Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 306 lines (260 sloc) 11.835 kB
4e17e6c @thomascube Initial revision
thomascube authored
1 <?php
2 /*
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
3 +-------------------------------------------------------------------------+
e019f2d @alecpl - s/RoundCube/Roundcube/
alecpl authored
4 | Roundcube Webmail IMAP Client |
b546b0d Also, the license comments
Brian Ronald authored
5 | Version 0.9-git |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
6 | |
7fe3811 @thomascube Changed license to GNU GPLv3+ with exceptions for skins and plugins
thomascube authored
7 | Copyright (C) 2005-2012, The Roundcube Dev Team |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
8 | |
7fe3811 @thomascube Changed license to GNU GPLv3+ with exceptions for skins and plugins
thomascube authored
9 | This program is free software: you can redistribute it and/or modify |
10 | it under the terms of the GNU General Public License (with exceptions |
11 | for skins & plugins) as published by the Free Software Foundation, |
12 | either version 3 of the License, or (at your option) any later version. |
13 | |
14 | This file forms part of the Roundcube Webmail Software for which the |
15 | following exception is added: Plugins and Skins which merely make |
16 | function calls to the Roundcube Webmail Software, and for that purpose |
17 | include it by reference shall not be considered modifications of |
18 | the software. |
19 | |
20 | If you wish to use this file in another project or create a modified |
21 | version that will not be part of the Roundcube Webmail Software, you |
22 | may remove the exception above and use this source code under the |
23 | original version of the license. |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
24 | |
25 | This program is distributed in the hope that it will be useful, |
26 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
7fe3811 @thomascube Changed license to GNU GPLv3+ with exceptions for skins and plugins
thomascube authored
27 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
28 | GNU General Public License for more details. |
29 | |
7fe3811 @thomascube Changed license to GNU GPLv3+ with exceptions for skins and plugins
thomascube authored
30 | You should have received a copy of the GNU General Public License |
31 | along with this program. If not, see http://www.gnu.org/licenses/. |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
32 | |
33 +-------------------------------------------------------------------------+
34 | Author: Thomas Bruederli <roundcube@gmail.com> |
35 +-------------------------------------------------------------------------+
4e17e6c @thomascube Initial revision
thomascube authored
36 */
37
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
38 // include environment
39 require_once 'program/include/iniset.php';
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
40
48bc52e @alecpl - Fix imap_init hook broken in r3258 (#1486493)
alecpl authored
41 // init application, start session, init output class, etc.
83a7636 @thomascube More code cleanup
thomascube authored
42 $RCMAIL = rcmail::get_instance();
43
9e54e6f @alecpl - Make the whole PHP output non-cacheable (#1487797)
alecpl authored
44 // Make the whole PHP output non-cacheable (#1487797)
0c25968 @alecpl - Merge devel-framework branch, resolved conflicts
alecpl authored
45 $RCMAIL->output->nocacheing_headers();
9e54e6f @alecpl - Make the whole PHP output non-cacheable (#1487797)
alecpl authored
46
d51c93b @alecpl - get rid of some hardcoded action names and move decission about out…
alecpl authored
47 // turn on output buffering
48 ob_start();
2f2f15b @thomascube Little improvements for message parsing and encoding
thomascube authored
49
8c72e33 @thomascube Show appropriate error message if config files are missing
thomascube authored
50 // check if config files had errors
51 if ($err_str = $RCMAIL->config->get_error()) {
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
52 rcmail::raise_error(array(
8c72e33 @thomascube Show appropriate error message if config files are missing
thomascube authored
53 'code' => 601,
54 'type' => 'php',
55 'message' => $err_str), false, true);
56 }
57
8affba5 @thomascube Improved error handling in DB connection failure
thomascube authored
58 // check DB connections and exit on failure
c321a95 @thomascube Merged devel-framework branch (r5746:5779) back into trunk
thomascube authored
59 if ($err_str = $RCMAIL->db->is_error()) {
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
60 rcmail::raise_error(array(
