X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=functions%2Ffile_prefs.php;h=eadf3fad7ef75c08d474d10b09cae653742da0fc;hb=673f935035f4872437d24a4ce4fabb305dad9696;hp=8dacc32af1422d4e54f352877b9a0d20b4cbb736;hpb=45df3062c96fb474ea804b444da1857782c999aa;p=squirrelmail.git
diff --git a/functions/file_prefs.php b/functions/file_prefs.php
index 8dacc32a..eadf3fad 100644
--- a/functions/file_prefs.php
+++ b/functions/file_prefs.php
@@ -49,11 +49,14 @@ function cachePrefValues($data_dir, $username) {
/* Read in the preferences. */
$highlight_num = 0;
while (! feof($file)) {
- $pref = trim(fgets($file, 1024));
+ // Make sure that this fgets is larger than any of the pref strings
+ // could ever be. 1024 is too short
+ $pref = trim(fgets($file, 65536));
$equalsAt = strpos($pref, '=');
if ($equalsAt > 0) {
$key = substr($pref, 0, $equalsAt);
$value = substr($pref, $equalsAt + 1);
+ /* this is to 'rescue' old-style highlighting rules. */
if (substr($key, 0, 9) == 'highlight') {
$key = 'highlight' . $highlight_num;
$highlight_num ++;
@@ -77,23 +80,19 @@ function cachePrefValues($data_dir, $username) {
*/
function getPref($data_dir, $username, $string, $default = '') {
global $prefs_cache;
- $result = '';
- $result = do_hook_function('get_pref_override', array($username, $string));
-
- if ($result == '') {
- cachePrefValues($data_dir, $username);
-
- if (isset($prefs_cache[$string])) {
- $result = $prefs_cache[$string];
- } else {
- $result = do_hook_function('get_pref', array($username, $string));
- if ($result == '') {
- $result = $default;
- }
- }
+ $result = do_hook_function('get_pref_override',array($username,$string));
+ if (!$result) {
+ cachePrefValues($data_dir, $username);
+ if (isset($prefs_cache[$string])) {
+ $result = $prefs_cache[$string];
+ } else {
+ $result = do_hook_function('get_pref', array($username,$string));
+ if (!$result) {
+ $result = $default;
+ }
+ }
}
-
return ($result);
}
@@ -112,15 +111,18 @@ function savePrefValues($data_dir, $username) {
logout_error( sprintf( _("Preference file, %s, could not be opened. Contact your system administrator to resolve this issue."), $filename.'.tmp') );
exit;
}
-
foreach ($prefs_cache as $Key => $Value) {
if (isset($Value)) {
- fwrite($file, $Key . '=' . $Value . "\n");
+ $tmpwrite = @fwrite($file, $Key . '=' . $Value . "\n");
+ if ($tmpwrite == -1) {
+ logout_error( sprintf( _("Preference file, %s, could not be written. Contact your system administrator to resolve this issue.") , $filename . '.tmp') );
+ exit;
+ }
}
}
fclose($file);
- copy($filename.'.tmp', $filename);
- unlink($filename.'.tmp');
+ @copy($filename . '.tmp',$filename);
+ @unlink($filename . '.tmp');
chmod($filename, 0600);
}
@@ -180,9 +182,9 @@ function checkForPrefs($data_dir, $username, $filename = '') {
/* Otherwise, report an error. */
$errTitle = sprintf( _("Error opening %s"), $default_pref );
- if (!file_exists($default_pref)) {
+ if (!is_readable($default_pref)) {
$errString = $errTitle . "
\n" .
- _("Default preference file not found!") . "
\n" .
+ _("Default preference file not found or not readable!") . "
\n" .
_("Please contact your system administrator and report this error.") . "
\n";
include_once(SM_PATH . 'functions/display_messages.php' );
logout_error( $errString, $errTitle );
@@ -210,16 +212,22 @@ function checkForPrefs($data_dir, $username, $filename = '') {
function setSig($data_dir, $username, $number, $value) {
$filename = getHashedFile($username, $data_dir, "$username.si$number");
/* Open the file for writing, or else display an error to the user. */
- if(!$file = @fopen($filename.'.tmp', 'w'))
- {
- include_once(SM_PATH . '/functions/display_messages.php' );
- logout_error( sprintf( _("Signature file, %s, could not be opened. Contact your system administrator to resolve this issue."), $filename.'.tmp') );
+ if(!$file = @fopen("$filename.tmp", 'w')) {
+ include_once( '../functions/display_messages.php' );
+ logout_error( sprintf( _("Signature file, %s, could not be opened. Contact your system administrator to resolve this issue."), $filename . '.tmp') );
exit;
}
- fwrite($file, $value);
+ $tmpwrite = @fwrite($file, $value);
+ if ($tmpwrite == -1) {
+ include_once( '../functions/display_messages.php' );
+ logout_error( sprintf( _("Signature file, %s, could not be written. Contact your system administrator to resolve this issue.") , $filename . '.tmp'));
+ exit;
+ }
fclose($file);
- copy($filename.'.tmp',$filename);
- unlink($filename.'.tmp');
+ @copy($filename . '.tmp',$filename);
+ @unlink($filename . '.tmp');
+ chmod($filename, 0600);
+
}
/**