From 1a2754d18ca079ea55e4c272d7cdc9dc33c00179 Mon Sep 17 00:00:00 2001 From: alecpl Date: Wed, 16 Feb 2011 09:42:31 +0000 Subject: - Applied fixes from trunk --- CHANGELOG | 3 +++ program/include/main.inc | 33 ++++++++++++++++++--------------- program/include/rcmail.php | 6 +++--- program/include/rcube_imap_generic.php | 32 +++++++++++++++++++++----------- program/include/rcube_user.php | 9 ++++----- 5 files changed, 49 insertions(+), 34 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 5eea6dc67..2f9cd1595 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,9 @@ CHANGELOG Roundcube Webmail =========================== +- Fix SQL query in rcube_user::query() so it uses index on MySQL again +- Use only one from IMAP authentication methods to prevent login delays (1487784) +- Fix strftime format support in date_today option - Removed redundant tags from contact add/edit pages - Fix CSS error in contact details screen on IE7 (#1487775) diff --git a/program/include/main.inc b/program/include/main.inc index f9cc4331b..7be7488b5 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -975,7 +975,7 @@ function parse_attrib_string($str) * @return string Formatted date string */ function format_date($date, $format=NULL) - { +{ global $CONFIG; $ts = NULL; @@ -999,7 +999,7 @@ function format_date($date, $format=NULL) if (empty($ts)) return ''; - + // get user's timezone if ($CONFIG['timezone'] === 'auto') $tz = isset($_SESSION['timezone']) ? $_SESSION['timezone'] : date('Z')/3600; @@ -1011,7 +1011,7 @@ function format_date($date, $format=NULL) // convert time to user's timezone $timestamp = $ts - date('Z', $ts) + ($tz * 3600); - + // get current timestamp in user's timezone $now = time(); // local time $now -= (int)date('Z'); // make GMT time @@ -1019,30 +1019,33 @@ function format_date($date, $format=NULL) $now_date = getdate($now); $today_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday'], $now_date['year']); - $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']); + $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']); // define date format depending on current time if (!$format) { - if ($CONFIG['prettydate'] && $timestamp > $today_limit && $timestamp < $now) - return sprintf('%s %s', rcube_label('today'), date($CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i', $timestamp)); + if ($CONFIG['prettydate'] && $timestamp > $today_limit && $timestamp < $now) { + $format = $CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i'; + $today = true; + } else if ($CONFIG['prettydate'] && $timestamp > $week_limit && $timestamp < $now) $format = $CONFIG['date_short'] ? $CONFIG['date_short'] : 'D H:i'; else $format = $CONFIG['date_long'] ? $CONFIG['date_long'] : 'd.m.Y H:i'; - } + } // strftime() format - if (preg_match('/%[a-z]+/i', $format)) - return strftime($format, $timestamp); + if (preg_match('/%[a-z]+/i', $format)) { + $format = strftime($format, $timestamp); + return $today ? (rcube_label('today') . ' ' . $format) : $format; + } // parse format string manually in order to provide localized weekday and month names // an alternative would be to convert the date() format string to fit with strftime() $out = ''; - for($i=0; $iimap)) - $this->imap->close(); - if (is_object($this->smtp)) $this->smtp->disconnect(); @@ -1198,6 +1195,9 @@ class rcmail } } + if (is_object($this->imap)) + $this->imap->close(); + return $base64 ? base64_encode($cipher) : $cipher; } diff --git a/program/include/rcube_imap_generic.php b/program/include/rcube_imap_generic.php index 9b8d29f8a..f1b3dfda8 100644 --- a/program/include/rcube_imap_generic.php +++ b/program/include/rcube_imap_generic.php @@ -757,6 +757,13 @@ class rcube_imap_generic // Now we're secure, capabilities need to be reread $this->clearCapability(); } + + // Use best (for security) supported authentication method + foreach (array('DIGEST-MD5', 'CRAM-MD5', 'CRAM_MD5', 'PLAIN', 'LOGIN') as $auth_method) { + if (in_array($auth_method, $auth_methods)) { + break; + } + } } // Send ID info @@ -782,6 +789,13 @@ class rcube_imap_generic else if (!$login_disabled) { $auth_methods[] = 'LOGIN'; } + + // Use best (for security) supported authentication method + foreach (array('DIGEST-MD5', 'CRAM-MD5', 'CRAM_MD5', 'PLAIN', 'LOGIN') as $auth_method) { + if (in_array($auth_method, $auth_methods)) { + break; + } + } } else { // Prevent from sending credentials in plain text when connection is not secure @@ -791,32 +805,28 @@ class rcube_imap_generic return false; } // replace AUTH with CRAM-MD5 for backward compat. - $auth_methods[] = $auth_method == 'AUTH' ? 'CRAM-MD5' : $auth_method; + if ($auth_method == 'AUTH') { + $auth_method = 'CRAM-MD5'; + } } // pre-login capabilities can be not complete $this->capability_readed = false; // Authenticate - foreach ($auth_methods as $method) { - switch ($method) { + switch ($auth_method) { case 'CRAM_MD5': - $method = 'CRAM-MD5'; + $auth_method = 'CRAM-MD5'; case 'CRAM-MD5': case 'DIGEST-MD5': case 'PLAIN': - $result = $this->authenticate($user, $password, $method); + $result = $this->authenticate($user, $password, $auth_method); break; case 'LOGIN': $result = $this->login($user, $password); break; default: - $this->setError(self::ERROR_BAD, "Configuration error. Unknown auth method: $method"); - } - - if (is_resource($result)) { - break; - } + $this->setError(self::ERROR_BAD, "Configuration error. Unknown auth method: $auth_method"); } // Connected and authenticated diff --git a/program/include/rcube_user.php b/program/include/rcube_user.php index ee6db77cc..6e7591d0f 100644 --- a/program/include/rcube_user.php +++ b/program/include/rcube_user.php @@ -359,16 +359,15 @@ class rcube_user $dbh = rcmail::get_instance()->get_dbh(); // use BINARY (case-sensitive) comparison on MySQL, other engines are case-sensitive - $prefix = preg_match('/^mysql/', $dbh->db_provider) ? 'BINARY ' : ''; + $mod = preg_match('/^mysql/', $dbh->db_provider) ? 'BINARY' : ''; // query for matching user name - $query = "SELECT * FROM ".get_table_name('users')." WHERE mail_host = ? AND %s = ?"; - - $sql_result = $dbh->query(sprintf($query, $prefix.'username'), $host, $user); + $query = "SELECT * FROM ".get_table_name('users')." WHERE mail_host = ? AND %s = $mod ?"; + $sql_result = $dbh->query(sprintf($query, 'username'), $host, $user); // query for matching alias if (!($sql_arr = $dbh->fetch_assoc($sql_result))) { - $sql_result = $dbh->query(sprintf($query, $prefix.'alias'), $host, $user); + $sql_result = $dbh->query(sprintf($query, 'alias'), $host, $user); $sql_arr = $dbh->fetch_assoc($sql_result); } -- cgit v1.2.3