File manager - Edit - /usr/local/CyberCP/public/snappymail/snappymail/v/2.38.2/app/libraries/RainLoop/Service.php
Back
<?php namespace RainLoop; abstract class Service { /** * @staticvar bool $bOne */ public static function Handle() : bool { static $bOne = null; if (null === $bOne) { $bOne = static::RunResult(); } return $bOne; } private static function RunResult() : bool { $oConfig = Api::Config(); $sServer = \trim($oConfig->Get('security', 'custom_server_signature', '')); if (\strlen($sServer)) { \header('Server: '.$sServer); } \header('Referrer-Policy: no-referrer'); \header('X-Content-Type-Options: nosniff'); // Google FLoC, obsolete // \header('Permissions-Policy: interest-cohort=()'); static::setCSP(); $sXssProtectionOptionsHeader = \trim($oConfig->Get('security', 'x_xss_protection_header', '')) ?: '1; mode=block'; \header('X-XSS-Protection: '.$sXssProtectionOptionsHeader); $oHttp = \MailSo\Base\Http::SingletonInstance(); if ($oConfig->Get('security', 'force_https', false) && !$oHttp->IsSecure()) { \MailSo\Base\Http::Location('https://'.$oHttp->GetHost(false).$oHttp->GetUrl()); return true; } // See https://github.com/kjdev/php-ext-brotli if (!empty($_SERVER['HTTP_ACCEPT_ENCODING']) && $oConfig->Get('webmail', 'compress_output', false) && !\ini_get('zlib.output_compression') && !\ini_get('brotli.output_compression') ) { if (\is_callable('brotli_compress_add') && false !== \stripos($_SERVER['HTTP_ACCEPT_ENCODING'], 'br')) { \ob_start(function(string $buffer, int $phase){ static $resource; if ($phase & PHP_OUTPUT_HANDLER_START) { \header('Content-Encoding: br'); $resource = \brotli_compress_init(/*int $quality = 11, int $mode = BROTLI_GENERIC*/); } return \brotli_compress_add($resource, $buffer, ($phase & PHP_OUTPUT_HANDLER_FINAL) ? BROTLI_FINISH : BROTLI_PROCESS); }); } else { \ob_start('ob_gzhandler'); } } else { \ob_start(); } $sQuery = \trim($_SERVER['QUERY_STRING'] ?? ''); $iPos = \strpos($sQuery, '&'); if (0 < $iPos) { $sQuery = \substr($sQuery, 0, $iPos); } $sQuery = \trim(\trim($sQuery), ' /'); $aSubQuery = $_GET['q'] ?? null; if (\is_array($aSubQuery)) { $aSubQuery = \array_map(function ($sS) { return \trim(\trim($sS), ' /'); }, $aSubQuery); if (\count($aSubQuery)) { $sQuery .= '/' . \implode('/', $aSubQuery); } } $aPaths = \explode('/', $sQuery); $sAdminPanelHost = \trim($oConfig->Get('admin_panel', 'host', '')); if (empty($sAdminPanelHost)) { $bAdmin = !empty($aPaths[0]) && ($oConfig->Get('admin_panel', 'key', '') ?: 'admin') === $aPaths[0]; $bAdmin && \array_shift($aPaths); } else { $bAdmin = \mb_strtolower($sAdminPanelHost) === \mb_strtolower($oHttp->GetHost()); } $oActions = $bAdmin ? new ActionsAdmin() : Api::Actions(); $oActions->Plugins()->RunHook('filter.http-paths', array(&$aPaths)); if ($oHttp->IsPost()) { $oHttp->ServerNoCache(); } $oServiceActions = new ServiceActions($oHttp, $oActions); if ($bAdmin && !