From 2f8b1036da42ec3d15a51c6b17a473f9f4df71d3 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <bruederli@kolabsys.com>
Date: Sat, 07 Feb 2015 12:33:24 -0500
Subject: [PATCH] Bump version and copyright year
---
program/include/rcmail.php | 185 ++++++++++++++++++++++++++++-----------------
1 files changed, 114 insertions(+), 71 deletions(-)
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index 0c41c15..2327109 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -106,21 +106,23 @@
// reset some session parameters when changing task
if ($this->task != 'utils') {
// we reset list page when switching to another task
- // but only to the main task interface - empty action (#1489076)
+ // but only to the main task interface - empty action (#1489076, #1490116)
// this will prevent from unintentional page reset on cross-task requests
if ($this->session && $_SESSION['task'] != $this->task && empty($this->action)) {
$this->session->remove('page');
- }
- // set current task to session
- $_SESSION['task'] = $this->task;
+ // set current task to session
+ $_SESSION['task'] = $this->task;
+ }
}
- // init output class
- if (!empty($_REQUEST['_remote']))
+ // init output class (not in CLI mode)
+ if (!empty($_REQUEST['_remote'])) {
$GLOBALS['OUTPUT'] = $this->json_init();
- else
+ }
+ else if ($_SERVER['REMOTE_ADDR']) {
$GLOBALS['OUTPUT'] = $this->load_gui(!empty($_REQUEST['_framed']));
+ }
// load plugins
$this->plugins->init($this, $this->task);
@@ -173,7 +175,7 @@
setlocale(LC_ALL, $lang . '.utf8', $lang . '.UTF-8', 'en_US.utf8', 'en_US.UTF-8');
// workaround for http://bugs.php.net/bug.php?id=18556
- if (version_compare(PHP_VERSION, '5.5.0', '<') && in_array($lang, array('tr_TR', 'ku', 'az_AZ'))) {
+ if (PHP_VERSION_ID < 50500 && in_array($lang, array('tr_TR', 'ku', 'az_AZ'))) {
setlocale(LC_CTYPE, 'en_US.utf8', 'en_US.UTF-8');
}
}
@@ -437,7 +439,7 @@
// add some basic labels to client
$this->output->add_label('loading', 'servererror', 'connerror', 'requesttimedout',
- 'refreshing', 'windowopenerror');
+ 'refreshing', 'windowopenerror', 'uploadingmany');
return $this->output;
}
@@ -758,49 +760,16 @@
}
/**
- * Generate a unique token to be used in a form request
- *
- * @return string The request token
- */
- public function get_request_token()
- {
- $sess_id = $_COOKIE[ini_get('session.name')];
-
- if (!$sess_id) {
- $sess_id = session_id();
- }
-
- $plugin = $this->plugins->exec_hook('request_token', array(
- 'value' => md5('RT' . $this->get_user_id() . $this->config->get('des_key') . $sess_id)));
-
- return $plugin['value'];
- }
-
- /**
- * Check if the current request contains a valid token
- *
- * @param int Request method
- *
- * @return boolean True if request token is valid false if not
- */
- public function check_request($mode = rcube_utils::INPUT_POST)
- {
- $token = rcube_utils::get_input_value('_token', $mode);
- $sess_id = $_COOKIE[ini_get('session.name')];
-
- return !empty($sess_id) && $token == $this->get_request_token();
- }
-
- /**
* Build a valid URL to this instance of Roundcube
*
* @param mixed Either a string with the action or url parameters as key-value pairs
* @param boolean Build an URL absolute to document root
* @param boolean Create fully qualified URL including http(s):// and hostname
+ * @param bool Return absolute URL in secure location
*
* @return string Valid application URL
*/
- public function url($p, $absolute = false, $full = false)
+ public function url($p, $absolute = false, $full = false, $secure = false)
{
if (!is_array($p)) {
if (strpos($p, 'http') === 0) {
@@ -826,27 +795,32 @@
}
}
+ $base_path = strval($_SERVER['REDIRECT_SCRIPT_URL'] ?: $_SERVER['SCRIPT_NAME']);
+ $base_path = preg_replace('![^/]+$!', '', $base_path);
+
+ if ($secure && ($token = $this->get_secure_url_token(true))) {
+ // add token to the url
+ $url = $token . '/' . $url;
+
+ // remove old token from the path
+ $base_path = rtrim($base_path, '/');
+ $base_path = preg_replace('/\/[a-f0-9]{' . strlen($token) . '}$/', '', $base_path);
+
+ // this need to be full url to make redirects work
+ $absolute = true;
+ }
+
if ($absolute || $full) {
- $prefix = '';
+ // add base path to this Roundcube installation
+ if ($base_path == '') $base_path = '/';
+ $prefix = $base_path;
// prepend protocol://hostname:port