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
61 'code' => 603,
62 'type' => 'db',
63 'message' => $err_str), FALSE, TRUE);
64 }
8affba5 @thomascube Improved error handling in DB connection failure
thomascube authored
65
4e17e6c @thomascube Initial revision
thomascube authored
66 // error steps
0c25968 @alecpl - Merge devel-framework branch, resolved conflicts
alecpl authored
67 if ($RCMAIL->action == 'error' && !empty($_GET['_code'])) {
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
68 rcmail::raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
69 }
4e17e6c @thomascube Initial revision
thomascube authored
70
f5d61d8 @thomascube Revert r3038 and allow to specify the port as value of force_https
thomascube authored
71 // check if https is required (for login) and redirect if necessary
72 if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
73 $https_port = is_bool($force_https) ? 443 : $force_https;
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
74 if (!rcube_utils::https_check($https_port)) {
76c94b6 @alecpl - Fix 'force_https' to specified port when URL contains a port number…
alecpl authored
75 $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
76 $host .= ($https_port != 443 ? ':' . $https_port : '');
77 header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
f5d61d8 @thomascube Revert r3038 and allow to specify the port as value of force_https
thomascube authored
78 exit;
79 }
80 }
81
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
82 // trigger startup plugin hook
83 $startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));
84 $RCMAIL->set_task($startup['task']);
85 $RCMAIL->action = $startup['action'];
86
4e17e6c @thomascube Initial revision
thomascube authored
87 // try to log in
9b94eb6 @alecpl - Fix setting task name according to auth state. So, any action befor…
alecpl authored
88 if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
89 $request_valid = $_SESSION['temp'] && $RCMAIL->check_request(rcube_utils::INPUT_POST, 'login');
784a425 @thomascube protect login form submission from CSRF using a request token
thomascube authored
90
0129d7c @alecpl - Fix authentication when submitting form with existing session (#148…
alecpl authored
91 // purge the session in case of new login when a session already exists
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
92 $RCMAIL->kill_session();
5f560ee @alecpl - Plugin API: Add 'pass' argument in 'authenticate' hook (#1487134)
alecpl authored
93
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
94 $auth = $RCMAIL->plugins->exec_hook('authenticate', array(
95 'host' => $RCMAIL->autoselect_host(),
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
96 'user' => trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)),
97 'pass' => rcube_utils::get_input_value('_pass', rcube_utils::INPUT_POST, true,
5f560ee @alecpl - Plugin API: Add 'pass' argument in 'authenticate' hook (#1487134)
alecpl authored
98 $RCMAIL->config->get('password_charset', 'ISO-8859-1')),
4463648 @thomascube Allow a plugin to disable the cookie check
thomascube authored
99 'cookiecheck' => true,
784a425 @thomascube protect login form submission from CSRF using a request token
thomascube authored
100 'valid' => $request_valid,
64608bf @alecpl - Password: Make passwords encoding consistent with core, add 'passwo…
alecpl authored
101 ));
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
102
7c8fd80 @alecpl Show explicit error message when provided hostname is invalid (#1488550)
alecpl authored
103 // Login
104 if ($auth['valid'] && !$auth['abort'] &&
105 $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck'])
4cfe66f @alecpl - small code cleanup
alecpl authored
106 ) {
107 // create new session ID, don't destroy the current session
c294eaa @alecpl - Performance improvement: Remove redundant DELETE query (for old ses…
alecpl authored
108 // it was destroyed already by $RCMAIL->kill_session() above
4cfe66f @alecpl - small code cleanup
alecpl authored
109 $RCMAIL->session->remove('temp');
c294eaa @alecpl - Performance improvement: Remove redundant DELETE query (for old ses…
alecpl authored
110 $RCMAIL->session->regenerate_id(false);
aad6e2a @thomascube New session authentication, should fix bugs #1483951 and #1484299; te…
thomascube authored
111
112 // send auth cookie if necessary
cf2da2f @thomascube Improve session validity check with changing auth cookies; reduce wri…
thomascube authored
113 $RCMAIL->session->set_auth_cookie();
aad6e2a @thomascube New session authentication, should fix bugs #1483951 and #1484299; te…
thomascube authored
114
5e0045b Add option to log successful logins.
