// This script could really use some restructuring as it has grown quite rapidly
// but is not very 'clean'. Feel free to get some structure into this thing.
-$warnings = 0;
+/** force verbose error reporting and turn on display of errors */
+error_reporting(E_ALL);
+ini_set('display_errors',1);
+
+/** Blockcopy from init.php. Cleans globals. */
+if ((bool) ini_get('register_globals') &&
+ strtolower(ini_get('register_globals'))!='off') {
+ /**
+ * Remove all globals that are not reserved by PHP
+ * 'value' and 'key' are used by foreach. Don't unset them inside foreach.
+ */
+ foreach ($GLOBALS as $key => $value) {
+ switch($key) {
+ case 'HTTP_POST_VARS':
+ case '_POST':
+ case 'HTTP_GET_VARS':
+ case '_GET':
+ case 'HTTP_COOKIE_VARS':
+ case '_COOKIE':
+ case 'HTTP_SERVER_VARS':
+ case '_SERVER':
+ case 'HTTP_ENV_VARS':
+ case '_ENV':
+ case 'HTTP_POST_FILES':
+ case '_FILES':
+ case '_REQUEST':
+ case 'HTTP_SESSION_VARS':
+ case '_SESSION':
+ case 'GLOBALS':
+ case 'key':
+ case 'value':
+ break;
+ default:
+ unset($GLOBALS[$key]);
+ }
+ }
+ // Unset variables used in foreach
+ unset($GLOBALS['key']);
+ unset($GLOBALS['value']);
+}
+
+
+/**
+ * Displays error messages and warnings
+ * @param string $str message
+ * @param boolean $fatal fatal error or only warning
+ */
function do_err($str, $fatal = TRUE) {
global $IND, $warnings;
$level = $fatal ? 'FATAL ERROR:' : 'WARNING:';
}
}
-$IND = str_repeat(' ',4);
-
ob_implicit_flush();
/** @ignore */
define('SM_PATH', '../');
+/** load minimal function set */
+require(SM_PATH . 'functions/global.php');
+require(SM_PATH . 'functions/strings.php');
-/* set default value in order to block remote access to script */
+/** set default value in order to block remote access */
$allow_remote_configtest=false;
-/*
- * Load config before output begins. functions/strings.php depends on
- * functions/globals.php. functions/global.php needs to be run before
- * any html output starts. If config.php is missing, error will be displayed
- * later.
- */
+/** Load all configuration files before output begins */
+
+/* load default configuration */
+require(SM_PATH . 'config/config_default.php');
+/* reset arrays in default configuration */
+$ldap_server = array();
+$plugins = array();
+$fontsets = array();
+$theme = array();
+$theme[0]['PATH'] = SM_PATH . 'themes/default_theme.php';
+$theme[0]['NAME'] = 'Default';
+$aTemplateSet = array();
+$aTemplateSet[0]['ID'] = 'default';
+$aTemplateSet[0]['NAME'] = 'Default';
+/* load site configuration */
if (file_exists(SM_PATH . 'config/config.php')) {
- require(SM_PATH . 'config/config.php');
+ require(SM_PATH . 'config/config.php');
+}
+/* load local configuration overrides */
+if (file_exists(SM_PATH . 'config/config_local.php')) {
+ require(SM_PATH . 'config/config_local.php');
}
-require(SM_PATH . 'functions/global.php');
-require(SM_PATH . 'functions/strings.php');
+
+/** Load plugins */
+global $disable_plugins;
+$squirrelmail_plugin_hooks = array();
+if (!$disable_plugins && file_exists(SM_PATH . 'config/plugin_hooks.php')) {
+ require(SM_PATH . 'config/plugin_hooks.php');
+}
+
+/** Warning counter */
+$warnings = 0;
+
+/** indent */
+$IND = str_repeat(' ',4);
+
+/**
+ * get_location starts session and must be run before output is started.
