1 files changed, 63 insertions, 0 deletions

diff --git a/webmail/program/steps/utils/modcss.inc b/webmail/program/steps/utils/modcss.inc
new file mode 100644
index 0000000..1a28c65
--- /dev/null
+++ b/webmail/program/steps/utils/modcss.inc
@@ -0,0 +1,63 @@
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | program/steps/utils/modcss.inc                                        |
+ |                                                                       |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2007-2012, The Roundcube Dev Team                       |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
+ |                                                                       |
+ | PURPOSE:                                                              |
+ |   Modify CSS source from a URL                                        |
+ |                                                                       |
+ +-----------------------------------------------------------------------+
+ | Author: Thomas Bruederli <roundcube@gmail.com>                        |
+ | Author: Aleksander Machniak <alec@alec.pl>                            |
+ +-----------------------------------------------------------------------+
+*/
+
+$url = preg_replace('![^a-z0-9.-]!i', '', $_GET['_u']);
+
+if ($url === null || !($realurl = $_SESSION['modcssurls'][$url])) {
+    header('HTTP/1.1 403 Forbidden');
+    exit("Unauthorized request");
+}
+
+// don't allow any other connections than http(s)
+if (!preg_match('~^(https?)://~i', $realurl, $matches)) {
+    header('HTTP/1.1 403 Forbidden');
+    exit("Invalid URL");
+}
+
+if (!ini_get('allow_url_fopen')) {
+    header('HTTP/1.1 403 Forbidden');
+    exit("HTTP connections disabled");
+}
+
+$scheme  = strtolower($matches[1]);
+$options = array(
+    $scheme => array(
+        'method' => 'GET',
+        'timeout' => 15,
+    )
+);
+
+$context = stream_context_create($options);
+$source  = @file_get_contents($realurl, false, $context);
+
+// php.net/manual/en/reserved.variables.httpresponseheader.php
+$headers = implode("\n", (array)$http_response_header);
+$ctype   = '~Content-Type:\s+text/(css|plain)~i';
+
+if ($source !== false && preg_match($ctype, $headers)) {
+    header('Content-Type: text/css');
+    echo rcmail_mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['_c']));
+    exit;
+}
+
+header('HTTP/1.0 404 Not Found');
+exit("Invalid response returned by server");