diff options
| -rw-r--r-- | CHANGELOG | 2 | ||||
| -rw-r--r-- | config/main.inc.php.dist | 4 | ||||
| -rw-r--r-- | index.php | 9 | ||||
| -rw-r--r-- | plugins/force_https/force_https.php | 38 |
4 files changed, 40 insertions, 13 deletions
@@ -1,6 +1,8 @@ CHANGELOG RoundCube Webmail =========================== +- added option 'force_https_port' in 'force_https' plugin (#1486091) +- Option 'force_https' replaced by 'force_https' plugin - Fix IE issue with non-UTF-8 characters in AJAX response (#1486159) - Partially fixed "empty body" issue by showing raw body of malformed message (#1486166) - Fix importing/sending to email address with whitespace (#1486214) diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist index 597ae23f5..e184078a9 100644 --- a/config/main.inc.php.dist +++ b/config/main.inc.php.dist @@ -49,10 +49,6 @@ $rcmail_config['enable_caching'] = FALSE; // possible units: s, m, h, d, w $rcmail_config['message_cache_lifetime'] = '10d'; -// enforce connections over https -// with this option enabled, all non-secure connections will be redirected -$rcmail_config['force_https'] = FALSE; - // automatically create a new RoundCube user when log-in the first time. // a new user will be created once the IMAP login succeeds. // set to false if only registered users can use this service @@ -63,19 +63,11 @@ if ($RCMAIL->action=='error' && !empty($_GET['_code'])) { raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE); } -// check if https is required (for login) and redirect if necessary -if ($RCMAIL->config->get('force_https', false) && empty($_SESSION['user_id']) - && !(isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == 443 || $RCMAIL->config->get('use_https'))) { - header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); - exit; -} - // trigger startup plugin hook $startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action)); $RCMAIL->set_task($startup['task']); $RCMAIL->action = $startup['action']; - // try to log in if ($RCMAIL->action=='login' && $RCMAIL->task=='mail') { // purge the session in case of new login when a session already exists @@ -161,7 +153,6 @@ else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAI $OUTPUT->send($RCMAIL->task); } - // not logged in -> show login page if (empty($RCMAIL->user->ID)) { diff --git a/plugins/force_https/force_https.php b/plugins/force_https/force_https.php new file mode 100644 index 000000000..67552570e --- /dev/null +++ b/plugins/force_https/force_https.php @@ -0,0 +1,38 @@ +<?php + +/** + * Enforce secure HTTPs connection for login + * + * Configuration: + * // Port for https connection + * $rcmail_config['force_https_port'] = 443; + * + * @version 1.0 + * @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl> + */ +class force_https extends rcube_plugin +{ + function init() + { + $this->add_hook('startup', array($this, 'redirect')); + } + + function redirect($args) + { + $config = rcmail::get_instance()->config; + + $port = (int) $config->get('force_https_port', 443); + + // check if https is required (for login) and redirect if necessary + if (empty($_SESSION['user_id']) && !$config->get('use_https') + && (!isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] != $port)) + { + header('Location: https://' . $_SERVER['HTTP_HOST'] . ($port != 443 ? ":$port" : '') . $_SERVER['REQUEST_URI']); + exit; + } + + return $args; + } +} + +?> |