From 65c0a0e591d917e87d54f499f9b25da522746aed Mon Sep 17 00:00:00 2001 From: alecpl Date: Tue, 13 Oct 2009 08:40:21 +0000 Subject: - Option 'force_https' replaced by 'force_https' plugin - added option 'force_https_port' in 'force_https' plugin (#1486091) --- CHANGELOG | 2 ++ config/main.inc.php.dist | 4 ---- index.php | 9 --------- plugins/force_https/force_https.php | 38 +++++++++++++++++++++++++++++++++++++ 4 files changed, 40 insertions(+), 13 deletions(-) create mode 100644 plugins/force_https/force_https.php diff --git a/CHANGELOG b/CHANGELOG index 2a38745cd..b4a467067 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,8 @@ CHANGELOG RoundCube Webmail =========================== +- added option 'force_https_port' in 'force_https' plugin (#1486091) +- Option 'force_https' replaced by 'force_https' plugin - Fix IE issue with non-UTF-8 characters in AJAX response (#1486159) - Partially fixed "empty body" issue by showing raw body of malformed message (#1486166) - Fix importing/sending to email address with whitespace (#1486214) diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist index 597ae23f5..e184078a9 100644 --- a/config/main.inc.php.dist +++ b/config/main.inc.php.dist @@ -49,10 +49,6 @@ $rcmail_config['enable_caching'] = FALSE; // possible units: s, m, h, d, w $rcmail_config['message_cache_lifetime'] = '10d'; -// enforce connections over https -// with this option enabled, all non-secure connections will be redirected -$rcmail_config['force_https'] = FALSE; - // automatically create a new RoundCube user when log-in the first time. // a new user will be created once the IMAP login succeeds. // set to false if only registered users can use this service diff --git a/index.php b/index.php index fc5926dcc..9e32fc79a 100644 --- a/index.php +++ b/index.php @@ -63,19 +63,11 @@ if ($RCMAIL->action=='error' && !empty($_GET['_code'])) { raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE); } -// check if https is required (for login) and redirect if necessary -if ($RCMAIL->config->get('force_https', false) && empty($_SESSION['user_id']) - && !(isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == 443 || $RCMAIL->config->get('use_https'))) { - header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); - exit; -} - // trigger startup plugin hook $startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action)); $RCMAIL->set_task($startup['task']); $RCMAIL->action = $startup['action']; - // try to log in if ($RCMAIL->action=='login' && $RCMAIL->task=='mail') { // purge the session in case of new login when a session already exists @@ -161,7 +153,6 @@ else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAI $OUTPUT->send($RCMAIL->task); } - // not logged in -> show login page if (empty($RCMAIL->user->ID)) { diff --git a/plugins/force_https/force_https.php b/plugins/force_https/force_https.php new file mode 100644 index 000000000..67552570e --- /dev/null +++ b/plugins/force_https/force_https.php @@ -0,0 +1,38 @@ + + */ +class force_https extends rcube_plugin +{ + function init() + { + $this->add_hook('startup', array($this, 'redirect')); + } + + function redirect($args) + { + $config = rcmail::get_instance()->config; + + $port = (int) $config->get('force_https_port', 443); + + // check if https is required (for login) and redirect if necessary + if (empty($_SESSION['user_id']) && !$config->get('use_https') + && (!isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] != $port)) + { + header('Location: https://' . $_SERVER['HTTP_HOST'] . ($port != 443 ? ":$port" : '') . $_SERVER['REQUEST_URI']); + exit; + } + + return $args; + } +} + +?> -- cgit v1.2.3