add more security settings (allow_admin_panel, core_install_access_domains)

+ small fixes
2024-09-20 07:35:55 +08:00 · 2013-11-19 01:33:57 +04:00 · 2013-11-19 01:33:57 +04:00 · df1c369a9d
parent 6ffa712a05
commit df1c369a9d
9 changed files with 26 additions and 25 deletions
--- a/_include.php
+++ b/_include.php
@ -8,7 +8,7 @@
 function __get_custom_data_full_path()
 {
 	return '';
-	return '/var/rainloop-data-folder/'; // custom data folder path
+	return '/var/external-rainloop-data-folder/'; // custom data folder path
 }

 /**
@ -17,19 +17,6 @@ function __get_custom_data_full_path()
 */
 function __get_private_data_folder_internal_name($siteName)
 {
-	return '_default_'; // default domain folder name
+	return ''; // default value
 	return $siteName;
 }
-
-/**
- * @param string $siteName
- * @return string
- */
-function __get_core_install_access_site($siteName)
-{
-	return $siteName; // allow all
-
-	return in_array($siteName, array(
-		'domain.com', 'domain.net'
-	)) ? $siteName : '';
-}
--- a/package.json
+++ b/package.json
@ -2,7 +2,7 @@
 	"name": "RainLoop",
 	"title": "RainLoop Webmail",
 	"version": "1.4.0",
-	"release": "506",
+	"release": "507",
 	"description": "Simple, modern & fast web-based email client",
 	"homepage": "http://rainloop.net",
 	"main": "Gruntfile.js",
--- a/rainloop/v/0.0.0/app/libraries/MailSo/Base/Http.php
+++ b/rainloop/v/0.0.0/app/libraries/MailSo/Base/Http.php
@ -269,7 +269,8 @@ class Http
 	 */
 	public function GetScheme()
 	{
-		return ('on' === \strtolower($this->GetServer('HTTPS'))) ? 'https' : 'http';
+		$sHttps = \strtolower($this->GetServer('HTTPS', ''));
+		return ('on' === $sHttps || ('' === $sHttps && '443' === (string) $this->GetServer('SERVER_PORT', ''))) ? 'https' : 'http';
 	}

 	/**
--- a/rainloop/v/0.0.0/app/libraries/RainLoop/Actions.php
+++ b/rainloop/v/0.0.0/app/libraries/RainLoop/Actions.php
@ -2256,7 +2256,10 @@ class Actions

 	private function rainLoopCoreAccess()
 	{
-		return $this->Http()->CheckLocalhost(APP_SITE) || APP_SITE === APP_CORE_INSTALL_ACCESS_SITE;
+		$sCoreAccess = \strtolower(\preg_replace('/[\s,;]+/', ' ',
+			$this->Config()->Get('security', 'core_install_access_domains', '')));
+
+		return '' === $sCoreAccess || APP_SITE === $sCoreAccess;
 	}

 	private function getRepositoryDataByUrl($sRepo, &$bReal = false)
--- a/rainloop/v/0.0.0/app/libraries/RainLoop/Config/Application.php
+++ b/rainloop/v/0.0.0/app/libraries/RainLoop/Config/Application.php
@ -87,7 +87,9 @@ class Application extends \RainLoop\Config\AbstractConfig

 				'custom_server_signature' => array('RainLoop'),
 				'admin_login'		=> array('admin', 'Login and password for web admin panel'),
-				'admin_password'	=> array('12345')
+				'admin_password'	=> array('12345'),
+				'allow_admin_panel' => array(true, 'Access settings'),
+				'core_install_access_domains' => array('')
 			),

 			'login' => array(
--- a/rainloop/v/0.0.0/app/libraries/RainLoop/Service.php
+++ b/rainloop/v/0.0.0/app/libraries/RainLoop/Service.php
@ -94,11 +94,11 @@ class Service

 		$this->oActions->ParseQueryAuthString();

-		if (defined('APP_INSTALLED_START') && defined('APP_INSTALLED_VERSION') && APP_INSTALLED_START &&
+		if (defined('APP_INSTALLED_START') && defined('APP_INSTALLED_VERSION') &&
+			APP_INSTALLED_START && !APP_INSTALLED_VERSION &&
 			$this->oActions->Config()->Get('labs', 'usage_statistics', true))
 		{
-			$this->oActions->KeenIO(APP_INSTALLED_VERSION ? 'Upgrade' : 'Install',
-				APP_INSTALLED_VERSION ?  array('previos-version' => APP_INSTALLED_VERSION) : array());
+			$this->oActions->KeenIO('Install');
 		}

 		$bCached = false;
@ -115,6 +115,13 @@ class Service
 		$this->oActions->Plugins()->RunHook('filter.http-paths', array(&$aPaths));

 		$bAdmin = !empty($aPaths[0]) && \in_array(\strtolower($aPaths[0]), array('admin', 'cp'));
+		if ($bAdmin && !$this->oActions->Config()->Get('security', 'allow_admin_panel', true))
+		{
+			echo $this->oActions->ErrorTemplates('Access Denied.',
+				'Access to the RainLoop Webmail Admin Panel is not allowed!', true);
+			
+			return $this;
+		}

 		if (0 < \count($aPaths) && !empty($aPaths[0]) && !$bAdmin)
 		{
--- a/rainloop/v/0.0.0/app/templates/BadBrowser.html
+++ b/rainloop/v/0.0.0/app/templates/BadBrowser.html
@ -56,8 +56,10 @@
 		</div>
 		<br />
 		<div class="error-desc">
+			<br />
 			{{ErrorDesc}}
 			<br />
+			<br />
 			<div class="browsers">
 				<a href="http://www.google.com/chrome/" target="_blank" style="background: url('{{BaseWebStaticPath}}browsers/chrome.gif') no-repeat 50% 6px;">Google Chrome</a>
 				<a href="http://www.mozilla-europe.org/" target="_blank" style="background: url('{{BaseWebStaticPath}}browsers/firefox.gif') no-repeat 50% 7px;">Mozilla Firefox</a>
--- a/rainloop/v/0.0.0/app/templates/Error.html
+++ b/rainloop/v/0.0.0/app/templates/Error.html
@ -43,8 +43,10 @@
 		</div>
 		<br />
 		<div class="error-desc">
+			<br />
 			{{ErrorDesc}}
 			<br />
+			<br />
 			<div style="display: {{BackLinkVisibility}}">
 				<br />
 				<a href="{{BackHref}}">{{BackLink}}</a>
--- a/rainloop/v/0.0.0/index.php
+++ b/rainloop/v/0.0.0/index.php
@ -26,9 +26,6 @@
 		define('APP_PRIVATE_DATA_NAME', 0 === strlen($sPrivateDataFolderInternalName) ? APP_DEFAULT_PRIVATE_DATA_NAME : $sPrivateDataFolderInternalName);
 		define('APP_MULTIPLY', 0 < strlen($sPrivateDataFolderInternalName) && APP_DEFAULT_PRIVATE_DATA_NAME !== APP_PRIVATE_DATA_NAME);

-		define('APP_CORE_INSTALL_ACCESS_SITE', function_exists('__get_core_install_access_site') ?
-			__get_core_install_access_site(APP_SITE) : APP_SITE);
-		
 		define('APP_DUMMY', '********');
 		define('APP_DEV_VERSION', '0.0.0');
 		define('APP_API_PATH', 'http://api.rainloop.net/');