Mercurial > hg > rc2
diff index.php @ 8:bf99236cc5cd
try to recover from upgrade fail
| author | Charlie Root |
|---|---|
| date | Sat, 29 Dec 2018 07:07:34 -0500 |
| parents | 4681f974d28b |
| children |
line wrap: on
line diff
--- a/index.php Sat Dec 29 06:32:49 2018 -0500 +++ b/index.php Sat Dec 29 07:07:34 2018 -0500 @@ -1,10 +1,10 @@ <?php -/* +/** +-------------------------------------------------------------------------+ | Roundcube Webmail IMAP Client | - | Version 1.1.5 | + | Version 1.3.3 | | | - | Copyright (C) 2005-2015, The Roundcube Dev Team | + | Copyright (C) 2005-2017, The Roundcube Dev Team | | | | This program is free software: you can redistribute it and/or modify | | it under the terms of the GNU General Public License (with exceptions | @@ -40,7 +40,7 @@ require_once 'program/include/iniset.php'; // init application, start session, init output class, etc. -$RCMAIL = rcmail::get_instance($GLOBALS['env']); +$RCMAIL = rcmail::get_instance(0, $GLOBALS['env']); // Make the whole PHP output non-cacheable (#1487797) $RCMAIL->output->nocacheing_headers(); @@ -62,21 +62,33 @@ rcmail::raise_error(array( 'code' => 603, 'type' => 'db', - 'message' => $err_str), FALSE, TRUE); + 'message' => $err_str), false, true); } // error steps if ($RCMAIL->action == 'error' && !empty($_GET['_code'])) { - rcmail::raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE); + rcmail::raise_error(array('code' => hexdec($_GET['_code'])), false, true); } // check if https is required (for login) and redirect if necessary if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) { - $https_port = is_bool($force_https) ? 443 : $force_https; + // force_https can be true, <hostname>, <hostname>:<port>, <port> + if (!is_bool($force_https)) { + list($host, $port) = explode(':', $force_https); - if (!rcube_utils::https_check($https_port)) { - $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']); - $host .= ($https_port != 443 ? ':' . $https_port : ''); + if (is_numeric($host) && empty($port)) { + $port = $host; + $host = ''; + } + } + + if (!rcube_utils::https_check($port ?: 443)) { + if (empty($host)) { + $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']); + } + if ($port && $port != 443) { + $host .= ':' . $port; + } header('Location: https://' . $host . $_SERVER['REQUEST_URI']); exit; @@ -91,17 +103,17 @@ // try to log in if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { $request_valid = $_SESSION['temp'] && $RCMAIL->check_request(); + $pass_charset = $RCMAIL->config->get('password_charset', 'ISO-8859-1'); // purge the session in case of new login when a session already exists $RCMAIL->kill_session(); $auth = $RCMAIL->plugins->exec_hook('authenticate', array( - 'host' => $RCMAIL->autoselect_host(), - 'user' => trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)), - 'pass' => rcube_utils::get_input_value('_pass', rcube_utils::INPUT_POST, true, - $RCMAIL->config->get('password_charset', 'ISO-8859-1')), - 'cookiecheck' => true, - 'valid' => $request_valid, + 'host' => $RCMAIL->autoselect_host(), + 'user' => trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)), + 'pass' => rcube_utils::get_input_value('_pass', rcube_utils::INPUT_POST, true, $pass_charset), + 'valid' => $request_valid, + 'cookiecheck' => true, )); // Login @@ -144,17 +156,18 @@ } else { if (!$auth['valid']) { - $error_code = RCMAIL::ERROR_INVALID_REQUEST; + $error_code = rcmail::ERROR_INVALID_REQUEST; } else { $error_code = is_numeric($auth['error']) ? $auth['error'] : $RCMAIL->login_error(); } $error_labels = array( - RCMAIL::ERROR_STORAGE => 'storageerror', - RCMAIL::ERROR_COOKIES_DISABLED => 'cookiesdisabled', - RCMAIL::ERROR_INVALID_REQUEST => 'invalidrequest', - RCMAIL::ERROR_INVALID_HOST => 'invalidhost', + rcmail::ERROR_STORAGE => 'storageerror', + rcmail::ERROR_COOKIES_DISABLED => 'cookiesdisabled', + rcmail::ERROR_INVALID_REQUEST => 'invalidrequest', + rcmail::ERROR_INVALID_HOST => 'invalidhost', + rcmail::ERROR_RATE_LIMIT => 'accountlocked', ); $error_message = !empty($auth['error']) && !is_numeric($auth['error']) ? $auth['error'] : ($error_labels[$error_code] ?: 'loginfailed'); @@ -222,7 +235,7 @@ $OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"), html::tag('h2', array('style' => "margin-top:0.2em"), "Installer script is still accessible") . html::p(null, "The install script of your Roundcube installation is still stored in its default location!") . - html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because . + html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because these files may expose sensitive configuration data like server passwords and encryption keys to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.") )); @@ -242,7 +255,7 @@ $disabled_actions = (array) $RCMAIL->config->get('disabled_actions'); if (in_array($RCMAIL->task . '.' . ($RCMAIL->action ?: 'index'), $disabled_actions)) { rcube::raise_error(array( - 'code' => 403, 'type' => 'php', + 'code' => 404, 'type' => 'php', 'message' => "Action disabled"), true, true); } } @@ -291,6 +304,7 @@ $redirects++; } else { + #rcube::write_log('mail',$incfile." not found"); break; } } @@ -299,6 +313,7 @@ $RCMAIL->plugins->exec_hook('refresh', array('last' => intval(rcube_utils::get_input_value('_last', rcube_utils::INPUT_GPC)))); } +#rcube::write_log('mail',"task: ".$RCMAIL->task." action: ".$RCMAIL->action); // parse main template (default) $OUTPUT->send($RCMAIL->task);