Merge pull request #2 from YetiForceCompany/developer

Developer
YetiForceCompany · Feb 14, 2017 · fc30b68 · fc30b68
2 parents 7336bb3 + bb957a3
commit fc30b68
Show file tree

Hide file tree

Showing 1,409 changed files with 64,860 additions and 77,677 deletions.
diff --git a/.htaccess b/.htaccess
@@ -1,26 +1,36 @@
-# AddDefaultCharset UTF-8
-AddType text/x-component .htc
-
+# WARNING: For PHP 7 the module name in the line below need to be modified!
 <IfModule mod_php5.c>
+php_flag    display_errors  Off
+php_flag    log_errors      On
 # php_value    error_log    logs/errors
 
+php_value   upload_max_filesize   5M
+php_value   post_max_size         6M
+php_value   memory_limit          64M
+
 php_flag    register_globals            Off
+php_flag    zlib.output_compression     Off
+php_flag    magic_quotes_gpc            Off
+php_flag    magic_quotes_runtime        Off
+php_flag    suhosin.session.encrypt     Off
 
 #php_value   session.cookie_path     /
+#php_value   session.hash_function   sha256
+php_flag    session.auto_start       Off
 php_value   session.gc_maxlifetime   21600
 php_value   session.gc_divisor       500
 php_value   session.gc_probability   1
 </IfModule>
 
 <IfModule mod_rewrite.c>
-Options +FollowSymLinks
+Options +SymLinksIfOwnerMatch
 RewriteEngine On
 RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
 
 # security rules:
 # - deny access to files not containing a dot or starting with a dot
 #   in all locations except installer directory
-RewriteRule ^(?!installer|\.well-known\/|[a-f0-9]{16})(\.?[^\.]+)$ - [F]
+RewriteRule ^(?!installer|\.well-known\/|[a-zA-Z0-9]{16})(\.?[^\.]+)$ - [F]
 # - deny access to some locations
 RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
 # - deny access to some documentation files
@@ -34,6 +44,8 @@ SetOutputFilter DEFLATE
 <IfModule mod_headers.c>
 # replace 'append' with 'merge' for Apache version 2.2.9 and later
 #Header append Cache-Control public env=!NO_CACHE
+# for better privacy/security ask browsers to not set the Referer
+#Header set Content-Security-Policy "referrer no-referrer"
 </IfModule>
 
 <IfModule mod_expires.c>

diff --git a/CHANGELOG b/CHANGELOG
diff --git a/INSTALL b/INSTALL
@@ -11,18 +11,19 @@ REQUIREMENTS
 
 * The Apache, Lighttpd, Cherokee or Hiawatha web server
 * .htaccess support allowing overrides for DirectoryIndex
-* PHP Version 5.3.7 or greater (but not PHP 7) including
-   - PCRE, DOM, JSON, Session, Sockets (required)
-   - PHP Data Objects (PDO) with driver for either MySQL, PostgreSQL or SQLite (required)
-   - Libiconv, Zip (recommended)
-   - OpenSSL, Fileinfo, Mcrypt, mbstring (optional)
-* PEAR packages distributed with Roundcube or external:
-   - Mail_Mime 1.9.0 or newer
-   - Net_SMTP (latest from https://github.com/pear/Net_SMTP/)
+* PHP Version 5.3.7 or greater including:
+   - PCRE, DOM, JSON, Session, Sockets, OpenSSL, Mbstring (required)
+   - PHP PDO with driver for either MySQL, PostgreSQL, SQL Server, Oracle or SQLite (required)
+   - Libiconv, Zip, Fileinfo, Intl, Exif (recommended)
+   - LDAP for LDAP addressbook support (optional)
+* PEAR and PEAR packages distributed with Roundcube or external:
+   - Mail_Mime 1.10.0 or newer
+   - Net_SMTP 1.7.1 or newer
+   - Net_Socket 1.0.12 or newer
    - Net_IDNA2 0.1.1 or newer
    - Auth_SASL 1.0.6 or newer
    - Net_Sieve 1.3.2 or newer (for managesieve plugin)
-   - Crypt_GPG 1.2.0 or newer (for enigma plugin)
+   - Crypt_GPG 1.4.3 or newer (for enigma plugin)
 * php.ini options (see .htaccess file):
    - error_reporting E_ALL & ~E_NOTICE (or lower)
    - memory_limit > 16MB (increase as suitable to support large attachments)
@@ -33,9 +34,8 @@ REQUIREMENTS
    - magic_quotes_runtime disabled
    - magic_quotes_sybase disabled
    - register_globals disabled (PHP < 5.4)
-* PHP compiled with OpenSSL to use secure (tls/ssl) connections and to use the spell checker
-* A MySQL (4.0.8 or newer), PostgreSQL, MS SQL Server (2005 or newer) database engine
-  or SQLite support in PHP
+* A MySQL (4.0.8 or newer), PostgreSQL, MS SQL Server (2005 or newer), Oracle
+  database or SQLite support in PHP
 * One of the above databases with permission to create tables
 * An SMTP server (recommended) or PHP configured for mail delivery
 * Composer installed either locally or globally (optional, for plugin installation)
@@ -59,6 +59,9 @@ INSTALLATION
 CONFIGURATION HINTS
 ===================
 
