the-djmaze/snappymail
1
1
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2025-11-10 23:31:23 +08:00
Code Issues Projects Releases Packages Wiki Activity

add more security settings (allow_admin_panel, core_install_access_domains)

Browse source 
+ small fixes
This commit is contained in:
RainLoop Team 2013-11-19 01:33:57 +04:00
parent 6ffa712a05
commit df1c369a9d
9 changed files with 26 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
_include.php
View file

@ -8,7 +8,7 @@
function __get_custom_data_full_path() function __get_custom_data_full_path()
{ {
return ''; return '';
return '/var/rainloop-data-folder/'; // custom data folder path return '/var/external-rainloop-data-folder/'; // custom data folder path
} }
/** /**
@ -17,19 +17,6 @@ function __get_custom_data_full_path()
*/ */
function __get_private_data_folder_internal_name($siteName) function __get_private_data_folder_internal_name($siteName)
{ {
return '_default_'; // default domain folder name return ''; // default value
return $siteName; return $siteName;
} }
/**
* @param string $siteName
* @return string
*/
function __get_core_install_access_site($siteName)
{
return $siteName; // allow all
return in_array($siteName, array(
'domain.com', 'domain.net'
)) ? $siteName : '';
}

2
package.json
View file

@ -2,7 +2,7 @@
"name": "RainLoop", "name": "RainLoop",
"title": "RainLoop Webmail", "title": "RainLoop Webmail",
"version": "1.4.0", "version": "1.4.0",
"release": "506", "release": "507",
"description": "Simple, modern & fast web-based email client", "description": "Simple, modern & fast web-based email client",
"homepage": "http://rainloop.net", "homepage": "http://rainloop.net",
"main": "Gruntfile.js", "main": "Gruntfile.js",

3
rainloop/v/0.0.0/app/libraries/MailSo/Base/Http.php
View file

@ -269,7 +269,8 @@ class Http
*/ */
public function GetScheme() public function GetScheme()
{ {
return ('on' === \strtolower($this->GetServer('HTTPS'))) ? 'https' : 'http'; $sHttps = \strtolower($this->GetServer('HTTPS', ''));
return ('on' === $sHttps || ('' === $sHttps && '443' === (string) $this->GetServer('SERVER_PORT', ''))) ? 'https' : 'http';
} }
/** /**

5
rainloop/v/0.0.0/app/libraries/RainLoop/Actions.php
View file

@ -2256,7 +2256,10 @@ class Actions
private function rainLoopCoreAccess() private function rainLoopCoreAccess()
{ {
return $this->Http()->CheckLocalhost(APP_SITE) || APP_SITE === APP_CORE_INSTALL_ACCESS_SITE; $sCoreAccess = \strtolower(\preg_replace('/[\s,;]+/', ' ',
$this->Config()->Get('security', 'core_install_access_domains', '')));
return '' === $sCoreAccess || APP_SITE === $sCoreAccess;
} }
private function getRepositoryDataByUrl($sRepo, &$bReal = false) private function getRepositoryDataByUrl($sRepo, &$bReal = false)

4
rainloop/v/0.0.0/app/libraries/RainLoop/Config/Application.php
View file

@ -87,7 +87,9 @@ class Application extends \RainLoop\Config\AbstractConfig
'custom_server_signature' => array('RainLoop'), 'custom_server_signature' => array('RainLoop'),
'admin_login' => array('admin', 'Login and password for web admin panel'), 'admin_login' => array('admin', 'Login and password for web admin panel'),
'admin_password' => array('12345') 'admin_password' => array('12345'),
'allow_admin_panel' => array(true, 'Access settings'),
'core_install_access_domains' => array('')
), ),
'login' => array( 'login' => array(

