Projects
Kolab:3.4
roundcubemail
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 54
View file
roundcubemail-1.1-collated.patch
Changed
@@ -268,7 +268,7 @@ diff -ur roundcubemail-1.1.orig/program/include/rcmail_output_html.php roundcubemail-1.1/program/include/rcmail_output_html.php --- roundcubemail-1.1.orig/program/include/rcmail_output_html.php 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/program/include/rcmail_output_html.php 2014-11-05 12:46:36.173520536 +0100 ++++ roundcubemail-1.1/program/include/rcmail_output_html.php 2014-11-05 13:56:12.263999725 +0100 @@ -45,6 +45,7 @@ protected $footer = ''; protected $body = ''; @@ -286,7 +286,7 @@ if (!empty($_REQUEST['_extwin'])) $this->set_env('extwin', 1); if ($this->framed || $framed) -@@ -145,6 +148,52 @@ +@@ -145,6 +148,51 @@ } /** @@ -326,9 +326,8 @@ + + $base = implode('/', $_base); + } -+ + $path = (rcube_utils::https_check() ? 'https' : 'http') . '://' -+ . $_SERVER['SERVER_NAME'] . $base . ($base ? '/' : '') . $path; ++ . $_SERVER['HTTP_HOST'] . rtrim($base, '/') . '/' . ltrim($path, '/'); + } + + $this->assets_path = $path; @@ -339,7 +338,36 @@ * Getter for the current page title * * @return string The page title -@@ -369,14 +418,15 @@ +@@ -261,10 +309,27 @@ + } + + foreach ($skin_paths as $skin_path) { +- $path = realpath($skin_path . $file); ++ $path = $skin_path . $file; ++ + if (is_file($path)) { + return $skin_path . $file; + } ++ ++ $path = rtrim(RCUBE_INSTALL_PATH, '/'); ++ $path .= '/' . 'public_html/assets/'; ++ $path .= rtrim($skin_path, '/') . '/' . $file; ++ ++ if (is_file($path)) { ++ return $skin_path . $file; ++ } ++ ++ $path = rtrim(RCUBE_INSTALL_PATH, '/'); ++ $path .= '/' . $skin_path . $file; ++ $path = realpath($path); ++ ++ if ($skin_path[0] != '/' && is_file($path)) { ++ return $path; ++ } + } + + return false; +@@ -369,14 +434,15 @@ /** * Redirect to a certain url * @@ -359,7 +387,31 @@ header('Location: ' . $location); exit; } -@@ -667,6 +717,24 @@ +@@ -494,9 +560,10 @@ + + // fallback to deprecated template names + if (!is_readable($path) && $this->deprecated_templates[$realname]) { +- $path = "$skin_path/templates/" . $this->deprecated_templates[$realname] . ".html"; ++ // Try an old path ++ $tpath = "$skin_path/templates/" . $this->deprecated_templates[$realname] . ".html"; + +- if (is_readable($path)) { ++ if (is_readable($tpath)) { + rcube::raise_error(array( + 'code' => 502, 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, +@@ -506,6 +573,10 @@ + } + } + ++ if (!is_readable($path) && $path[0] != '/' && is_readable(rtrim(RCUBE_INSTALL_PATH, '/') . '/' . $path)) { ++ $path = rtrim(RCUBE_INSTALL_PATH, '/') . '/' . $path; ++ } ++ + if (is_readable($path)) { + $this->config->set('skin_path', $skin_path); + $this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path); // set base_path to core skin directory (not plugin's skin) +@@ -667,6 +738,24 @@ exit; } @@ -384,7 +436,7 @@ /***** Template parsing methods *****/ -@@ -723,6 +791,8 @@ +@@ -723,6 +812,8 @@ $file = $this->file_mod($file); } @@ -393,7 +445,7 @@ return $matches[1] . '=' . $matches[2] . $file . $matches[4]; } -@@ -1337,6 +1407,7 @@ +@@ -1337,6 +1428,7 @@ { if (!preg_match('|^https?://|i', $file) && $file[0] != '/') { $file = $this->file_mod($this->scripts_path . $file); @@ -401,7 +453,7 @@ } if (!is_array($this->script_files[$position])) { -@@ -1549,7 +1620,7 @@ +@@ -1549,7 +1641,7 @@ } $attrib['name'] = $attrib['id']; @@ -410,7 +462,7 @@ // register as 'contentframe' object if ($is_contentframe || $attrib['contentframe']) { -@@ -1766,9 +1837,11 @@ +@@ -1766,9 +1858,11 @@ { $images = preg_split('/[\s\t\n,]+/', $attrib['images'], -1, PREG_SPLIT_NO_EMPTY); $images = array_map(array($this, 'abs_url'), $images);
View file
roundcubemail-1.1-csrf.patch
Changed
@@ -1,6 +1,33 @@ +diff -ur roundcubemail-1.1.orig/config/defaults.inc.php roundcubemail-1.1/config/defaults.inc.php +--- roundcubemail-1.1.orig/config/defaults.inc.php 2014-11-04 15:28:27.000000000 +0100 ++++ roundcubemail-1.1/config/defaults.inc.php 2014-11-05 13:58:01.126092293 +0100 +@@ -532,6 +532,23 @@ + // Note: useful when SMTP server stores sent mail in user mailbox + $config['no_save_sent_messages'] = false; + ++// Improve system security by using special URL with security token. ++// This can be set to a number defining token length. Default: 16. ++// Warning: This requires http server configuration. Sample: ++// RewriteRule ^/roundcubemail/[a-f0-9]{16}/(.*) /roundcubemail/$1 [PT] ++// Alias /roundcubemail /var/www/roundcubemail/ ++// Note: Use assets_path to not prevent the browser from caching assets ++$config['use_secure_urls'] = true; ++ ++// Allows to define separate server/path for image/js/css files ++// Warning: If the domain is different cross-domain access to some ++// resources need to be allowed ++// Sample: ++// <FilesMatch ".(eot|ttf|woff)"> ++// Header set Access-Control-Allow-Origin "*" ++// </FilesMatch> ++$config['assets_path'] = '/roundcubemail/assets/'; ++ + // ---------------------------------- + // PLUGINS + // ---------------------------------- diff -ur roundcubemail-1.1.orig/.htaccess roundcubemail-1.1/.htaccess --- roundcubemail-1.1.orig/.htaccess 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/.htaccess 2014-11-05 12:16:39.115271616 +0100 ++++ roundcubemail-1.1/.htaccess 2014-11-05 13:58:01.121092288 +0100 @@ -30,7 +30,7 @@ # security rules: # - deny access to files not containing a dot or starting with a dot @@ -12,7 +39,7 @@ # - deny access to some documentation files diff -ur roundcubemail-1.1.orig/index.php roundcubemail-1.1/index.php --- roundcubemail-1.1.orig/index.php 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/index.php 2014-11-05 12:16:39.116271617 +0100 ++++ roundcubemail-1.1/index.php 2014-11-05 13:58:01.121092288 +0100 @@ -90,9 +90,9 @@ // try to log in @@ -86,7 +113,7 @@ $disabled_actions = (array) $RCMAIL->config->get('disabled_actions'); diff -ur roundcubemail-1.1.orig/plugins/acl/acl.js roundcubemail-1.1/plugins/acl/acl.js --- roundcubemail-1.1.orig/plugins/acl/acl.js 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/plugins/acl/acl.js 2014-11-05 12:16:39.116271617 +0100 ++++ roundcubemail-1.1/plugins/acl/acl.js 2014-11-05 13:58:01.121092288 +0100 @@ -58,8 +58,11 @@ var users = this.acl_get_usernames(); @@ -137,7 +164,7 @@ // Cancel/Hide form diff -ur roundcubemail-1.1.orig/plugins/acl/acl.php roundcubemail-1.1/plugins/acl/acl.php --- roundcubemail-1.1.orig/plugins/acl/acl.php 