source: github/program/steps/utils/error.inc @ a77cf22

HEADcourier-fixdev-browser-capabilitiespdorelease-0.6release-0.7release-0.8
Last change on this file since a77cf22 was a77cf22, checked in by thomascube <thomas@…>, 2 years ago

Add optional referer check to prevent CSRF in GET requests
  • Property mode set to 100644
File size: 4.1 KB
Line 
1<?php
2
3/*
4 +-----------------------------------------------------------------------+
5 | program/steps/utils/error.inc                                         |
6 |                                                                       |
7 | This file is part of the Roundcube Webmail client                     |
8 | Copyright (C) 2005-2011, The Roundcube Dev Team                       |
9 | Licensed under the GNU GPL                                            |
10 |                                                                       |
11 | PURPOSE:                                                              |
12 |   Display error message page                                          |
13 |                                                                       |
14 +-----------------------------------------------------------------------+
15 | Author: Thomas Bruederli <roundcube@gmail.com>                        |
16 +-----------------------------------------------------------------------+
17
18 $Id$
19
20*/
21
22
23// browser is not compatible with this application
24if ($ERROR_CODE==409) {
25  $user_agent = $GLOBALS['HTTP_SERVER_VARS']['HTTP_USER_AGENT'];
26  $__error_title = 'Your browser does not suit the requirements for this application';
27  $__error_text = <<<EOF
28<i>Supported browsers:</i><br />
29&raquo; &nbsp;Netscape 7+<br />
30&raquo; &nbsp;Microsoft Internet Explorer 6+<br />
31&raquo; &nbsp;Mozilla Firefox 1.0+<br />
32&raquo; &nbsp;Opera 8.0+<br />
33&raquo; &nbsp;Safari 1.2+<br />
34<br />
35&raquo; &nbsp;JavaScript enabled<br />
36&raquo; &nbsp;Support for XMLHTTPRequest<br />
37
38<p><i>Your configuration:</i><br />
39$user_agent</p>
40EOF;
41}
42
43// authorization error
44else if ($ERROR_CODE==401) {
45  $__error_title = "AUTHORIZATION FAILED";
46  $__error_text  = "Could not verify that you are authorized to access this service!<br />\n".
47                   "Please contact your server-administrator.";
48}
49
50// forbidden due to request check
51else if ($ERROR_CODE==403) {
52  $__error_title = "REQUEST CHECK FAILED";
53  $__error_text  = "Access to this service was denied due to failing security checks!<br />\n".
54                   "Please contact your server-administrator.";
55}
56
57// failed request (wrong step in URL)
58else if ($ERROR_CODE==404) {
59  $__error_title = "REQUEST FAILED/FILE NOT FOUND";
60  $request_url = htmlentities($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
61  $__error_text  = <<<EOF
62The requested page was not found!<br />
63Please contact your server-administrator.
64
65<p><i>Failed request:</i><br />
66http://$request_url</p>
67EOF;
68}
69
70// database connection error
71else if ($ERROR_CODE==601)
72{
73  $__error_title = "CONFIGURATION ERROR";
74  $__error_text  =  nl2br($ERROR_MESSAGE) . "<br />Please read the INSTALL instructions!";
75}
76
77// database connection error
78else if ($ERROR_CODE==603) {
79  $__error_title = "DATABASE ERROR: CONNECTION FAILED!";
80  $__error_text  =  "Unable to connect to the database!<br />Please contact your server-administrator.";
81}
82
83// system error
84else {
85  $__error_title = "SERVICE CURRENTLY NOT AVAILABLE!";
86  $__error_text  = "Please contact your server-administrator.";
87
88  if (($CONFIG['debug_level'] & 4) && $ERROR_MESSAGE)
89    $__error_text = $ERROR_MESSAGE;
90  else
91    $__error_text = sprintf('Error No. [%s]', $ERROR_CODE);
92}
93
94
95// Ajax request
96if ($OUTPUT && ($OUTPUT instanceof rcube_json_output)) {
97  header("HTTP/1.0 $ERROR_CODE $__error_title");
98  die;
99}
100
101// compose page content
102$__page_content = <<<EOF
103<div>
104<h3 class="error-title">$__error_title</h3>
105<p class="error-text">$__error_text</p>
106</div>
107EOF;
108
109if ($OUTPUT && $OUTPUT->template_exists('error')) {
110  $OUTPUT->reset();
111  $OUTPUT->send('error');
112}
113
114$__skin = $CONFIG->skin ? $CONFIG->skin : 'default';
115
116// print system error page
117print <<<EOF
118<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
119<html xmlns="http://www.w3.org/1999/xhtml"><head>
120<title>Roundcube|Mail : ERROR $ERROR_CODE</title>
121<link rel="stylesheet" type="text/css" href="skins/$__skin/common.css" />
122</head>
123<body>
124
125<table border="0" cellsapcing="0" cellpadding="0" width="100%" height="80%"><tr><td align="center">
126
127$__page_content
128
129</td></tr></table>
130
131</body>
132</html>
133EOF;
134
135exit;
136
Note: See TracBrowser for help on using the repository browser.