X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=include%2Finit.php;h=b0331772da1b03ee94fd3a24624201903c4e6936;hb=9829e1d84ea35989d03c1956871a8f48ad3c538c;hp=a775511542df1d19c7cfa6c758788c13867a66db;hpb=826ddd721ad82602a31338077f5369eedec60e8f;p=squirrelmail.git diff --git a/include/init.php b/include/init.php index a7755115..b0331772 100644 --- a/include/init.php +++ b/include/init.php @@ -20,44 +20,58 @@ error_reporting(E_ALL); /** * If register_globals are on, unregister globals. - * Code requires PHP 4.1.0 or newer. * Second test covers boolean set as string (php_value register_globals off). */ -if ((bool) @ini_get('register_globals') && +if ((bool) ini_get('register_globals') && strtolower(ini_get('register_globals'))!='off') { /** - * Remove all globals from $_GET, $_POST, and $_COOKIE. - */ - foreach ($_REQUEST as $key => $value) { - unset($GLOBALS[$key]); - } - /** - * Remove globalized $_FILES variables - * Before 4.3.0 $_FILES are included in $_REQUEST. - * Unglobalize them in separate call in order to remove dependency - * on PHP version. - */ - foreach ($_FILES as $key => $value) { - unset($GLOBALS[$key]); - // there are three undocumented $_FILES globals. - unset($GLOBALS[$key.'_type']); - unset($GLOBALS[$key.'_name']); - unset($GLOBALS[$key.'_size']); - } - /** - * Remove globalized environment variables. - */ - foreach ($_ENV as $key => $value) { - unset($GLOBALS[$key]); - } - /** - * Remove globalized server variables. + * Remove all globals that are not reserved by PHP + * 'value' and 'key' are used by foreach. Don't unset them inside foreach. */ - foreach ($_SERVER as $key => $value) { - unset($GLOBALS[$key]); + foreach ($GLOBALS as $key => $value) { + switch($key) { + case 'HTTP_POST_VARS': + case '_POST': + case 'HTTP_GET_VARS': + case '_GET': + case 'HTTP_COOKIE_VARS': + case '_COOKIE': + case 'HTTP_SERVER_VARS': + case '_SERVER': + case 'HTTP_ENV_VARS': + case '_ENV': + case 'HTTP_POST_FILES': + case '_FILES': + case '_REQUEST': + case 'HTTP_SESSION_VARS': + case '_SESSION': + case 'GLOBALS': + case 'key': + case 'value': + break; + case 'sInitLocation': + // FIXME: variable must be set only in src/login.php + break; + default: + unset($GLOBALS[$key]); + } } + // Unset variables used in foreach + unset($GLOBALS['key']); + unset($GLOBALS['value']); } +/** + * [#1518885] session.use_cookies = off breaks SquirrelMail + * + * When session cookies are not used, all http redirects, meta refreshes, + * src/download.php and javascript URLs are broken. Setting must be set + * before session is started. + */ +if (!(bool)ini_get('session.use_cookies') || + ini_get('session.use_cookies') == 'off') { + ini_set('session.use_cookies','1'); +} /** * calculate SM_PATH and calculate the base_uri @@ -68,7 +82,12 @@ if ((bool) @ini_get('register_globals') && if (isset($_SERVER['SCRIPT_NAME'])) { $a = explode('/',$_SERVER['SCRIPT_NAME']); } elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) { - $a = explode('/',$_SERVER['SCRIPT_NAME']); + $a = explode('/',$HTTP_SERVER_VARS['SCRIPT_NAME']); +} else { + $error = 'Unable to detect script environment. ' + .'Please test your PHP settings and send PHP core config, $_SERVER ' + .'and $HTTP_SERVER_VARS to SquirrelMail developers.'; + die($error); } $sSM_PATH = ''; for($i = count($a) -2;$i > -1; --$i) { @@ -91,6 +110,29 @@ define('SM_BASE_URI', $base_uri); */ $bInit = true; +/** + * This theme as a failsafe if no themes were found, or if we error + * out before anything could be initialised. + */ +$color = array(); +$color[0] = '#DCDCDC'; /* light gray TitleBar */ +$color[1] = '#800000'; /* red */ +$color[2] = '#CC0000'; /* light red Warning/Error Messages */ +$color[3] = '#A0B8C8'; /* green-blue Left Bar Background */ +$color[4] = '#FFFFFF'; /* white Normal Background */ +$color[5] = '#FFFFCC'; /* light yellow Table Headers */ +$color[6] = '#000000'; /* black Text on left bar */ +$color[7] = '#0000CC'; /* blue Links */ +$color[8] = '#000000'; /* black Normal text */ +$color[9] = '#ABABAB'; /* mid-gray Darker version of #0 */ +$color[10] = '#666666'; /* dark gray Darker version of #9 */ +$color[11] = '#770000'; /* dark red Special Folders color */ +$color[12] = '#EDEDED'; +$color[13] = '#800000'; /* (dark red) Color for quoted text -- > 1 quote */ +$color[14] = '#ff0000'; /* (red) Color for quoted text -- >> 2 or more */ +$color[15] = '#002266'; /* (dark blue) Unselectable folders */ +$color[16] = '#ff9933'; /* (orange) Highlight color */ + require(SM_PATH . 'functions/global.php'); require(SM_PATH . 'config/config.php'); require(SM_PATH . 'functions/plugin.php'); @@ -154,13 +196,19 @@ session_set_cookie_params (0, $base_uri); sqsession_is_active(); /** + * DISABLED. * Remove globalized session data in rg=on setups - */ -if ((bool) @ini_get('register_globals')) { + * + * Code can be utilized when session is started, but data is not loaded. + * We have already loaded configuration and other important vars. Can't + * clean session globals here. +if ((bool) @ini_get('register_globals') && + strtolower(ini_get('register_globals'))!='off') { foreach ($_SESSION as $key => $value) { unset($GLOBALS[$key]); } } +*/ sqsession_register(SM_BASE_URI,'base_uri'); @@ -286,6 +334,23 @@ switch ($sInitLocation) { return; } + /** + * Initialize the template object (logout_error uses it) + */ + require(SM_PATH . 'class/template/template.class.php'); + /* + * $sTplDir is not initialized when a user is not logged in, so we will use + * the config file defaults here. If the neccesary variables are net set, + * force a default value. + */ + $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet ); + $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default ); + + $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ? + SM_PATH . 'templates/default/' : + $aTemplateSet[$templateset_default]['PATH'] ); + $oTemplate = new Template($sTplDir); + set_up_language($squirrelmail_language, true); logout_error( _("You must be logged in to access this page.") ); exit; @@ -386,6 +451,20 @@ switch ($sInitLocation) { putenv("TZ=".$realTimeZone); } } + + /** + * php 5.1.0 added time zone functions. Set time zone with them in order + * to prevent E_STRICT notices and allow time zone modifications in safe_mode. + */ + if (function_exists('date_default_timezone_set')) { + if ($timeZone != SMPREF_NONE && $timeZone != "") { + date_default_timezone_set($timeZone); + } else { + // interface runs on server's time zone. Remove php E_STRICT complains + $default_timezone = @date_default_timezone_get(); + date_default_timezone_set($default_timezone); + } + } break; } @@ -424,7 +503,7 @@ if (version_compare(PHP_VERSION, "4.3.0", ">=")) { /** * Javascript support detection function * @param boolean $reset recheck javascript support if set to true. - * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see functions/constants.php}) + * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see include/constants.php}) * @since 1.5.1 */ function checkForJavascript($reset = FALSE) { @@ -452,4 +531,4 @@ function checkForJavascript($reset = FALSE) { function sqm_baseuri() { global $base_uri; return $base_uri; -} \ No newline at end of file +}