Changeset 4626 in subversion


Ignore:
Timestamp:
Mar 31, 2011 8:32:44 AM (2 years ago)
Author:
alec
Message:
  • Applied fixes from trunk
Location:
branches/release-0.5
Files:
27 edited

Legend:

Unmodified
Added
Removed

  • branches/release-0.5/CHANGELOG

    r4607 r4626  
    22=========================== 
    33 
     4- Stateless request tokens. No keep-alive necessary on login page (#1487829) 
    45- PEAR::Net_SMTP 1.5.1 
    56- Force names of unique constraints in PostgreSQL DDL 

  • branches/release-0.5/index.php

    r4607 r4626  
    183183  // check client X-header to verify request origin 
    184184  if ($OUTPUT->ajax_call) { 
    185     if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) { 
     185    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) { 
    186186      header('HTTP/1.1 404 Not Found'); 
    187187      die("Invalid Request"); 

  • branches/release-0.5/program/include/rcmail.php

    r4554 r4626  
    11061106  public function get_request_token() 
    11071107  { 
    1108     $key = $this->task; 
    1109  
    1110     if (!$_SESSION['request_tokens'][$key]) 
    1111       $_SESSION['request_tokens'][$key] = md5(uniqid($key . mt_rand(), true)); 
    1112  
    1113     return $_SESSION['request_tokens'][$key]; 
     1108    $sess_id = $_COOKIE[ini_get('session.name')]; 
     1109    if (!$sess_id) $sess_id = session_id(); 
     1110    return md5('RT' . $this->task . $this->config->get('des_key') . $sess_id); 
    11141111  } 
    11151112 
     
    11241121  { 
    11251122    $token = get_input_value('_token', $mode); 
    1126     return !empty($token) && $_SESSION['request_tokens'][$this->task] == $token; 
     1123    $sess_id = $_COOKIE[ini_get('session.name')]; 
     1124    return !empty($sess_id) && $token == $this->get_request_token(); 
    11271125  } 
    11281126 

  • branches/release-0.5/program/include/rcube_browser.php

    r3989 r4626  
    4343        $this->ns  = ($this->ns4 || strstr($HTTP_USER_AGENT, 'netscape')); 
    4444        $this->ie  = !$this->opera && strstr($HTTP_USER_AGENT, 'compatible; msie'); 
    45         $this->mz  = strstr($HTTP_USER_AGENT, 'mozilla/5'); 
     45        $this->mz  = !$this->ie && strstr($HTTP_USER_AGENT, 'mozilla/5'); 
    4646        $this->chrome = strstr($HTTP_USER_AGENT, 'chrome'); 
    4747        $this->khtml = strstr($HTTP_USER_AGENT, 'khtml'); 

  • branches/release-0.5/program/localization/index.inc

    r3989 r4626  
    4343  'da_DK' => 'Danish (Dansk)', 
    4444  'fa_AF' => 'Dari (ﻯﺭﺩ)', 
    45   'de_DE' => 'Deutsch (Deutsch)', 
    46   'de_CH' => 'Deutsch (Schweiz)', 
     45  'de_DE' => 'German (Deutsch)', 
     46  'de_CH' => 'German (Schweiz)', 
    4747  'nl_NL' => 'Dutch (Nederlands)', 
    4848  'en_GB' => 'English (GB)', 

  • branches/release-0.5/program/steps/utils/spell_googie.inc

    r3989 r4626  
    4242 
    4343$data = file_get_contents('php://input'); 
     44// Google has some problem with spaces, use \n instead 
     45$data = str_replace(' ', "\n", $data); 
    4446$store = ""; 
    4547 

  • branches/release-0.5/program/steps/utils/spell_html_googie.inc

    r3989 r4626  
    8181  } 
    8282 
    83 $wordstr = implode(' ', (array) $data); 
     83$wordstr = implode("\n", (array) $data); 
    8484$data = '<?xml version="1.0" encoding="utf-8" ?>' 
    8585    .'<spellrequest textalreadyclipped="0" ignoredups="0" ignoredigits="1" ignoreallcaps="1">' 
Note: See TracChangeset for help on using the changeset viewer.