Further XSS improvements plus a bugfix.

[squirrelmail.git] / functions / file_prefs.php

diff --git a/functions/file_prefs.php b/functions/file_prefs.php
index d52560a83fb4210c79c62c6b7e2ebba4295e57f7..082b1bce8b1f6b3533237ebba56f8824d6d7006b 100644 (file)
--- a/functions/file_prefs.php
+++ b/functions/file_prefs.php
@@ -35,7 +35,8 @@ function cachePrefValues($data_dir, $username) {
 
     /* Make sure that the preference file now DOES exist. */
     if (!file_exists($filename)) {
-        echo sprintf (_("Preference file, %s, does not exist. Log out, and log back in to create a default preference file."), $filename) . "<br>\n";
+        include_once( '../functions/display_messages.php' );
+        logout_error( sprintf( _("Preference file, %s, does not exist. Log out, and log back in to create a default preference file."), $filename)  );
         exit;
     }
 
@@ -144,7 +145,7 @@ function setPref($data_dir, $username, $string, $value) {
 function checkForPrefs($data_dir, $username, $filename = '') {
     /* First, make sure we have the filename. */
     if ($filename == '') {
-        $filename = getHashedFile($username, $data_dir, '$username.pref');
+        $filename = getHashedFile($username, $data_dir, "$username.pref");
     }
 
     /* Then, check if the file exists. */
@@ -158,15 +159,26 @@ function checkForPrefs($data_dir, $username, $filename = '') {
         }
 
         /* Otherwise, report an error. */
+        $errTitle = sprintf( _("Error opening %s"), $default_pref );
         if (!file_exists($default_pref)) {
-            echo _("Error opening ") . $default_pref . "<br>\n";
-            echo _("Default preference file not found!") . "<br>\n";
-            echo _("Please contact your system administrator and report this error.") . "<br>\n";
+            $errString = $errTitle . "<br>\n" .
+                         _("Default preference file not found!") . "<br>\n" .
+                         _("Please contact your system administrator and report this error.") . "<br>\n";
+            include_once( '../functions/display_messages.php' );
+            logout_error( $errString, $errTitle );
             exit;
         } else if (!@copy($default_pref, $filename)) {
-            echo _("Error opening ") . $default_pref . '<br>';
-            echo _("Could not create initial preference file!") . "<br>\n";
-            echo _("Please contact your system administrator and report this error.") . "<br>\n";
+            $uid = 'httpd';
+            if (function_exists('posix_getuid')){
+                $user_data = posix_getpwuid(posix_getuid());
+                $uid = $user_data['name'];
+            }
+            $errString = $errTitle . '<br>' .
+                       _("Could not create initial preference file!") . "<br>\n" .
+                       sprintf( _("%s should be writable by user %s"), $data_dir, $uid ) .
+                       "<br>\n" . _("Please contact your system administrator and report this error.") . "<br>\n";
+            include_once( '../functions/display_messages.php' );
+            logout_error( $errString, $errTitle );
             exit;
         }
     }