- Do not lose user prefs/sigs/abooks when trying to save to a full disk.
- Make the SquirrelMail link on the right top configurable so a provider can point
to their own FAQ for example.
+ - Enable TZ in safe_mode if safe_mode_allowed_env_vars permits this bug #612148.
Version 1.3.1
-------------
/* Define the optpage load function for the personal options page. */
function load_optpage_data_personal() {
global $data_dir, $username, $edit_identity, $edit_name,
- $full_name, $reply_to, $email_address, $signature;
+ $full_name, $reply_to, $email_address, $signature, $tzChangeAllowed;
/* Set the values of some global variables. */
$full_name = getPref($data_dir, $username, 'full_name');
);
}
- if ( !ini_get("safe_mode") ) {
+ if ( $tzChangeAllowed ) {
$TZ_ARRAY[SMPREF_NONE] = _("Same as server");
$fd = fopen('../locale/timezones.cfg','r');
while (!feof ($fd)) {
set_up_language(getPref($data_dir, $username, 'language'));
$timeZone = getPref($data_dir, $username, 'timezone');
+
+/* Check to see if we are allowed to set the TZ environment variable.
+ * We are able to do this if ...
+ * safe_mode is disabled OR
+ * safe_mode_allowed_env_vars is empty (you are allowed to set any) OR
+ * safe_mode_allowed_env_vars contains TZ
+ */
+$tzChangeAllowed = (!ini_get('safe_mode')) ||
+ !strcmp(ini_get('safe_mode_allowed_env_vars'),'') ||
+ preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars'));
+
if ( $timeZone != SMPREF_NONE && ($timeZone != "")
- && !ini_get("safe_mode")) {
+ && $tzChangeAllowed ) {
putenv("TZ=".$timeZone);
}
?>
projects / squirrelmail.git / commitdiff