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/plugins/acl/acl.php 2014-11-05 12:16:39.118271620 +0100 ++++ roundcubemail-1.1/plugins/acl/acl.php 2014-11-05 13:58:01.121092288 +0100 @@ -454,10 +454,10 @@ */ private function action_save() @@ -166,7 +193,7 @@ diff -ur roundcubemail-1.1.orig/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php roundcubemail-1.1/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php --- roundcubemail-1.1.orig/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php 2014-11-05 12:16:39.119271621 +0100 ++++ roundcubemail-1.1/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php 2014-11-05 13:58:01.122092289 +0100 @@ -349,7 +349,7 @@ } } @@ -213,7 +240,7 @@ diff -ur roundcubemail-1.1.orig/program/include/rcmail_output_html.php roundcubemail-1.1/program/include/rcmail_output_html.php --- roundcubemail-1.1.orig/program/include/rcmail_output_html.php 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/program/include/rcmail_output_html.php 2014-11-05 12:25:02.235810998 +0100 ++++ roundcubemail-1.1/program/include/rcmail_output_html.php 2014-11-05 13:59:39.850176239 +0100 @@ -45,6 +45,7 @@ protected $footer = ''; protected $body = ''; @@ -273,7 +300,7 @@ + } + + $path = (rcube_utils::https_check() ? 'https' : 'http') . '://' -+ . $_SERVER['SERVER_NAME'] . $base . ($base ? '/' : '') . $path; ++ . $_SERVER['SERVER_NAME'] . (!empty($base) ? rtrim($base, '/') . '/' : '/') . ltrim($path, '/');; + } + + $this->assets_path = $path; @@ -284,7 +311,36 @@ * Getter for the current page title * * @return string The page title -@@ -369,14 +418,15 @@ +@@ -261,10 +310,27 @@ + } + + foreach ($skin_paths as $skin_path) { +- $path = realpath($skin_path . $file); ++ $path = $skin_path . $file; ++ ++ if (is_file($path)) { ++ return $skin_path . $file; ++ } ++ ++ $path = rtrim(RCUBE_INSTALL_PATH, '/'); ++ $path .= '/' . 'public_html/assets/'; ++ $path .= rtrim($skin_path, '/') . '/' . $file; ++ + if (is_file($path)) { + return $skin_path . $file; + } ++ ++ $path = rtrim(RCUBE_INSTALL_PATH, '/'); ++ $path .= '/' . $skin_path . $file; ++ $path = realpath($path); ++ ++ if ($skin_path[0] != '/' && is_file($path)) { ++ return $path; ++ } + } + + return false; +@@ -369,14 +435,15 @@ /** * Redirect to a certain url * @@ -304,7 +360,31 @@ header('Location: ' . $location); exit; } -@@ -667,6 +717,24 @@ +@@ -494,9 +561,10 @@ + + // fallback to deprecated template names + if (!is_readable($path) && $this->deprecated_templates[$realname]) { +- $path = "$skin_path/templates/" . $this->deprecated_templates[$realname] . ".html"; ++ // Try an old path ++ $tpath = "$skin_path/templates/" . $this->deprecated_templates[$realname] . ".html"; + +- if (is_readable($path)) { ++ if (is_readable($tpath)) { + rcube::raise_error(array( + 'code' => 502, 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, +@@ -506,6 +574,10 @@ + } + } + ++ if (!is_readable($path) && $path[0] != '/' && is_readable(rtrim(RCUBE_INSTALL_PATH, '/') . '/' . $path)) { ++ $path = rtrim(RCUBE_INSTALL_PATH, '/') . '/' . $path; ++ } ++ + if (is_readable($path)) { + $this->config->set('skin_path', $skin_path); + $this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path); // set base_path to core skin directory (not plugin's skin) +@@ -667,6 +739,24 @@ exit; } @@ -329,7 +409,7 @@ /***** Template parsing methods *****/ -@@ -723,6 +791,8 @@ +@@ -723,6 +813,8 @@ $file = $this->file_mod($file); } @@ -338,7 +418,7 @@ return $matches[1] . '=' . $matches[2] . $file . $matches[4]; } -@@ -1337,6 +1407,7 @@ +@@ -1337,6 +1429,7 @@ { if (!preg_match('|^https?://|i', $file) && $file[0] != '/') { $file = $this->file_mod($this->scripts_path . $file); @@ -346,7 +426,7 @@ } if (!is_array($this->script_files[$position])) { -@@ -1549,7 +1620,7 @@ +@@ -1549,7 +1642,7 @@ } $attrib['name'] = $attrib['id']; @@ -355,7 +435,7 @@ // register as 'contentframe' object if ($is_contentframe || $attrib['contentframe']) { -@@ -1766,9 +1837,11 @@ +@@ -1766,9 +1859,11 @@ { $images = preg_split('/[\s\t\n,]+/', $attrib['images'], -1, PREG_SPLIT_NO_EMPTY); $images = array_map(array($this, 'abs_url'), $images); @@ -370,7 +450,7 @@ for (var i=0; i<images.length; i++) { diff -ur roundcubemail-1.1.orig/program/include/rcmail_output_json.php roundcubemail-1.1/program/include/rcmail_output_json.php --- roundcubemail-1.1.orig/program/include/rcmail_output_json.php 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/program/include/rcmail_output_json.php 2014-11-05 12:16:39.121271623 +0100 ++++ roundcubemail-1.1/program/include/rcmail_output_json.php 2014-11-05 13:58:01.122092289 +0100 @@ -181,6 +181,11 @@ */ public function raise_error($code, $message) @@ -385,7 +465,7 @@ exit; diff -ur roundcubemail-1.1.orig/program/include/rcmail.php roundcubemail-1.1/program/include/rcmail.php --- roundcubemail-1.1.orig/program/include/rcmail.php 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/program/include/rcmail.php 2014-11-05 12:16:39.123271625 +0100 ++++ roundcubemail-1.1/program/include/rcmail.php 2014-11-05 13:58:01.123092290 +0100 @@ -760,49 +760,16 @@ } @@ -500,7 +580,7 @@ * diff -ur roundcubemail-1.1.orig/program/js/app.js roundcubemail-1.1/program/js/app.js --- roundcubemail-1.1.orig/program/js/app.js 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/program/js/app.js 2014-11-05 12:29:23.569091310 +0100 ++++ roundcubemail-1.1/program/js/app.js 2014-11-05 13:58:01.124092291 +0100 @@ -58,7 +58,6 @@ request_timeout: 180, // seconds draft_autosave: 0, // seconds @@ -555,7 +635,7 @@ this.pdf_support_check = function() diff -ur roundcubemail-1.1.orig/program/js/editor.js roundcubemail-1.1/program/js/editor.js --- roundcubemail-1.1.orig/program/js/editor.js 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/program/js/editor.js 2014-11-05 12:17:45.395342673 +0100 ++++ roundcubemail-1.1/program/js/editor.js 2014-11-05 13:58:01.125092291 +0100 @@ -36,11 +36,12 @@ function rcube_text_editor(config, id) { @@ -581,7 +661,7 @@ file_browser_callback: function(name, url, type, win) { ref.file_browser_callback(name, url, type); }, diff -ur roundcubemail-1.1.orig/program/lib/Roundcube/rcube.php roundcubemail-1.1/program/lib/Roundcube/rcube.php --- roundcubemail-1.1.orig/program/lib/Roundcube/rcube.php 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/program/lib/Roundcube/rcube.php 2014-11-05 12:16:39.126271628 +0100 ++++ roundcubemail-1.1/program/lib/Roundcube/rcube.php 2014-11-05 13:58:01.125092291 +0100 @@ -28,9 +28,15 @@ */ class rcube @@ -728,7 +808,7 @@ } diff -ur