githubFork/roundcubemail.git

			@@ -2,7 +2,7 @@
			/*
			+-------------------------------------------------------------------------+
			\| Roundcube Webmail IMAP Client \|
			\| Version 0.6-svn \|
			\| Version 0.8-svn \|
			\| \|
			\| Copyright (C) 2005-2011, The Roundcube Dev Team \|
			\| \|
			@@ -33,6 +33,9 @@
			// init application, start session, init output class, etc.
			$RCMAIL = rcmail::get_instance();

			// Make the whole PHP output non-cacheable (#1487797)
			send_nocacheing_headers();

			// turn on output buffering
			ob_start();

			@@ -45,7 +48,7 @@
			}

			// check DB connections and exit on failure
			if ($err_str = $DB->is_error()) {
			if ($err_str = $RCMAIL->db->is_error()) {
			raise_error(array(
			'code' => 603,
			'type' => 'db',
			@@ -94,8 +97,7 @@
			$OUTPUT->show_message("cookiesdisabled", 'warning');
			}
			else if ($auth['valid'] && !$auth['abort'] &&
			!empty($auth['host']) && !empty($auth['user']) &&
			$RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])
			$RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])
			) {
			// create new session ID, don't destroy the current session
			// it was destroyed already by $RCMAIL->kill_session() above
			@@ -126,9 +128,9 @@
			$OUTPUT->redirect($redir);
			}
			else {
			$error_code = is_object($IMAP) ? $IMAP->get_error_code() : -1;
			$error_code = is_object($RCMAIL->storage) ? $RCMAIL->storage->get_error_code() : 1;

			$OUTPUT->show_message($error_code < -1 ? 'imaperror' : (!$auth['valid'] ? 'invalidrequest' : 'loginfailed'), 'warning');
			$OUTPUT->show_message($error_code < -1 ? 'storageerror' : (!$auth['valid'] ? 'invalidrequest' : 'loginfailed'), 'warning');
			$RCMAIL->plugins->exec_hook('login_failed', array(
			'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user']));
			$RCMAIL->kill_session();
			@@ -137,7 +139,11 @@

			// end session (after optional referer check)
			else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id']) && (!$RCMAIL->config->get('referer_check') \|\| rcube_check_referer())) {
			$userdata = array('user' => $_SESSION['username'], 'host' => $_SESSION['imap_host'], 'lang' => $RCMAIL->user->language);
			$userdata = array(
			'user' => $_SESSION['username'],
			'host' => $_SESSION['storage_host'],
			'lang' => $RCMAIL->user->language,
			);
			$OUTPUT->show_message('loggedout');
			$RCMAIL->logout_actions();
			$RCMAIL->kill_session();
			@@ -155,7 +161,7 @@
			// not logged in -> show login page
			if (empty($RCMAIL->user->ID)) {
			// log session failures
			if ($RCMAIL->task != 'login' && $RCMAIL->task != 'logout' && !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])) {
			if (($task = get_input_value('_task', RCUBE_INPUT_GPC)) && !in_array($task, array('login','logout')) && !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])) {
			$RCMAIL->session->log("Aborted session " . $sess_id . "; no valid session data found");
			$session_error = true;
			}
			@@ -177,7 +183,7 @@
			)
			);
			}


			if ($session_error \|\| $_REQUEST['_err'] == 'session')
			$OUTPUT->show_message('sessionerror', 'error', null, true, -1);

			@@ -192,7 +198,7 @@
			// check client X-header to verify request origin
			if ($OUTPUT->ajax_call) {
			if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
			header('HTTP/1.1 404 Not Found');
			header('HTTP/1.1 403 Forbidden');
			die("Invalid Request");
			}
			}
			@@ -211,6 +217,12 @@
			}
			}

			// we're ready, user is authenticated and the request is safe
			$plugin = $RCMAIL->plugins->exec_hook('ready', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));
			$RCMAIL->set_task($plugin['task']);
			$RCMAIL->action = $plugin['action'];


			// handle special actions
			if ($RCMAIL->action == 'keep-alive') {
			$OUTPUT->reset();