Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 307 lines (259 sloc) 11.621 kB
4e17e6c @thomascube Initial revision
thomascube authored
1 <?php
2 /*
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
3 +-------------------------------------------------------------------------+
e019f2d @alecpl - s/RoundCube/Roundcube/
alecpl authored
4 | Roundcube Webmail IMAP Client |
f06aa80 @thomascube Bump version after security fix
thomascube authored
5 | Version 0.8.7 |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
6 | |
7fe3811 @thomascube Changed license to GNU GPLv3+ with exceptions for skins and plugins
thomascube authored
7 | Copyright (C) 2005-2012, The Roundcube Dev Team |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
8 | |
7fe3811 @thomascube Changed license to GNU GPLv3+ with exceptions for skins and plugins
thomascube authored
9 | This program is free software: you can redistribute it and/or modify |
10 | it under the terms of the GNU General Public License (with exceptions |
11 | for skins & plugins) as published by the Free Software Foundation, |
12 | either version 3 of the License, or (at your option) any later version. |
13 | |
14 | This file forms part of the Roundcube Webmail Software for which the |
15 | following exception is added: Plugins and Skins which merely make |
16 | function calls to the Roundcube Webmail Software, and for that purpose |
17 | include it by reference shall not be considered modifications of |
18 | the software. |
19 | |
20 | If you wish to use this file in another project or create a modified |
21 | version that will not be part of the Roundcube Webmail Software, you |
22 | may remove the exception above and use this source code under the |
23 | original version of the license. |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
24 | |
25 | This program is distributed in the hope that it will be useful, |
26 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
7fe3811 @thomascube Changed license to GNU GPLv3+ with exceptions for skins and plugins
thomascube authored
27 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
28 | GNU General Public License for more details. |
29 | |
7fe3811 @thomascube Changed license to GNU GPLv3+ with exceptions for skins and plugins
thomascube authored
30 | You should have received a copy of the GNU General Public License |
31 | along with this program. If not, see http://www.gnu.org/licenses/. |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
32 | |
33 +-------------------------------------------------------------------------+
34 | Author: Thomas Bruederli <roundcube@gmail.com> |
35 +-------------------------------------------------------------------------+
4e17e6c @thomascube Initial revision
thomascube authored
36
37 $Id$
38
39 */
40
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
41 // include environment
42 require_once 'program/include/iniset.php';
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
43
48bc52e @alecpl - Fix imap_init hook broken in r3258 (#1486493)
alecpl authored
44 // init application, start session, init output class, etc.
83a7636 @thomascube More code cleanup
thomascube authored
45 $RCMAIL = rcmail::get_instance();
46
9e54e6f @alecpl - Make the whole PHP output non-cacheable (#1487797)
alecpl authored
47 // Make the whole PHP output non-cacheable (#1487797)
48 send_nocacheing_headers();
49
d51c93b @alecpl - get rid of some hardcoded action names and move decission about out…
alecpl authored
50 // turn on output buffering
51 ob_start();
2f2f15b @thomascube Little improvements for message parsing and encoding
thomascube authored
52
8c72e33 @thomascube Show appropriate error message if config files are missing
thomascube authored
53 // check if config files had errors
54 if ($err_str = $RCMAIL->config->get_error()) {
55 raise_error(array(
56 'code' => 601,
57 'type' => 'php',
58 'message' => $err_str), false, true);
59 }
60
8affba5 @thomascube Improved error handling in DB connection failure
thomascube authored
61 // check DB connections and exit on failure
c321a95 @thomascube Merged devel-framework branch (r5746:5779) back into trunk
thomascube authored
62 if ($err_str = $RCMAIL->db->is_error()) {
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
63 raise_error(array(
64 'code' => 603,
65 'type' => 'db',
66 'message' => $err_str), FALSE, TRUE);
67 }
8affba5 @thomascube Improved error handling in DB connection failure
