
$send_headers = $mail_object->headers($headers);
$SMTP = new rcube_smtp();
- $SMTP->connect();
+ $SMTP->connect(rcube_parse_host($RCI->getprop('smtp_server')),
+ $RCI->getprop('smtp_port'), $CONFIG['smtp_user'], $CONFIG['smtp_pass']);
$status = $SMTP->send_mail($headers['From'], $headers['To'],
($foo = $mail_object->txtHeaders($send_headers)), $body);
@@ -369,22 +386,27 @@
<?php
if (isset($_POST['imaptest']) && !empty($_POST['_host']) && !empty($_POST['_user'])) {
-
+
echo '<p>Connecting to ' . Q($_POST['_host']) . '...<br />';
-
- $a_host = parse_url($_POST['_host']);
+
+ $imap_host = trim($_POST['_host']);
+ $imap_port = $RCI->getprop('default_port');
+ $a_host = parse_url($imap_host);
+
if ($a_host['host']) {
$imap_host = $a_host['host'];
- $imap_ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? $a_host['scheme'] : null;
- $imap_port = isset($a_host['port']) ? $a_host['port'] : ($imap_ssl ? 993 : $CONFIG['default_port']);
+ $imap_ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? $a_host['scheme'] : null;
+ if (isset($a_host['port']))
+ $imap_port = $a_host['port'];
+ else if ($imap_ssl && $imap_ssl != 'tls' && (!$imap_port || $imap_port == 143))
+ $imap_port = 993;
}
- else {
- $imap_host = trim($_POST['_host']);
- $imap_port = $RCI->getprop('default_port');
- }
-
+
+ $imap_host = idn_to_ascii($imap_host);
+ $imap_user = idn_to_ascii($_POST['_user']);
+
$imap = new rcube_imap(null);
- if ($imap->connect($imap_host, $_POST['_user'], $_POST['_pass'], $imap_port, $imap_ssl)) {
+ if ($imap->connect($imap_host, $imap_user, $_POST['_pass'], $imap_port, $imap_ssl)) {
$RCI->pass('IMAP connect', 'SORT capability: ' . ($imap->get_capability('SORT') ? 'yes' : 'no'));
$imap->close();
}
@@ -405,7 +427,7 @@
After completing the installation and the final tests please <b>remove</b> the whole
installer folder from the document root of the webserver or make sure that
-enable_installer option in main.inc.php is disabled.<br />
+<tt>enable_installer</tt> option in config/main.inc.php is disabled.<br />
<br />
These files may expose sensitive configuration data like server passwords and encryption keys
--
Gitblit v1.9.1