From ed1d212ae2daea5e4bd043417610177093e99f19 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 16 Jan 2016 03:03:51 -0500
Subject: [PATCH] Improved SVG cleanup code
---
program/include/rcmail.php | 31 +++++++++++--------------------
1 files changed, 11 insertions(+), 20 deletions(-)
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index d64ba2d..bdf9405 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -60,6 +60,7 @@
const ERROR_INVALID_REQUEST = 1;
const ERROR_INVALID_HOST = 2;
const ERROR_COOKIES_DISABLED = 3;
+ const ERROR_RATE_LIMIT = 4;
/**
@@ -602,12 +603,22 @@
// user already registered -> overwrite username
if ($user = rcube_user::query($username, $host)) {
$username = $user->data['username'];
+
+ // Brute-force prevention
+ if ($user->is_locked()) {
+ $this->login_error = self::ERROR_RATE_LIMIT;
+ return false;
+ }
}
$storage = $this->get_storage();
// try to log in
if (!$storage->connect($host, $username, $password, $port, $ssl)) {
+ if ($user) {
+ $user->failed_login();
+ }
+
// Wait a second to slow down brute-force attacks (#1490549)
sleep(1);
return false;
@@ -2356,26 +2367,6 @@
}
return $options['body'];
- }
-
-
- /************************************************************************
- ********* Deprecated methods (to be removed) *********
- ***********************************************************************/
-
- public static function setcookie($name, $value, $exp = 0)
- {
- rcube_utils::setcookie($name, $value, $exp);
- }
-
- public function imap_connect()
- {
- return $this->storage_connect();
- }
-
- public function imap_init()
- {
- return $this->storage_init();
}
/**
--
Gitblit v1.9.1