thomascube authored
68
4e17e6c @thomascube Initial revision
thomascube authored
69 // error steps
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored
70 if ($RCMAIL->action=='error' && !empty($_GET['_code'])) {
4e17e6c @thomascube Initial revision
thomascube authored
71 raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
72 }
4e17e6c @thomascube Initial revision
thomascube authored
73
f5d61d8 @thomascube Revert r3038 and allow to specify the port as value of force_https
thomascube authored
74 // check if https is required (for login) and redirect if necessary
75 if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
76 $https_port = is_bool($force_https) ? 443 : $force_https;
5818e44 @alecpl - Fix $_SERVER['HTTPS'] check for SSL forcing on IIS (#1486243) + fix…
alecpl authored
77 if (!rcube_https_check($https_port)) {
76c94b6 @alecpl - Fix 'force_https' to specified port when URL contains a port number…
alecpl authored
78 $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
79 $host .= ($https_port != 443 ? ':' . $https_port : '');
80 header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
f5d61d8 @thomascube Revert r3038 and allow to specify the port as value of force_https
thomascube authored
81 exit;
82 }
83 }
84
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
85 // trigger startup plugin hook
86 $startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));
87 $RCMAIL->set_task($startup['task']);
88 $RCMAIL->action = $startup['action'];
89
4e17e6c @thomascube Initial revision
thomascube authored
90 // try to log in
9b94eb6 @alecpl - Fix setting task name according to auth state. So, any action befor…
alecpl authored
91 if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
784a425 @thomascube protect login form submission from CSRF using a request token
thomascube authored
92 $request_valid = $_SESSION['temp'] && $RCMAIL->check_request(RCUBE_INPUT_POST, 'login');
93
0129d7c @alecpl - Fix authentication when submitting form with existing session (#148…
alecpl authored
94 // purge the session in case of new login when a session already exists
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
95 $RCMAIL->kill_session();
5f560ee @alecpl - Plugin API: Add 'pass' argument in 'authenticate' hook (#1487134)
alecpl authored
96
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
97 $auth = $RCMAIL->plugins->exec_hook('authenticate', array(
98 'host' => $RCMAIL->autoselect_host(),
99 'user' => trim(get_input_value('_user', RCUBE_INPUT_POST)),
5f560ee @alecpl - Plugin API: Add 'pass' argument in 'authenticate' hook (#1487134)
alecpl authored
100 'pass' => get_input_value('_pass', RCUBE_INPUT_POST, true,
101 $RCMAIL->config->get('password_charset', 'ISO-8859-1')),
4463648 @thomascube Allow a plugin to disable the cookie check
thomascube authored
102 'cookiecheck' => true,
784a425 @thomascube protect login form submission from CSRF using a request token
thomascube authored
103 'valid' => $request_valid,
64608bf @alecpl - Password: Make passwords encoding consistent with core, add 'passwo…
alecpl authored
104 ));
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
105
ecc3ba1 @alecpl Show explicit error message when provided hostname is invalid (#1488550)
alecpl authored
106 // Login
107 if ($auth['valid'] && !$auth['abort'] &&
108 $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck'])
4cfe66f @alecpl - small code cleanup
alecpl authored
109 ) {
110 // create new session ID, don't destroy the current session
c294eaa @alecpl - Performance improvement: Remove redundant DELETE query (for old ses…
alecpl authored
111 // it was destroyed already by $RCMAIL->kill_session() above
4cfe66f @alecpl - small code cleanup
alecpl authored
112 $RCMAIL->session->remove('temp');
c294eaa @alecpl - Performance improvement: Remove redundant DELETE query (for old ses…
alecpl authored
113 $RCMAIL->session->regenerate_id(false);
aad6e2a @thomascube New session authentication, should fix bugs #1483951 and #1484299; te…
thomascube authored
114
115 // send auth cookie if necessary
cf2da2f @thomascube Improve session validity check with changing auth cookies; reduce wri…
thomascube authored
116 $RCMAIL->session->set_auth_cookie();
aad6e2a @thomascube New session authentication, should fix bugs #1483951 and #1484299; te…
thomascube authored
117
5e0045b Add option to log successful logins.
