Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 303 lines (258 sloc) 11.733 kb
4e17e6c @thomascube Initial revision
thomascube authored
1 <?php
2 /*
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
3 +-------------------------------------------------------------------------+
e019f2d @alecpl - s/RoundCube/Roundcube/
alecpl authored
4 | Roundcube Webmail IMAP Client |
b546b0d Also, the license comments
Brian Ronald authored
5 | Version 0.9-git |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
6 | |
7fe3811 @thomascube Changed license to GNU GPLv3+ with exceptions for skins and plugins
thomascube authored
7 | Copyright (C) 2005-2012, The Roundcube Dev Team |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
8 | |
7fe3811 @thomascube Changed license to GNU GPLv3+ with exceptions for skins and plugins
thomascube authored
9 | This program is free software: you can redistribute it and/or modify |
10 | it under the terms of the GNU General Public License (with exceptions |
11 | for skins & plugins) as published by the Free Software Foundation, |
12 | either version 3 of the License, or (at your option) any later version. |
13 | |
14 | This file forms part of the Roundcube Webmail Software for which the |
15 | following exception is added: Plugins and Skins which merely make |
16 | function calls to the Roundcube Webmail Software, and for that purpose |
17 | include it by reference shall not be considered modifications of |
18 | the software. |
19 | |
20 | If you wish to use this file in another project or create a modified |
21 | version that will not be part of the Roundcube Webmail Software, you |
22 | may remove the exception above and use this source code under the |
23 | original version of the license. |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
24 | |
25 | This program is distributed in the hope that it will be useful, |
26 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
7fe3811 @thomascube Changed license to GNU GPLv3+ with exceptions for skins and plugins
thomascube authored
27 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
28 | GNU General Public License for more details. |
29 | |
7fe3811 @thomascube Changed license to GNU GPLv3+ with exceptions for skins and plugins
thomascube authored
30 | You should have received a copy of the GNU General Public License |
31 | along with this program. If not, see http://www.gnu.org/licenses/. |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
32 | |
33 +-------------------------------------------------------------------------+
34 | Author: Thomas Bruederli <roundcube@gmail.com> |
35 +-------------------------------------------------------------------------+
4e17e6c @thomascube Initial revision
thomascube authored
36 */
37
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
38 // include environment
39 require_once 'program/include/iniset.php';
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
40
48bc52e @alecpl - Fix imap_init hook broken in r3258 (#1486493)
alecpl authored
41 // init application, start session, init output class, etc.
83a7636 @thomascube More code cleanup
thomascube authored
42 $RCMAIL = rcmail::get_instance();
43
9e54e6f @alecpl - Make the whole PHP output non-cacheable (#1487797)
alecpl authored
44 // Make the whole PHP output non-cacheable (#1487797)
0c25968 @alecpl - Merge devel-framework branch, resolved conflicts
alecpl authored
45 $RCMAIL->output->nocacheing_headers();
9e54e6f @alecpl - Make the whole PHP output non-cacheable (#1487797)
alecpl authored
46
d51c93b @alecpl - get rid of some hardcoded action names and move decission about out…
alecpl authored
47 // turn on output buffering
48 ob_start();
2f2f15b @thomascube Little improvements for message parsing and encoding
thomascube authored
49
8c72e33 @thomascube Show appropriate error message if config files are missing
thomascube authored
50 // check if config files had errors
51 if ($err_str = $RCMAIL->config->get_error()) {
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
52 rcmail::raise_error(array(
8c72e33 @thomascube Show appropriate error message if config files are missing
thomascube authored
53 'code' => 601,
54 'type' => 'php',
55 'message' => $err_str), false, true);
56 }
57
8affba5 @thomascube Improved error handling in DB connection failure
thomascube authored
58 // check DB connections and exit on failure
c321a95 @thomascube Merged devel-framework branch (r5746:5779) back into trunk
thomascube authored
59 if ($err_str = $RCMAIL->db->is_error()) {
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
60 rcmail::raise_error(array(
