Fix so install/update scripts do not require PEAR (#9037)

roundcube · Aug 4, 2024 · ed98839 · ed98839
1 parent a25e48e
commit ed98839
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@
 - Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009]
 - Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]
 - Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]
+- Fix so install/update scripts do not require PEAR (#9037)
 
 ## Release 1.5.7
 

diff --git a/program/lib/Roundcube/bootstrap.php b/program/lib/Roundcube/bootstrap.php
@@ -100,8 +100,9 @@
 spl_autoload_register('rcube_autoload');
 
 // set PEAR error handling (will also load the PEAR main class)
-PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, function($err) { rcube::raise_error($err, true); });
-
+if (class_exists('PEAR')) {
+    PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, function($err) { rcube::raise_error($err, true); });
+}
 
 /**
  * Similar function as in_array() but case-insensitive with multibyte support.

diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php
@@ -1387,7 +1387,7 @@ public static function raise_error($arg = [], $log = false, $terminate = false)
                 'message' => $arg->getMessage(),
             ];
         }
-        else if ($arg instanceof PEAR_Error) {
+        else if (is_object($arg) && is_a($arg, 'PEAR_Error')) {
             $info = $arg->getUserInfo();
             $arg  = [
                 'code'    => $arg->getCode(),