svncommit authored
115 // log successful login
0c25968 @alecpl - Merge devel-framework branch, resolved conflicts
alecpl authored
116 $RCMAIL->log_login();
10eedbe @alecpl - add file/line definitions to raise_error() calls
alecpl authored
117
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
118 // restore original request parameters
88007cf @thomascube Fix login redirect issues (#1487686)
thomascube authored
119 $query = array();
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
120 if ($url = rcube_utils::get_input_value('_url', rcube_utils::INPUT_POST)) {
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
121 parse_str($url, $query);
c294eaa @alecpl - Performance improvement: Remove redundant DELETE query (for old ses…
alecpl authored
122
32234d7 @thomascube Better fix for login redirect, don't force mail task
thomascube authored
123 // prevent endless looping on login page
124 if ($query['_task'] == 'login')
125 unset($query['_task']);
d2191c6 @alecpl - Fix redirect to mail/compose on re-login (1488226)
alecpl authored
126
127 // prevent redirect to compose with specified ID (#1488226)
128 if ($query['_action'] == 'compose' && !empty($query['_id']))
129 $query = array();
32234d7 @thomascube Better fix for login redirect, don't force mail task
thomascube authored
130 }
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
131
132 // allow plugins to control the redirect url after login success
32234d7 @thomascube Better fix for login redirect, don't force mail task
thomascube authored
133 $redir = $RCMAIL->plugins->exec_hook('login_after', $query + array('_task' => 'mail'));
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
134 unset($redir['abort'], $redir['_err']);
5e0045b Add option to log successful logins.
svncommit authored
135
4e17e6c @thomascube Initial revision
thomascube authored
136 // send redirect
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
137 $OUTPUT->redirect($redir);
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
138 }
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
139 else {
7c8fd80 @alecpl Show explicit error message when provided hostname is invalid (#1488550)
alecpl authored
140 if (!$auth['valid']) {
141 $error_code = RCMAIL::ERROR_INVALID_REQUEST;
142 }
143 else {
144 $error_code = $auth['error'] ? $auth['error'] : $RCMAIL->login_error();
145 }
146
147 $error_labels = array(
148 RCMAIL::ERROR_STORAGE => 'storageerror',
149 RCMAIL::ERROR_COOKIES_DISABLED => 'cookiesdisabled',
150 RCMAIL::ERROR_INVALID_REQUEST => 'invalidrequest',
151 RCMAIL::ERROR_INVALID_HOST => 'invalidhost',
152 );
153
154 $error_message = $error_labels[$error_code] ? $error_labels[$error_code] : 'loginfailed';
6d99f99 @alecpl - Handle situation when $IMAP object isn't initialized on log in
alecpl authored
155
7c8fd80 @alecpl Show explicit error message when provided hostname is invalid (#1488550)
alecpl authored
156 $OUTPUT->show_message($error_message, 'warning');
8fcc3e1 @alecpl - Improved IMAP errors handling
alecpl authored
157 $RCMAIL->plugins->exec_hook('login_failed', array(
6d99f99 @alecpl - Handle situation when $IMAP object isn't initialized on log in
alecpl authored
158 'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user']));
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored
159 $RCMAIL->kill_session();
4e17e6c @thomascube Initial revision
thomascube authored
160 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
161 }
4e17e6c @thomascube Initial revision
thomascube authored
162
de62f02 @thomascube Also check referer on logout action
thomascube authored
163 // end session (after optional referer check)
0c25968 @alecpl - Merge devel-framework branch, resolved conflicts
alecpl authored
164 else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id']) && (!$RCMAIL->config->get('referer_check') || rcmail::check_referer())) {
c321a95 @thomascube Merged devel-framework branch (r5746:5779) back into trunk
thomascube authored
165 $userdata = array(
166 'user' => $_SESSION['username'],
167 'host' => $_SESSION['storage_host'],
168 'lang' => $RCMAIL->user->language,
169 );
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
170 $OUTPUT->show_message('loggedout');
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored
171 $RCMAIL->logout_actions();
172 $RCMAIL->kill_session();
7ef47e5 @thomascube Add some arguments to the logout_after hook
thomascube authored
173 $RCMAIL->plugins->exec_hook('logout_after', $userdata);
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
174 }
4e17e6c @thomascube Initial revision
thomascube authored
175
bac7d17 @thomascube Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
thomascube authored
176 // check session and auth cookie
