summaryrefslogtreecommitdiff
path: root/program
diff options
context:
space:
mode:
Diffstat (limited to 'program')
-rw-r--r--program/include/main.inc59
-rw-r--r--program/include/rcube_imap.inc4
-rw-r--r--program/include/rcube_shared.inc17
-rw-r--r--program/steps/mail/func.inc6
4 files changed, 66 insertions, 20 deletions
diff --git a/program/include/main.inc b/program/include/main.inc
index cc019af67..34e21c2a1 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -46,7 +46,7 @@ function rcmail_startup($task='mail')
// load host-specific configuration
rcmail_load_host_config($CONFIG);
- $CONFIG['skin_path'] = $CONFIG['skin_path'] ? preg_replace('/\/$/', '', $CONFIG['skin_path']) : 'skins/default';
+ $CONFIG['skin_path'] = $CONFIG['skin_path'] ? unslashify($CONFIG['skin_path']) : 'skins/default';
// load db conf
include_once('config/db.inc.php');
@@ -55,7 +55,7 @@ function rcmail_startup($task='mail')
if (empty($CONFIG['log_dir']))
$CONFIG['log_dir'] = $INSTALL_PATH.'logs';
else
- $CONFIG['log_dir'] = ereg_replace('\/$', '', $CONFIG['log_dir']);
+ $CONFIG['log_dir'] = unslashify($CONFIG['log_dir']);
// set PHP error logging according to config
if ($CONFIG['debug_level'] & 1)
@@ -67,7 +67,8 @@ function rcmail_startup($task='mail')
ini_set('display_errors', 1);
else
ini_set('display_errors', 0);
-
+
+
// set session garbage collecting time according to session_lifetime
if (!empty($CONFIG['session_lifetime']))
ini_set('session.gc_maxlifetime', ($CONFIG['session_lifetime']+2)*60);
@@ -81,7 +82,6 @@ function rcmail_startup($task='mail')
$DB->db_connect('w');
// we can use the database for storing session data
- // session queries do not work with MDB2
if (!$DB->is_error())
include_once('include/session.inc');
@@ -90,17 +90,14 @@ function rcmail_startup($task='mail')
$sess_id = session_id();
// create session and set session vars
- if (!$_SESSION['client_id'])
+ if (!isset($_SESSION['auth_time']))
{
- $_SESSION['client_id'] = $sess_id;
$_SESSION['user_lang'] = rcube_language_prop($CONFIG['locale_string']);
$_SESSION['auth_time'] = mktime();
- $_SESSION['auth'] = rcmail_auth_hash($sess_id, $_SESSION['auth_time']);
- unset($GLOBALS['_auth']);
+ setcookie('sessauth', rcmail_auth_hash($sess_id, $_SESSION['auth_time']));
}
// set session vars global
- $sess_auth = $_SESSION['auth'];
$sess_user_lang = rcube_language_prop($_SESSION['user_lang']);
@@ -148,7 +145,7 @@ function rcmail_load_host_config(&$config)
$config = array_merge($config, $rcmail_config);
}
}
-
+
// create authorization hash
function rcmail_auth_hash($sess_id, $ts)
@@ -168,6 +165,22 @@ function rcmail_auth_hash($sess_id, $ts)
}
+// compare the auth hash sent by the client with the local session credentials
+function rcmail_authenticate_session()
+ {
+ $now = mktime();
+ $valid = ($_COOKIE['sessauth'] == rcmail_auth_hash(session_id(), $_SESSION['auth_time']));
+
+ // renew auth cookie every 5 minutes
+ if (!$valid || ($now-$_SESSION['auth_time'] > 300))
+ {
+ $_SESSION['auth_time'] = $now;
+ setcookie('sessauth', rcmail_auth_hash(session_id(), $now));
+ }
+
+ return $valid;
+ }
+
// create IMAP object and connect to server
function rcmail_imap_init($connect=FALSE)
@@ -718,17 +731,35 @@ function console($msg, $type=1)
}
+// encrypt IMAP password using DES encryption
function encrypt_passwd($pass)
{
- $cypher = des('rcmail?24BitPwDkeyF**ECB', $pass, 1, 0, NULL);
+ $cypher = des(get_des_key(), $pass, 1, 0, NULL);
return base64_encode($cypher);
}
+// decrypt IMAP password using DES encryption
function decrypt_passwd($cypher)
{
- $pass = des('rcmail?24BitPwDkeyF**ECB', base64_decode($cypher), 0, 0, NULL);
- return trim($pass);
+ $pass = des(get_des_key(), base64_decode($cypher), 0, 0, NULL);
+ return preg_replace('/\x00/', '', $pass);