$oConfig->Get('security', 'allow_admin_panel', true)) { \MailSo\Base\Http::StatusHeader(403); echo $oServiceActions->ErrorTemplates('Access Denied.', 'Access to the SnappyMail Admin Panel is not allowed!'); return false; } $bIndex = true; if (\count($aPaths) && !empty($aPaths[0]) && 'index' !== \strtolower($aPaths[0])) { if ('mailto' !== \strtolower($aPaths[0]) && !\SnappyMail\HTTP\SecFetch::matchAnyRule($oConfig->Get('security', 'secfetch_allow', ''))) { \MailSo\Base\Http::StatusHeader(403); echo $oServiceActions->ErrorTemplates('Access Denied.', "Disallowed Sec-Fetch Dest: " . ($_SERVER['HTTP_SEC_FETCH_DEST'] ?? '') . " Mode: " . ($_SERVER['HTTP_SEC_FETCH_MODE'] ?? '') . " Site: " . ($_SERVER['HTTP_SEC_FETCH_SITE'] ?? '') . " User: " . (\SnappyMail\HTTP\SecFetch::user() ? 'true' : 'false')); return false; } $sMethodName = 'Service'.\preg_replace('/@.+$/', '', $aPaths[0]); $sMethodExtra = \strpos($aPaths[0], '@') ? \preg_replace('/^[^@]+@/', '', $aPaths[0]) : ''; if (\method_exists($oServiceActions, $sMethodName) && \is_callable(array($oServiceActions, $sMethodName))) { $bIndex = false; $oServiceActions->SetQuery($sQuery)->SetPaths($aPaths); echo $oServiceActions->{$sMethodName}($sMethodExtra); } else if ($oActions->Plugins()->RunAdditionalPart($aPaths[0], $aPaths)) { $bIndex = false; } } if ($bIndex) { // https://github.com/the-djmaze/snappymail/issues/1024 $oHttp->ServerNoCache(); if (!$bAdmin) { $login = $oConfig->Get('labs', 'custom_login_link', ''); if ($login && !$oActions->getAccountFromToken(false)) { \MailSo\Base\Http::Location($login); return true; } } // if (!\SnappyMail\HTTP\SecFetch::isEntering()) { \header('Content-Type: text/html; charset=utf-8'); if (!\is_dir(APP_DATA_FOLDER_PATH) || !\is_writable(APP_DATA_FOLDER_PATH)) { echo $oServiceActions->ErrorTemplates( 'Permission denied!', 'SnappyMail can not access the data folder "'.APP_DATA_FOLDER_PATH.'"' ); return false; } $sLanguage = $oActions->GetLanguage($bAdmin); $bAppDebug = $oConfig->Get('debug', 'enable', false); $sAppJsMin = $bAppDebug || $oConfig->Get('debug', 'javascript', false) ? '' : '.min'; $sAppCssMin = $bAppDebug || $oConfig->Get('debug', 'css', false) ? '' : '.min'; $sFaviconUrl = (string) $oConfig->Get('webmail', 'favicon_url', ''); $sFaviconPngLink = $sFaviconUrl ?: Utils::WebStaticPath('apple-touch-icon.png'); $sAppleTouchLink = $sFaviconUrl ? '' : Utils::WebStaticPath('apple-touch-icon.png'); $oActions = Api::Actions(); $sThemeName = $oActions->GetTheme($bAdmin); $aTemplateParameters = array( '{{BaseAppThemeName}}' => $sThemeName, '{{BaseAppFaviconPngLinkTag}}' => $sFaviconPngLink ? '<link type="image/png" rel="shortcut icon" href="'.$sFaviconPngLink.'">' : '', '{{BaseAppFaviconTouchLinkTag}}' => $sAppleTouchLink ? '<link type="image/png" rel="apple-touch-icon" href="'.$sAppleTouchLink.'">' : '', '{{BaseAppManifestLink}}' => Utils::WebStaticPath('manifest.json'), '{{BaseFavIconSvg}}' => $sFaviconUrl ? '' : Utils::WebStaticPath('favicon.svg'), '{{LoadingDescriptionEsc}}' => \htmlspecialchars($oConfig->Get('webmail', 'loading_description', 'SnappyMail'), ENT_QUOTES|ENT_IGNORE, 'UTF-8'), '{{BaseAppAdmin}}' => $bAdmin ? 