X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=functions%2Fglobal.php;h=103dd9e55fd2f8441c737f403aaa64abe52812b8;hb=4619a41404cb416df15eb6e0a08324010e416576;hp=e7325e5d276a4324c25ee5e5e45c0639446596c4;hpb=1977ab5587905d225c6288141b82f7a6e3d29d02;p=squirrelmail.git

diff --git a/functions/global.php b/functions/global.php
index e7325e5d..103dd9e5 100644
--- a/functions/global.php
+++ b/functions/global.php
@@ -7,7 +7,7 @@
  * It also has some session register functions that work across various
  * php versions.
  *
- * @copyright 1999-2010 The SquirrelMail Project Team
+ * @copyright 1999-2018 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -589,6 +589,21 @@ function sqsession_start() {
 function sqsetcookie($sName, $sValue='deleted', $iExpire=0, $sPath="", $sDomain="",
                      $bSecure=false, $bHttpOnly=true, $bReplace=false) {
  
+    // some environments can get overwhelmed by an excessive
+    // setting of the same cookie over and over (e.g., many
+    // calls to this function via sqsession_is_active() result
+    // in repeated setting of the session cookie when $bReplace
+    // is FALSE, but something odd happens (during login only)
+    // if we change that to default TRUE) ... so we keep our own
+    // naive per-request name/value cache and only set the cookie
+    // if its value is changing (or never seen before)
+    static $cookies = array();
+    if (isset($cookies[$sName]) && $cookies[$sName] === $sValue)
+        return;
+    else
+        $cookies[$sName] = $sValue;
+
+
     // if we have a secure connection then limit the cookies to https only.
     global $is_secure_connection;
     if ($sName && $is_secure_connection)
@@ -764,8 +779,8 @@ function sm_print_r() {
 
 
 /**
-  * Sanitize a value using htmlspecialchars() or similar, but also
-  * recursively run htmlspecialchars() (or similar) on array keys
+  * Sanitize a value using sm_encode_html_special_chars() or similar, but also
+  * recursively run sm_encode_html_special_chars() (or similar) on array keys
   * and values.
   *
   * If $value is not a string or an array with strings in it,
@@ -811,7 +826,7 @@ function sq_htmlspecialchars($value, $quote_style=ENT_QUOTES) {
         if ($quote_style === TRUE)
             return str_replace(array('\'', '"'), array('&#039;', '&quot;'), $value);
         else
-            return htmlspecialchars($value, $quote_style);
+            return sm_encode_html_special_chars($value, $quote_style);
     }
 
     // anything else gets returned with no changes