svncommit authored
118 // log successful login
3544558 @alecpl - Add HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR to successful logins lo…
alecpl authored
119 rcmail_log_login();
10eedbe @alecpl - add file/line definitions to raise_error() calls
alecpl authored
120
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
121 // restore original request parameters
88007cf @thomascube Fix login redirect issues (#1487686)
thomascube authored
122 $query = array();
32234d7 @thomascube Better fix for login redirect, don't force mail task
thomascube authored
123 if ($url = get_input_value('_url', RCUBE_INPUT_POST)) {
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
124 parse_str($url, $query);
c294eaa @alecpl - Performance improvement: Remove redundant DELETE query (for old ses…
alecpl authored
125
32234d7 @thomascube Better fix for login redirect, don't force mail task
thomascube authored
126 // prevent endless looping on login page
127 if ($query['_task'] == 'login')
128 unset($query['_task']);
f4698cb @alecpl - Applied fixes from trunk up to r6129
alecpl authored
129
130 // prevent redirect to compose with specified ID (#1488226)
131 if ($query['_action'] == 'compose' && !empty($query['_id']))
132 $query = array();
32234d7 @thomascube Better fix for login redirect, don't force mail task
thomascube authored
133 }
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
134
135 // allow plugins to control the redirect url after login success
32234d7 @thomascube Better fix for login redirect, don't force mail task
thomascube authored
136 $redir = $RCMAIL->plugins->exec_hook('login_after', $query + array('_task' => 'mail'));
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
137 unset($redir['abort'], $redir['_err']);
5e0045b Add option to log successful logins.
svncommit authored
138
4e17e6c @thomascube Initial revision
thomascube authored
139 // send redirect
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
140 $OUTPUT->redirect($redir);
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
141 }
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
142 else {
ecc3ba1 @alecpl Show explicit error message when provided hostname is invalid (#1488550)
alecpl authored
143 if (!$auth['valid']) {
144 $error_code = RCMAIL::ERROR_INVALID_REQUEST;
145 }
146 else {
147 $error_code = $auth['error'] ? $auth['error'] : $RCMAIL->login_error();
148 }
149
150 $error_labels = array(
151 RCMAIL::ERROR_STORAGE => 'storageerror',
152 RCMAIL::ERROR_COOKIES_DISABLED => 'cookiesdisabled',
153 RCMAIL::ERROR_INVALID_REQUEST => 'invalidrequest',
154 RCMAIL::ERROR_INVALID_HOST => 'invalidhost',
155 );
156
157 $error_message = $error_labels[$error_code] ? $error_labels[$error_code] : 'loginfailed';
6d99f99 @alecpl - Handle situation when $IMAP object isn't initialized on log in
alecpl authored
158
ecc3ba1 @alecpl Show explicit error message when provided hostname is invalid (#1488550)
alecpl authored
159 $OUTPUT->show_message($error_message, 'warning');
8fcc3e1 @alecpl - Improved IMAP errors handling
alecpl authored
160 $RCMAIL->plugins->exec_hook('login_failed', array(
6d99f99 @alecpl - Handle situation when $IMAP object isn't initialized on log in
alecpl authored
161 'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user']));
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored
162 $RCMAIL->kill_session();
4e17e6c @thomascube Initial revision
thomascube authored
163 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
164 }
4e17e6c @thomascube Initial revision
thomascube authored
165
de62f02 @thomascube Also check referer on logout action
thomascube authored
166 // end session (after optional referer check)
167 else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id']) && (!$RCMAIL->config->get('referer_check') || rcube_check_referer())) {
c321a95 @thomascube Merged devel-framework branch (r5746:5779) back into trunk
thomascube authored
168 $userdata = array(
169 'user' => $_SESSION['username'],
170 'host' => $_SESSION['storage_host'],
171 'lang' => $RCMAIL->user->language,
172 );
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
173 $OUTPUT->show_message('loggedout');
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored
174 $RCMAIL->logout_actions();
175 $RCMAIL->kill_session();
7ef47e5 @thomascube Add some arguments to the logout_after hook
thomascube authored
176 $RCMAIL->plugins->exec_hook('logout_after', $userdata);
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
177 }
4e17e6c @thomascube Initial revision
thomascube authored
178
bac7d17 @thomascube Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
thomascube authored
179 // check session and auth cookie
