diff options
Diffstat (limited to 'program/steps/utils')
| -rw-r--r-- | program/steps/utils/error.inc | 73 | ||||
| -rw-r--r-- | program/steps/utils/html2text.inc | 2 | ||||
| -rw-r--r-- | program/steps/utils/modcss.inc | 2 | ||||
| -rw-r--r-- | program/steps/utils/save_pref.inc | 24 | ||||
| -rw-r--r-- | program/steps/utils/spell.inc | 11 | ||||
| -rw-r--r-- | program/steps/utils/spell_html.inc | 2 |
6 files changed, 63 insertions, 51 deletions
diff --git a/program/steps/utils/error.inc b/program/steps/utils/error.inc index 9fb71c528..2a3a9a61e 100644 --- a/program/steps/utils/error.inc +++ b/program/steps/utils/error.inc @@ -5,7 +5,7 @@ | program/steps/utils/error.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2005-2012, The Roundcube Dev Team | + | Copyright (C) 2005-2013, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -22,10 +22,10 @@ $rcmail = rcmail::get_instance(); // browser is not compatible with this application -if ($ERROR_CODE==409) { - $user_agent = htmlentities($_SERVER['HTTP_USER_AGENT']); - $__error_title = 'Your browser does not suit the requirements for this application'; - $__error_text = <<<EOF +if ($ERROR_CODE == 409) { + $user_agent = htmlentities($_SERVER['HTTP_USER_AGENT']); + $__error_title = 'Your browser does not suit the requirements for this application'; + $__error_text = <<<EOF <i>Supported browsers:</i><br /> » Microsoft Internet Explorer 7+<br /> » Mozilla Firefox 3+<br /> @@ -42,24 +42,24 @@ EOF; } // authorization error -else if ($ERROR_CODE==401) { - $__error_title = "AUTHORIZATION FAILED"; - $__error_text = "Could not verify that you are authorized to access this service!<br />\n". - "Please contact your server-administrator."; +else if ($ERROR_CODE == 401) { + $__error_title = "AUTHORIZATION FAILED"; + $__error_text = "Could not verify that you are authorized to access this service!<br />\n" + . "Please contact your server-administrator."; } // forbidden due to request check -else if ($ERROR_CODE==403) { - $__error_title = "REQUEST CHECK FAILED"; - $__error_text = "Access to this service was denied due to failing security checks!<br />\n". - "Please contact your server-administrator."; +else if ($ERROR_CODE == 403) { + $__error_title = "REQUEST CHECK FAILED"; + $__error_text = "Access to this service was denied due to failing security checks!<br />\n" + . "Please contact your server-administrator."; } // failed request (wrong step in URL) -else if ($ERROR_CODE==404) { - $__error_title = "REQUEST FAILED/FILE NOT FOUND"; - $request_url = htmlentities($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); - $__error_text = <<<EOF +else if ($ERROR_CODE == 404) { + $request_url = htmlentities($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); + $__error_title = "REQUEST FAILED/FILE NOT FOUND"; + $__error_text = <<<EOF The requested page was not found!<br /> Please contact your server-administrator. @@ -69,35 +69,36 @@ EOF; } // database connection error -else if ($ERROR_CODE==601) -{ - $__error_title = "CONFIGURATION ERROR"; - $__error_text = nl2br($ERROR_MESSAGE) . "<br />Please read the INSTALL instructions!"; +else if ($ERROR_CODE == 601) { + $__error_title = "CONFIGURATION ERROR"; + $__error_text = nl2br($ERROR_MESSAGE) . "<br />Please read the INSTALL instructions!"; } // database connection error -else if ($ERROR_CODE==603) { - $__error_title = "DATABASE ERROR: CONNECTION FAILED!"; - $__error_text = "Unable to connect to the database!<br />Please contact your server-administrator."; +else if ($ERROR_CODE == 603) { + $__error_title = "DATABASE ERROR: CONNECTION FAILED!"; + $__error_text = "Unable to connect to the database!<br />Please contact your server-administrator."; } // system error else { - $__error_title = "SERVICE CURRENTLY NOT AVAILABLE!"; - $__error_text = "Please contact your server-administrator."; - - if (($rcmail->config->get('debug_level') & 4) && $ERROR_MESSAGE) - $__error_text = $ERROR_MESSAGE; - else - $__error_text = sprintf('Error No. [%s]', $ERROR_CODE); + $__error_title = "SERVICE CURRENTLY NOT AVAILABLE!"; + $__error_text = "Please contact your server-administrator."; + + if (($rcmail->config->get('debug_level') & 4) && $ERROR_MESSAGE) { + $__error_text = $ERROR_MESSAGE; + } + else { + $__error_text = sprintf('Error No. [%s]', $ERROR_CODE); + } } $HTTP_ERR_CODE = $ERROR_CODE && $ERROR_CODE < 600 ? $ERROR_CODE : 500; // Ajax request if ($rcmail->output && $rcmail->output->type == 'js') { - header("HTTP/1.0 $HTTP_ERR_CODE $__error_title"); - die; + header("HTTP/1.0 $HTTP_ERR_CODE $__error_title"); + die; } // compose page content @@ -109,8 +110,9 @@ $__page_content = <<<EOF EOF; if ($rcmail->output && $rcmail->output->template_exists('error')) { - $rcmail->output->reset(); - $rcmail->output->send('error'); + $rcmail->output->reset(); + $rcmail->output->set_env('server_error', $ERROR_CODE); + $rcmail->output->send('error'); } $__skin = $rcmail->config->get('skin', 'default'); @@ -136,4 +138,3 @@ $__page_content EOF; exit; - diff --git a/program/steps/utils/html2text.inc b/program/steps/utils/html2text.inc index c6481b197..c01443b22 100644 --- a/program/steps/utils/html2text.inc +++ b/program/steps/utils/html2text.inc @@ -22,7 +22,7 @@ $html = $HTTP_RAW_POST_DATA; // Replace emoticon images with its text representation -$html = rcmail_replace_emoticons($html); +$html = $RCMAIL->replace_emoticons($html); $converter = new rcube_html2text($html, false, true, 0); diff --git a/program/steps/utils/modcss.inc b/program/steps/utils/modcss.inc index 1a28c6598..c8a7cb524 100644 --- a/program/steps/utils/modcss.inc +++ b/program/steps/utils/modcss.inc @@ -55,7 +55,7 @@ $ctype = '~Content-Type:\s+text/(css|plain)~i'; if ($source !