/**
* If register_globals are on, unregister globals.
- * Code requires PHP 4.1.0 or newer.
* Second test covers boolean set as string (php_value register_globals off).
*/
-if ((bool) @ini_get('register_globals') &&
+if ((bool) ini_get('register_globals') &&
strtolower(ini_get('register_globals'))!='off') {
/**
- * Remove all globals from $_GET, $_POST, and $_COOKIE.
- */
- foreach ($_REQUEST as $key => $value) {
- unset($GLOBALS[$key]);
- }
- /**
- * Remove globalized $_FILES variables
- * Before 4.3.0 $_FILES are included in $_REQUEST.
- * Unglobalize them in separate call in order to remove dependency
- * on PHP version.
- */
- foreach ($_FILES as $key => $value) {
- unset($GLOBALS[$key]);
- // there are three undocumented $_FILES globals.
- unset($GLOBALS[$key.'_type']);
- unset($GLOBALS[$key.'_name']);
- unset($GLOBALS[$key.'_size']);
- }
- /**
- * Remove globalized environment variables.
+ * Remove all globals that are not reserved by PHP
+ * 'value' and 'key' are used by foreach. Don't unset them inside foreach.
*/
- foreach ($_ENV as $key => $value) {
- unset($GLOBALS[$key]);
- }
- /**
- * Remove globalized server variables.
- */
- foreach ($_SERVER as $key => $value) {
- unset($GLOBALS[$key]);
+ foreach ($GLOBALS as $key => $value) {
+ switch($key) {
+ case 'HTTP_POST_VARS':
+ case '_POST':
+ case 'HTTP_GET_VARS':
+ case '_GET':
+ case 'HTTP_COOKIE_VARS':
+ case '_COOKIE':
+ case 'HTTP_SERVER_VARS':
+ case '_SERVER':
+ case 'HTTP_ENV_VARS':
+ case '_ENV':
+ case 'HTTP_POST_FILES':
+ case '_FILES':
+ case '_REQUEST':
+ case 'HTTP_SESSION_VARS':
+ case '_SESSION':
+ case 'GLOBALS':
+ case 'key':
+ case 'value':
+ break;
+ case 'sInitLocation':
+ // FIXME: variable must be set only in src/login.php
+ break;
+ default:
+ unset($GLOBALS[$key]);
+ }
}
+ // Unset variables used in foreach
+ unset($GLOBALS['key']);
+ unset($GLOBALS['value']);
}
+/**
+ * [#1518885] session.use_cookies = off breaks SquirrelMail
+ *
+ * When session cookies are not used, all http redirects, meta refreshes,
+ * src/download.php and javascript URLs are broken. Setting must be set
+ * before session is started.
+ */
+if (!(bool)ini_get('session.use_cookies') ||
+ ini_get('session.use_cookies') == 'off') {
+ ini_set('session.use_cookies','1');
+}
/**
* calculate SM_PATH and calculate the base_uri
if (isset($_SERVER['SCRIPT_NAME'])) {
$a = explode('/',$_SERVER['SCRIPT_NAME']);
} elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
- $a = explode('/',$_SERVER['SCRIPT_NAME']);
+ $a = explode('/',$HTTP_SERVER_VARS['SCRIPT_NAME']);
+} else {
+ $error = 'Unable to detect script environment. '
+ .'Please test your PHP settings and send PHP core config, $_SERVER '
+ .'and $HTTP_SERVER_VARS to SquirrelMail developers.';
+ die($error);
}
$sSM_PATH = '';
for($i = count($a) -2;$i > -1; --$i) {
*/
$bInit = true;
+/**
+ * This theme as a failsafe if no themes were found, or if we error
+ * out before anything could be initialised.
+ */
+$color = array();
+$color[0] = '#DCDCDC'; /* light gray TitleBar */
+$color[1] = '#800000'; /* red */
+$color[2] = '#CC0000'; /* light red Warning/Error Messages */
+$color[3] = '#A0B8C8'; /* green-blue Left Bar Background */
+$color[4] = '#FFFFFF'; /* white Normal Background */
+$color[5] = '#FFFFCC'; /* light yellow Table Headers */
+$color[6] = '#000000'; /* black Text on left bar */
+$color[7] = '#0000CC'; /* blue Links */
+$color[8] = '#000000'; /* black Normal text */
+$color[9] = '#ABABAB'; /* mid-gray Darker version of #0 */
+$color[10] = '#666666'; /* dark gray Darker version of #9 */
+$color[11] = '#770000'; /* dark red Special Folders color */
+$color[12] = '#EDEDED';
+$color[13] = '#800000'; /* (dark red) Color for quoted text -- > 1 quote */
+$color[14] = '#ff0000'; /* (red) Color for quoted text -- >> 2 or more */
+$color[15] = '#002266'; /* (dark blue) Unselectable folders */
+$color[16] = '#ff9933'; /* (orange) Highlight color */
+
require(SM_PATH . 'functions/global.php');
+
+/* load default configuration */
+require(SM_PATH . 'config/config_default.php');
+/* reset arrays in default configuration */
+$ldap_server = array();
+$plugins = array();
+$fontsets = array();
+$theme = array();
+$theme[0]['PATH'] = SM_PATH . 'themes/default_theme.php';
+$theme[0]['NAME'] = 'Default';
+$aTemplateSet = array();
+$aTemplateSet[0]['PATH'] = SM_PATH . 'templates/default/';
+$aTemplateSet[0]['NAME'] = 'Default template';
+/* load site configuration */
require(SM_PATH . 'config/config.php');
+/* load local configuration overrides */
+if (file_exists(SM_PATH . 'config/config_local.php')) {
+ require(SM_PATH . 'config/config_local.php');
+}
+
require(SM_PATH . 'functions/plugin.php');
require(SM_PATH . 'include/constants.php');
require(SM_PATH . 'include/languages.php');
return;
}
+ /**
+ * Initialize the template object (logout_error uses it)
+ */
+ require(SM_PATH . 'class/template/template.class.php');
+ /*
+ * $sTplDir is not initialized when a user is not logged in, so we will use
+ * the config file defaults here. If the neccesary variables are net set,
+ * force a default value.
+ */
+ $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
+ $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );
+
+ $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
+ SM_PATH . 'templates/default/' :
+ $aTemplateSet[$templateset_default]['PATH'] );
+ $oTemplate = new Template($sTplDir);
+
set_up_language($squirrelmail_language, true);
logout_error( _("You must be logged in to access this page.") );
exit;
function sqm_baseuri() {
global $base_uri;
return $base_uri;
-}
\ No newline at end of file
+}