13
rainloop/v/0.0.0/app/libraries/RainLoop/Service.php
View file

@ -94,11 +94,11 @@ class Service
$this->oActions->ParseQueryAuthString(); $this->oActions->ParseQueryAuthString();
if (defined('APP_INSTALLED_START') && defined('APP_INSTALLED_VERSION') && APP_INSTALLED_START && if (defined('APP_INSTALLED_START') && defined('APP_INSTALLED_VERSION') &&
APP_INSTALLED_START && !APP_INSTALLED_VERSION &&
$this->oActions->Config()->Get('labs', 'usage_statistics', true)) $this->oActions->Config()->Get('labs', 'usage_statistics', true))
{ {
$this->oActions->KeenIO(APP_INSTALLED_VERSION ? 'Upgrade' : 'Install', $this->oActions->KeenIO('Install');
APP_INSTALLED_VERSION ? array('previos-version' => APP_INSTALLED_VERSION) : array());
} }
$bCached = false; $bCached = false;
@ -115,6 +115,13 @@ class Service
$this->oActions->Plugins()->RunHook('filter.http-paths', array(&$aPaths)); $this->oActions->Plugins()->RunHook('filter.http-paths', array(&$aPaths));
$bAdmin = !empty($aPaths[0]) && \in_array(\strtolower($aPaths[0]), array('admin', 'cp')); $bAdmin = !empty($aPaths[0]) && \in_array(\strtolower($aPaths[0]), array('admin', 'cp'));
if ($bAdmin && !$this->oActions->Config()->Get('security', 'allow_admin_panel', true))
{
echo $this->oActions->ErrorTemplates('Access Denied.',
'Access to the RainLoop Webmail Admin Panel is not allowed!', true);
return $this;
}
if (0 < \count($aPaths) && !empty($aPaths[0]) && !$bAdmin) if (0 < \count($aPaths) && !empty($aPaths[0]) && !$bAdmin)
{ {

2
rainloop/v/0.0.0/app/templates/BadBrowser.html
View file

@ -56,8 +56,10 @@
</div> </div>
<br /> <br />
<div class="error-desc"> <div class="error-desc">
<br />
{{ErrorDesc}} {{ErrorDesc}}
<br /> <br />
<br />
<div class="browsers"> <div class="browsers">
<a href="http://www.google.com/chrome/" target="_blank" style="background: url('{{BaseWebStaticPath}}browsers/chrome.gif') no-repeat 50% 6px;">Google Chrome</a> <a href="http://www.google.com/chrome/" target="_blank" style="background: url('{{BaseWebStaticPath}}browsers/chrome.gif') no-repeat 50% 6px;">Google Chrome</a>
<a href="http://www.mozilla-europe.org/" target="_blank" style="background: url('{{BaseWebStaticPath}}browsers/firefox.gif') no-repeat 50% 7px;">Mozilla Firefox</a> <a href="http://www.mozilla-europe.org/" target="_blank" style="background: url('{{BaseWebStaticPath}}browsers/firefox.gif') no-repeat 50% 7px;">Mozilla Firefox</a>

2
rainloop/v/0.0.0/app/templates/Error.html
View file

@ -43,8 +43,10 @@
</div> </div>
<br /> <br />
<div class="error-desc"> <div class="error-desc">
<br />
{{ErrorDesc}} {{ErrorDesc}}
<br /> <br />
<br />
<div style="display: {{BackLinkVisibility}}"> <div style="display: {{BackLinkVisibility}}">
<br /> <br />
<a href="{{BackHref}}">{{BackLink}}</a> <a href="{{BackHref}}">{{BackLink}}</a>

3
rainloop/v/0.0.0/index.php
View file

@ -26,9 +26,6 @@
define('APP_PRIVATE_DATA_NAME', 0 === strlen($sPrivateDataFolderInternalName) ? APP_DEFAULT_PRIVATE_DATA_NAME : $sPrivateDataFolderInternalName); define('APP_PRIVATE_DATA_NAME', 0 === strlen($sPrivateDataFolderInternalName) ? APP_DEFAULT_PRIVATE_DATA_NAME : $sPrivateDataFolderInternalName);
define('APP_MULTIPLY', 0 < strlen($sPrivateDataFolderInternalName) && APP_DEFAULT_PRIVATE_DATA_NAME !== APP_PRIVATE_DATA_NAME); define('APP_MULTIPLY', 0 < strlen($sPrivateDataFolderInternalName) && APP_DEFAULT_PRIVATE_DATA_NAME !== APP_PRIVATE_DATA_NAME);
define('APP_CORE_INSTALL_ACCESS_SITE', function_exists('__get_core_install_access_site') ?
__get_core_install_access_site(APP_SITE) : APP_SITE);
define('APP_DUMMY', '********'); define('APP_DUMMY', '********');
define('APP_DEV_VERSION', '0.0.0'); define('APP_DEV_VERSION', '0.0.0');
define('APP_API_PATH', 'http://api.rainloop.net/'); define('APP_API_PATH', 'http://api.rainloop.net/');