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
61 'code' => 603,
62 'type' => 'db',
63 'message' => $err_str), FALSE, TRUE);
64 }
8affba5 @thomascube Improved error handling in DB connection failure
thomascube authored
65
4e17e6c @thomascube Initial revision
thomascube authored
66 // error steps
0c25968 @alecpl - Merge devel-framework branch, resolved conflicts
alecpl authored
67 if ($RCMAIL->action == 'error' && !empty($_GET['_code'])) {
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
68 rcmail::raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
69 }
4e17e6c @thomascube Initial revision
thomascube authored
70
f5d61d8 @thomascube Revert r3038 and allow to specify the port as value of force_https
thomascube authored
71 // check if https is required (for login) and redirect if necessary
72 if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
73 $https_port = is_bool($force_https) ? 443 : $force_https;
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
74 if (!rcube_utils::https_check($https_port)) {
76c94b6 @alecpl - Fix 'force_https' to specified port when URL contains a port number…
alecpl authored
75 $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
76 $host .= ($https_port != 443 ? ':' . $https_port : '');
77 header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
f5d61d8 @thomascube Revert r3038 and allow to specify the port as value of force_https
thomascube authored
78 exit;
79 }
80 }
81
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
82 // trigger startup plugin hook
83 $startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));
84 $RCMAIL->set_task($startup['task']);
85 $RCMAIL->action = $startup['action'];
86
4e17e6c @thomascube Initial revision
thomascube authored
87 // try to log in
9b94eb6 @alecpl - Fix setting task name according to auth state. So, any action befor…
alecpl authored
88 if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
89 $request_valid = $_SESSION['temp'] && $RCMAIL->check_request(rcube_utils::INPUT_POST, 'login');
784a425 @thomascube protect login form submission from CSRF using a request token
thomascube authored
90
0129d7c @alecpl - Fix authentication when submitting form with existing session (#148…
alecpl authored
91 // purge the session in case of new login when a session already exists
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
92 $RCMAIL->kill_session();
5f560ee @alecpl - Plugin API: Add 'pass' argument in 'authenticate' hook (#1487134)
alecpl authored
93
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
94 $auth = $RCMAIL->plugins->exec_hook('authenticate', array(
95 'host' => $RCMAIL->autoselect_host(),
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
96 'user' => trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)),
97 'pass' => rcube_utils::get_input_value('_pass', rcube_utils::INPUT_POST, true,
5f560ee @alecpl - Plugin API: Add 'pass' argument in 'authenticate' hook (#1487134)
alecpl authored
98 $RCMAIL->config->get('password_charset', 'ISO-8859-1')),
4463648 @thomascube Allow a plugin to disable the cookie check
thomascube authored
99 'cookiecheck' => true,
784a425 @thomascube protect login form submission from CSRF using a request token
thomascube authored
100 'valid' => $request_valid,
64608bf @alecpl - Password: Make passwords encoding consistent with core, add 'passwo…
alecpl authored
101 ));
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
102
7c8fd80 @alecpl Show explicit error message when provided hostname is invalid (#1488550)
alecpl authored
103 // Login
104 if ($auth['valid'] && !$auth['abort'] &&
105 $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck'])
4cfe66f @alecpl - small code cleanup
alecpl authored
106 ) {
107 // create new session ID, don't destroy the current session
c294eaa @alecpl - Performance improvement: Remove redundant DELETE query (for old ses…
alecpl authored
108 // it was destroyed already by $RCMAIL->kill_session() above
4cfe66f @alecpl - small code cleanup
alecpl authored
109 $RCMAIL->session->remove('temp');
c294eaa @alecpl - Performance improvement: Remove redundant DELETE query (for old ses…
alecpl authored
110 $RCMAIL->session->regenerate_id(false);
aad6e2a @thomascube New session authentication, should fix bugs #1483951 and #1484299; te…
thomascube authored
111
112 // send auth cookie if necessary
cf2da2f @thomascube Improve session validity check with changing auth cookies; reduce wri…
thomascube authored
113 $RCMAIL->session->set_auth_cookie();
aad6e2a @thomascube New session authentication, should fix bugs #1483951 and #1484299; te…
thomascube authored
114
5e0045b Add option to log successful logins.