+ */
+$test_location = get_location();
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
"</b></td></tr>\n</table>\n</p>\n\n";
/* check $config_version */
-if ($config_version!='1.4.0') {
+if ($config_version!='1.5.0') {
do_err('Configuration file version does not match required version. Please update your configuration file.');
}
}
echo $IND . 'PHP version ' . PHP_VERSION . ' OK. (You have: ' . phpversion() . ". Minimum: 4.1.0)<br />\n";
-if ((bool) ini_get('register_globals')) {
- do_err('You have register_globals turned on. This is not an error, but it CAN be a security hazard. Consider turning register_globals off.', false);
+/* test for boolean false and any string that is not equal to 'off' */
+if ((bool) ini_get('register_globals') &&
+ strtolower(ini_get('register_globals'))!='off') {
+ do_err('You have register_globals turned on. This is not an error, but it CAN be a security hazard. Consider turning register_globals off.', false);
}
$php_exts = array('session','pcre');
$diff = array_diff($php_exts, get_loaded_extensions());
/* check plugins and themes */
+//FIXME: check requirements given in plugin _info() function, such
+// as required PHP extensions, Pear packages, other plugins, SM version, etc
+// see development docs for list of returned info from that function
$bad_plugins = array(
'attachment_common', // Integrated into SquirrelMail 1.2 core
'auto_prune_sent', // Obsolete: See Proon Automatic Folder Pruning plugin
do_err('You have enabled the <i>'.$plugin.'</i> plugin, which causes problems with this version of SquirrelMail. Please check the ReleaseNotes or other documentation for more information.', false);
}
}
- echo $IND . "Plugins OK.<br />\n";
+ // load plugin functions
+ include_once(SM_PATH . 'functions/plugin.php');
+ // turn on output buffering in order to prevent output of new lines
+ ob_start();
+ foreach ($plugins as $name) {
+ use_plugin($name);
+ }
+ // get output and remove whitespace
+ $output = trim(ob_get_contents());
+ ob_end_clean();
+ // if plugins output more than newlines and spacing, stop script execution.
+ if (!empty($output)) {
+ $plugin_load_error = 'Some output is produced when plugins are loaded.'
+ .' Usually it means error. Output said: '.htmlspecialchars($output);
+ do_err($plugin_load_error);
+ }
+ /**
+ * This hook was added in 1.5.2. Each plugins should print an error
+ * message and return TRUE if there are any errors in its setup/configuration.
+ */
+ $plugin_err = boolean_hook_function('configtest', $null);
+ if($plugin_err) {
+ do_err('Some plugin tests failed.');
+ } else {
+ echo $IND . "Plugins OK.<br />\n";
+ }
} else {
echo $IND . "Plugins are not enabled in config.<br />\n";
}
echo $IND . "Default language OK.<br />\n";
}
-echo $IND . "Base URL detected as: <tt>" . htmlspecialchars(get_location()) . "</tt><br />\n";
+echo $IND . "Base URL detected as: <tt>" . htmlspecialchars($test_location) .
+ "</tt> (location base " . (empty($config_location_base) ? 'autodetected' : 'set to <tt>' .
+ htmlspecialchars($config_location_base)."</tt>") . ")<br />\n";
/* check minimal requirements for other security options */
'in the SquirrelMail configuration.', FALSE);
}
+if (stristr($capline, 'XMAGICTRASH') !== false) {
+ $magic_trash = 'It looks like IMAP_MOVE_EXPUNGE_TO_TRASH option is turned on '
+ .'in your Courier IMAP configuration. Courier does not provide tools that '
+ .'allow to detect folder used for Trash or commands are not documented. '
+ .'SquirrelMail can\'t detect special trash folder. SquirrelMail manages '
+ .'all message deletion or move operations internally and '
+ .'IMAP_MOVE_EXPUNGE_TO_TRASH option can cause errors in message and '
+ .'folder management operations. Please turn off IMAP_MOVE_EXPUNGE_TO_TRASH '
+ .'option in Courier imapd configuration.';
+ do_err($magic_trash,false);
+}
+
+/* add warning about IMAP delivery */
+if (stristr($capline, 'XCOURIEROUTBOX') !== false) {
+ $courier_outbox = 'OUTBOX setting is enabled in your Courier imapd '
+ .'configuration. SquirrelMail uses standard SMTP protocol or sendmail '
+ .'binary to send emails. Courier IMAP delivery method is not supported'
+ .' and can create duplicate email messages.';
+ do_err($courier_outbox,false);
+}
+
/** OK, close connection */
fputs($stream, "A004 LOGOUT\r\n");
fclose($stream);
/* optional setlocale() tests. Should work only on glibc systems. */
if (sqgetGlobalVar('testlocales',$testlocales,SQ_GET)) {
- include_once(SM_PATH . 'functions/i18n.php');
+ include_once(SM_PATH . 'include/languages.php');
echo $IND . $IND . 'Testing translations:<br>';
foreach ($languages as $lang_code => $lang_data) {
/* don't test aliases */
} else {
echo "Iconv functions are unavailable.<br />\n";
}
-// same test as in include/validate.php
+// same test as in include/init.php + date_default_timezone_set check
echo "$IND timezone - ";
-if ( (!ini_get('safe_mode')) ||
+if ( (!ini_get('safe_mode')) || function_exists('date_default_timezone_set') ||
!strcmp(ini_get('safe_mode_allowed_env_vars'),'') ||
preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars')) ) {
echo "Webmail users can change their time zone settings. \n";