From a02cfa9b085fc875fc55f57029a8e5846771ed5e Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Sat, 13 Aug 2011 05:10:11 -0400
Subject: [PATCH] Fix incomplete backport from trunk
---
program/include/rcmail.php | 94 +++++++++++++++++++++++++++++++---------------
1 files changed, 63 insertions(+), 31 deletions(-)
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index b6af440..d29ebe7 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -208,7 +208,7 @@
$task = asciiwords($task);
if ($this->user && $this->user->ID)
- $task = !$task || $task == 'login' ? 'mail' : $task;
+ $task = !$task ? 'mail' : $task;
else
$task = 'login';
@@ -501,9 +501,9 @@
// can save time detecting them using NAMESPACE and LIST
$options = array(
'auth_method' => $this->config->get('imap_auth_type', 'check'),
- 'delimiter' => isset($_SESSION['imap_delimiter']) ? $_SESSION['imap_delimiter'] : $this->config->get('imap_delimiter'),
- 'rootdir' => isset($_SESSION['imap_root']) ? $_SESSION['imap_root'] : $this->config->get('imap_root'),
- 'debug_mode' => (bool) $this->config->get('imap_debug', 0),
+ 'auth_cid' => $this->config->get('imap_auth_cid'),
+ 'auth_pw' => $this->config->get('imap_auth_pw'),
+ 'debug' => (bool) $this->config->get('imap_debug', 0),
'force_caps' => (bool) $this->config->get('imap_force_caps'),
'timeout' => (int) $this->config->get('imap_timeout', 0),
);
@@ -542,7 +542,7 @@
if ($_SESSION['imap_host'] && !$this->imap->conn->connected()) {
if (!$this->imap->connect($_SESSION['imap_host'], $_SESSION['username'], $this->decrypt($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl'])) {
if ($this->output)
- $this->output->show_message($this->imap->error_code == -1 ? 'imaperror' : 'sessionerror', 'error');
+ $this->output->show_message($this->imap->get_error_code() == -1 ? 'imaperror' : 'sessionerror', 'error');
}
else {
$this->set_imap_prop();
@@ -673,24 +673,30 @@
// Check if we need to add domain
if (!empty($config['username_domain']) && strpos($username, '@') === false) {
if (is_array($config['username_domain']) && isset($config['username_domain'][$host]))
- $username .= '@'.rcube_parse_host($config['username_domain'][$host]);
+ $username .= '@'.rcube_parse_host($config['username_domain'][$host], $host);
else if (is_string($config['username_domain']))
- $username .= '@'.rcube_parse_host($config['username_domain']);
+ $username .= '@'.rcube_parse_host($config['username_domain'], $host);
+ }
+
+ // Convert username to lowercase. If IMAP backend
+ // is case-insensitive we need to store always the same username (#1487113)
+ if ($config['login_lc']) {
+ $username = mb_strtolower($username);
}
// try to resolve email address from virtuser table
- if (strpos($username, '@'))
- if ($virtuser = rcube_user::email2user($username))
- $username = $virtuser;
+ if (strpos($username, '@') && ($virtuser = rcube_user::email2user($username))) {
+ $username = $virtuser;
+ }
// Here we need IDNA ASCII
// Only rcube_contacts class is using domain names in Unicode
- $host = idn_to_ascii($host);
+ $host = rcube_idn_to_ascii($host);
if (strpos($username, '@')) {
// lowercase domain name
list($local, $domain) = explode('@', $username);
$username = $local . '@' . mb_strtolower($domain);
- $username = idn_to_ascii($username);
+ $username = rcube_idn_to_ascii($username);
}
// user already registered -> overwrite username
@@ -704,8 +710,14 @@
if (!($imap_login = $this->imap->connect($host, $username, $pass, $imap_port, $imap_ssl))) {
// try with lowercase
$username_lc = mb_strtolower($username);
- if ($username_lc != $username && ($imap_login = $this->imap->connect($host, $username_lc, $pass, $imap_port, $imap_ssl)))
