summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoralecpl <alec@alec.pl>2011-02-16 09:42:31 +0000
committeralecpl <alec@alec.pl>2011-02-16 09:42:31 +0000
commit1a2754d18ca079ea55e4c272d7cdc9dc33c00179 (patch)
treeeb9f682373ab46319363d60a9b19ca2a917e5430
parent4ef242af12bff50db0da28b5279c172781139cde (diff)
- Applied fixes from trunk
-rw-r--r--CHANGELOG3
-rw-r--r--program/include/main.inc33
-rw-r--r--program/include/rcmail.php6
-rw-r--r--program/include/rcube_imap_generic.php32
-rw-r--r--program/include/rcube_user.php9
5 files changed, 49 insertions, 34 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 5eea6dc67..2f9cd1595 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,9 @@
CHANGELOG Roundcube Webmail
===========================
+- Fix SQL query in rcube_user::query() so it uses index on MySQL again
+- Use only one from IMAP authentication methods to prevent login delays (1487784)
+- Fix strftime format support in date_today option
- Removed redundant </form> tags from contact add/edit pages
- Fix CSS error in contact details screen on IE7 (#1487775)
diff --git a/program/include/main.inc b/program/include/main.inc
index f9cc4331b..7be7488b5 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -975,7 +975,7 @@ function parse_attrib_string($str)
* @return string Formatted date string
*/
function format_date($date, $format=NULL)
- {
+{
global $CONFIG;
$ts = NULL;
@@ -999,7 +999,7 @@ function format_date($date, $format=NULL)
if (empty($ts))
return '';
-
+
// get user's timezone
if ($CONFIG['timezone'] === 'auto')
$tz = isset($_SESSION['timezone']) ? $_SESSION['timezone'] : date('Z')/3600;
@@ -1011,7 +1011,7 @@ function format_date($date, $format=NULL)
// convert time to user's timezone
$timestamp = $ts - date('Z', $ts) + ($tz * 3600);
-
+
// get current timestamp in user's timezone
$now = time(); // local time
$now -= (int)date('Z'); // make GMT time
@@ -1019,30 +1019,33 @@ function format_date($date, $format=NULL)
$now_date = getdate($now);
$today_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday'], $now_date['year']);
- $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']);
+ $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']);
// define date format depending on current time
if (!$format) {
- if ($CONFIG['prettydate'] && $timestamp > $today_limit && $timestamp < $now)
- return sprintf('%s %s', rcube_label('today'), date($CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i', $timestamp));
+ if ($CONFIG['prettydate'] && $timestamp > $today_limit && $timestamp < $now) {
+ $format = $CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i';
+ $today = true;
+ }
else if ($CONFIG['prettydate'] && $timestamp > $week_limit && $timestamp < $now)
$format = $CONFIG['date_short'] ? $CONFIG['date_short'] : 'D H:i';
else
$format = $CONFIG['date_long'] ? $CONFIG['date_long'] : 'd.m.Y H:i';
- }
+ }
// strftime() format
- if (preg_match('/%[a-z]+/i', $format))
- return strftime($format, $timestamp);
+ if (preg_match('/%[a-z]+/i', $format)) {
+ $format = strftime($format, $timestamp);
+ return $today ? (rcube_label('today') . ' ' . $format) : $format;
+ }
// parse format string manually in order to provide localized weekday and month names
// an alternative would be to convert the date() format string to fit with strftime()
$out = '';
- for($i=0; $i<strlen($format); $i++)
- {
+ for($i=0; $i<strlen($format); $i++) {
if ($format{$i}=='\\') // skip escape chars
continue;
-
+
// write char "as-is"
if ($format{$i}==' ' || $format{$i-1}=='\\')
$out .= $format{$i};
@@ -1062,11 +1065,11 @@ function format_date($date, $format=NULL)
$out .= strftime('%x %X', $timestamp);
else
$out .= date($format{$i}, $timestamp);
- }
-
- return $out;
}