if ($full) {
- $schema = 'http';
- $default_port = 80;
- if (rcube_utils::https_check()) {
- $schema = 'https';
- $default_port = 443;
- }
- $prefix = $schema . '://' . preg_replace('/:\d+$/', '', $_SERVER['HTTP_HOST']);
- if ($_SERVER['SERVER_PORT'] != $default_port) {
- $prefix .= ':' . $_SERVER['SERVER_PORT'];
- }
+ $prefix = rcube_utils::resolve_url($prefix);
}
- // add base path to this Roundcube installation
- $base_path = preg_replace('![^/]+$!', '', strval($_SERVER['SCRIPT_NAME']));
- if ($base_path == '') $base_path = '/';
- $prefix .= $base_path;
+ $prefix = rtrim($prefix, '/') . '/';
}
else {
$prefix = './';
@@ -883,6 +857,28 @@
self::print_timer(RCMAIL_START, $log);
else
self::console($log);
+ }
+ }
+
+ /**
+ * CSRF attack prevention code
+ *
+ * @param int Request mode
+ */
+ public function request_security_check($mode = rcube_utils::INPUT_POST)
+ {
+ // check request token
+ if (!$this->check_request($mode)) {
+ self::raise_error(array(
+ 'code' => 403, 'type' => 'php',
+ 'message' => "Request security check failed"), false, true);
+ }
+
+ // check referer if configured
+ if ($this->config->get('referer_check') && !rcube_utils::check_referer()) {
+ self::raise_error(array(
+ 'code' => 403, 'type' => 'php',
+ 'message' => "Referer check failed"), true, true);
}
}
@@ -1809,7 +1805,7 @@
$error = 'errorreadonly';
}
else if ($res_code == rcube_storage::OVERQUOTA) {
- $error = 'errorroverquota';
+ $error = 'erroroverquota';
}
else if ($err_code && ($err_str = $this->storage->get_error_str())) {
// try to detect access rights problem and display appropriate message
@@ -1965,13 +1961,32 @@
}
if (!empty($params['total'])) {
- $params['percent'] = round($status['current']/$status['total']*100);
+ $total = $this->show_bytes($params['total'], $unit);
+ switch ($unit) {
+ case 'GB':
+ $gb = $params['current']/1073741824;
+ $current = sprintf($gb >= 10 ? "%d" : "%.1f", $gb);
+ break;
+ case 'MB':
+ $mb = $params['current']/1048576;
+ $current = sprintf($mb >= 10 ? "%d" : "%.1f", $mb);
+ break;
+ case 'KB':
+ $current = round($params['current']/1024);
+ break;
+ case 'B':
+ default:
+ $current = $params['current'];
+ break;
+ }
+
+ $params['percent'] = round($params['current']/$params['total']*100);
$params['text'] = $this->gettext(array(
'name' => 'uploadprogress',
'vars' => array(
'percent' => $params['percent'] . '%',
- 'current' => $this->show_bytes($params['current']),
- 'total' => $this->show_bytes($params['total'])
+ 'current' => $current,
+ 'total' => $total
)
));
}
@@ -2157,25 +2172,30 @@
/**
* Create a human readable string for a number of bytes
*
- * @param int Number of bytes
+ * @param int Number of bytes
+ * @param string Size unit
*
* @return string Byte string
*/
- public function show_bytes($bytes)
+ public function show_bytes($bytes, &$unit = null)
{
if ($bytes >= 1073741824) {
- $gb = $bytes/1073741824;
- $str = sprintf($gb>=10 ? "%d " : "%.1f ", $gb) . $this->gettext('GB');
+ $unit = 'GB';
+ $gb = $bytes/1073741824;
+ $str = sprintf($gb >= 10 ? "%d " : "%.1f ", $gb) . $this->gettext($unit);
}
else if ($bytes >= 1048576) {
- $mb = $bytes/1048576;
- $str = sprintf($mb>=10 ? "%d " : "%.1f ", $mb) . $this->gettext('MB');
+ $unit = 'MB';
+ $mb = $bytes/1048576;
+ $str = sprintf($mb >= 10 ? "%d " : "%.1f ", $mb) . $this->gettext($unit);
}
else if ($bytes >= 1024) {
- $str = sprintf("%d ", round($bytes/1024)) . $this->gettext('KB');
+ $unit = 'KB';
+ $str = sprintf("%d ", round($bytes/1024)) . $this->gettext($unit);
}
else {
- $str = sprintf('%d ', $bytes) . $this->gettext('B');
+ $unit = 'B';
+ $str = sprintf('%d ', $bytes) . $this->gettext($unit);
}
return $str;
@@ -2264,6 +2284,29 @@
return $result;
}
+ /**
+ * Get resource file content (with assets_dir support)
+ *
+ * @param string $name File name
+ */
+ public function get_resource_content($name)
+ {
+ if (!strpos($name, '/')) {
+ $name = "program/resources/$name";
+ }
+
+ $assets_dir = $this->config->get('assets_dir');
+
+ if ($assets_dir) {
+ $path = slashify($assets_dir) . $name;
+ if (@file_exists($path)) {
+ $name = $path;
+ }
+ }
+
+ return file_get_contents($name, false);
+ }
+
/************************************************************************
********* Deprecated methods (to be removed) *********
--
Gitblit v1.9.1