X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fglobal.php;h=1883494a0a04fafd97441ad1b40a378e9e997495;hb=92b1e8978f9eec3426a1662cd906820f32ac938b;hp=5d0c0b831e4bc3c16d24870ad92194cdb840bc21;hpb=d930613a5baaab3bff31e2d01cb835d52d0dc7e9;p=squirrelmail.git

diff --git a/functions/global.php b/functions/global.php
index 5d0c0b83..1883494a 100644
--- a/functions/global.php
+++ b/functions/global.php
@@ -7,7 +7,7 @@
  * It also has some session register functions that work across various
  * php versions.
  *
- * @copyright 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2016 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -589,6 +589,21 @@ function sqsession_start() {
 function sqsetcookie($sName, $sValue='deleted', $iExpire=0, $sPath="", $sDomain="",
                      $bSecure=false, $bHttpOnly=true, $bReplace=false) {
  
+    // some environments can get overwhelmed by an excessive
+    // setting of the same cookie over and over (e.g., many
+    // calls to this function via sqsession_is_active() result
+    // in repeated setting of the session cookie when $bReplace
+    // is FALSE, but something odd happens (during login only)
+    // if we change that to default TRUE) ... so we keep our own
+    // naive per-request name/value cache and only set the cookie
+    // if its value is changing (or never seen before)
+    static $cookies = array();
+    if (isset($cookies[$sName]) && $cookies[$sName] === $sValue)
+        return;
+    else
+        $cookies[$sName] = $sValue;
+
+
     // if we have a secure connection then limit the cookies to https only.
     global $is_secure_connection;
     if ($sName && $is_secure_connection)
@@ -764,8 +779,8 @@ function sm_print_r() {
 
 
 /**
-  * Sanitize a value using htmlspecialchars() or similar, but also
-  * recursively run htmlspecialchars() (or similar) on array keys
+  * Sanitize a value using sm_encode_html_special_chars() or similar, but also
+  * recursively run sm_encode_html_special_chars() (or similar) on array keys
   * and values.
   *
   * If $value is not a string or an array with strings in it,
@@ -811,7 +826,7 @@ function sq_htmlspecialchars($value, $quote_style=ENT_QUOTES) {
         if ($quote_style === TRUE)
             return str_replace(array('\'', '"'), array('&#039;', '&quot;'), $value);
         else
-            return htmlspecialchars($value, $quote_style);
+            return sm_encode_html_special_chars($value, $quote_style);
     }
 
     // anything else gets returned with no changes