From 9c0f17803c3f70bbababb6bd94efecd528e7f792 Mon Sep 17 00:00:00 2001 From: pdontthink Date: Thu, 25 Jan 2007 02:02:25 +0000 Subject: [PATCH] Allow admin to disable secure-only cookie transmission git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@12202 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- config/conf.pl | 81 ++++++++++++++++++++++++++++++-------------- functions/global.php | 6 ++++ 2 files changed, 62 insertions(+), 25 deletions(-) diff --git a/config/conf.pl b/config/conf.pl index 5af0a43c..f73864b8 100755 --- a/config/conf.pl +++ b/config/conf.pl @@ -471,6 +471,7 @@ $smtp_sitewide_pass = '' if ( !$smtp_sitewide_pass ); $icon_theme_def = '' if ( !$icon_theme_def ); $disable_plugins = 'false' if ( !$disable_plugins ); $disable_plugins_user = '' if ( !$disable_plugins_user ); +$only_secure_cookies = 'true' if ( !$only_secure_cookies ); if ( $ARGV[0] eq '--install-plugin' ) { print "Activating plugin " . $ARGV[1] . "\n"; @@ -657,24 +658,25 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) { print "R Return to Main Menu\n"; } elsif ( $menu == 4 ) { print $WHT. "General Options\n" . $NRM; - print "1. Data Directory : $WHT$data_dir$NRM\n"; - print "2. Attachment Directory : $WHT$attachment_dir$NRM\n"; - print "3. Directory Hash Level : $WHT$dir_hash_level$NRM\n"; - print "4. Default Left Size : $WHT$default_left_size$NRM\n"; - print "5. Usernames in Lowercase : $WHT$force_username_lowercase$NRM\n"; - print "6. Allow use of priority : $WHT$default_use_priority$NRM\n"; - print "7. Hide SM attributions : $WHT$hide_sm_attributions$NRM\n"; - print "8. Allow use of receipts : $WHT$default_use_mdn$NRM\n"; - print "9. Allow editing of identity : $WHT$edit_identity$NRM\n"; - print " Allow editing of name : $WHT$edit_name$NRM\n"; - print " Remove username from header : $WHT$hide_auth_header$NRM\n"; - print "10. Disable server thread sort : $WHT$disable_thread_sort$NRM\n"; - print "11. Disable server-side sorting : $WHT$disable_server_sort$NRM\n"; - print "12. Allow server charset search : $WHT$allow_charset_search$NRM\n"; - print "13. Allow advanced search : $WHT$allow_advanced_search$NRM\n"; - print "14. PHP session name : $WHT$session_name$NRM\n"; - print "15. Time zone configuration : $WHT$time_zone_type$NRM\n"; - print "16. Location base : $WHT$config_location_base$NRM\n"; + print "1. Data Directory : $WHT$data_dir$NRM\n"; + print "2. Attachment Directory : $WHT$attachment_dir$NRM\n"; + print "3. Directory Hash Level : $WHT$dir_hash_level$NRM\n"; + print "4. Default Left Size : $WHT$default_left_size$NRM\n"; + print "5. Usernames in Lowercase : $WHT$force_username_lowercase$NRM\n"; + print "6. Allow use of priority : $WHT$default_use_priority$NRM\n"; + print "7. Hide SM attributions : $WHT$hide_sm_attributions$NRM\n"; + print "8. Allow use of receipts : $WHT$default_use_mdn$NRM\n"; + print "9. Allow editing of identity : $WHT$edit_identity$NRM\n"; + print " Allow editing of name : $WHT$edit_name$NRM\n"; + print " Remove username from header : $WHT$hide_auth_header$NRM\n"; + print "10. Disable server thread sort : $WHT$disable_thread_sort$NRM\n"; + print "11. Disable server-side sorting : $WHT$disable_server_sort$NRM\n"; + print "12. Allow server charset search : $WHT$allow_charset_search$NRM\n"; + print "13. Allow advanced search : $WHT$allow_advanced_search$NRM\n"; + print "14. PHP session name : $WHT$session_name$NRM\n"; + print "15. Time zone configuration : $WHT$time_zone_type$NRM\n"; + print "16. Location base : $WHT$config_location_base$NRM\n"; + print "17. Only secure cookies if poss. : $WHT$only_secure_cookies$NRM\n"; print "\n"; print "R Return to Main Menu\n"; } elsif ( $menu == 5 ) { @@ -920,6 +922,7 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) { elsif ( $command == 14 ) { $session_name = command317(); } elsif ( $command == 15 ) { $time_zone_type = command318(); } elsif ( $command == 16 ) { $config_location_base = command_config_location_base(); } + elsif ( $command == 17 ) { $only_secure_cookies = command319(); } } elsif ( $menu == 5 ) { if ( $command == 1 ) { $use_icons = commandB3(); } # elsif ( $command == 3 ) { $icon_theme_def = commandB7(); } @@ -2623,6 +2626,32 @@ sub command_config_location_base { return $config_location_base; } +# only_secure_cookies (since 1.5.2) +sub command319 { + print "This option allows you to specify that if a user session is initiated\n"; + print "under a secure (HTTPS, SSL-encrypted) connection, the cookies given to\n"; + print "the browser will ONLY be transmitted via a secure connection henceforth.\n\n"; + print "Generally this is a Good Thing, and should NOT be disabled. However,\n"; + print "if you intend to use the Secure Login or Show SSL Link plugins to\n"; + print "encrypt the user login, but not the rest of the SquirrelMail session,\n"; + print "this can be turned off. Think twice before doing so.\n"; + print "\n"; + + if ( lc($only_secure_cookies) eq 'true' ) { + $default_value = "y"; + } else { + $default_value = "n"; + } + print "Transmit cookies only on secure connection when available? (y/n) [$WHT$default_value$NRM]: $WHT"; + $only_secure_cookies = ; + if ( ( $only_secure_cookies =~ /^y\n/i ) || ( ( $only_secure_cookies =~ /^\n/ ) && ( $default_value eq "y" ) ) ) { + $only_secure_cookies = 'true'; + } else { + $only_secure_cookies = 'false'; + } + return $only_secure_cookies; +} + sub command_userThemes { print "\nDefine the user themes that you wish to use. If you have added\n"; @@ -4614,17 +4643,19 @@ sub save_data { print CF "\$no_list_for_subscribe = $no_list_for_subscribe;\n"; # string - print CF "\$smtp_auth_mech = '$smtp_auth_mech';\n"; - print CF "\$smtp_sitewide_user = '". quote_single($smtp_sitewide_user) ."';\n"; - print CF "\$smtp_sitewide_pass = '". quote_single($smtp_sitewide_pass) ."';\n"; + print CF "\$smtp_auth_mech = '$smtp_auth_mech';\n"; + print CF "\$smtp_sitewide_user = '". quote_single($smtp_sitewide_user) ."';\n"; + print CF "\$smtp_sitewide_pass = '". quote_single($smtp_sitewide_pass) ."';\n"; # string - print CF "\$imap_auth_mech = '$imap_auth_mech';\n"; + print CF "\$imap_auth_mech = '$imap_auth_mech';\n"; # boolean - print CF "\$use_imap_tls = $use_imap_tls;\n"; + print CF "\$use_imap_tls = $use_imap_tls;\n"; # boolean - print CF "\$use_smtp_tls = $use_smtp_tls;\n"; + print CF "\$use_smtp_tls = $use_smtp_tls;\n"; # string - print CF "\$session_name = '$session_name';\n"; + print CF "\$session_name = '$session_name';\n"; + # boolean + print CF "\$only_secure_cookies = $only_secure_cookies;\n"; print CF "\n"; diff --git a/functions/global.php b/functions/global.php index 18ee0e2e..a263d6d0 100644 --- a/functions/global.php +++ b/functions/global.php @@ -385,6 +385,12 @@ function sqsetcookie($sName,$sValue="deleted",$iExpire=0,$sPath="",$sDomain="",$ if ($sName && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']) { $bSecure = true; } + + // admin config can override the restriction of secure-only cookies + global $only_secure_cookies; + if (!$only_secure_cookies) + $bSecure = false; + if (false && check_php_version(5,2)) { // php 5 supports the httponly attribute in setcookie, but because setcookie seems a bit // broken we use the header function for php 5.2 as well. We might change that later. -- 2.25.1