9b94eb6 @alecpl - Fix setting task name according to auth state. So, any action befor…
alecpl authored
180 else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action != 'send') {
cf2da2f @thomascube Improve session validity check with changing auth cookies; reduce wri…
thomascube authored
181 if (!$RCMAIL->session->check_auth()) {
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored
182 $RCMAIL->kill_session();
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
183 $session_error = true;
4e17e6c @thomascube Initial revision
thomascube authored
184 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
185 }
4e17e6c @thomascube Initial revision
thomascube authored
186
187 // not logged in -> show login page
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored
188 if (empty($RCMAIL->user->ID)) {
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
189 // log session failures
6354da5 @thomascube Fix r5117: don't show error on default login page
thomascube authored
190 if (($task = get_input_value('_task', RCUBE_INPUT_GPC)) && !in_array($task, array('login','logout')) && !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])) {
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
191 $RCMAIL->session->log("Aborted session " . $sess_id . "; no valid session data found");
192 $session_error = true;
193 }
194
ec045b0 @thomascube Revert r4609 and use stateless request tokens; no need to save them i…
thomascube authored
195 if ($OUTPUT->ajax_call)
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
196 $OUTPUT->redirect(array('_err' => 'session'), 2000);
9b94eb6 @alecpl - Fix setting task name according to auth state. So, any action befor…
alecpl authored
197
ccc80d1 @alecpl - Fix login page loading into an iframe when session expires (#1485952)
alecpl authored
198 if (!empty($_REQUEST['_framed']))
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
199 $OUTPUT->command('redirect', $RCMAIL->url(array('_err' => 'session')));
ccc80d1 @alecpl - Fix login page loading into an iframe when session expires (#1485952)
alecpl authored
200
330127a @thomascube Disable PHP notices + check for installer script on login page
thomascube authored
201 // check if installer is still active
83a7636 @thomascube More code cleanup
thomascube authored
202 if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
203 $OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
204 html::tag('h2', array('style' => "margin-top:0.2em"), "Installer script is still accessible") .
e019f2d @alecpl - s/RoundCube/Roundcube/
alecpl authored
205 html::p(null, "The install script of your Roundcube installation is still stored in its default location!") .
206 html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because .
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
207 these files may expose sensitive configuration data like server passwords and encryption keys
208 to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.")
209 )
210 );
211 }
9e54e6f @alecpl - Make the whole PHP output non-cacheable (#1487797)
alecpl authored
212
fcc7f86 @thomascube Log session validation errors; keep error message when redirecting to…
thomascube authored
213 if ($session_error || $_REQUEST['_err'] == 'session')
214 $OUTPUT->show_message('sessionerror', 'error', null, true, -1);
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
215
ae2e88b @alecpl Plugin API: Add 'unauthenticated' hook (#1488138)
alecpl authored
216 $plugin = $RCMAIL->plugins->exec_hook('unauthenticated', array('task' => 'login', 'error' => $session_error));
217
218 $RCMAIL->set_task($plugin['task']);
219 $OUTPUT->send($plugin['task']);
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
220 }
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
221 // CSRF prevention
222 else {
5def04b @alecpl - Fix (disable) request validation for spell and spell_html actions
alecpl authored
223 $request_check_whitelist = array('login'=>1, 'spell'=>1, 'spell_html'=>1);
224
225 if (!$request_check_whitelist[$RCMAIL->action]) {
226 // check client X-header to verify request origin
227 if ($OUTPUT->ajax_call) {
228 if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
229 header('HTTP/1.1 403 Forbidden');
230 die("Invalid Request");
231 }
232 }
233 // check request token in POST form submissions
234 else if (!empty($_POST) && !$RCMAIL->check_request()) {
235 $OUTPUT->show_message('invalidrequest', 'error');
236 $OUTPUT->send($RCMAIL->task);
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
237 }
a77cf22 @thomascube Add optional referer check to prevent CSRF in GET requests
thomascube authored
238
5def04b @alecpl - Fix (disable) request validation for spell and spell_html actions