roundcubemail-1.1.orig/program/steps/addressbook/delete.inc roundcubemail-1.1/program/steps/addressbook/delete.inc --- roundcubemail-1.1.orig/program/steps/addressbook/delete.inc 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/program/steps/addressbook/delete.inc 2014-11-05 12:16:39.126271628 +0100 ++++ roundcubemail-1.1/program/steps/addressbook/delete.inc 2014-11-05 13:58:01.125092291 +0100 @@ -20,10 +20,11 @@ */ @@ -745,7 +825,7 @@ // remove previous deletes diff -ur roundcubemail-1.1.orig/program/steps/addressbook/func.inc roundcubemail-1.1/program/steps/addressbook/func.inc --- roundcubemail-1.1.orig/program/steps/addressbook/func.inc 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/program/steps/addressbook/func.inc 2014-11-05 12:16:39.127271629 +0100 ++++ roundcubemail-1.1/program/steps/addressbook/func.inc 2014-11-05 13:58:01.126092293 +0100 @@ -896,13 +896,13 @@ * * @return array List of contact IDs per-source @@ -764,7 +844,7 @@ if (is_array($cid)) { diff -ur roundcubemail-1.1.orig/program/steps/mail/show.inc roundcubemail-1.1/program/steps/mail/show.inc --- roundcubemail-1.1.orig/program/steps/mail/show.inc 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/program/steps/mail/show.inc 2014-11-05 12:30:30.507184145 +0100 ++++ roundcubemail-1.1/program/steps/mail/show.inc 2014-11-05 13:58:01.126092293 +0100 @@ -351,10 +351,10 @@ '_alt' => $placeholder, )); @@ -780,7 +860,7 @@ return html::img(array('src' => $photo_img, 'alt' => $RCMAIL->gettext('contactphoto')) + $attrib); diff -ur roundcubemail-1.1.orig/program/steps/utils/error.inc roundcubemail-1.1/program/steps/utils/error.inc --- roundcubemail-1.1.orig/program/steps/utils/error.inc 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1/program/steps/utils/error.inc 2014-11-05 12:16:39.128271630 +0100 ++++ roundcubemail-1.1/program/steps/utils/error.inc 2014-11-05 13:58:01.126092293 +0100 @@ -50,9 +50,17 @@ // forbidden due to request check @@ -801,29 +881,3 @@ } // failed request (wrong step in URL) ---- roundcubemail-1.1.orig/config/defaults.inc.php 2014-11-04 15:28:27.000000000 +0100 -+++ roundcubemail-1.1.csrf/config/defaults.inc.php 2014-11-05 12:16:39.115271616 +0100 -@@ -532,6 +532,23 @@ - // Note: useful when SMTP server stores sent mail in user mailbox - $config['no_save_sent_messages'] = false; - -+// Improve system security by using special URL with security token. -+// This can be set to a number defining token length. Default: 16. -+// Warning: This requires http server configuration. Sample: -+// RewriteRule ^/roundcubemail/[a-f0-9]{16}/(.*) /roundcubemail/$1 [PT] -+// Alias /roundcubemail /var/www/roundcubemail/ -+// Note: Use assets_path to not prevent the browser from caching assets -+$config['use_secure_urls'] = true; -+ -+// Allows to define separate server/path for image/js/css files -+// Warning: If the domain is different cross-domain access to some -+// resources need to be allowed -+// Sample: -+// <FilesMatch ".(eot|ttf|woff)"> -+// Header set Access-Control-Allow-Origin "*" -+// </FilesMatch> -+$config['assets_path'] = '/roundcubemail/assets/'; -+ - // ---------------------------------- - // PLUGINS - // ----------------------------------
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.