svncommit authored
115 // log successful login
0c25968 @alecpl - Merge devel-framework branch, resolved conflicts
alecpl authored
116 $RCMAIL->log_login();
10eedbe @alecpl - add file/line definitions to raise_error() calls
alecpl authored
117
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
118 // restore original request parameters
88007cf @thomascube Fix login redirect issues (#1487686)
thomascube authored
119 $query = array();
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
120 if ($url = rcube_utils::get_input_value('_url', rcube_utils::INPUT_POST)) {
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
121 parse_str($url, $query);
c294eaa @alecpl - Performance improvement: Remove redundant DELETE query (for old ses…
alecpl authored
122
32234d7 @thomascube Better fix for login redirect, don't force mail task
thomascube authored
123 // prevent endless looping on login page
124 if ($query['_task'] == 'login')
125 unset($query['_task']);
d2191c6 @alecpl - Fix redirect to mail/compose on re-login (1488226)
alecpl authored
126
127 // prevent redirect to compose with specified ID (#1488226)
128 if ($query['_action'] == 'compose' && !empty($query['_id']))
129 $query = array();
32234d7 @thomascube Better fix for login redirect, don't force mail task
thomascube authored
130 }
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
131
132 // allow plugins to control the redirect url after login success
32234d7 @thomascube Better fix for login redirect, don't force mail task
thomascube authored
133 $redir = $RCMAIL->plugins->exec_hook('login_after', $query + array('_task' => 'mail'));
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
134 unset($redir['abort'], $redir['_err']);
5e0045b Add option to log successful logins.
svncommit authored
135
4e17e6c @thomascube Initial revision
thomascube authored
136 // send redirect
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
137 $OUTPUT->redirect($redir);
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
138 }
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
139 else {
7c8fd80 @alecpl Show explicit error message when provided hostname is invalid (#1488550)
alecpl authored
140 if (!$auth['valid']) {
141 $error_code = RCMAIL::ERROR_INVALID_REQUEST;
142 }
143 else {
144 $error_code = $auth['error'] ? $auth['error'] : $RCMAIL->login_error();
145 }
146
147 $error_labels = array(
148 RCMAIL::ERROR_STORAGE => 'storageerror',
149 RCMAIL::ERROR_COOKIES_DISABLED => 'cookiesdisabled',
150 RCMAIL::ERROR_INVALID_REQUEST => 'invalidrequest',
151 RCMAIL::ERROR_INVALID_HOST => 'invalidhost',
152 );
153
154 $error_message = $error_labels[$error_code] ? $error_labels[$error_code] : 'loginfailed';
6d99f99 @alecpl - Handle situation when $IMAP object isn't initialized on log in
alecpl authored
155
7c8fd80 @alecpl Show explicit error message when provided hostname is invalid (#1488550)
alecpl authored
156 $OUTPUT->show_message($error_message, 'warning');
8fcc3e1 @alecpl - Improved IMAP errors handling
alecpl authored
157 $RCMAIL->plugins->exec_hook('login_failed', array(
6d99f99 @alecpl - Handle situation when $IMAP object isn't initialized on log in
alecpl authored
158 'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user']));
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored
159 $RCMAIL->kill_session();
4e17e6c @thomascube Initial revision
thomascube authored
160 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
161 }
4e17e6c @thomascube Initial revision
thomascube authored
162
de62f02 @thomascube Also check referer on logout action
thomascube authored
163 // end session (after optional referer check)
0c25968 @alecpl - Merge devel-framework branch, resolved conflicts
alecpl authored
164 else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id']) && (!$RCMAIL->config->get('referer_check') || rcmail::check_referer())) {
c321a95 @thomascube Merged devel-framework branch (r5746:5779) back into trunk
thomascube authored
165 $userdata = array(
166 'user' => $_SESSION['username'],
167 'host' => $_SESSION['storage_host'],
168 'lang' => $RCMAIL->user->language,
169 );
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
170 $OUTPUT->show_message('loggedout');
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored
171 $RCMAIL->logout_actions();
172 $RCMAIL->kill_session();
7ef47e5 @thomascube Add some arguments to the logout_after hook
thomascube authored
173 $RCMAIL->plugins->exec_hook('logout_after', $userdata);
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
174 }
4e17e6c @thomascube Initial revision
thomascube authored
175
bac7d17 @thomascube Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
thomascube authored
176 // check session and auth cookie
