From d0747e266fbef3f6507ebe98dbef71b30c8fde5f Mon Sep 17 00:00:00 2001
From: lkehresman <lkehresman@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Thu, 6 Jan 2000 19:29:24 +0000
Subject: [PATCH] made data path relative

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@114 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 config/config.php      | 14 ++++++++++++++
 functions/prefs.php    | 14 +++++++-------
 functions/smtp.php     |  4 ++--
 src/load_prefs.php     |  3 ++-
 src/options.php        |  4 ++--
 src/options_submit.php |  6 +++---
 src/webmail.php        |  2 +-
 7 files changed, 31 insertions(+), 16 deletions(-)

diff --git a/config/config.php b/config/config.php
index 04ef87a8..4ae1f376 100644
--- a/config/config.php
+++ b/config/config.php
@@ -104,4 +104,18 @@
 //  Whether or not to use META tags and automatically forward after an action has
 //  been completed.
     $auto_forward = true;
+
+//  Path to the data/ directory
+//    It is a possible security hole to have a writable directory under the web server's
+//    root directory (ex: /home/httpd/html).  For this reason, it is possible to put
+//    the data directory anywhere you would like.   The path name can be absolute or
+//    relative (to the config directory).  It doesn't matter.  Here are two examples:
+//
+//  Absolute:
+//    $data_dir = "/usr/local/squirrelmail/data/";
+//
+//  Relative (to the config directory):
+//    $data_dir = "../data/";
+
+    $data_dir = "../data/haha/";
 ?>
diff --git a/functions/prefs.php b/functions/prefs.php
index 51265242..93682733 100644
--- a/functions/prefs.php
+++ b/functions/prefs.php
@@ -6,8 +6,8 @@
     **/
 
    /** returns the value for $string **/
-   function getPref($username, $string) {
-      $filename = "../data/$username.pref";
+   function getPref($data_dir, $username, $string) {
+      $filename = "$data_dir$username.pref";
       if (!file_exists($filename)) {
          echo "Preference file \"$filename\" not found.  Exiting abnormally";
          exit;
@@ -28,8 +28,8 @@
    }
 
    /** sets the pref, $string, to $set_to **/
-   function setPref($username, $string, $set_to) {
-      $filename = "../data/$username.pref";
+   function setPref($data_dir, $username, $string, $set_to) {
+      $filename = "$data_dir$username.pref";
       $found = false;
       if (!file_exists($filename)) {
          echo "Preference file, $filename, does not exist.  Log out, and log back in to create a default preference file.<BR>";
@@ -67,10 +67,10 @@
    }
 
    /** This checks if there is a pref file, if there isn't, it will create it. **/
-   function checkForPrefs($username) {
-      $filename = "../data/$username.pref";
+   function checkForPrefs($data_dir, $username) {
+      $filename = "$data_dir$username.pref";
       if (!file_exists($filename)) {
-         if (!copy("../data/default_pref", $filename)) {
+         if (!copy("$data_dirdefault_pref", $filename)) {
             echo "Error opening $filename";
             exit;
          }
diff --git a/functions/smtp.php b/functions/smtp.php
index a5b7934a..6150e24c 100644
--- a/functions/smtp.php
+++ b/functions/smtp.php
@@ -24,8 +24,8 @@
       $bcc = parseAddrs($b);
       $body = stripslashes($body);
       $from_addr = "$username@$domain";
-      $reply_to = getPref($username, "reply_to");
-      $from = getPref($username, "full_name");
+      $reply_to = getPref($data_dir, $username, "reply_to");
+      $from = getPref($data_dir, $username, "full_name");
       if ($from == "")
          $from = "<$from_addr>";
       else
diff --git a/src/load_prefs.php b/src/load_prefs.php
index 97785f6f..973ae4ab 100644
--- a/src/load_prefs.php
+++ b/src/load_prefs.php
@@ -1,7 +1,8 @@
 <?
+   include("../config/config.php");
    include("../functions/prefs.php");
 
-   $chosen_theme = getPref($username, "chosen_theme");
+   $chosen_theme = getPref($data_dir, $username, "chosen_theme");
 
    if (isset($chosen_theme)) {
       require("$chosen_theme");
diff --git a/src/options.php b/src/options.php
index f3aaea39..17aabaf1 100644
--- a/src/options.php
+++ b/src/options.php
@@ -14,8 +14,8 @@
    displayPageHeader($color, "None");
 
    /** load up some of the values from the pref file **/
-   $fullname = getPref($username, "full_name");
-   $replyto  = getPref($username, "reply_to");
+   $fullname = getPref($data_dir, $username, "full_name");
+   $replyto  = getPref($data_dir, $username, "reply_to");
    if ($replyto == "")
       $replyto = "$username@$domain";
 
diff --git a/src/options_submit.php b/src/options_submit.php
index 3f128602..65b8c202 100644
--- a/src/options_submit.php
+++ b/src/options_submit.php
@@ -13,9 +13,9 @@
    echo "<BODY TEXT=\"$color[8]\" BGCOLOR=\"$color[4]\" LINK=\"$color[7]\" VLINK=\"$color[7]\" ALINK=\"$color[7]\">\n";
    displayPageHeader($color, "None");
 
-   setPref($username, "full_name", $full_name);
-   setPref($username, "reply_to", $reply_to);
-   setPref($username, "chosen_theme", $chosentheme);
+   setPref($data_dir, $username, "full_name", $full_name);
+   setPref($data_dir, $username, "reply_to", $reply_to);
+   setPref($data_dir, $username, "chosen_theme", $chosentheme);
 
    echo "<FONT FACE=\"Arial,Helvetica\">";
    echo "<BR><BR><BR><CENTER><B>Options Saved!</B><BR><BR>";
diff --git a/src/webmail.php b/src/webmail.php
index 8f11384b..54eb524c 100644
--- a/src/webmail.php
+++ b/src/webmail.php
@@ -38,7 +38,7 @@
     we would like to use as little Javascript as possible.
 **/
 <?
-   checkForPrefs($username);
+   checkForPrefs($data_dir, $username);
 
    if ($right_frame == "right_main.php") {
       $urlMailbox = urlencode($mailbox);
-- 
2.25.1