diff options
| author | Thomas Bruederli <thomas@roundcube.net> | 2015-03-23 18:33:40 +0100 |
|---|---|---|
| committer | Thomas Bruederli <thomas@roundcube.net> | 2015-03-23 18:33:40 +0100 |
| commit | 0bd99db08d1660e02e3b7589c78785ab6be0794d (patch) | |
| tree | d358b2b62c1b9c776ab3ed8a71cc1f310a408f3e | |
| parent | 118fadc6a1dbe4d85945e459fbc272ca9e8ee460 (diff) | |
Localize common error messages; improve explanation for CSRF check failures
| -rw-r--r-- | program/include/rcmail_output_html.php | 2 | ||||
| -rw-r--r-- | program/localization/en_US/messages.inc | 9 | ||||
| -rw-r--r-- | program/steps/utils/error.inc | 46 |
3 files changed, 38 insertions, 19 deletions
diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php index c6c43b532..365c403e4 100644 --- a/program/include/rcmail_output_html.php +++ b/program/include/rcmail_output_html.php @@ -584,7 +584,7 @@ EOF; // read template file if (!$path || ($templ = @file_get_contents($path)) === false) { rcube::raise_error(array( - 'code' => 501, + 'code' => 404, 'type' => 'php', 'line' => __LINE__, 'file' => __FILE__, diff --git a/program/localization/en_US/messages.inc b/program/localization/en_US/messages.inc index e0de3654e..bcf89a441 100644 --- a/program/localization/en_US/messages.inc +++ b/program/localization/en_US/messages.inc @@ -180,5 +180,14 @@ $messages['messagetoobig'] = 'The message part is too big to process it.'; $messages['attachmentvalidationerror'] = 'WARNING! This attachment is suspicious because its type doesn\'t match the type declared in the message. If you do not trust the sender, you shouldn\'t open it in the browser because it may contain malicious contents.<br/><br/><em>Expected: $expected; found: $detected</em>'; $messages['noscriptwarning'] = 'Warning: This webmail service requires Javascript! In order to use it please enable Javascript in your browser\'s settings.'; $messages['messageissent'] = 'The message was already sent, but not saved yet. Do you want to save it now?'; +$messages['errnotfound'] = 'File Not Found'; +$messages['errnotfoundexplain'] = 'The requested resource was not found!'; +$messages['errfailedrequest'] = 'Failed request'; +$messages['errauthorizationfailed'] = 'Authorization Failed'; +$messages['errunauthorizedexplain'] = 'Could not verify that you are authorized to access this service!'; +$messages['errrequestcheckfailed'] = 'Request Check Failed'; +$messages['errcsrfprotectionexplain'] = "For your protection, access to this resource is secured against CSRF.\nYou probably didn't log out before leaving the web application.\n\nHuman interaction is now required to continue."; +$messages['errcontactserveradmin'] = 'Please contact your server-administrator.'; +$messages['clicktoresumesession'] = 'Click here to resume your previous session'; ?> diff --git a/program/steps/utils/error.inc b/program/steps/utils/error.inc index 6bbc57fda..16fbb03d9 100644 --- a/program/steps/utils/error.inc +++ b/program/steps/utils/error.inc @@ -5,7 +5,7 @@ | program/steps/utils/error.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2005-2013, The Roundcube Dev Team | + | Copyright (C) 2005-2015, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -43,37 +43,33 @@ EOF; // authorization error else if ($ERROR_CODE == 401) { - $__error_title = "AUTHORIZATION FAILED"; - $__error_text = "Could not verify that you are authorized to access this service!<br />\n" - . "Please contact your server-administrator."; + $__error_title = strtoupper($rcmail->gettext('errauthorizationfailed')); + $__error_text = nl2br($rcmail->gettext('errunauthorizedexplain') . "\n" . + $rcmail->gettext('errcontactserveradmin')); } // forbidden due to request check else if ($ERROR_CODE == 403) { if ($_SERVER['REQUEST_METHOD'] == 'GET' && $rcmail->request_status == rcube::REQUEST_ERROR_URL) { - parse_str($_SERVER['QUERY_STRING'], $url); - $url = $rcmail->url($url, true, false, true); - $add = "<br /><a href=\"$url\">Click here to try again.<a/>"; + $url = $rcmail->url($_GET, true, false, true); + $add = html::a($url, $rcmail->gettext('clicktoresumesession')); } else { - $add = "Please contact your server-administrator."; + $add = $rcmail->gettext('errcontactserveradmin'); } - $__error_title = "REQUEST CHECK FAILED"; - $__error_text = "Access to this service was denied due to failing security checks!<br />\n$add"; + $__error_title = strtoupper($rcmail->gettext('errrequestcheckfailed')); + $__error_text = nl2br($rcmail->gettext('errcsrfprotectionexplain')) . '<p>' . $add . '</p>'; } // failed request (wrong step in URL) else if ($ERROR_CODE == 404) { $request_url = htmlentities($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); - $__error_title = "REQUEST FAILED/FILE NOT FOUND"; - $__error_text = <<<EOF -The requested page was not found!<br /> -Please contact your server-administrator. + $__error_title = strtoupper($rcmail->gettext('errnotfound')); + $__error_text = nl2br($rcmail->gettext('errnotfoundexplain') . "\n" . + $rcmail->gettext('errcontactserveradmin')); -<p><i>Failed request:</i><br /> -http://$request_url</p> -EOF; + $__error_text .= '<p><i>' . $rcmail->gettext('errfailedrequest') . ":</i><br />\n<tt>//$request_url</tt></p>"; } // database connection error @@ -101,6 +97,20 @@ else { } } +// inform plugins +if ($rcmail && $rcmail->plugins) { + $plugin = $rcmail->plugins->exec_hook('error_page', array( + 'code' => $ERROR_CODE, + 'title' => $__error_title, + 'text' => $__error_text, + )); + + if (!empty($plugin['title'])) + $__error_title = $plugin['title']; + if (!empty($plugin['text'])) + $__error_text = $plugin['text']; +} + $HTTP_ERR_CODE = $ERROR_CODE && $ERROR_CODE < 600 ? $ERROR_CODE : 500; // Ajax request @@ -113,7 +123,7 @@ if ($rcmail->output && $rcmail->output->type == 'js') { $__page_content = <<<EOF <div> <h3 class="error-title">$__error_title</h3> -<p class="error-text">$__error_text</p> +<div class="error-text">$__error_text</div> </div> EOF; |