From 31afdbffebf060c82f1071fd2dbe20a7b649ebc9 Mon Sep 17 00:00:00 2001
From: ullgren <ullgren@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Wed, 23 Oct 2002 20:44:48 +0000
Subject: [PATCH] #612148: Enable TZ in safe_mode if safe_mode_allowed_env_vars
 permits this bug

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3970 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 ChangeLog                    |  1 +
 include/options/personal.php |  4 ++--
 include/validate.php         | 13 ++++++++++++-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a7788b87..4b52404c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,7 @@ Version 1.3.2 -- cvs
   - Do not lose user prefs/sigs/abooks when trying to save to a full disk.
   - Make the SquirrelMail link on the right top configurable so a provider can point
     to their own FAQ for example.
+  - Enable TZ in safe_mode if safe_mode_allowed_env_vars permits this bug #612148.
 
 Version 1.3.1
 -------------
diff --git a/include/options/personal.php b/include/options/personal.php
index 84a0fda6..ac0b0295 100644
--- a/include/options/personal.php
+++ b/include/options/personal.php
@@ -24,7 +24,7 @@ define('SMOPT_GRP_TZ', 3);
 /* Define the optpage load function for the personal options page. */
 function load_optpage_data_personal() {
     global $data_dir, $username, $edit_identity, $edit_name,
-           $full_name, $reply_to, $email_address, $signature;
+           $full_name, $reply_to, $email_address, $signature, $tzChangeAllowed;
 
     /* Set the values of some global variables. */
     $full_name = getPref($data_dir, $username, 'full_name');
@@ -118,7 +118,7 @@ function load_optpage_data_personal() {
         );
     }
     
-    if (  !ini_get("safe_mode") ) {
+    if ( $tzChangeAllowed ) {
         $TZ_ARRAY[SMPREF_NONE] = _("Same as server");
         $fd = fopen('../locale/timezones.cfg','r');
         while (!feof ($fd)) {
diff --git a/include/validate.php b/include/validate.php
index 22d4b9a0..41116656 100644
--- a/include/validate.php
+++ b/include/validate.php
@@ -90,8 +90,19 @@ global $username, $data_dir;
 set_up_language(getPref($data_dir, $username, 'language'));
 
 $timeZone = getPref($data_dir, $username, 'timezone');
+
+/* Check to see if we are allowed to set the TZ environment variable.
+ * We are able to do this if ... 
+ *   safe_mode is disabled OR
+ *   safe_mode_allowed_env_vars is empty (you are allowed to set any) OR
+ *   safe_mode_allowed_env_vars contains TZ 
+ */
+$tzChangeAllowed = (!ini_get('safe_mode')) ||
+                    !strcmp(ini_get('safe_mode_allowed_env_vars'),'') || 
+                    preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars')); 
+
 if ( $timeZone != SMPREF_NONE && ($timeZone != "") 
-    && !ini_get("safe_mode")) {
+    && $tzChangeAllowed ) {
     putenv("TZ=".$timeZone);
 }
 ?>
-- 
2.25.1