X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fvalidate.php;h=43e92dca4eb3165d8e7749d37c9d40f29ec03822;hb=5b8d68ca2263cc828546f629c7cd63a78783a3d0;hp=2ee592b9e76557f0753c88a7bc980119d198b075;hpb=ff8a98e7e1d368c57b088522586bddcf68d443a5;p=squirrelmail.git diff --git a/src/validate.php b/src/validate.php index 2ee592b9..43e92dca 100644 --- a/src/validate.php +++ b/src/validate.php @@ -1,115 +1,93 @@ $v) { - global $$k; - if (is_array($$k)) { - foreach ($$k as $k2 => $v2) { - $$k[$k2] = substr($v2, 1); - } - } else { - $$k = substr($v, 1); - } - // Re-assign back to array - $array[$k] = $$k; - } - } - - - //************************************************************************** - // Removes slashes from every element in the array - //************************************************************************** - function RemoveSlashes(&$array) - { - foreach ($array as $k => $v) - { - global $$k; - if (is_array($$k)) - { - foreach ($$k as $k2 => $v2) - { - $newArray[stripslashes($k2)] = stripslashes($v2); - } - $$k = $newArray; - } - else - { - $$k = stripslashes($v); - } - // Re-assign back to the array - $array[$k] = $$k; - } - } +/* Remove all slashes for form values. */ +if (get_magic_quotes_gpc()) { + global $REQUEST_METHOD; - // Everyone needs stuff from config, and config needs stuff from - // strings.php, so include them both here. - // Include them down here instead of at the top so that all config - // variables overwrite any passed in variables (for security) - require_once('../functions/strings.php'); - require_once('../config/config.php'); - require_once('../src/load_prefs.php'); - require_once('../functions/page_header.php'); + if ($REQUEST_METHOD == 'POST') { + global $HTTP_POST_VARS; + RemoveSlashes($HTTP_POST_VARS); + } else if ($REQUEST_METHOD == 'GET') { + global $HTTP_GET_VARS; + RemoveSlashes($HTTP_GET_VARS); + } +} - // Set up the language - // i18n.php was included by auth.php - global $username, $data_dir; - set_up_language(getPref($data_dir, $username, 'language')); -?> \ No newline at end of file +/** +* Auto-detection +* +* if $send (the form button's name) contains "\n" as the first char +* and the script is compose.php, then trim everything. Otherwise, we +* don't have to worry. +* +* This is for a RedHat package bug and a Konqueror (pre 2.1.1?) bug +*/ +global $send, $PHP_SELF; +if (isset($send) + && (substr($send, 0, 1) == "\n") + && (substr($PHP_SELF, -12) == '/compose.php')) { + if ($REQUEST_METHOD == 'POST') { + global $HTTP_POST_VARS; + TrimArray($HTTP_POST_VARS); + } else { + global $HTTP_GET_VARS; + TrimArray($HTTP_GET_VARS); + } +} + +/** +* Everyone needs stuff from config, and config needs stuff from +* strings.php, so include them both here. Actually, strings is +* included at the top now as the string array functions have +* been moved into it. +* +* Include them down here instead of at the top so that all config +* variables overwrite any passed in variables (for security). +*/ + +/** + * Reset the $theme() array in case a value was passed via a cookie. + * This is until theming is rewritten. + */ +global $theme; +unset($theme); +$theme=array(); + +require_once('../config/config.php'); +require_once('../src/load_prefs.php'); +require_once('../functions/page_header.php'); +require_once('../functions/prefs.php'); + +/* Set up the language (i18n.php was included by auth.php). */ +global $username, $data_dir; +set_up_language(getPref($data_dir, $username, 'language')); + +$timeZone = getPref($data_dir, $username, 'timezone'); +if ( $timeZone != SMPREF_NONE && ($timeZone != "") + && !ini_get("safe_mode")) { + putenv("TZ=".$timeZone); +} +?>