githubFork/roundcubemail.git

			@@ -28,8 +28,16 @@
			*/
			class rcube
			{
			const INIT_WITH_DB = 1;
			// Init options
			const INIT_WITH_DB = 1;
			const INIT_WITH_PLUGINS = 2;

			// Request status
			const REQUEST_VALID = 0;
			const REQUEST_ERROR_URL = 1;
			const REQUEST_ERROR_TOKEN = 2;

			const DEBUG_LINE_LENGTH = 4096;

			/**
			* Singleton instace of rcube
			@@ -101,6 +109,12 @@
			*/
			public $user;

			/**
			* Request status
			*
			* @var int
			*/
			public $request_status = 0;

			/* private/protected vars */
			protected $texts;
			@@ -203,7 +217,10 @@
			$this->mc_available = 0;

			// add all configured hosts to pool
			$pconnect = $this->config->get('memcache_pconnect', true);
			$pconnect = $this->config->get('memcache_pconnect', true);
			$timeout = $this->config->get('memcache_timeout', 1);
			$retry_interval = $this->config->get('memcache_retry_interval', 15);

			foreach ($this->config->get('memcache_hosts', array()) as $host) {
			if (substr($host, 0, 7) != 'unix://') {
			list($host, $port) = explode(':', $host);
			@@ -214,7 +231,7 @@
			}

			$this->mc_available += intval($this->memcache->addServer(
			$host, $port, $pconnect, 1, 1, 15, false, array($this, 'memcache_failure')));
			$host, $port, $pconnect, 1, $timeout, $retry_interval, false, array($this, 'memcache_failure')));
			}

			// test connection and failover (will result in $this->mc_available == 0 on complete failure)
			@@ -506,23 +523,15 @@
			ini_set('session.use_only_cookies', 1);
			ini_set('session.cookie_httponly', 1);

			// use database for storing session data
			$this->session = new rcube_session($this->get_dbh(), $this->config);

			// get session driver instance
			$this->session = rcube_session::factory($this->config);
			$this->session->register_gc_handler(array($this, 'gc'));
			$this->session->set_secret($this->config->get('des_key') . dirname($_SERVER['SCRIPT_NAME']));
			$this->session->set_ip_check($this->config->get('ip_check'));

			if ($this->config->get('session_auth_name')) {
			$this->session->set_cookiename($this->config->get('session_auth_name'));
			}

			// start PHP session (if not in CLI mode)
			if ($_SERVER['REMOTE_ADDR']) {
			$this->session->start();
			}
			}


			/**
			* Garbage collector - cache/temp cleaner
			@@ -978,6 +987,104 @@


			/**
			* Returns session token for secure URLs
			*
			* @param bool $generate Generate token if not exists in session yet
			*
			* @return string\|bool Token string, False when disabled
			*/
			public function get_secure_url_token($generate = false)
			{
			if ($len = $this->config->get('use_secure_urls')) {
			if (empty($_SESSION['secure_token']) && $generate) {
			// generate x characters long token
			$length = $len > 1 ? $len : 16;
			$token = openssl_random_pseudo_bytes($length / 2);
			$token = bin2hex($token);

			$plugin = $this->plugins->exec_hook('secure_token',
			array('value' => $token, 'length' => $length));

			$_SESSION['secure_token'] = $plugin['value'];
			}

			return $_SESSION['secure_token'];
			}

			return false;
			}


			/**
			* Generate a unique token to be used in a form request
			*
			* @return string The request token
			*/
			public function get_request_token()
			{
			$sess_id = $_COOKIE[ini_get('session.name')];
			if (!$sess_id) {
			$sess_id = session_id();
			}