9b94eb6 @alecpl - Fix setting task name according to auth state. So, any action befor…
alecpl authored
177 else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action != 'send') {
cf2da2f @thomascube Improve session validity check with changing auth cookies; reduce wri…
thomascube authored
178 if (!$RCMAIL->session->check_auth()) {
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored
179 $RCMAIL->kill_session();
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
180 $session_error = true;
4e17e6c @thomascube Initial revision
thomascube authored
181 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
182 }
4e17e6c @thomascube Initial revision
thomascube authored
183
184 // not logged in -> show login page
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored
185 if (empty($RCMAIL->user->ID)) {
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
186 // log session failures
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
187 $task = rcube_utils::get_input_value('_task', rcube_utils::INPUT_GPC);
0c25968 @alecpl - Merge devel-framework branch, resolved conflicts
alecpl authored
188 if ($task && !in_array($task, array('login','logout')) && !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])) {
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
189 $RCMAIL->session->log("Aborted session " . $sess_id . "; no valid session data found");
190 $session_error = true;
191 }
192
ec045b0 @thomascube Revert r4609 and use stateless request tokens; no need to save them i…
thomascube authored
193 if ($OUTPUT->ajax_call)
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
194 $OUTPUT->redirect(array('_err' => 'session'), 2000);
9b94eb6 @alecpl - Fix setting task name according to auth state. So, any action befor…
alecpl authored
195
ccc80d1 @alecpl - Fix login page loading into an iframe when session expires (#1485952)
alecpl authored
196 if (!empty($_REQUEST['_framed']))
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
197 $OUTPUT->command('redirect', $RCMAIL->url(array('_err' => 'session')));
ccc80d1 @alecpl - Fix login page loading into an iframe when session expires (#1485952)
alecpl authored
198
330127a @thomascube Disable PHP notices + check for installer script on login page
thomascube authored
199 // check if installer is still active
83a7636 @thomascube More code cleanup
thomascube authored
200 if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
201 $OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
202 html::tag('h2', array('style' => "margin-top:0.2em"), "Installer script is still accessible") .
e019f2d @alecpl - s/RoundCube/Roundcube/
alecpl authored
203 html::p(null, "The install script of your Roundcube installation is still stored in its default location!") .
204 html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because .
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
205 these files may expose sensitive configuration data like server passwords and encryption keys
206 to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.")
207 )
208 );
209 }
9e54e6f @alecpl - Make the whole PHP output non-cacheable (#1487797)
alecpl authored
210
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
211 if ($session_error || $_REQUEST['_err'] == 'session')
212 $OUTPUT->show_message('sessionerror', 'error', null, true, -1);
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
213
784a425 @thomascube protect login form submission from CSRF using a request token
thomascube authored
214 $RCMAIL->set_task('login');
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
215 $OUTPUT->send('login');
216 }
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
217 // CSRF prevention
218 else {
219 // don't check for valid request tokens in these actions
220 $request_check_whitelist = array('login'=>1, 'spell'=>1);
221
222 // check client X-header to verify request origin
223 if ($OUTPUT->ajax_call) {
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
224 if (rcube_utils::request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
abdf314 @thomascube Allow cross-task ajax requests
thomascube authored
225 header('HTTP/1.1 403 Forbidden');
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
226 die("Invalid Request");
227 }
228 }
229 // check request token in POST form submissions
230 else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) {
231 $OUTPUT->show_message('invalidrequest', 'error');
232 $OUTPUT->send($RCMAIL->task);
233 }
a77cf22 @thomascube Add optional referer check to prevent CSRF in GET requests
thomascube authored
234
235 // check referer if configured
0c25968 @alecpl - Merge devel-framework branch, resolved conflicts
alecpl authored
