Secure bin scripts by requiring a valid session and replace preg_replace(/../e) with preg_replace_callback

git-svn-id: https://svn.roundcube.net/trunk@2187 208e9e7b-5314-0410-a742-e7e81cd9613c
author: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2008-12-24 14:19:27 +0000
committer: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2008-12-24 14:19:27 +0000
commit: 3e3fafb16ed867f82123931de222286bd34a05c3 (patch)
tree: 70bcd0c2623c2f05e86312b1366390434795b3cc /roundcubemail/bin/html2text.php
parent: ed39505e00f9db64f1f029f07a320bd2cd142ccd (diff)
1 files changed, 12 insertions, 4 deletions
diff --git a/roundcubemail/bin/html2text.php b/roundcubemail/bin/html2text.php
index 3839f5d34..82a4044f8 100644
--- a/roundcubemail/bin/html2text.php
+++ b/roundcubemail/bin/html2text.php
@@ -20,11 +20,19 @@
 */
 
 define('INSTALL_PATH', realpath(dirname(__FILE__) . '/..') . '/');
-require INSTALL_PATH.'program/include/iniset.php';
+require INSTALL_PATH . 'program/include/iniset.php';
 
-$converter = new html2text($HTTP_RAW_POST_DATA);
+$RCMAIL = rcmail::get_instance();
 
-header('Content-Type: text/plain; charset=UTF-8');
-print trim($converter->get_text());
+if (!empty($RCMAIL->user->ID)) {
+  $converter = new html2text($HTTP_RAW_POST_DATA);
+
+  header('Content-Type: text/plain; charset=UTF-8');
+  print trim($converter->get_text());
+}
+else {
+  header("HTTP/1.0 403 Forbidden");
+  echo "Requires a valid user session";
+}
 
 ?>
author	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2008-12-24 14:19:27 +0000
committer	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2008-12-24 14:19:27 +0000
commit	3e3fafb16ed867f82123931de222286bd34a05c3 (patch)
tree	70bcd0c2623c2f05e86312b1366390434795b3cc /roundcubemail/bin/html2text.php
parent	ed39505e00f9db64f1f029f07a320bd2cd142ccd (diff)