- $username = $username_lc;
+ if ($username_lc != $username) {
+ // try to find user record again -> overwrite username
+ if (!$user && ($user = rcube_user::query($username_lc, $host)))
+ $username_lc = $user->data['username'];
+
+ if ($imap_login = $this->imap->connect($host, $username_lc, $pass, $imap_port, $imap_ssl))
+ $username = $username_lc;
+ }
}
// exit if IMAP login failed
@@ -782,16 +794,12 @@
if ($default_folders = $this->config->get('default_imap_folders')) {
$this->imap->set_default_mailboxes($default_folders);
}
- if (!empty($_SESSION['mbox'])) {
+ if (isset($_SESSION['mbox'])) {
$this->imap->set_mailbox($_SESSION['mbox']);
}
if (isset($_SESSION['page'])) {
$this->imap->set_page($_SESSION['page']);
}
-
- // cache IMAP root and delimiter in session for performance reasons
- $_SESSION['imap_root'] = $this->imap->root_dir;
- $_SESSION['imap_delimiter'] = $this->imap->delimiter;
}
@@ -907,6 +915,21 @@
return $text;
}
+ /**
+ * Check if the given text lable exists
+ *
+ * @param string Label name
+ * @return boolean True if text exists (either in the current language or in en_US)
+ */
+ public function text_exists($name, $domain=null)
+ {
+ // load localization files if not done yet
+ if (empty($this->texts))
+ $this->load_language();
+
+ // check for text with domain first
+ return ($domain && isset($this->texts[$domain.'.'.$name])) || isset($this->texts[$name]);
+ }
/**
* Load a localization package
@@ -920,6 +943,9 @@
// load localized texts
if (empty($this->texts) || $lang != $_SESSION['language']) {
$this->texts = array();
+
+ // handle empty lines after closing PHP tag in localization files
+ ob_start();
// get english labels (these should be complete)
@include(INSTALL_PATH . 'program/localization/en_US/labels.inc');
@@ -940,6 +966,8 @@
if (is_array($messages))
$this->texts = array_merge($this->texts, $messages);
}
+
+ ob_end_clean();
$_SESSION['language'] = $lang;
}
@@ -1058,15 +1086,15 @@
*/
public function shutdown()
{
- if (is_object($this->imap))
- $this->imap->close();
-
if (is_object($this->smtp))
$this->smtp->disconnect();
foreach ($this->books as $book)
if (is_object($book))
$book->close();
+
+ if (is_object($this->imap))
+ $this->imap->close();
// before closing the database connection, write session data
if ($_SERVER['REMOTE_ADDR'])
@@ -1095,12 +1123,9 @@
*/
public function get_request_token()
{
- $key = $this->task;
-
- if (!$_SESSION['request_tokens'][$key])
- $_SESSION['request_tokens'][$key] = md5(uniqid($key . mt_rand(), true));
-
- return $_SESSION['request_tokens'][$key];
+ $sess_id = $_COOKIE[ini_get('session.name')];
+ if (!$sess_id) $sess_id = session_id();
+ return md5('RT' . $this->task . $this->config->get('des_key') . $sess_id);
}
@@ -1113,7 +1138,8 @@
public function check_request($mode = RCUBE_INPUT_POST)
{
$token = get_input_value('_token', $mode);
- return !empty($token) && $_SESSION['request_tokens'][$this->task] == $token;
+ $sess_id = $_COOKIE[ini_get('session.name')];
+ return !empty($sess_id) && $token == $this->get_request_token();
}
@@ -1207,8 +1233,14 @@
if (function_exists('mcrypt_module_open') &&
($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, "")))
{
- $iv = substr($cipher, 0, mcrypt_enc_get_iv_size($td));
- $cipher = substr($cipher, mcrypt_enc_get_iv_size($td));
+ $iv_size = mcrypt_enc_get_iv_size($td);
+ $iv = substr($cipher, 0, $iv_size);
+
+ // session corruption? (#1485970)
+ if (strlen($iv) < $iv_size)
+ return '';
+
+ $cipher = substr($cipher, $iv_size);
mcrypt_generic_init($td, $this->config->get_crypto_key($key), $iv);
$clear = mdecrypt_generic($td, $cipher);
mcrypt_generic_deinit($td);
--
Gitblit v1.9.1