Secure bin scripts by requiring a valid session and replace preg_replace(/../e) with preg_replace_callback

author: thomascube <thomas@roundcube.net> 2008-12-24 14:19:27 +0000
committer: thomascube <thomas@roundcube.net> 2008-12-24 14:19:27 +0000
commit: 1608f432826a41e035ee7ddb0dd409bbcf559b43 (patch)
tree: 6133278a5f2e3a3e146734530a283cdfe9188b0b /bin/html2text.php
parent: 4e0419b9cb984249b823e9484a2d63eb74fd156c (diff)
1 files changed, 12 insertions, 4 deletions
diff --git a/bin/html2text.php b/bin/html2text.php
index 3839f5d34..82a4044f8 100644
--- a/bin/html2text.php
+++ b/bin/html2text.php
@@ -20,11 +20,19 @@
 */
 
 define('INSTALL_PATH', realpath(dirname(__FILE__) . '/..') . '/');
-require INSTALL_PATH.'program/include/iniset.php';
+require INSTALL_PATH . 'program/include/iniset.php';
 
-$converter = new html2text($HTTP_RAW_POST_DATA);
+$RCMAIL = rcmail::get_instance();
 
-header('Content-Type: text/plain; charset=UTF-8');
-print trim($converter->get_text());
+if (!empty($RCMAIL->user->ID)) {
+  $converter = new html2text($HTTP_RAW_POST_DATA);
+
+  header('Content-Type: text/plain; charset=UTF-8');
+  print trim($converter->get_text());
+}
+else {
+  header("HTTP/1.0 403 Forbidden");
+  echo "Requires a valid user session";
+}
 
 ?>
author	thomascube <thomas@roundcube.net>	2008-12-24 14:19:27 +0000
committer	thomascube <thomas@roundcube.net>	2008-12-24 14:19:27 +0000
commit	1608f432826a41e035ee7ddb0dd409bbcf559b43 (patch)
tree	6133278a5f2e3a3e146734530a283cdfe9188b0b /bin/html2text.php
parent	4e0419b9cb984249b823e9484a2d63eb74fd156c (diff)