From df1c369a9ddf6830a9c55b4b7c72e45ae3743e2f Mon Sep 17 00:00:00 2001
From: RainLoop Team <support@rainloop.net>
Date: Tue, 19 Nov 2013 01:33:57 +0400
Subject: [PATCH] add more security settings (allow_admin_panel,
 core_install_access_domains) + small fixes

---
 _include.php                                    | 17 ++---------------
 package.json                                    |  2 +-
 .../v/0.0.0/app/libraries/MailSo/Base/Http.php  |  3 ++-
 .../v/0.0.0/app/libraries/RainLoop/Actions.php  |  5 ++++-
 .../libraries/RainLoop/Config/Application.php   |  4 +++-
 .../v/0.0.0/app/libraries/RainLoop/Service.php  | 13 ++++++++++---
 rainloop/v/0.0.0/app/templates/BadBrowser.html  |  2 ++
 rainloop/v/0.0.0/app/templates/Error.html       |  2 ++
 rainloop/v/0.0.0/index.php                      |  3 ---
 9 files changed, 26 insertions(+), 25 deletions(-)

diff --git a/_include.php b/_include.php
index cd4a8cd79..319f3bd8d 100644
--- a/_include.php
+++ b/_include.php
@@ -8,7 +8,7 @@
 function __get_custom_data_full_path()
 {
 	return '';
-	return '/var/rainloop-data-folder/'; // custom data folder path
+	return '/var/external-rainloop-data-folder/'; // custom data folder path
 }
 
 /**
@@ -17,19 +17,6 @@ function __get_custom_data_full_path()
  */
 function __get_private_data_folder_internal_name($siteName)
 {
-	return '_default_'; // default domain folder name
+	return ''; // default value
 	return $siteName;
 }
-
-/**
- * @param string $siteName
- * @return string
- */
-function __get_core_install_access_site($siteName)
-{
-	return $siteName; // allow all
-
-	return in_array($siteName, array(
-		'domain.com', 'domain.net'
-	)) ? $siteName : '';
-}
diff --git a/package.json b/package.json
index 682f135ff..9aa65548e 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
 	"name": "RainLoop",
 	"title": "RainLoop Webmail",
 	"version": "1.4.0",
-	"release": "506",
+	"release": "507",
 	"description": "Simple, modern & fast web-based email client",
 	"homepage": "http://rainloop.net",
 	"main": "Gruntfile.js",
diff --git a/rainloop/v/0.0.0/app/libraries/MailSo/Base/Http.php b/rainloop/v/0.0.0/app/libraries/MailSo/Base/Http.php
index 66dc357a4..88f1784ec 100644
--- a/rainloop/v/0.0.0/app/libraries/MailSo/Base/Http.php
+++ b/rainloop/v/0.0.0/app/libraries/MailSo/Base/Http.php
@@ -269,7 +269,8 @@ class Http
 	 */
 	public function GetScheme()
 	{
-		return ('on' === \strtolower($this->GetServer('HTTPS'))) ? 'https' : 'http';
+		$sHttps = \strtolower($this->GetServer('HTTPS', ''));
+		return ('on' === $sHttps || ('' === $sHttps && '443' === (string) $this->GetServer('SERVER_PORT', ''))) ? 'https' : 'http';
 	}
 
 	/**
diff --git a/rainloop/v/0.0.0/app/libraries/RainLoop/Actions.php b/rainloop/v/0.0.0/app/libraries/RainLoop/Actions.php
index d7ce92275..0f97d6f2f 100644
--- a/rainloop/v/0.0.0/app/libraries/RainLoop/Actions.php
+++ b/rainloop/v/0.0.0/app/libraries/RainLoop/Actions.php
@@ -2256,7 +2256,10 @@ class Actions
 
 	private function rainLoopCoreAccess()
 	{
-		return $this->Http()->CheckLocalhost(APP_SITE) || APP_SITE === APP_CORE_INSTALL_ACCESS_SITE;
+		$sCoreAccess = \strtolower(\preg_replace('/[\s,;]+/', ' ',
+			$this->Config()->Get('security', 'core_install_access_domains', '')));
+
+		return '' === $sCoreAccess || APP_SITE === $sCoreAccess;
 	}
 
 	private function getRepositoryDataByUrl($sRepo, &$bReal = false)
diff --git a/rainloop/v/0.0.0/app/libraries/RainLoop/Config/Application.php b/rainloop/v/0.0.0/app/libraries/RainLoop/Config/Application.php
index c675ec74b..2fa8b32f7 100644
--- a/rainloop/v/0.0.0/app/libraries/RainLoop/Config/Application.php
+++ b/rainloop/v/0.0.0/app/libraries/RainLoop/Config/Application.php
@@ -87,7 +87,9 @@ class Application extends \RainLoop\Config\AbstractConfig
 
 				'custom_server_signature' => array('RainLoop'),
 				'admin_login'		=> array('admin', 'Login and password for web admin panel'),
-				'admin_password'	=> array('12345')
+				'admin_password'	=> array('12345'),
+				'allow_admin_panel' => array(true, 'Access settings'),
+				'core_install_access_domains' => array('')
 			),
 
 			'login' => array(
diff --git a/rainloop/v/0.0.0/app/libraries/RainLoop/Service.php b/rainloop/v/0.0.0/app/libraries/RainLoop/Service.php
index 1b78a89e1..596a20506 100644
--- a/rainloop/v/0.0.0/app/libraries/RainLoop/Service.php
+++ b/rainloop/v/0.0.0/app/libraries/RainLoop/Service.php
@@ -94,11 +94,11 @@ class Service
 
 		$this->oActions->ParseQueryAuthString();
 
-		if (defined('APP_INSTALLED_START') && defined('APP_INSTALLED_VERSION') && APP_INSTALLED_START &&
+		if (defined('APP_INSTALLED_START') && defined('APP_INSTALLED_VERSION') &&
+			APP_INSTALLED_START && !APP_INSTALLED_VERSION &&
 			$this->oActions->Config()->Get('labs', 'usage_statistics', true))
 		{
-			$this->oActions->KeenIO(APP_INSTALLED_VERSION ? 'Upgrade' : 'Install',
-				APP_INSTALLED_VERSION ?  array('previos-version' => APP_INSTALLED_VERSION) : array());
+			$this->oActions->KeenIO('Install');
 		}
 
 		$bCached = false;
@@ -115,6 +115,13 @@ class Service
 		$this->oActions->Plugins()->RunHook('filter.http-paths', array(&$aPaths));
 
 		$bAdmin = !empty($aPaths[0]) && \in_array(\strtolower($aPaths[0]), array('admin', 'cp'));
+		if ($bAdmin && !$this->oActions->Config()->Get('security', 'allow_admin_panel', true))
+		{
+			echo $this->oActions->ErrorTemplates('Access Denied.',
+				'Access to the RainLoop Webmail Admin Panel is not allowed!', true);
+			
+			return $this;
+		}
 
 		if (0 < \count($aPaths) && !empty($aPaths[0]) && !$bAdmin)
 		{
diff --git a/rainloop/v/0.0.0/app/templates/BadBrowser.html b/rainloop/v/0.0.0/app/templates/BadBrowser.html
index 26f6ce990..33d8422bb 100644
--- a/rainloop/v/0.0.0/app/templates/BadBrowser.html
+++ b/rainloop/v/0.0.0/app/templates/BadBrowser.html
@@ -56,8 +56,10 @@
 		</div>
 		<br />
 		<div class="error-desc">
+			<br />
 			{{ErrorDesc}}
 			<br />
+			<br />
 			<div class="browsers">
 				<a href="http://www.google.com/chrome/" target="_blank" style="background: url('{{BaseWebStaticPath}}browsers/chrome.gif') no-repeat 50% 6px;">Google Chrome</a>
 				<a href="http://www.mozilla-europe.org/" target="_blank" style="background: url('{{BaseWebStaticPath}}browsers/firefox.gif') no-repeat 50% 7px;">Mozilla Firefox</a>
diff --git a/rainloop/v/0.0.0/app/templates/Error.html b/rainloop/v/0.0.0/app/templates/Error.html
index 2ccb05743..2e314e12c 100644
--- a/rainloop/v/0.0.0/app/templates/Error.html
+++ b/rainloop/v/0.0.0/app/templates/Error.html
@@ -43,8 +43,10 @@
 		</div>
 		<br />
 		<div class="error-desc">
+			<br />
 			{{ErrorDesc}}
 			<br />
+			<br />
 			<div style="display: {{BackLinkVisibility}}">
 				<br />
 				<a href="{{BackHref}}">{{BackLink}}</a>
diff --git a/rainloop/v/0.0.0/index.php b/rainloop/v/0.0.0/index.php
index ed863b740..1928dd5d8 100644
--- a/rainloop/v/0.0.0/index.php
+++ b/rainloop/v/0.0.0/index.php
@@ -26,9 +26,6 @@
 		define('APP_PRIVATE_DATA_NAME', 0 === strlen($sPrivateDataFolderInternalName) ? APP_DEFAULT_PRIVATE_DATA_NAME : $sPrivateDataFolderInternalName);
 		define('APP_MULTIPLY', 0 < strlen($sPrivateDataFolderInternalName) && APP_DEFAULT_PRIVATE_DATA_NAME !== APP_PRIVATE_DATA_NAME);
 
-		define('APP_CORE_INSTALL_ACCESS_SITE', function_exists('__get_core_install_access_site') ?
-			__get_core_install_access_site(APP_SITE) : APP_SITE);
-		
 		define('APP_DUMMY', '********');
 		define('APP_DEV_VERSION', '0.0.0');
 		define('APP_API_PATH', 'http://api.rainloop.net/');