+ return $today ? (rcube_label('today') . ' ' . $out) : $out;
+}
+
/**
* Compose a valid representation of name and e-mail address
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index 4ff790d85..e1dc22d07 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -1071,9 +1071,6 @@ class rcmail
*/
public function shutdown()
{
- if (is_object($this->imap))
- $this->imap->close();
-
if (is_object($this->smtp))
$this->smtp->disconnect();
@@ -1198,6 +1195,9 @@ class rcmail
}
}
+ if (is_object($this->imap))
+ $this->imap->close();
+
return $base64 ? base64_encode($cipher) : $cipher;
}
diff --git a/program/include/rcube_imap_generic.php b/program/include/rcube_imap_generic.php
index 9b8d29f8a..f1b3dfda8 100644
--- a/program/include/rcube_imap_generic.php
+++ b/program/include/rcube_imap_generic.php
@@ -757,6 +757,13 @@ class rcube_imap_generic
// Now we're secure, capabilities need to be reread
$this->clearCapability();
}
+
+ // Use best (for security) supported authentication method
+ foreach (array('DIGEST-MD5', 'CRAM-MD5', 'CRAM_MD5', 'PLAIN', 'LOGIN') as $auth_method) {
+ if (in_array($auth_method, $auth_methods)) {
+ break;
+ }
+ }
}
// Send ID info
@@ -782,6 +789,13 @@ class rcube_imap_generic
else if (!$login_disabled) {
$auth_methods[] = 'LOGIN';
}
+
+ // Use best (for security) supported authentication method
+ foreach (array('DIGEST-MD5', 'CRAM-MD5', 'CRAM_MD5', 'PLAIN', 'LOGIN') as $auth_method) {
+ if (in_array($auth_method, $auth_methods)) {
+ break;
+ }
+ }
}
else {
// Prevent from sending credentials in plain text when connection is not secure
@@ -791,32 +805,28 @@ class rcube_imap_generic
return false;
}
// replace AUTH with CRAM-MD5 for backward compat.
- $auth_methods[] = $auth_method == 'AUTH' ? 'CRAM-MD5' : $auth_method;
+ if ($auth_method == 'AUTH') {
+ $auth_method = 'CRAM-MD5';
+ }
}
// pre-login capabilities can be not complete
$this->capability_readed = false;
// Authenticate
- foreach ($auth_methods as $method) {
- switch ($method) {
+ switch ($auth_method) {
case 'CRAM_MD5':
- $method = 'CRAM-MD5';
+ $auth_method = 'CRAM-MD5';
case 'CRAM-MD5':
case 'DIGEST-MD5':
case 'PLAIN':
- $result = $this->authenticate($user, $password, $method);
+ $result = $this->authenticate($user, $password, $auth_method);
break;
case 'LOGIN':
$result = $this->login($user, $password);
break;
default:
- $this->setError(self::ERROR_BAD, "Configuration error. Unknown auth method: $method");
- }
-
- if (is_resource($result)) {
- break;
- }
+ $this->setError(self::ERROR_BAD, "Configuration error. Unknown auth method: $auth_method");
}
// Connected and authenticated
diff --git a/program/include/rcube_user.php b/program/include/rcube_user.php
index ee6db77cc..6e7591d0f 100644
--- a/program/include/rcube_user.php
+++ b/program/include/rcube_user.php
@@ -359,16 +359,15 @@ class rcube_user
$dbh = rcmail::get_instance()->get_dbh();
// use BINARY (case-sensitive) comparison on MySQL, other engines are case-sensitive
- $prefix = preg_match('/^mysql/', $dbh->db_provider) ? 'BINARY ' : '';
+ $mod = preg_match('/^mysql/', $dbh->db_provider) ? 'BINARY' : '';
// query for matching user name
- $query = "SELECT * FROM ".get_table_name('users')." WHERE mail_host = ? AND %s = ?";
-
- $sql_result = $dbh->query(sprintf($query, $prefix.'username'), $host, $user);
+ $query = "SELECT * FROM ".get_table_name('users')." WHERE mail_host = ? AND %s = $mod ?";
+ $sql_result = $dbh->query(sprintf($query, 'username'), $host, $user);
// query for matching alias
if (!($sql_arr = $dbh->fetch_assoc($sql_result))) {
- $sql_result = $dbh->query(sprintf($query, $prefix.'alias'), $host, $user);
+ $sql_result = $dbh->query(sprintf($query, 'alias'), $host, $user);
$sql_arr = $dbh->fetch_assoc($sql_result);
}