Allow help plugin to append a link to the error page for more information about CSRF protection

3 files changed, 14 insertions, 0 deletions

diff --git a/plugins/help/config.inc.php.dist b/plugins/help/config.inc.php.dist
index e7eaf7ad5..f135eef8e 100644
--- a/plugins/help/config.inc.php.dist
+++ b/plugins/help/config.inc.php.dist
@@ -33,3 +33,5 @@ $config['help_license_url'] = null;
 // Determine whether to open the help in a new window
 $config['help_open_extwin'] = false;
 
+// URL to additional information about CSRF protection
+$config['help_csrf_info'] = null;
diff --git a/plugins/help/help.php b/plugins/help/help.php
index d71cd0ec6..5387c9f35 100644
--- a/plugins/help/help.php
+++ b/plugins/help/help.php
@@ -34,6 +34,7 @@ class help extends rcube_plugin
         $this->register_action('license', array($this, 'action'));
 
         $this->add_hook('startup', array($this, 'startup'));
+        $this->add_hook('error_page', array($this, 'error_page'));
     }
 
     function startup($args)
@@ -140,6 +141,16 @@ class help extends rcube_plugin
         return $rcmail->output->frame($attrib);
     }
 
+    function error_page($args)
+    {
+        $rcmail = rcmail::get_instance();
+
+        if ($args['code'] == 403 && $rcmail->request_status == rcube::REQUEST_ERROR_URL && ($url = $rcmail->config->get('help_csrf_info'))) {
+            $args['text'] .= '<p>' . html::a(array('href' => $url, 'target' => '_blank'), $this->gettext('csrfinfo')) . '</p>';
+        }
+
+        return $args;
+    }
 
     private function resolve_language($path)
     {
diff --git a/plugins/help/localization/en_US.inc b/plugins/help/localization/en_US.inc
index b81f02fb9..d44b9a886 100644
--- a/plugins/help/localization/en_US.inc
+++ b/plugins/help/localization/en_US.inc
@@ -20,5 +20,6 @@ $labels = array();
 $labels['help'] = 'Help';
 $labels['about'] = 'About';
 $labels['license'] = 'License';
+$labels['csrfinfo'] = 'Read more about CSRF and how we protect you';
 
 ?>