9b94eb6 @alecpl - Fix setting task name according to auth state. So, any action befor…
alecpl authored
177 else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action != 'send') {
cf2da2f @thomascube Improve session validity check with changing auth cookies; reduce wri…
thomascube authored
178 if (!$RCMAIL->session->check_auth()) {
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored
179 $RCMAIL->kill_session();
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
180 $session_error = true;
4e17e6c @thomascube Initial revision
thomascube authored
181 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
182 }
4e17e6c @thomascube Initial revision
thomascube authored
183
184 // not logged in -> show login page
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored
185 if (empty($RCMAIL->user->ID)) {
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
186 // log session failures
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
187 $task = rcube_utils::get_input_value('_task', rcube_utils::INPUT_GPC);
0c25968 @alecpl - Merge devel-framework branch, resolved conflicts
alecpl authored
188 if ($task && !in_array($task, array('login','logout')) && !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])) {
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
189 $RCMAIL->session->log("Aborted session " . $sess_id . "; no valid session data found");
190 $session_error = true;
191 }
192
ec045b0 @thomascube Revert r4609 and use stateless request tokens; no need to save them i…
thomascube authored
193 if ($OUTPUT->ajax_call)
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
194 $OUTPUT->redirect(array('_err' => 'session'), 2000);
9b94eb6 @alecpl - Fix setting task name according to auth state. So, any action befor…
alecpl authored
195
ccc80d1 @alecpl - Fix login page loading into an iframe when session expires (#1485952)
alecpl authored
196 if (!empty($_REQUEST['_framed']))
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
197 $OUTPUT->command('redirect', $RCMAIL->url(array('_err' => 'session')));
ccc80d1 @alecpl - Fix login page loading into an iframe when session expires (#1485952)
alecpl authored
198
330127a @thomascube Disable PHP notices + check for installer script on login page
thomascube authored
199 // check if installer is still active
83a7636 @thomascube More code cleanup
thomascube authored
200 if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
201 $OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
202 html::tag('h2', array('style' => "margin-top:0.2em"), "Installer script is still accessible") .
e019f2d @alecpl - s/RoundCube/Roundcube/
alecpl authored
203 html::p(null, "The install script of your Roundcube installation is still stored in its default location!") .
204 html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because .
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
205 these files may expose sensitive configuration data like server passwords and encryption keys
206 to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.")
207 )
208 );
209 }
9e54e6f @alecpl - Make the whole PHP output non-cacheable (#1487797)
alecpl authored
210
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
211 if ($session_error || $_REQUEST['_err'] == 'session')
212 $OUTPUT->show_message('sessionerror', 'error', null, true, -1);
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
213
1c0ce1f @alecpl Plugin API: Add 'unauthenticated' hook (#1488138)
alecpl authored
214 $plugin = $RCMAIL->plugins->exec_hook('unauthenticated', array('task' => 'login', 'error' => $session_error));
215
216 $RCMAIL->set_task($plugin['task']);
217 $OUTPUT->send($plugin['task']);
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
218 }
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
219 // CSRF prevention
220 else {
221 // don't check for valid request tokens in these actions
b807084 @alecpl - Fix (disable) request validation for spell and spell_html actions
alecpl authored
222 $request_check_whitelist = array('login'=>1, 'spell'=>1, 'spell_html'=>1);
223
224 if (!$request_check_whitelist[$RCMAIL->action]) {
225 // check client X-header to verify request origin
226 if ($OUTPUT->ajax_call) {
227 if (rcube_utils::request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
228 header('HTTP/1.1 403 Forbidden');
229 die("Invalid Request");
230 }
231 }
232 // check request token in POST form submissions
233 else if (!empty($_POST) && !$RCMAIL->check_request()) {
234 $OUTPUT->show_message('invalidrequest', 'error');
235 $OUTPUT->send($RCMAIL->task);
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
236 }
a77cf22 @thomascube Add optional referer check to prevent CSRF in GET requests
thomascube authored
237
b807084 @alecpl - Fix (disable) request validation for spell and spell_html actions