+ }
+
+
+// return a 24 byte key for the DES encryption
+function get_des_key()
+ {
+ $key = !empty($GLOBALS['CONFIG']['des_key']) ? $GLOBALS['CONFIG']['des_key'] : 'rcmail?24BitPwDkeyF**ECB';
+ $len = strlen($key);
+
+ // make sure the key is exactly 24 chars long
+ if ($len<24)
+ $key .= str_repeat('_', 24-$len);
+ else if ($len>24)
+ substr($key, 0, 24);
+
+ return $key;
}
@@ -802,7 +833,7 @@ function rcmail_clear_session_temp($sess_id)
{
global $CONFIG;
- $temp_dir = $CONFIG['temp_dir'].(!eregi('\/$', $CONFIG['temp_dir']) ? '/' : '');
+ $temp_dir = slashify($CONFIG['temp_dir']);
$cache_dir = $temp_dir.$sess_id;
if (is_dir($cache_dir))
diff --git a/program/include/rcube_imap.inc b/program/include/rcube_imap.inc
index bb3146466..bc12eac06 100644
--- a/program/include/rcube_imap.inc
+++ b/program/include/rcube_imap.inc
@@ -1732,7 +1732,7 @@ class rcube_imap
*
* @access static
*/
- function decode_mime_string($input)
+ function decode_mime_string($input, $recursive=false)
{
$out = '';
@@ -1753,7 +1753,7 @@ class rcube_imap
return $out;
}
-
+
// no encoding information, defaults to what is specified in the class header
return rcube_charset_convert($input, 'ISO-8859-1');
}
diff --git a/program/include/rcube_shared.inc b/program/include/rcube_shared.inc
index fe1a560a3..8f4efdb07 100644
--- a/program/include/rcube_shared.inc
+++ b/program/include/rcube_shared.inc
@@ -1334,7 +1334,8 @@ function make_absolute_url($path, $base_url)
}
-
+// replace the middle part of a string with ...
+// if it is longer than the allowed length
function abbrevate_string($str, $maxlength, $place_holder='...')
{
$length = strlen($str);
@@ -1350,6 +1351,20 @@ function abbrevate_string($str, $maxlength, $place_holder='...')
}
+// make sure the string ends with a slash
+function slashify($str)
+ {
+ return unslashify($str).'/';
+ }
+
+
+// remove slash at the end of the string
+function unslashify($str)
+ {
+ return preg_replace('/\/$/', '', $str);
+ }
+
+
// delete all files within a folder
function clear_directory($dir_path)
{
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 261cbdd25..376c0bf93 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -214,7 +214,7 @@ function rcmail_render_folder_tree_html(&$arrFolders, &$special, &$mbox_name, $m
else if ($folder['id']==$CONFIG['junk_mbox'])
$class_name = 'junk';
- $out .= sprintf('<li id="rcmbx%s" class="mailbox %s %s%s%s"><a href="%s&_mbox=%s"'.
+ $out .= sprintf('<li id="rcmbx%s" class="mailbox %s %s%s%s"><a href="%s&amp;_mbox=%s"'.
' onclick="return %s.command(\'list\',\'%s\')"'.
' onmouseup="return %s.mbox_mouse_up(\'%s\')"%s>%s</a>',
$folder_css,
@@ -437,7 +437,7 @@ function rcmail_message_list($attrib)
{
$cont = rep_specialchars_output($IMAP->decode_header($header->$col), 'html', 'all');
// firefox/mozilla temporary workaround to pad subject with content so that whitespace in rows responds to drag+drop
- $cont .= sprintf('<img src="%s%s" height="11" width="1000">', $skin_path, "/images/cleardot.png");
+ $cont .= '<img src="./program/blank.gif" height="5" width="1000" alt="" />';
}
else if ($col=='size')
$cont = show_bytes($header->$col);
@@ -1017,7 +1017,7 @@ function rcmail_message_headers($attrib, $headers=NULL)
if ($hkey=='date' && !empty($headers[$hkey]))
$header_value = format_date(strtotime($headers[$hkey]));
else if (in_array($hkey, array('from', 'to', 'cc', 'bcc', 'reply-to')))
- $header_value = rep_specialchars_output(rcmail_address_string($IMAP->decode_header($headers[$hkey]), NULL, $attrib['addicon']));
+ $header_value = rep_specialchars_output(rcmail_address_string($headers[$hkey], NULL, $attrib['addicon']));
else
$header_value = rep_specialchars_output($IMAP->decode_header($headers[$hkey]), '', 'all');