== false && preg_match($ctype, $headers)) { header('Content-Type: text/css'); - echo rcmail_mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['_c'])); + echo rcube_utils::mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['_c'])); exit; } diff --git a/program/steps/utils/save_pref.inc b/program/steps/utils/save_pref.inc index 7def8733d..183c398d3 100644 --- a/program/steps/utils/save_pref.inc +++ b/program/steps/utils/save_pref.inc @@ -5,7 +5,7 @@ | program/steps/utils/save_pref.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2005-2010, The Roundcube Dev Team | + | Copyright (C) 2005-2013, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -19,17 +19,27 @@ +-----------------------------------------------------------------------+ */ -$name = get_input_value('_name', RCUBE_INPUT_POST); -$value = get_input_value('_value', RCUBE_INPUT_POST); +$name = rcube_utils::get_input_value('_name', rcube_utils::INPUT_POST); +$value = rcube_utils::get_input_value('_value', rcube_utils::INPUT_POST); +$sessname = rcube_utils::get_input_value('_session', rcube_utils::INPUT_POST); + +// Whitelisted preferences and session variables, others +// can be added by plugins $whitelist = array( 'preview_pane', 'list_cols', 'collapsed_folders', 'collapsed_abooks', ); +$whitelist_sess = array( + 'list_attrib/columns', +); + +$whitelist = array_merge($whitelist, $RCMAIL->plugins->allowed_prefs); +$whitelist_sess = array_merge($whitelist_sess, $RCMAIL->plugins->allowed_session_prefs); -if (!in_array($name, array_merge($whitelist, $RCMAIL->plugins->allowed_prefs))) { - raise_error(array('code' => 500, 'type' => 'php', +if (!in_array($name, $whitelist) || ($sessname && !in_array($sessname, $whitelist_sess))) { + rcube::raise_error(array('code' => 500, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => sprintf("Hack attempt detected (user: %s)", $RCMAIL->get_user_name())), true, false); @@ -42,7 +52,7 @@ if (!in_array($name, array_merge($whitelist, $RCMAIL->plugins->allowed_prefs))) $RCMAIL->user->save_prefs(array($name => $value)); // update also session if requested -if ($sessname = get_input_value('_session', RCUBE_INPUT_POST)) { +if ($sessname) { // Support multidimensional arrays... $vars = explode('/', $sessname); @@ -57,5 +67,3 @@ if ($sessname = get_input_value('_session', RCUBE_INPUT_POST)) { $OUTPUT->reset(); $OUTPUT->send(); - - diff --git a/program/steps/utils/spell.inc b/program/steps/utils/spell.inc index 1c68e8328..c8807e32f 100644 --- a/program/steps/utils/spell.inc +++ b/program/steps/utils/spell.inc @@ -20,7 +20,7 @@ */ // read input -$lang = get_input_value('lang', RCUBE_INPUT_GET); +$lang = rcube_utils::get_input_value('lang', rcube_utils::INPUT_GET); $data = file_get_contents('php://input'); $learn_word = strpos($data, '<learnword>'); @@ -29,13 +29,13 @@ $learn_word = strpos($data, '<learnword>'); $left = strpos($data, '<text>'); $right = strrpos($data, '</text>'); $data = substr($data, $left+6, $right-($left+6)); -$data = html_entity_decode($data, ENT_QUOTES, RCMAIL_CHARSET); +$data = html_entity_decode($data, ENT_QUOTES, RCUBE_CHARSET); $spellchecker = new rcube_spellchecker($lang); if ($learn_word) { $spellchecker->add_word($data); - $result = '<?xml version="1.0" encoding="'.RCMAIL_CHARSET.'"?><learnwordresult></learnwordresult>'; + $result = '<?xml version="1.0" encoding="'.RCUBE_CHARSET.'"?><learnwordresult></learnwordresult>'; } else { $spellchecker->check($data); @@ -47,12 +47,15 @@ if ($err = $spellchecker->error()) { 'file' => __FILE__, 'line' => __LINE__, 'message' => "Spell check engine error: " . trim($err)), true, false); + + header("HTTP/1.0 500 Internal Server Error"); + exit; } // set response length header("Content-Length: " . strlen($result)); // Don't use server's default Content-Type charset (#1486406) -header("Content-Type: text/xml; charset=" . RCMAIL_CHARSET); +header("Content-Type: text/xml; charset=" . RCUBE_CHARSET); print $result; exit; diff --git a/program/steps/utils/spell_html.inc b/program/steps/utils/spell_html.inc index 96b41e230..27b14acef 100644 --- a/program/steps/utils/spell_html.inc +++ b/program/steps/utils/spell_html.inc @@ -56,7 +56,7 @@ if ($error = $spellchecker->error()) { } // send output -header("Content-Type: text/xml; charset=".RCMAIL_CHARSET); +header("Content-Type: text/xml; charset=".RCUBE_CHARSET); echo json_encode($result); exit; |