alecpl authored
238 // check referer if configured
239 if ($RCMAIL->config->get('referer_check') && !rcmail::check_referer()) {
240 raise_error(array(
241 'code' => 403, 'type' => 'php',
242 'message' => "Referer check failed"), true, true);
243 }
a77cf22 @thomascube Add optional referer check to prevent CSRF in GET requests
thomascube authored
244 }
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
245 }
4e17e6c @thomascube Initial revision
thomascube authored
246
3703021 @alecpl - Plugin API: added 'ready' hook (#1488073)
alecpl authored
247 // we're ready, user is authenticated and the request is safe
248 $plugin = $RCMAIL->plugins->exec_hook('ready', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));
249 $RCMAIL->set_task($plugin['task']);
250 $RCMAIL->action = $plugin['action'];
251
252
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
253 // handle special actions
48aff91 @thomascube Moved code block to a more appropriate position + codestyle
thomascube authored
254 if ($RCMAIL->action == 'keep-alive') {
255 $OUTPUT->reset();
28ac5ca @thomascube Let plugins hook into keep-alive requests
thomascube authored
256 $RCMAIL->plugins->exec_hook('keep_alive', array());
48aff91 @thomascube Moved code block to a more appropriate position + codestyle
thomascube authored
257 $OUTPUT->send();
258 }
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
259 else if ($RCMAIL->action == 'save-pref') {
4351f7c @alecpl - Improve performance by including files with absolute path (#1487849)
alecpl authored
260 include INSTALL_PATH . 'program/steps/utils/save_pref.inc';
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
261 }
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Pos…
thomascube authored
262
4e17e6c @thomascube Initial revision
thomascube authored
263
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
264 // include task specific functions
4351f7c @alecpl - Improve performance by including files with absolute path (#1487849)
alecpl authored
265 if (is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/func.inc'))
266 include_once $incfile;
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
267
268 // allow 5 "redirects" to another action
269 $redirects = 0; $incstep = null;
270 while ($redirects < 5) {
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
271 // execute a plugin action
05a631a @thomascube Allow plugins to register their own tasks
thomascube authored
272 if ($RCMAIL->plugins->is_plugin_task($RCMAIL->task)) {
87e58c7 @thomascube Default action for plugin tasks is 'index'
thomascube authored
273 if (!$RCMAIL->action) $RCMAIL->action = 'index';
05a631a @thomascube Allow plugins to register their own tasks
thomascube authored
274 $RCMAIL->plugins->exec_action($RCMAIL->task.'.'.$RCMAIL->action);
275 break;
276 }
277 else if (preg_match('/^plugin\./', $RCMAIL->action)) {
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
278 $RCMAIL->plugins->exec_action($RCMAIL->action);
279 break;
280 }
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
281 // try to include the step file
68d2d54 @alecpl - Move action files map from index.php to steps' func.inc files
alecpl authored
282 else if (($stepfile = $RCMAIL->get_action_file())
4351f7c @alecpl - Improve performance by including files with absolute path (#1487849)
alecpl authored
283 && is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/'.$stepfile)
68d2d54 @alecpl - Move action files map from index.php to steps' func.inc files
alecpl authored
284 ) {
4351f7c @alecpl - Improve performance by including files with absolute path (#1487849)
alecpl authored
285 include $incfile;
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
286 $redirects++;
287 }
288 else {
289 break;
290 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
291 }
4e17e6c @thomascube Initial revision
thomascube authored
292
293
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
294 // parse main template (default)
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored
295 $OUTPUT->send($RCMAIL->task);
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
296
4e17e6c @thomascube Initial revision
thomascube authored
297
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
298 // if we arrive here, something went wrong
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
299 rcmail::raise_error(array(
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
300 'code' => 404,
301 'type' => 'php',
302 'line' => __LINE__,
303 'file' => __FILE__,
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
304 'message' => "Invalid request"), true, true);
b25dfd0 @alecpl - removed PHP closing tag
alecpl authored
305
Something went wrong with that request. Please try again.