[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] SF.net SVN: squirrelmail: [12202] trunk/squirrelmail
From: pdontthink () users ! sourceforge ! net
Date: 2007-01-25 2:02:25
Message-ID: E1H9twX-00011Y-Ia () sc8-pr-svn2 ! sourceforge ! net
[Download RAW message or body]
Revision: 12202
http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=12202&view=rev
Author: pdontthink
Date: 2007-01-24 18:02:25 -0800 (Wed, 24 Jan 2007)
Log Message:
-----------
Allow admin to disable secure-only cookie transmission
Modified Paths:
--------------
trunk/squirrelmail/config/conf.pl
trunk/squirrelmail/functions/global.php
Modified: trunk/squirrelmail/config/conf.pl
===================================================================
--- trunk/squirrelmail/config/conf.pl 2007-01-25 01:22:33 UTC (rev 12201)
+++ trunk/squirrelmail/config/conf.pl 2007-01-25 02:02:25 UTC (rev 12202)
@@ -471,6 +471,7 @@
$icon_theme_def = '' if ( !$icon_theme_def );
$disable_plugins = 'false' if ( !$disable_plugins );
$disable_plugins_user = '' if ( !$disable_plugins_user );
+$only_secure_cookies = 'true' if ( !$only_secure_cookies );
if ( $ARGV[0] eq '--install-plugin' ) {
print "Activating plugin " . $ARGV[1] . "\n";
@@ -657,24 +658,25 @@
print "R Return to Main Menu\n";
} elsif ( $menu == 4 ) {
print $WHT. "General Options\n" . $NRM;
- print "1. Data Directory : $WHT$data_dir$NRM\n";
- print "2. Attachment Directory : $WHT$attachment_dir$NRM\n";
- print "3. Directory Hash Level : $WHT$dir_hash_level$NRM\n";
- print "4. Default Left Size : $WHT$default_left_size$NRM\n";
- print "5. Usernames in Lowercase : \
$WHT$force_username_lowercase$NRM\n";
- print "6. Allow use of priority : $WHT$default_use_priority$NRM\n";
- print "7. Hide SM attributions : $WHT$hide_sm_attributions$NRM\n";
- print "8. Allow use of receipts : $WHT$default_use_mdn$NRM\n";
- print "9. Allow editing of identity : $WHT$edit_identity$NRM\n";
- print " Allow editing of name : $WHT$edit_name$NRM\n";
- print " Remove username from header : $WHT$hide_auth_header$NRM\n";
- print "10. Disable server thread sort : $WHT$disable_thread_sort$NRM\n";
- print "11. Disable server-side sorting : $WHT$disable_server_sort$NRM\n";
- print "12. Allow server charset search : $WHT$allow_charset_search$NRM\n";
- print "13. Allow advanced search : $WHT$allow_advanced_search$NRM\n";
- print "14. PHP session name : $WHT$session_name$NRM\n";
- print "15. Time zone configuration : $WHT$time_zone_type$NRM\n";
- print "16. Location base : $WHT$config_location_base$NRM\n";
+ print "1. Data Directory : $WHT$data_dir$NRM\n";
+ print "2. Attachment Directory : $WHT$attachment_dir$NRM\n";
+ print "3. Directory Hash Level : $WHT$dir_hash_level$NRM\n";
+ print "4. Default Left Size : $WHT$default_left_size$NRM\n";
+ print "5. Usernames in Lowercase : \
$WHT$force_username_lowercase$NRM\n"; + print "6. Allow use of priority \
: $WHT$default_use_priority$NRM\n"; + print "7. Hide SM attributions \
: $WHT$hide_sm_attributions$NRM\n"; + print "8. Allow use of receipts \
: $WHT$default_use_mdn$NRM\n"; + print "9. Allow editing of identity : \
$WHT$edit_identity$NRM\n"; + print " Allow editing of name : \
$WHT$edit_name$NRM\n"; + print " Remove username from header : \
$WHT$hide_auth_header$NRM\n"; + print "10. Disable server thread sort : \
$WHT$disable_thread_sort$NRM\n"; + print "11. Disable server-side sorting : \
$WHT$disable_server_sort$NRM\n"; + print "12. Allow server charset search : \
$WHT$allow_charset_search$NRM\n"; + print "13. Allow advanced search : \
$WHT$allow_advanced_search$NRM\n"; + print "14. PHP session name : \
$WHT$session_name$NRM\n"; + print "15. Time zone configuration : \
$WHT$time_zone_type$NRM\n"; + print "16. Location base : \
$WHT$config_location_base$NRM\n"; + print "17. Only secure cookies if poss. : \
$WHT$only_secure_cookies$NRM\n"; print "\n";
print "R Return to Main Menu\n";
} elsif ( $menu == 5 ) {
