[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-cvs
Subject:    [SM-CVS] SF.net SVN: squirrelmail: [12202] trunk/squirrelmail
From:       pdontthink () users ! sourceforge ! net
Date:       2007-01-25 2:02:25
Message-ID: E1H9twX-00011Y-Ia () sc8-pr-svn2 ! sourceforge ! net
[Download RAW message or body]

Revision: 12202
          http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=12202&view=rev
Author:   pdontthink
Date:     2007-01-24 18:02:25 -0800 (Wed, 24 Jan 2007)

Log Message:
-----------
Allow admin to disable secure-only cookie transmission

Modified Paths:
--------------
    trunk/squirrelmail/config/conf.pl
    trunk/squirrelmail/functions/global.php

Modified: trunk/squirrelmail/config/conf.pl
===================================================================
--- trunk/squirrelmail/config/conf.pl	2007-01-25 01:22:33 UTC (rev 12201)
+++ trunk/squirrelmail/config/conf.pl	2007-01-25 02:02:25 UTC (rev 12202)
@@ -471,6 +471,7 @@
 $icon_theme_def = ''                   if ( !$icon_theme_def );
 $disable_plugins = 'false'             if ( !$disable_plugins );
 $disable_plugins_user = ''             if ( !$disable_plugins_user );
+$only_secure_cookies = 'true'          if ( !$only_secure_cookies );
 
 if ( $ARGV[0] eq '--install-plugin' ) {
     print "Activating plugin " . $ARGV[1] . "\n";
@@ -657,24 +658,25 @@
         print "R   Return to Main Menu\n";
     } elsif ( $menu == 4 ) {
         print $WHT. "General Options\n" . $NRM;
-        print "1.  Data Directory              : $WHT$data_dir$NRM\n";
-        print "2.  Attachment Directory        : $WHT$attachment_dir$NRM\n";
-        print "3.  Directory Hash Level        : $WHT$dir_hash_level$NRM\n";
-        print "4.  Default Left Size           : $WHT$default_left_size$NRM\n";
-        print "5.  Usernames in Lowercase      : \
                $WHT$force_username_lowercase$NRM\n";
-        print "6.  Allow use of priority       : $WHT$default_use_priority$NRM\n";
-        print "7.  Hide SM attributions        : $WHT$hide_sm_attributions$NRM\n";
-        print "8.  Allow use of receipts       : $WHT$default_use_mdn$NRM\n";
-        print "9.  Allow editing of identity   : $WHT$edit_identity$NRM\n";
-        print "    Allow editing of name       : $WHT$edit_name$NRM\n";
-        print "    Remove username from header : $WHT$hide_auth_header$NRM\n";
-        print "10. Disable server thread sort  : $WHT$disable_thread_sort$NRM\n";
-        print "11. Disable server-side sorting : $WHT$disable_server_sort$NRM\n";
-        print "12. Allow server charset search : $WHT$allow_charset_search$NRM\n";
-        print "13. Allow advanced search       : $WHT$allow_advanced_search$NRM\n";
-        print "14. PHP session name            : $WHT$session_name$NRM\n";
-        print "15. Time zone configuration     : $WHT$time_zone_type$NRM\n";
-        print "16. Location base               : $WHT$config_location_base$NRM\n";
+        print "1.  Data Directory               : $WHT$data_dir$NRM\n";
+        print "2.  Attachment Directory         : $WHT$attachment_dir$NRM\n";
+        print "3.  Directory Hash Level         : $WHT$dir_hash_level$NRM\n";
+        print "4.  Default Left Size            : $WHT$default_left_size$NRM\n";
+        print "5.  Usernames in Lowercase       : \
$WHT$force_username_lowercase$NRM\n"; +        print "6.  Allow use of priority       \
: $WHT$default_use_priority$NRM\n"; +        print "7.  Hide SM attributions         \
: $WHT$hide_sm_attributions$NRM\n"; +        print "8.  Allow use of receipts        \
: $WHT$default_use_mdn$NRM\n"; +        print "9.  Allow editing of identity    : \
$WHT$edit_identity$NRM\n"; +        print "    Allow editing of name        : \
$WHT$edit_name$NRM\n"; +        print "    Remove username from header  : \
$WHT$hide_auth_header$NRM\n"; +        print "10. Disable server thread sort   : \
$WHT$disable_thread_sort$NRM\n"; +        print "11. Disable server-side sorting  : \
$WHT$disable_server_sort$NRM\n"; +        print "12. Allow server charset search  : \
$WHT$allow_charset_search$NRM\n"; +        print "13. Allow advanced search        : \
$WHT$allow_advanced_search$NRM\n"; +        print "14. PHP session name             : \
$WHT$session_name$NRM\n"; +        print "15. Time zone configuration      : \
$WHT$time_zone_type$NRM\n"; +        print "16. Location base                : \
$WHT$config_location_base$NRM\n"; +        print "17. Only secure cookies if poss. : \
$WHT$only_secure_cookies$NRM\n";  print "\n";
         print "R   Return to Main Menu\n";
     } elsif ( $menu == 5 ) {
@@ -920,6 +922,7 @@
             elsif ( $command == 14 ) { $session_name             = command317(); }
             elsif ( $command == 15 ) { $time_zone_type           = command318(); }
             elsif ( $command == 16 ) { $config_location_base     = \
command_config_location_base(); } +            elsif ( $command == 17 ) { \
$only_secure_cookies = command319(); }  } elsif ( $menu == 5 ) {
             if ( $command == 1 )     { $use_icons      = commandB3(); }
 #            elsif ( $command == 3 )  { $icon_theme_def = commandB7(); }
@@ -2623,7 +2626,33 @@
     return $config_location_base;
 }
 