alecpl authored
239 // check referer if configured
240 if ($RCMAIL->config->get('referer_check') && !rcube_check_referer()) {
241 raise_error(array(
242 'code' => 403, 'type' => 'php',
243 'message' => "Referer check failed"), true, true);
244 }
a77cf22 @thomascube Add optional referer check to prevent CSRF in GET requests
thomascube authored
245 }
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
246 }
4e17e6c @thomascube Initial revision
thomascube authored
247
3703021 @alecpl - Plugin API: added 'ready' hook (#1488073)
alecpl authored
248 // we're ready, user is authenticated and the request is safe
249 $plugin = $RCMAIL->plugins->exec_hook('ready', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));
250 $RCMAIL->set_task($plugin['task']);
251 $RCMAIL->action = $plugin['action'];
252
253
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
254 // handle special actions
48aff91 @thomascube Moved code block to a more appropriate position + codestyle
thomascube authored
255 if ($RCMAIL->action == 'keep-alive') {
256 $OUTPUT->reset();
28ac5ca @thomascube Let plugins hook into keep-alive requests
thomascube authored
257 $RCMAIL->plugins->exec_hook('keep_alive', array());
48aff91 @thomascube Moved code block to a more appropriate position + codestyle
thomascube authored
258 $OUTPUT->send();
259 }
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
260 else if ($RCMAIL->action == 'save-pref') {
4351f7c @alecpl - Improve performance by including files with absolute path (#1487849)
alecpl authored
261 include INSTALL_PATH . 'program/steps/utils/save_pref.inc';
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored
262 }
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Pos…
thomascube authored
263
4e17e6c @thomascube Initial revision
thomascube authored
264
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
265 // include task specific functions
4351f7c @alecpl - Improve performance by including files with absolute path (#1487849)
alecpl authored
266 if (is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/func.inc'))
267 include_once $incfile;
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
268
269 // allow 5 "redirects" to another action
270 $redirects = 0; $incstep = null;
271 while ($redirects < 5) {
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
272 // execute a plugin action
05a631a @thomascube Allow plugins to register their own tasks
thomascube authored
273 if ($RCMAIL->plugins->is_plugin_task($RCMAIL->task)) {
87e58c7 @thomascube Default action for plugin tasks is 'index'
thomascube authored
274 if (!$RCMAIL->action) $RCMAIL->action = 'index';
05a631a @thomascube Allow plugins to register their own tasks
thomascube authored
275 $RCMAIL->plugins->exec_action($RCMAIL->task.'.'.$RCMAIL->action);
276 break;
277 }
278 else if (preg_match('/^plugin\./', $RCMAIL->action)) {
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored
279 $RCMAIL->plugins->exec_action($RCMAIL->action);
280 break;
281 }
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
282 // try to include the step file
68d2d54 @alecpl - Move action files map from index.php to steps' func.inc files
alecpl authored
283 else if (($stepfile = $RCMAIL->get_action_file())
4351f7c @alecpl - Improve performance by including files with absolute path (#1487849)
alecpl authored
284 && is_file($incfile = INSTALL_PATH . 'program/steps/'.$RCMAIL->task.'/'.$stepfile)
68d2d54 @alecpl - Move action files map from index.php to steps' func.inc files
alecpl authored
285 ) {
4351f7c @alecpl - Improve performance by including files with absolute path (#1487849)
alecpl authored
286 include $incfile;
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
287 $redirects++;
288 }
289 else {
290 break;
291 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
292 }
4e17e6c @thomascube Initial revision
thomascube authored
293
294
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
295 // parse main template (default)
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored
296 $OUTPUT->send($RCMAIL->task);
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
297
4e17e6c @thomascube Initial revision
thomascube authored
298
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
299 // if we arrive here, something went wrong
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
300 raise_error(array(
301 'code' => 404,
302 'type' => 'php',
303 'line' => __LINE__,
304 'file' => __FILE__,
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
305 'message' => "Invalid request"), true, true);
b25dfd0 @alecpl - removed PHP closing tag
alecpl authored
306
Something went wrong with that request. Please try again.