@@ -920,6 +922,7 @@
elsif ( $command == 14 ) { $session_name = command317(); }
elsif ( $command == 15 ) { $time_zone_type = command318(); }
elsif ( $command == 16 ) { $config_location_base = \
command_config_location_base(); } + elsif ( $command == 17 ) { \
$only_secure_cookies = command319(); } } elsif ( $menu == 5 ) {
if ( $command == 1 ) { $use_icons = commandB3(); }
# elsif ( $command == 3 ) { $icon_theme_def = commandB7(); }
@@ -2623,7 +2626,33 @@
return $config_location_base;
}
+# only_secure_cookies (since 1.5.2)
+sub command319 {
+ print "This option allows you to specify that if a user session is initiated\n";
+ print "under a secure (HTTPS, SSL-encrypted) connection, the cookies given \
to\n"; + print "the browser will ONLY be transmitted via a secure connection \
henceforth.\n\n"; + print "Generally this is a Good Thing, and should NOT be \
disabled. However,\n"; + print "if you intend to use the Secure Login or Show SSL \
Link plugins to\n"; + print "encrypt the user login, but not the rest of the \
SquirrelMail session,\n"; + print "this can be turned off. Think twice before \
doing so.\n"; + print "\n";
+ if ( lc($only_secure_cookies) eq 'true' ) {
+ $default_value = "y";
+ } else {
+ $default_value = "n";
+ }
+ print "Transmit cookies only on secure connection when available? (y/n) \
[$WHT$default_value$NRM]: $WHT"; + $only_secure_cookies = <STDIN>;
+ if ( ( $only_secure_cookies =~ /^y\n/i ) || ( ( $only_secure_cookies =~ /^\n/ ) \
&& ( $default_value eq "y" ) ) ) { + $only_secure_cookies = 'true';
+ } else {
+ $only_secure_cookies = 'false';
+ }
+ return $only_secure_cookies;
+}
+
+
sub command_userThemes {
print "\nDefine the user themes that you wish to use. If you have added\n";
print "a theme of your own, just follow the instructions (?) about\n";
@@ -4614,17 +4643,19 @@
print CF "\$no_list_for_subscribe = $no_list_for_subscribe;\n";
# string
- print CF "\$smtp_auth_mech = '$smtp_auth_mech';\n";
- print CF "\$smtp_sitewide_user = '". quote_single($smtp_sitewide_user) \
."';\n";
- print CF "\$smtp_sitewide_pass = '". quote_single($smtp_sitewide_pass) \
."';\n"; + print CF "\$smtp_auth_mech = '$smtp_auth_mech';\n";
+ print CF "\$smtp_sitewide_user = '". quote_single($smtp_sitewide_user) \
."';\n"; + print CF "\$smtp_sitewide_pass = '". \
quote_single($smtp_sitewide_pass) ."';\n"; # string
- print CF "\$imap_auth_mech = '$imap_auth_mech';\n";
+ print CF "\$imap_auth_mech = '$imap_auth_mech';\n";
# boolean
- print CF "\$use_imap_tls = $use_imap_tls;\n";
+ print CF "\$use_imap_tls = $use_imap_tls;\n";
# boolean
- print CF "\$use_smtp_tls = $use_smtp_tls;\n";
+ print CF "\$use_smtp_tls = $use_smtp_tls;\n";
# string
- print CF "\$session_name = '$session_name';\n";
+ print CF "\$session_name = '$session_name';\n";
+ # boolean
+ print CF "\$only_secure_cookies = $only_secure_cookies;\n";
print CF "\n";
Modified: trunk/squirrelmail/functions/global.php
===================================================================
--- trunk/squirrelmail/functions/global.php 2007-01-25 01:22:33 UTC (rev 12201)
+++ trunk/squirrelmail/functions/global.php 2007-01-25 02:02:25 UTC (rev 12202)
@@ -385,6 +385,12 @@
if ($sName && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']) {
$bSecure = true;
}
+
+ // admin config can override the restriction of secure-only cookies
+ global $only_secure_cookies;
+ if (!$only_secure_cookies)
+ $bSecure = false;
+
if (false && check_php_version(5,2)) {
// php 5 supports the httponly attribute in setcookie, but because setcookie \
seems a bit
// broken we use the header function for php 5.2 as well. We might change \
that later.
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
--
squirrelmail-cvs mailing list
List Address: squirrelmail-cvs@lists.sourceforge.net
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
http://squirrelmail.org/cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic