X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=include%2Finit.php;h=0e00ac2477fe8d9d2d00f994692cb7e92b91f9a6;hb=3aa46abc5d81b5bc2f82919e43321ca8588eab24;hp=3b056dc56b59283256e408e32ca3dba8d10101df;hpb=1d537493eaf89337f6a40373a61b8663fafa8a72;p=squirrelmail.git

diff --git a/include/init.php b/include/init.php
index 3b056dc5..0e00ac24 100644
--- a/include/init.php
+++ b/include/init.php
@@ -20,42 +20,58 @@ error_reporting(E_ALL);
 
 /**
  * If register_globals are on, unregister globals.
- * Code requires PHP 4.1.0 or newer.
+ * Second test covers boolean set as string (php_value register_globals off).
  */
-if ((bool) @ini_get('register_globals')) {
+if ((bool) ini_get('register_globals') &&
+    strtolower(ini_get('register_globals'))!='off') {
     /**
-     * Remove all globals from $_GET, $_POST, and $_COOKIE.
+     * Remove all globals that are not reserved by PHP
+     * 'value' and 'key' are used by foreach. Don't unset them inside foreach.
      */
-    foreach ($_REQUEST as $key => $value) {
-        unset($GLOBALS[$key]);
-    }
-    /**
-     * Remove globalized $_FILES variables
-     * Before 4.3.0 $_FILES are included in $_REQUEST.
-     * Unglobalize them in separate call in order to remove dependency
-     * on PHP version.
-     */
-    foreach ($_FILES as $key => $value) {
-        unset($GLOBALS[$key]);
-        // there are three undocumented $_FILES globals.
-        unset($GLOBALS[$key.'_type']);
-        unset($GLOBALS[$key.'_name']);
-        unset($GLOBALS[$key.'_size']);
-    }
-    /**
-     * Remove globalized environment variables.
-     */
-    foreach ($_ENV as $key => $value) {
-        unset($GLOBALS[$key]);
-    }
-    /**
-     * Remove globalized server variables.
-     */
-    foreach ($_SERVER as $key => $value) {
-        unset($GLOBALS[$key]);
+    foreach ($GLOBALS as $key => $value) {
+        switch($key) {
+        case 'HTTP_POST_VARS':
+        case '_POST':
+        case 'HTTP_GET_VARS':
+        case '_GET':
+        case 'HTTP_COOKIE_VARS':
+        case '_COOKIE':
+        case 'HTTP_SERVER_VARS':
+        case '_SERVER':
+        case 'HTTP_ENV_VARS':
+        case '_ENV':
+        case 'HTTP_POST_FILES':
+        case '_FILES':
+        case '_REQUEST':
+        case 'HTTP_SESSION_VARS':
+        case '_SESSION':
+        case 'GLOBALS':
+        case 'key':
+        case 'value':
+            break;
+        case 'sInitLocation':
+            // FIXME: variable must be set only in src/login.php
+            break;
+        default:
+            unset($GLOBALS[$key]);
+        }
     }
+    // Unset variables used in foreach
+    unset($GLOBALS['key']);
+    unset($GLOBALS['value']);
 }
 
+/**
+ * [#1518885] session.use_cookies = off breaks SquirrelMail
+ *
+ * When session cookies are not used, all http redirects, meta refreshes, 
+ * src/download.php and javascript URLs are broken. Setting must be set 
+ * before session is started.
+ */
+if (!(bool)ini_get('session.use_cookies') ||
+    ini_get('session.use_cookies') == 'off') {
+    ini_set('session.use_cookies','1');
+}
 
 /**
  * calculate SM_PATH and calculate the base_uri
@@ -66,7 +82,12 @@ if ((bool) @ini_get('register_globals')) {
 if (isset($_SERVER['SCRIPT_NAME'])) {
     $a = explode('/',$_SERVER['SCRIPT_NAME']);
 } elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
-    $a = explode('/',$_SERVER['SCRIPT_NAME']);
+    $a = explode('/',$HTTP_SERVER_VARS['SCRIPT_NAME']);
+} else {
+    $error = 'Unable to detect script environment. '
+	.'Please test your PHP settings and send PHP core config, $_SERVER '
+	.'and $HTTP_SERVER_VARS to SquirrelMail developers.';
+    die($error);
 }
 $sSM_PATH = '';
 for($i = count($a) -2;$i > -1; --$i) {
@@ -89,8 +110,50 @@ define('SM_BASE_URI', $base_uri);
  */
 $bInit = true;
 
+/**
+ * This theme as a failsafe if no themes were found, or if we error
+ * out before anything could be initialised.
+ */
+$color = array();
+$color[0]  = '#DCDCDC';  /* light gray    TitleBar               */
+$color[1]  = '#800000';  /* red                                  */
+$color[2]  = '#CC0000';  /* light red     Warning/Error Messages */
+$color[3]  = '#A0B8C8';  /* green-blue    Left Bar Background    */
+$color[4]  = '#FFFFFF';  /* white         Normal Background      */
+$color[5]  = '#FFFFCC';  /* light yellow  Table Headers          */
+$color[6]  = '#000000';  /* black         Text on left bar       */
+$color[7]  = '#0000CC';  /* blue          Links                  */
+$color[8]  = '#000000';  /* black         Normal text            */
+$color[9]  = '#ABABAB';  /* mid-gray      Darker version of #0   */
+$color[10] = '#666666';  /* dark gray     Darker version of #9   */
+$color[11] = '#770000';  /* dark red      Special Folders color  */
+$color[12] = '#EDEDED';
+$color[13] = '#800000';  /* (dark red)    Color for quoted text -- > 1 quote */
+$color[14] = '#ff0000';  /* (red)         Color for quoted text -- >> 2 or more */
+$color[15] = '#002266';  /* (dark blue)   Unselectable folders */
+$color[16] = '#ff9933';  /* (orange)      Highlight color */
+
 require(SM_PATH . 'functions/global.php');
+
+/* load default configuration */
+require(SM_PATH . 'config/config_default.php');
+/* reset arrays in default configuration */
+$ldap_server = array();
+$plugins = array();
+$fontsets = array();
+$theme = array();
+$theme[0]['PATH'] = SM_PATH . 'themes/default_theme.php';
+$theme[0]['NAME'] = 'Default';
+$aTemplateSet = array();
+$aTemplateSet[0]['PATH'] = SM_PATH . 'templates/default/';
+$aTemplateSet[0]['NAME'] = 'Default template';
+/* load site configuration */
 require(SM_PATH . 'config/config.php');
+/* load local configuration overrides */
+if (file_exists(SM_PATH . 'config/config_local.php')) {
+    require(SM_PATH . 'config/config_local.php');
+}
+
 require(SM_PATH . 'functions/plugin.php');
 require(SM_PATH . 'include/constants.php');
 require(SM_PATH . 'include/languages.php');
@@ -152,15 +215,21 @@ session_set_cookie_params (0, $base_uri);
 sqsession_is_active();
 
 /**
+ * DISABLED.
  * Remove globalized session data in rg=on setups
- */
-if ((bool) @ini_get('register_globals')) {
+ * 
+ * Code can be utilized when session is started, but data is not loaded.
+ * We have already loaded configuration and other important vars. Can't 
+ * clean session globals here.
+if ((bool) @ini_get('register_globals') &&
+    strtolower(ini_get('register_globals'))!='off') {
     foreach ($_SESSION as $key => $value) {
         unset($GLOBALS[$key]);
     }
 }
+*/
 
-sqsession_register($base_uri, SM_BASE_URI);
+sqsession_register(SM_BASE_URI,'base_uri');
 
 /**
  * SquirrelMail version number -- DO NOT CHANGE
@@ -219,13 +288,18 @@ if (isset($plugins) && is_array($plugins)) {
 switch ($sInitLocation) {
     case 'style': session_write_close(); sqsetcookieflush(); break;
     case 'redirect':
+        /**
+         * directory hashing functions are needed for all setups in case
+         * plugins use own pref files.
+         */
+        require(SM_PATH . 'functions/prefs.php');
+        /* hook loads custom prefs backend plugins */
         $prefs_backend = do_hook_function('prefs_backend');
         if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
             require(SM_PATH . $prefs_backend);
         } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
             require(SM_PATH . 'functions/db_prefs.php');
         } else {
-            require(SM_PATH . 'functions/prefs.php');
             require(SM_PATH . 'functions/file_prefs.php');
         }
         //nobreak;
@@ -279,6 +353,23 @@ switch ($sInitLocation) {
             return;
             }
 
+            /**
+             * Initialize the template object (logout_error uses it)
+             */
+            require(SM_PATH . 'class/template/template.class.php');
+            /*
+             * $sTplDir is not initialized when a user is not logged in, so we will use
+             * the config file defaults here.  If the neccesary variables are net set,
+             * force a default value.
+             */
+            $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
+            $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );
+
+            $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
+                         SM_PATH . 'templates/default/' :
+                         $aTemplateSet[$templateset_default]['PATH'] );
+            $oTemplate = new Template($sTplDir);
+
             set_up_language($squirrelmail_language, true);
             logout_error( _("You must be logged in to access this page.") );
             exit;
@@ -299,13 +390,15 @@ switch ($sInitLocation) {
             $prefs_cache = false; //array();
         }
 
+        /* see 'redirect' switch */
+        require(SM_PATH . 'functions/prefs.php');
+
         $prefs_backend = do_hook_function('prefs_backend');
         if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
             require(SM_PATH . $prefs_backend);
         } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
             require(SM_PATH . 'functions/db_prefs.php');
         } else {
-            require(SM_PATH . 'functions/prefs.php');
             require(SM_PATH . 'functions/file_prefs.php');
         }
 
@@ -314,7 +407,6 @@ switch ($sInitLocation) {
          */
         require(SM_PATH . 'include/load_prefs.php');
 
-
 // i do not understand the frames language cookie story
         /**
          * We'll need this to later have a noframes version
@@ -377,6 +469,20 @@ switch ($sInitLocation) {
                 putenv("TZ=".$realTimeZone);
             }
         }
+
+        /**
+         * php 5.1.0 added time zone functions. Set time zone with them in order
+         * to prevent E_STRICT notices and allow time zone modifications in safe_mode.
+         */
+        if (function_exists('date_default_timezone_set')) {
+            if ($timeZone != SMPREF_NONE && $timeZone != "") {
+                date_default_timezone_set($timeZone);
+            } else {
+                // interface runs on server's time zone. Remove php E_STRICT complains
+                $default_timezone = @date_default_timezone_get();
+                date_default_timezone_set($default_timezone);        
+            }
+        }
         break;
 }
 
@@ -384,17 +490,23 @@ switch ($sInitLocation) {
  * Initialize the template object
  */
 require(SM_PATH . 'class/template/template.class.php');
+
 /*
  * $sTplDir is not initialized when a user is not logged in, so we will use
  * the config file defaults here.  If the neccesary variables are net set,
  * force a default value.
+ * 
+ * If the user is logged in, $sTplDir will be set in load_prefs.php, so we
+ * shouldn't change it here.
  */
-$aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
-$templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );
-
-$sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
-             SM_PATH . 'templates/default/' :
-             $aTemplateSet[$templateset_default]['PATH'] );
+if (!isset($sTplDir)) {
+    $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
+    $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );
+    
+    $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
+                 SM_PATH . 'templates/default/' :
+                 $aTemplateSet[$templateset_default]['PATH'] );
+}
 $oTemplate = new Template($sTplDir);
 
 /**
@@ -415,10 +527,9 @@ if (version_compare(PHP_VERSION, "4.3.0", ">=")) {
 /**
  * Javascript support detection function
  * @param boolean $reset recheck javascript support if set to true.
- * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see functions/constants.php})
+ * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see include/constants.php})
  * @since 1.5.1
  */
-
 function checkForJavascript($reset = FALSE) {
   global $data_dir, $username, $javascript_on, $javascript_setting;
 
@@ -444,4 +555,4 @@ function checkForJavascript($reset = FALSE) {
 function sqm_baseuri() {
     global $base_uri;
     return $base_uri;
-}
\ No newline at end of file
+}