+IMPORTANT! Read all comments in defaults.inc.php, understand them
+and configure your installation to be not surprised by default behaviour.
+
 Roundcube writes internal errors to the 'errors' log file located in the logs
 directory which can be configured in config/config.inc.php. If you want ordinary
 PHP errors to be logged there as well, enable the 'php_value error_log' line
@@ -74,6 +77,7 @@ DATABASE SETUP
 ==============
 
 Note: Database for Roundcube must use UTF-8 character set.
+Note: See defaults.inc.php file for examples of DSN configuration.
 
 * MySQL
 -------

diff --git a/README.md b/README.md
@@ -72,8 +72,8 @@ For more information visit [roundcube.net/contribute][contrib]
 
 CONTACT
 -------
-For any bug reports or feature requests please refer to the tracking system
-at [trac.roundcube.net][tracreport] or subscribe to our mailing list.
+For bug reports or feature requests please refer to the tracking system
+at [Github][githubissues] or subscribe to our mailing list.
 See [roundcube.net/support][support] for details.
 
 You're always welcome to send a message to the project admin:
@@ -90,4 +90,4 @@ hello(at)roundcube(dot)net
 [license]:      http://roundcube.net/license
 [contrib]:      http://roundcube.net/contribute
 [support]:      http://roundcube.net/support
-[tracreport]:   http://trac.roundcube.net/wiki/Howto_ReportIssues
+[githubissues]: https://github.com/roundcube/roundcubemail/issues
diff --git a/bin/cleandb.sh b/bin/cleandb.sh
@@ -5,7 +5,7 @@
  | bin/cleandb.sh                                                        |
  |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2010, The Roundcube Dev Team                            |
+ | Copyright (C) 2010-2015, The Roundcube Dev Team                       |
  |                                                                       |
  | Licensed under the GNU General Public License version 3 or            |
  | any later version with exceptions for skins & plugins.                |
@@ -23,56 +23,11 @@ define('INSTALL_PATH', realpath(__DIR__ . '/..') . '/' );
 
 require INSTALL_PATH.'program/include/clisetup.php';
 
-// mapping for table name => primary key
-$primary_keys = array(
-    'contacts' => "contact_id",
-    'contactgroups' => "contactgroup_id",
-);
-
-// connect to DB
-$RCMAIL = rcube::get_instance();
-$db = $RCMAIL->get_dbh();
-$db->db_connect('w');
-
-if (!$db->is_connected() || $db->is_error()) {
-    rcube::raise_error("No DB connection", false, true);
-}
-
 if (!empty($_SERVER['argv'][1]))
     $days = intval($_SERVER['argv'][1]);
 else
     $days = 7;
 
-// remove all deleted records older than two days
-$threshold = date('Y-m-d 00:00:00', time() - $days * 86400);
-
-foreach (array('contacts','contactgroups','identities') as $table) {
-
-    $sqltable = $db->table_name($table, true);
-
-    // also delete linked records
-    // could be skipped for databases which respect foreign key constraints
-    if ($db->db_provider == 'sqlite'
-        && ($table == 'contacts' || $table == 'contactgroups')
-    ) {
-        $pk = $primary_keys[$table];
-        $memberstable = $db->table_name('contactgroupmembers');
-
-        $db->query(
-            "DELETE FROM " . $db->quote_identifier($memberstable).
-            " WHERE `$pk` IN (".
-                "SELECT `$pk` FROM $sqltable".
-                " WHERE `del` = 1 AND `changed` < ?".
-            ")",
-            $threshold);
-
-        echo $db->affected_rows() . " records deleted from '$memberstable'\n";
-    }
-
-    // delete outdated records
-    $db->query("DELETE FROM $sqltable WHERE `del` = 1 AND `changed` < ?", $threshold);
-
-    echo $db->affected_rows() . " records deleted from '$table'\n";
-}
+rcmail_utils::db_clean($days);
 
 ?>
diff --git a/bin/deluser.sh b/bin/deluser.sh
@@ -37,7 +37,7 @@ function _die($msg, $usage=false)
     exit(1);
 }
 
-$rcmail = rcmail::get_instance();
+$rcmail = rcube::get_instance();
 