			$plugin = $this->plugins->exec_hook('request_token', array(
			'value' => md5('RT' . $this->get_user_id() . $this->config->get('des_key') . $sess_id)));

			return $plugin['value'];
			}


			/**
			* Check if the current request contains a valid token.
			* Empty requests aren't checked until use_secure_urls is set.
			*
			* @param int Request method
			*
			* @return boolean True if request token is valid false if not
			*/
			public function check_request($mode = rcube_utils::INPUT_POST)
			{
			// check secure token in URL if enabled
			if ($token = $this->get_secure_url_token()) {
			foreach (explode('/', preg_replace('/[?#&].*$/', '', $_SERVER['REQUEST_URI'])) as $tok) {
			if ($tok == $token) {
			return true;
			}
			}

			$this->request_status = self::REQUEST_ERROR_URL;

			return false;
			}

			$sess_tok = $this->get_request_token();

			// ajax requests
			if (rcube_utils::request_header('X-Roundcube-Request') == $sess_tok) {
			return true;
			}

			// skip empty requests
			if (($mode == rcube_utils::INPUT_POST && empty($_POST))
			\|\| ($mode == rcube_utils::INPUT_GET && empty($_GET))
			) {
			return true;
			}

			// default method of securing requests
			$token = rcube_utils::get_input_value('_token', $mode);
			$sess_id = $_COOKIE[ini_get('session.name')];

			if (empty($sess_id) \|\| $token != $sess_tok) {
			$this->request_status = self::REQUEST_ERROR_TOKEN;
			return false;
			}

			return true;
			}


			/**
			* Build a valid URL to this instance of Roundcube
			*
			* @param mixed Either a string with the action or url parameters as key-value pairs
			@@ -1348,6 +1455,32 @@


			/**
			* Write debug info to the log
			*
			* @param string Engine type - file name (memcache, apc)
			* @param string Data string to log
			* @param bool Operation result
			*/
			public static function debug($engine, $data, $result = null)
			{
			static $debug_counter;

			$line = '[' . (++$debug_counter[$engine]) . '] ' . $data;

			if (($len = strlen($line)) > self::DEBUG_LINE_LENGTH) {
			$diff = $len - self::DEBUG_LINE_LENGTH;
			$line = substr($line, 0, self::DEBUG_LINE_LENGTH) . "... [truncated $diff bytes]";
			}

			if ($result !== null) {
			$line .= ' [' . ($result ? 'TRUE' : 'FALSE') . ']';
			}

			self::write_log($engine, $line);
			}


			/**
			* Returns current time (with microseconds).
			*
			* @return float Current time in seconds since the Unix
			@@ -1568,15 +1701,18 @@

			if ($message->getParam('delay_file_io')) {
			// use common temp dir
			$temp_dir = $this->config->get('temp_dir');
			$body_file = tempnam($temp_dir, 'rcmMsg');
			if (PEAR::isError($mime_result = $message->saveMessageBody($body_file))) {
			$temp_dir = $this->config->get('temp_dir');
			$body_file = tempnam($temp_dir, 'rcmMsg');
			$mime_result = $message->saveMessageBody($body_file);

			if (is_a($mime_result, 'PEAR_Error')) {
			self::raise_error(array('code' => 650, 'type' => 'php',
			'file' => __FILE__, 'line' => __LINE__,
			'message' => "Could not create message: ".$mime_result->getMessage()),
			TRUE, FALSE);
			true, false);
			return false;
			}

			$msg_body = fopen($body_file, 'r');
			}
			else {
			@@ -1596,7 +1732,7 @@
			if (!$sent) {
			self::raise_error(array('code' => 800, 'type' => 'smtp',
			'line' => __LINE__, 'file' => __FILE__,
			'message' => "SMTP error: ".join("\n", $response)), TRUE, FALSE);
			'message' => join("\n", $response)), true, false);
			}
			}
			// send mail using PHP's mail() function
			@@ -1619,11 +1755,11 @@

			$msg_body = $message->get();

			if (PEAR::isError($msg_body)) {
			if (is_a($msg_body, 'PEAR_Error')) {
			self::raise_error(array('code' => 650, 'type' => 'php',
			'file' => __FILE__, 'line' => __LINE__,
			'message' => "Could not create message: ".$msg_body->getMessage()),
			TRUE, FALSE);
			true, false);
			}
			else {
			$delim = $this->config->header_delimiter();