is_logged_in();
-/* Remove all slashes for form values. */
-if (get_magic_quotes_gpc()) {
- global $REQUEST_METHOD;
-
- if ($REQUEST_METHOD == 'POST') {
- global $HTTP_POST_VARS;
- RemoveSlashes($HTTP_POST_VARS);
- } else if ($REQUEST_METHOD == 'GET') {
- global $HTTP_GET_VARS;
- RemoveSlashes($HTTP_GET_VARS);
- }
-}
-
/**
* Auto-detection
*
set_up_language(getPref($data_dir, $username, 'language'));
$timeZone = getPref($data_dir, $username, 'timezone');
+
+/* Check to see if we are allowed to set the TZ environment variable.
+ * We are able to do this if ...
+ * safe_mode is disabled OR
+ * safe_mode_allowed_env_vars is empty (you are allowed to set any) OR
+ * safe_mode_allowed_env_vars contains TZ
+ */
+$tzChangeAllowed = (!ini_get('safe_mode')) ||
+ !strcmp(ini_get('safe_mode_allowed_env_vars'),'') ||
+ preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars'));
+
if ( $timeZone != SMPREF_NONE && ($timeZone != "")
- && !ini_get("safe_mode")) {
+ && $tzChangeAllowed ) {
putenv("TZ=".$timeZone);
}
?>