 // get arguments
 $args     = rcube_utils::get_opt(array('h' => 'host'));

diff --git a/bin/indexcontacts.sh b/bin/indexcontacts.sh
@@ -24,31 +24,6 @@ define('INSTALL_PATH', realpath(__DIR__ . '/..') . '/' );
 require_once INSTALL_PATH.'program/include/clisetup.php';
 ini_set('memory_limit', -1);
 
-// connect to DB
-$RCMAIL = rcube::get_instance();
-
-$db = $RCMAIL->get_dbh();
-$db->db_connect('w');
-
-if (!$db->is_connected() || $db->is_error()) {
-    rcube::raise_error("No DB connection", false, true);
-}
-
-// iterate over all users
-$sql_result = $db->query("SELECT `user_id` FROM " . $db->table_name('users', true) . " ORDER BY `user_id`");
-while ($sql_result && ($sql_arr = $db->fetch_assoc($sql_result))) {
-    echo "Indexing contacts for user " . $sql_arr['user_id'] . "...";
-
-    $contacts = new rcube_contacts($db, $sql_arr['user_id']);
-    $contacts->set_pagesize(9999);
-
-    $result = $contacts->list_records();
-    while ($result->count && ($row = $result->next())) {
-        unset($row['words']);
-        $contacts->update($row['ID'], $row);
-    }
-
-    echo "done.\n";
-}
+rcmail_utils::indexcontacts();
 
 ?>
diff --git a/bin/initdb.sh b/bin/initdb.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/env php
+<?php
+/*
+ +-----------------------------------------------------------------------+
+ | bin/initdb.sh                                                         |
+ |                                                                       |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2010-2015, The Roundcube Dev Team                       |
+ | Copyright (C) 2010-2015, Kolab Systems AG                             |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
+ |                                                                       |
+ | PURPOSE:                                                              |
+ |   Create database schema                                              |
+ +-----------------------------------------------------------------------+
+ | Author: Aleksander Machniak <[email protected]>                            |
+ +-----------------------------------------------------------------------+
+*/
+
+define('INSTALL_PATH', realpath(__DIR__ . '/..') . '/' );
+
+require_once INSTALL_PATH . 'program/include/clisetup.php';
+
+// get arguments
+$opts = rcube_utils::get_opt(array(
+    'd' => 'dir',
+));
+
+if (empty($opts['dir'])) {
+    rcube::raise_error("Database schema directory not specified (--dir).", false, true);
+}
+
+// Check if directory exists
+if (!file_exists($opts['dir'])) {
+    rcube::raise_error("Specified database schema directory doesn't exist.", false, true);
+}
+
+rcmail_utils::db_init($opts['dir']);
+
+?>
diff --git a/bin/installto.sh b/bin/installto.sh
@@ -5,7 +5,7 @@
  | bin/installto.sh                                                      |
  |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2014, The Roundcube Dev Team                            |
+ | Copyright (C) 2014-2016, The Roundcube Dev Team                       |
  |                                                                       |
  | Licensed under the GNU General Public License version 3 or            |
  | any later version with exceptions for skins & plugins.                |
@@ -44,12 +44,20 @@ $input = trim(fgets(STDIN));
 if (strtolower($input) == 'y') {
   $err = false;
   echo "Copying files to target location...";
+
+  // Save a copy of original .htaccess file (#1490623)
+  if (file_exists("$target_dir/.htaccess")) {
+    $htaccess_copied = copy("$target_dir/.htaccess", "$target_dir/.htaccess.orig");
+  }
+
   $dirs = array('program','installer','bin','SQL','plugins','skins');
   if (is_dir(INSTALL_PATH . 'vendor') && !is_file(INSTALL_PATH . 'composer.json')) {
     $dirs[] = 'vendor';
   }
   foreach ($dirs as $dir) {
-    if (!system("rsync -avC " . INSTALL_PATH . "$dir/* $target_dir/$dir/")) {
+    // @FIXME: should we use --delete for all directories?
+    $delete = in_array($dir, array('program', 'installer')) ? '--delete ' : '';
+    if (!system("rsync -avC " . $delete . INSTALL_PATH . "$dir/* $target_dir/$dir/")) {
       $err = true;
       break;
     }
@@ -60,9 +68,22 @@ if (strtolower($input) == 'y') {
       break;
     }
   }
+
   // remove old (<1.0) .htaccess file
   @unlink("$target_dir/program/.htaccess");
-  echo "done.\n\n";
+  echo "done.";
+
+  // Inform the user about .htaccess change
+  if (!empty($htaccess_copied)) {
+    if (file_get_contents("$target_dir/.htaccess") != file_get_contents("$target_dir/.htaccess.orig")) {
+      echo "\n!! Old .htaccess file saved as .htaccess.orig !!";
+    }
+    else {
+      @unlink("$target_dir/.htaccess.orig");
+    }
+  }
+
+  echo "\n\n";
 
   if (is_dir("$target_dir/skins/default")) {
       echo "Removing old default skin...";