Title: Dereffer of Externals Links
Post by: igor on March 31, 2008, 04:39:27 PM
Post by: igor on March 31, 2008, 04:39:27 PM
Hey there,
could anyone help me?
I'm trying to extend my roundcube installation with a deref-funktion like gmx have.
I found following solution for myself but's very unperfekt because it would not work with ssl-protected sites
first the things witch are inperfekt
-external solution
-no user orientated protection
-no functionality with ssl-sites (because of domain orientated protection)
-not skinable/not using the user-skins
must have (in my eys)
-more integration in roundcube
-user orientated protection
-100% neutral link for those browsers witch reffer the deref site (sound's lucky but opera reffer the site in all cases I try)
may have
-using the roundcube skin
now my first try (and external solution):
first change links
Original:
than the solution for dereffering the links (not my own solution):
deref/index.php
Code to protect the deref-funktion from extrenal use:
now I'd like to include all this directly in the roundcube installation so that links look like
http://www.domain.tld/roundcubeinstallation/?_task=def&url=http://external.tld/link
and the authentication is given by roundcube login (session)
I hope my intention is understandable and anyone could help me to include these function.
at least a simple sumerage of the functionality of this.
-the destination page is given in the url (?destination)
-dereferring by using meta refresh
-for browsers without meta refreshfunctionality site with link in it (like: "klick here to go to .... ")
-protecting deref from unknown users
why all this?
to Protect userdetails (linke e-mail-nr and so on) from other webmasters (on destinationpages)
could anyone help me?
I'm trying to extend my roundcube installation with a deref-funktion like gmx have.
I found following solution for myself but's very unperfekt because it would not work with ssl-protected sites
first the things witch are inperfekt
-external solution
-no user orientated protection
-no functionality with ssl-sites (because of domain orientated protection)
-not skinable/not using the user-skins
must have (in my eys)
-more integration in roundcube
-user orientated protection
-100% neutral link for those browsers witch reffer the deref site (sound's lucky but opera reffer the site in all cases I try)
may have
-using the roundcube skin
now my first try (and external solution):
first change links
Original:
Code Select
$convert_patterns[] = "/([\w]+):\/\/([a-z0-9\-\.]+[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/ie";
$convert_replaces[] = "rcmail_str_replacement('<a href=\"\\1://\\2\" target=\"_blank\">\\1://\\2</a>', \$replace_strings)";
$convert_patterns[] = "/([^\/:]|\s)(www\.)([a-z0-9\-]{2,}[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/ie";
$convert_replaces[] = "rcmail_str_replacement('\\1<a href=\"[url]http://\\2\\3\"[/url] target=\"_blank\">\\2\\3</a>', \$replace_strings)";
Replace:Code Select
$convert_patterns[] = "/([\w]+):\/\/([a-z0-9\-\.]+[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/ie";
$convert_replaces[] = "rcmail_str_replacement('\\1://\\2', \$replace_strings)";
$convert_patterns[] = "/([^\/:]|\s)(www\.)([a-z0-9\-]{2,}[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/ie";
$convert_replaces[] = "rcmail_str_replacement('\\1\\2\\3', \$replace_strings)";than the solution for dereffering the links (not my own solution):
deref/index.php
Code Select
function tpl ($template)
{
if (file_exists ('tpl/' . $template . '.html'))
{
include 'tpl/' . $template . '.html';
}
}
function logfile ()
{
global $link_url;
global $config;
if ($config['log'] == 1)
{
$fp = fopen ('log/logfile.txt', 'a');
fwrite($fp, "$link_url");
fwrite($fp, "\n");
fclose ($fp);
}
}
$config['prcl'] = 'http';
$config['time'] = 0;
$config['log'] = 1;
$link_url = urldecode($_SERVER['QUERY_STRING']);
if ($link_url != '')
{
/* Not nessesary because roundcube change the links itselve)
if (substr($link_url, 0, 7)!='[url]http://'[/url]) || substr($link_url, 0, 8)!='[url]https://'[/url] || substr($link_url, 0, 6)!='[url]ftp://'[/url]
{
$link_url = $config['prcl'] . '://' . $link_url;
}
*/
$link_head = $link_url;
$link_time = $config['time'];
logfile ();
tpl ('page_redirect');
exit ();
}
tpl ('page');
exit ();
?>deref/tpl/page_redirect.htmlCode Select
global $link_head;
global $link_time;
?>
[/url]
Willkommen[/url] bei RoundCube Webmail
Weiterleitung
[/url]
; URL=">
!["RoundCube]("[url]http://domain.tld/roundcubeinstallation/skins/default/images/roundcube_logo.png"[/url])
Bitte warte Sekunden
Umleitung auf: ">
Code to protect the deref-funktion from extrenal use:
Code Select
SetEnvIfNoCase Referer "^https?://domain.tld/" ref //will not work, because ssl don't reffer the source page
SetEnvIfNoCase Referer "^http://(www.)?domain.tld/" ref
Order Deny,Allow
Deny from all
Allow from env=refnow I'd like to include all this directly in the roundcube installation so that links look like
http://www.domain.tld/roundcubeinstallation/?_task=def&url=http://external.tld/link
and the authentication is given by roundcube login (session)
I hope my intention is understandable and anyone could help me to include these function.
at least a simple sumerage of the functionality of this.
-the destination page is given in the url (?destination)
-dereferring by using meta refresh
-for browsers without meta refreshfunctionality site with link in it (like: "klick here to go to .... ")
-protecting deref from unknown users
why all this?
to Protect userdetails (linke e-mail-nr and so on) from other webmasters (on destinationpages)
Title: Re: Dereffer of Externals Links
Post by: torias on April 06, 2008, 05:23:46 AM
Post by: torias on April 06, 2008, 05:23:46 AM
Quote from: igor why all this?
to Protect userdetails (linke e-mail-nr and so on) from other webmasters (on destinationpages)
Well, which of this information do you want to protect?
https://webmail.domain.tld/?_task=mail&_action=show&_uid=63555&_mbox=INBOX
I've been thinking about implementing some deref, but I didn't because I have no idea what to protect since there is no session or user related information in the URL.