/**
* @return bool
*/
protected function validateToken()
{
return $this->oHttp->IsPost() ? $this->oActions->validateCsrfToken($this->oHttp->GetPost('Token')) : true;
}
/**
* @return string
*/
public function ServiceAjax()
{
@\ob_start();
$aResponseItem = null;
$oException = null;
$sAction = $this->oHttp->GetPost('Action', null);
if (empty($sAction) && $this->oHttp->IsGet() && !empty($this->aPaths[2])) {
$sAction = $this->aPaths[2];
}
try {
if ($this->oHttp->IsPost() && !in_array($sAction, array('JsInfo', 'JsError')) && $this->Config()->Get('security', 'csrf_protection', false) && $this->oHttp->GetPost('XToken', '') !== \RainLoop\Utils::GetCsrfToken()) {
throw new \RainLoop\Exceptions\ClientException(\RainLoop\Notifications::InvalidToken);
} else {
if (!empty($sAction)) {
$sMethodName = 'Do' . $sAction;
$this->Logger()->Write('Action: ' . $sMethodName, \MailSo\Log\Enumerations\Type::NOTE, 'AJAX');
$aPost = $this->oHttp->GetPostAsArray();
if (\is_array($aPost) && 0 < \count($aPost)) {
$this->oActions->SetActionParams($aPost, $sMethodName);
switch ($sMethodName) {
case 'DoLogin':
case 'DoAdminLogin':
case 'DoAccountAdd':
$this->Logger()->AddSecret($this->oActions->GetActionParam('Password', ''));
break;
case 'DoChangePassword':
$this->Logger()->AddSecret($this->oActions->GetActionParam('PrevPassword', ''));
$this->Logger()->AddSecret($this->oActions->GetActionParam('NewPassword', ''));
break;
}
$this->Logger()->Write(\MailSo\Base\Utils::Php2js($aPost, $this->Logger()), \MailSo\Log\Enumerations\Type::INFO, 'POST', true);
} else {
if (3 < \count($this->aPaths) && $this->oHttp->IsGet()) {
$this->oActions->SetActionParams(array('RawKey' => empty($this->aPaths[3]) ? '' : $this->aPaths[3]), $sMethodName);
}
}
if (\method_exists($this->oActions, $sMethodName) && \is_callable(array($this->oActions, $sMethodName))) {
$this->Plugins()->RunHook('ajax.action-pre-call', array($sAction));
$aResponseItem = \call_user_func(array($this->oActions, $sMethodName));
$this->Plugins()->RunHook('ajax.action-post-call', array($sAction, &$aResponseItem));
} else {
if ($this->Plugins()->HasAdditionalAjax($sMethodName)) {
$this->Plugins()->RunHook('ajax.action-pre-call', array($sAction));
$aResponseItem = $this->Plugins()->RunAdditionalAjax($sMethodName);
$this->Plugins()->RunHook('ajax.action-post-call', array($sAction, &$aResponseItem));
}
}
}
}
if (!\is_array($aResponseItem)) {
throw new \RainLoop\Exceptions\ClientException(\RainLoop\Notifications::UnknownError);
}
} catch (\Exception $oException) {
$aResponseItem = $this->oActions->ExceptionResponse(empty($sAction) ? 'Unknown' : $sAction, $oException);
if (\is_array($aResponseItem) && 'Folders' === $sAction && $oException instanceof \RainLoop\Exceptions\ClientException) {
$aResponseItem['ClearAuth'] = true;
}
}
if (\is_array($aResponseItem)) {
$aResponseItem['Time'] = (int) ((\microtime(true) - APP_START) * 1000);
}
$this->Plugins()->RunHook('filter.ajax-response', array($sAction, &$aResponseItem));
@\header('Content-Type: application/json; charset=utf-8');
$sResult = \MailSo\Base\Utils::Php2js($aResponseItem, $this->Logger());
$sObResult = @\ob_get_clean();
if ($this->Logger()->IsEnabled()) {
if (0 < \strlen($sObResult)) {
$this->Logger()->Write($sObResult, \MailSo\Log\Enumerations\Type::ERROR, 'OB-DATA');
}
if ($oException) {
$this->Logger()->WriteException($oException, \MailSo\Log\Enumerations\Type::ERROR);
}
$iLimit = (int) $this->Config()->Get('labs', 'log_ajax_response_write_limit', 0);
