| [ Index ] |
|
Code source de Horde 3.1.3 |
1 <?php 2 /** 3 * $Horde: horde/index.php,v 2.105.4.8 2006/07/29 16:49:19 jan Exp $ 4 * 5 * Copyright 1999-2006 Charles J. Hagenbuch <chuck@horde.org> 6 * Copyright 1999-2006 Jon Parise <jon@horde.org> 7 * 8 * See the enclosed file COPYING for license information (LGPL). If you 9 * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html. 10 */ 11 12 @define('AUTH_HANDLER', true); 13 @define('HORDE_BASE', dirname(__FILE__)); 14 $horde_configured = (@file_exists(HORDE_BASE . '/config/conf.php') && 15 @file_exists(HORDE_BASE . '/config/mime_drivers.php') && 16 @file_exists(HORDE_BASE . '/config/nls.php') && 17 @file_exists(HORDE_BASE . '/config/prefs.php') && 18 @file_exists(HORDE_BASE . '/config/registry.php')); 19 20 if (!$horde_configured) { 21 require HORDE_BASE . '/lib/Test.php'; 22 Horde_Test::configFilesMissing('Horde', HORDE_BASE, 'prefs.php', 23 array('conf.php' => 'This is the main Horde configuration file. It contains paths and basic items that apply to the core framework and all Horde applications.', 24 'mime_drivers.php' => 'This file controls the global set of MIME drivers for the Horde framework, allowing applications to make use of programs such as enscript or mswordview to render content into HTML for viewing in a browser.', 25 'nls.php' => 'This file provides localisation support for the Horde framework.', 26 'registry.php' => 'The registry is how Horde applications find out how to talk to each other. You should list any installed Horde applications that you have here.')); 27 } 28 29 require_once HORDE_BASE . '/lib/base.php'; 30 31 if ($browser->isMobile()) { 32 require HORDE_BASE . '/services/portal/mobile.php'; 33 exit; 34 } 35 36 $main_page = Util::getFormData('url'); 37 38 // Break up the requested URL in $main_page and run some sanity checks 39 // on it to prevent phishing and XSS attacks. If any of the checks 40 // fail, $main_page will be set to null. 41 if (!empty($main_page)) { 42 // Mute errors in case of unparseable URLs 43 $req = @parse_url($main_page); 44 45 // We assume that any valid redirect URL will be in the same 46 // cookie domain. This helps prevent rogue off-site Horde installs 47 // from mimicking the real server. 48 if (isset($req['host'])) { 49 $qcookiedom = preg_quote($conf['cookie']['domain']); 50 if (!preg_match('/' . $qcookiedom . '$/', $req['host'])) { 51 $main_page = null; 52 } 53 } 54 55 // Protocol whitelist: If the URL is fully qualified, make sure it 56 // is either http or https. 57 $allowed_protocols = array('http', 'https'); 58 if (empty($req['scheme']) || 59 !in_array($req['scheme'], $allowed_protocols)) { 60 $main_page = null; 61 } 62 } 63 64 if (!$main_page) { 65 $initial_app = $prefs->getValue('initial_application'); 66 if (!empty($initial_app) && $registry->hasPermission($initial_app)) { 67 $main_page = Horde::url($registry->getInitialPage($initial_app), true); 68 } elseif (isset($registry->applications['horde']['initial_page'])) { 69 $main_page = Horde::applicationUrl($registry->applications['horde']['initial_page'], true); 70 } elseif (Auth::getAuth()) { 71 $main_page = Horde::applicationUrl('services/portal/', true); 72 } else { 73 $main_page = Horde::applicationUrl('login.php', true); 74 } 75 } 76 77 if (!Util::getFormData('frameset_loaded') && 78 ($conf['menu']['always'] || 79 (Auth::getAuth() && $prefs->getValue('show_sidebar')))) { 80 if ($browser->hasQuirk('scrollbar_in_way')) { 81 $scrollbar = 'yes'; 82 } else { 83 $scrollbar = 'auto'; 84 } 85 require HORDE_TEMPLATES . '/index/frames_index.inc'; 86 } else { 87 header('Location: ' . $main_page); 88 }
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 18:01:28 2007 | par Balluche grâce à PHPXref 0.7 |