From 0bd99db08d1660e02e3b7589c78785ab6be0794d Mon Sep 17 00:00:00 2001 From: Thomas Bruederli Date: Mon, 23 Mar 2015 18:33:40 +0100 Subject: Localize common error messages; improve explanation for CSRF check failures --- program/include/rcmail_output_html.php | 2 +- program/localization/en_US/messages.inc | 9 +++++++ program/steps/utils/error.inc | 46 ++++++++++++++++++++------------- 3 files changed, 38 insertions(+), 19 deletions(-) diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php index c6c43b532..365c403e4 100644 --- a/program/include/rcmail_output_html.php +++ b/program/include/rcmail_output_html.php @@ -584,7 +584,7 @@ EOF; // read template file if (!$path || ($templ = @file_get_contents($path)) === false) { rcube::raise_error(array( - 'code' => 501, + 'code' => 404, 'type' => 'php', 'line' => __LINE__, 'file' => __FILE__, diff --git a/program/localization/en_US/messages.inc b/program/localization/en_US/messages.inc index e0de3654e..bcf89a441 100644 --- a/program/localization/en_US/messages.inc +++ b/program/localization/en_US/messages.inc @@ -180,5 +180,14 @@ $messages['messagetoobig'] = 'The message part is too big to process it.'; $messages['attachmentvalidationerror'] = 'WARNING! This attachment is suspicious because its type doesn\'t match the type declared in the message. If you do not trust the sender, you shouldn\'t open it in the browser because it may contain malicious contents.

Expected: $expected; found: $detected'; $messages['noscriptwarning'] = 'Warning: This webmail service requires Javascript! In order to use it please enable Javascript in your browser\'s settings.'; $messages['messageissent'] = 'The message was already sent, but not saved yet. Do you want to save it now?'; +$messages['errnotfound'] = 'File Not Found'; +$messages['errnotfoundexplain'] = 'The requested resource was not found!'; +$messages['errfailedrequest'] = 'Failed request'; +$messages['errauthorizationfailed'] = 'Authorization Failed'; +$messages['errunauthorizedexplain'] = 'Could not verify that you are authorized to access this service!'; +$messages['errrequestcheckfailed'] = 'Request Check Failed'; +$messages['errcsrfprotectionexplain'] = "For your protection, access to this resource is secured against CSRF.\nYou probably didn't log out before leaving the web application.\n\nHuman interaction is now required to continue."; +$messages['errcontactserveradmin'] = 'Please contact your server-administrator.'; +$messages['clicktoresumesession'] = 'Click here to resume your previous session'; ?> diff --git a/program/steps/utils/error.inc b/program/steps/utils/error.inc index 6bbc57fda..16fbb03d9 100644 --- a/program/steps/utils/error.inc +++ b/program/steps/utils/error.inc @@ -5,7 +5,7 @@ | program/steps/utils/error.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2005-2013, The Roundcube Dev Team | + | Copyright (C) 2005-2015, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -43,37 +43,33 @@ EOF; // authorization error else if ($ERROR_CODE == 401) { - $__error_title = "AUTHORIZATION FAILED"; - $__error_text = "Could not verify that you are authorized to access this service!
\n" - . "Please contact your server-administrator."; + $__error_title = strtoupper($rcmail->gettext('errauthorizationfailed')); + $__error_text = nl2br($rcmail->gettext('errunauthorizedexplain') . "\n" . + $rcmail->gettext('errcontactserveradmin')); } // forbidden due to request check else if ($ERROR_CODE == 403) { if ($_SERVER['REQUEST_METHOD'] == 'GET' && $rcmail->request_status == rcube::REQUEST_ERROR_URL) { - parse_str($_SERVER['QUERY_STRING'], $url); - $url = $rcmail->url($url, true, false, true); - $add = "
Click here to try again."; + $url = $rcmail->url($_GET, true, false, true); + $add = html::a($url, $rcmail->gettext('clicktoresumesession')); } else { - $add = "Please contact your server-administrator."; + $add = $rcmail->gettext('errcontactserveradmin'); } - $__error_title = "REQUEST CHECK FAILED"; - $__error_text = "Access to this service was denied due to failing security checks!
\n$add"; + $__error_title = strtoupper($rcmail->gettext('errrequestcheckfailed')); + $__error_text = nl2br($rcmail->gettext('errcsrfprotectionexplain')) . '

' . $add . '

'; } // failed request (wrong step in URL) else if ($ERROR_CODE == 404) { $request_url = htmlentities($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); - $__error_title = "REQUEST FAILED/FILE NOT FOUND"; - $__error_text = << -Please contact your server-administrator. + $__error_title = strtoupper($rcmail->gettext('errnotfound')); + $__error_text = nl2br($rcmail->gettext('errnotfoundexplain') . "\n" . + $rcmail->gettext('errcontactserveradmin')); -

Failed request:
-http://$request_url

-EOF; + $__error_text .= '

' . $rcmail->gettext('errfailedrequest') . ":
\n//$request_url

"; } // database connection error @@ -101,6 +97,20 @@ else { } } +// inform plugins +if ($rcmail && $rcmail->plugins) { + $plugin = $rcmail->plugins->exec_hook('error_page', array( + 'code' => $ERROR_CODE, + 'title' => $__error_title, + 'text' => $__error_text, + )); + + if (!empty($plugin['title'])) + $__error_title = $plugin['title']; + if (!empty($plugin['text'])) + $__error_text = $plugin['text']; +} + $HTTP_ERR_CODE = $ERROR_CODE && $ERROR_CODE < 600 ? $ERROR_CODE : 500; // Ajax request @@ -113,7 +123,7 @@ if ($rcmail->output && $rcmail->output->type == 'js') { $__page_content = <<

$__error_title

-

$__error_text

+
$__error_text
EOF; -- cgit v1.2.3