+# only_secure_cookies (since 1.5.2)
+sub command319 {
+    print "This option allows you to specify that if a user session is initiated\n";
+    print "under a secure (HTTPS, SSL-encrypted) connection, the cookies given \
to\n"; +    print "the browser will ONLY be transmitted via a secure connection \
henceforth.\n\n"; +    print "Generally this is a Good Thing, and should NOT be \
disabled.  However,\n"; +    print "if you intend to use the Secure Login or Show SSL \
Link plugins to\n"; +    print "encrypt the user login, but not the rest of the \
SquirrelMail session,\n"; +    print "this can be turned off.  Think twice before \
doing so.\n"; +    print "\n";
 
+    if ( lc($only_secure_cookies) eq 'true' ) {
+        $default_value = "y";
+    } else {
+        $default_value = "n";
+    }
+    print "Transmit cookies only on secure connection when available? (y/n) \
[$WHT$default_value$NRM]: $WHT"; +    $only_secure_cookies = <STDIN>;
+    if ( ( $only_secure_cookies =~ /^y\n/i ) || ( ( $only_secure_cookies =~ /^\n/ ) \
&& ( $default_value eq "y" ) ) ) { +        $only_secure_cookies = 'true';
+    } else {
+        $only_secure_cookies = 'false';
+    }
+    return $only_secure_cookies;
+}
+
+
 sub command_userThemes {
     print "\nDefine the user themes that you wish to use.  If you have added\n";
     print "a theme of your own, just follow the instructions (?) about\n";
@@ -4614,17 +4643,19 @@
         print CF "\$no_list_for_subscribe = $no_list_for_subscribe;\n";
 
         # string
-        print CF "\$smtp_auth_mech = '$smtp_auth_mech';\n";
-        print CF "\$smtp_sitewide_user = '". quote_single($smtp_sitewide_user) \
                ."';\n";
-        print CF "\$smtp_sitewide_pass = '". quote_single($smtp_sitewide_pass) \
."';\n"; +        print CF "\$smtp_auth_mech        = '$smtp_auth_mech';\n";
+        print CF "\$smtp_sitewide_user    = '". quote_single($smtp_sitewide_user) \
."';\n"; +        print CF "\$smtp_sitewide_pass    = '". \
quote_single($smtp_sitewide_pass) ."';\n";  # string
-        print CF "\$imap_auth_mech = '$imap_auth_mech';\n";
+        print CF "\$imap_auth_mech        = '$imap_auth_mech';\n";
         # boolean
-        print CF "\$use_imap_tls = $use_imap_tls;\n";
+        print CF "\$use_imap_tls          = $use_imap_tls;\n";
         # boolean
-        print CF "\$use_smtp_tls = $use_smtp_tls;\n";
+        print CF "\$use_smtp_tls          = $use_smtp_tls;\n";
         # string
-        print CF "\$session_name = '$session_name';\n";
+        print CF "\$session_name          = '$session_name';\n";
+        # boolean
+        print CF "\$only_secure_cookies   = $only_secure_cookies;\n";
 
         print CF "\n";
 

Modified: trunk/squirrelmail/functions/global.php
===================================================================
--- trunk/squirrelmail/functions/global.php	2007-01-25 01:22:33 UTC (rev 12201)
+++ trunk/squirrelmail/functions/global.php	2007-01-25 02:02:25 UTC (rev 12202)
@@ -385,6 +385,12 @@
     if ($sName && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']) {
         $bSecure = true;
     }
+
+    // admin config can override the restriction of secure-only cookies
+    global $only_secure_cookies;
+    if (!$only_secure_cookies)
+        $bSecure = false;
+
     if (false && check_php_version(5,2)) {
        // php 5 supports the httponly attribute in setcookie, but because setcookie \
                seems a bit
        // broken we use the header function for php 5.2 as well. We might change \
that later.


This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
--
squirrelmail-cvs mailing list
List Address: squirrelmail-cvs@lists.sourceforge.net
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
http://squirrelmail.org/cvs


[prev in list] [next in list] [prev in thread] [next in thread]