1 : 0 ); $sCacheFileName = 'TMPL:' . \sha1( Utils::jsonEncode(array( $sLanguage, $oConfig->Get('cache', 'index', ''), $oActions->Plugins()->Hash(), $sAppJsMin, $sAppCssMin, $aTemplateParameters, APP_VERSION )) ); // https://github.com/the-djmaze/snappymail/issues/1024 // $oActions->verifyCacheByKey($sCacheFileName); if ($oConfig->Get('cache', 'system_data', true)) { $sResult = $oActions->Cacher()->Get($sCacheFileName); } else { $sResult = ''; } if ($sResult) { $sResult .= '<!--cached-->'; } else { $aTemplateParameters['{{BaseAppBootCss}}'] = \file_get_contents(APP_VERSION_ROOT_PATH.'static/css/boot'.$sAppCssMin.'.css'); $aTemplateParameters['{{BaseAppBootScript}}'] = \file_get_contents(APP_VERSION_ROOT_PATH.'static/js'.($sAppJsMin ? '/min' : '').'/boot'.$sAppJsMin.'.js'); $aTemplateParameters['{{BaseAppMainCssLink}}'] = Utils::WebStaticPath('css/'.($bAdmin ? 'admin' : 'app').$sAppCssMin.'.css'); $aTemplateParameters['{{BaseAppThemeCss}}'] = \preg_replace('/\\s*([:;{},]+)\\s*/s', '$1', $oActions->compileCss($sThemeName, $bAdmin)); $aTemplateParameters['{{BaseLanguage}}'] = $oActions->compileLanguage($sLanguage, $bAdmin); $aTemplateParameters['{{BaseTemplates}}'] = Utils::ClearHtmlOutput($oServiceActions->compileTemplates($bAdmin)); $aTemplateParameters['{{NO_SCRIPT_DESC}}'] = \nl2br($oActions->StaticI18N('NO_SCRIPT_TITLE') . "\n" . $oActions->StaticI18N('NO_SCRIPT_DESC')); $aTemplateParameters['{{NO_COOKIE_TITLE}}'] = $oActions->StaticI18N('NO_COOKIE_TITLE'); $aTemplateParameters['{{NO_COOKIE_DESC}}'] = $oActions->StaticI18N('NO_COOKIE_DESC'); $aTemplateParameters['{{BAD_BROWSER_TITLE}}'] = $oActions->StaticI18N('BAD_BROWSER_TITLE'); $aTemplateParameters['{{BAD_BROWSER_DESC}}'] = \nl2br($oActions->StaticI18N('BAD_BROWSER_DESC')); $sResult = Utils::ClearHtmlOutput(\file_get_contents(APP_VERSION_ROOT_PATH.'app/templates/Index.html')); $sResult = \strtr($sResult, $aTemplateParameters); if ($sCacheFileName) { $oActions->Cacher()->Set($sCacheFileName, $sResult); } } $SameSite = \strtolower($oConfig->Get('security', 'cookie_samesite', 'Strict')); $Secure = (isset($_SERVER['HTTPS']) || 'none' == $SameSite) ? ';secure' : ''; $sResult = \str_replace('samesite=strict', "samesite={$SameSite}{$Secure}", $sResult); $sScriptNonce = \SnappyMail\UUID::generate(); static::setCSP($sScriptNonce); $sResult = \str_replace('nonce=""', 'nonce="'.$sScriptNonce.'"', $sResult); /* \preg_match('<script[^>]+>(.+)</script>', $sResult, $script); $sScriptHash = 'sha256-'.\base64_encode(\hash('sha256', $script[1], true)); static::setCSP(null, $sScriptHash); */ // https://github.com/the-djmaze/snappymail/issues/1024 // $oActions->cacheByKey($sCacheFileName); echo $sResult; unset($sResult); } else if (!\headers_sent()) { \header('X-XSS-Protection: 1; mode=block'); } $oActions->BootEnd(); return true; } private static function setCSP(?string $sScriptNonce = null) : void { Api::getCSP($sScriptNonce)->setHeaders(); } }
| ver. 1.4 |
Github
|
.
| PHP 8.2.28 | Generation time: 0.02 |
proxy
|
phpinfo
|
Settings