236 if (!$request_check_whitelist[$RCMAIL->action] && $RCMAIL->config->get('referer_check') && !rcmail::check_referer()) {
a77cf22 @thomascube Add optional referer check to prevent CSRF in GET requests
thomascube authored
237 raise_error(array(
238 'code' => 403,
239 'type' => 'php',
240 'message' => "Referer check failed"), true, true);
241 }
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
242 }
4e17e6c @thomascube Initial revision
thomascube authored
243
3703021 @alecpl - Plugin API: added 'ready' hook (#1488073)
alecpl authored
244 // we're ready, user is authenticated and the request is safe
245 $plugin = $RCMAIL->plugins->exec_hook('ready', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));
246 $RCMAIL->set_task($plugin['task']);
247 $RCMAIL->action = $plugin['action'];
248
249
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
250 // handle special actions
48aff91 @thomascube Moved code block to a more appropriate position + codestyle
thomascube authored
251 if ($RCMAIL->action == 'keep-alive') {
252 $OUTPUT->reset();
28ac5ca @thomascube Let plugins hook into keep-alive requests
thomascube authored
253 $RCMAIL->plugins->exec_hook('keep_alive', array());
48aff91 @thomascube Moved code block to a more appropriate position + codestyle
thomascube authored
254 $OUTPUT->send();
255 }
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
256 else if ($RCMAIL->action == 'save-pref') {
4351f7c @alecpl - Improve performance by including files with absolute path (#1487849)
alecpl authored
257 include INSTALL_PATH . 'program/steps/utils/save_pref.inc';
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
258 }
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Pos…
thomascube authored
259
4e17e6c @thomascube Initial revision
thomascube authored
260
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
261 // include task specific functions
4351f7c @alecpl - Improve performance by including files with absolute path (#1487849)
alecpl authored
262 if (is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/func.inc'))
263 include_once $incfile;
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
264
265 // allow 5 "redirects" to another action
266 $redirects = 0; $incstep = null;
267 while ($redirects < 5) {
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
268 // execute a plugin action
05a631a @thomascube Allow plugins to register their own tasks
thomascube authored
269 if ($RCMAIL->plugins->is_plugin_task($RCMAIL->task)) {
87e58c7 @thomascube Default action for plugin tasks is 'index'
thomascube authored
270 if (!$RCMAIL->action) $RCMAIL->action = 'index';
05a631a @thomascube Allow plugins to register their own tasks
thomascube authored
271 $RCMAIL->plugins->exec_action($RCMAIL->task.'.'.$RCMAIL->action);
272 break;
273 }
274 else if (preg_match('/^plugin\./', $RCMAIL->action)) {
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
275 $RCMAIL->plugins->exec_action($RCMAIL->action);
276 break;
277 }
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
278 // try to include the step file
68d2d54 @alecpl - Move action files map from index.php to steps' func.inc files
alecpl authored
279 else if (($stepfile = $RCMAIL->get_action_file())
4351f7c @alecpl - Improve performance by including files with absolute path (#1487849)
alecpl authored
280 && is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/'.$stepfile)
68d2d54 @alecpl - Move action files map from index.php to steps' func.inc files
alecpl authored
281 ) {
4351f7c @alecpl - Improve performance by including files with absolute path (#1487849)
alecpl authored
282 include $incfile;
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
283 $redirects++;
284 }
285 else {
286 break;
287 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
288 }
4e17e6c @thomascube Initial revision
thomascube authored
289
290
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
291 // parse main template (default)
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored
292 $OUTPUT->send($RCMAIL->task);
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
293
4e17e6c @thomascube Initial revision
thomascube authored
294
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
295 // if we arrive here, something went wrong
1aceb9c @alecpl - Framework refactoring (I hope it's the last one):
alecpl authored
296 rcmail::raise_error(array(
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
297 'code' => 404,
298 'type' => 'php',
299 'line' => __LINE__,
300 'file' => __FILE__,
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
301 'message' => "Invalid request"), true, true);
b25dfd0 @alecpl - removed PHP closing tag
alecpl authored
302
Something went wrong with that request. Please try again.