$this->Logger()->Write(0 < $iLimit && $iLimit < \strlen($sResult) ? \substr($sResult, 0, $iLimit) . '...' : $sResult, \MailSo\Log\Enumerations\Type::INFO, 'AJAX');
}
return $sResult;
}
/**
* @return \RainLoop\Service
*/
private function localHandle()
{
if (!\class_exists('MailSo\\Version')) {
return $this;
}
$this->oActions->BootStart();
$sResult = '';
$bCached = false;
$sQuery = $this->oActions->ParseQueryAuthString();
$this->oActions->Plugins()->RunHook('filter.http-query', array(&$sQuery));
$aPaths = \explode('/', $sQuery);
$this->oActions->Plugins()->RunHook('filter.http-paths', array(&$aPaths));
$bAdmin = false;
$sAdminPanelHost = $this->oActions->Config()->Get('security', 'admin_panel_host', '');
if (empty($sAdminPanelHost)) {
$bAdmin = !empty($aPaths[0]) && \in_array(\strtolower($aPaths[0]), array('admin', 'cp'));
} else {
if (empty($aPaths[0]) && \MailSo\Base\Utils::StrToLowerIfAscii($sAdminPanelHost) === \MailSo\Base\Utils::StrToLowerIfAscii($this->oHttp->GetHost())) {
$bAdmin = true;
}
}
if ($this->oHttp->IsPost()) {
$this->oHttp->ServerNoCache();
}
if ($bAdmin && !$this->oActions->Config()->Get('security', 'allow_admin_panel', true)) {
echo $this->oServiceActions->ErrorTemplates('Access Denied.', 'Access to the RainLoop Webmail Admin Panel is not allowed!', true);
return $this;
}
$bIndex = true;
if (0 < \count($aPaths) && !empty($aPaths[0]) && !$bAdmin && 'index' !== $aPaths[0]) {
$bIndex = false;
$sMethodName = 'Service' . $aPaths[0];
if (\method_exists($this->oServiceActions, $sMethodName) && \is_callable(array($this->oServiceActions, $sMethodName))) {
$this->oServiceActions->SetQuery($sQuery)->SetPaths($aPaths);
$sResult = \call_user_func(array($this->oServiceActions, $sMethodName));
} else {
if (!$this->oActions->Plugins()->RunAdditionalPart($aPaths[0], $aPaths)) {
$bIndex = true;
}
}
}
if ($bIndex) {
@\header('Content-Security-Policy:');
@\header_remove('Content-Security-Policy');
@header('Content-Type: text/html; charset=utf-8');
$this->oHttp->ServerNoCache();
if (!@\is_dir(APP_DATA_FOLDER_PATH) || !@\is_writable(APP_DATA_FOLDER_PATH)) {
echo $this->oServiceActions->ErrorTemplates('Permission denied!', 'RainLoop Webmail cannot access to the data folder "' . APP_DATA_FOLDER_PATH . '"');
return $this;
}
$aTemplateParameters = $this->indexTemplateParameters($bAdmin);
$sCacheFileName = '';
if ($this->oActions->Config()->Get('labs', 'cache_system_data', true)) {
$sCacheFileName = 'TMPL:' . $aTemplateParameters['{{BaseHash}}'];
$sResult = $this->oActions->Cacher()->Get($sCacheFileName);
}
if (0 === \strlen($sResult)) {
// $aTemplateParameters['{{BaseTemplates}}'] = $this->oServiceActions->compileTemplates($bAdmin, false);
$sResult = \strtr(\file_get_contents(APP_VERSION_ROOT_PATH . 'app/templates/Index.html'), $aTemplateParameters);
$sResult = \RainLoop\Utils::ClearHtmlOutput($sResult);
if (0 < \strlen($sCacheFileName)) {
$this->oActions->Cacher()->Set($sCacheFileName, $sResult);
}
} else {
$bCached = true;
}
$sResult .= '<!--';
$sResult .= ' [time:' . \substr(\microtime(true) - APP_START, 0, 6);
// $sResult .= '][version:'.APP_VERSION;
if ($this->oActions->IsOpen()) {
$sResult .= '][AGPLv3';
}
$sResult .= '][cached:' . ($bCached ? 'true' : 'false');
// $sResult .= '][hash:'.$aTemplateParameters['{{BaseHash}}'];
// $sResult .= '][session:'.\md5(\RainLoop\Utils::GetShortToken());
if (\RainLoop\Utils::IsOwnCloud()) {
$sResult .= '][owncloud:true';
}
$sResult .= '] //-->';
}
// Output result
echo $sResult;
unset($sResult);
$this->oActions->BootEnd();
return $this;
}