From ed988390312e0ad16843dbd1eb7a1e82241545d2 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Sat, 15 Jul 2023 18:43:00 +0200 Subject: [PATCH] Fix so install/update scripts do not require PEAR (#9037) --- CHANGELOG.md | 1 + program/lib/Roundcube/bootstrap.php | 5 +++-- program/lib/Roundcube/rcube.php | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3b488bfe7a1..34abf10b5ae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ - Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] - Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] - Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] +- Fix so install/update scripts do not require PEAR (#9037) ## Release 1.5.7 diff --git a/program/lib/Roundcube/bootstrap.php b/program/lib/Roundcube/bootstrap.php index fca751df7d4..84367df73d4 100644 --- a/program/lib/Roundcube/bootstrap.php +++ b/program/lib/Roundcube/bootstrap.php @@ -100,8 +100,9 @@ spl_autoload_register('rcube_autoload'); // set PEAR error handling (will also load the PEAR main class) -PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, function($err) { rcube::raise_error($err, true); }); - +if (class_exists('PEAR')) { + PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, function($err) { rcube::raise_error($err, true); }); +} /** * Similar function as in_array() but case-insensitive with multibyte support. diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php index f870338630c..1913ed79ecc 100644 --- a/program/lib/Roundcube/rcube.php +++ b/program/lib/Roundcube/rcube.php @@ -1387,7 +1387,7 @@ public static function raise_error($arg = [], $log = false, $terminate = false) 'message' => $arg->getMessage(), ]; } - else if ($arg instanceof PEAR_Error) { + else if (is_object($arg) && is_a($arg, 'PEAR_Error')) { $info = $arg->getUserInfo(); $arg = [ 'code' => $arg->getCode(),