Fixed improper sanitizing of PHP_SELF and the lack of sanitizing of QUERY_STRING...
[squirrelmail.git] / include / init.php
1 <?php
2
3 /**
4 * init.php -- initialisation file
5 *
6 * File should be loaded in every file in src/ or plugins that occupate an entire frame
7 *
8 * @copyright &copy; 2006 The SquirrelMail Project Team
9 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
10 * @version $Id$
11 * @package squirrelmail
12 */
13
14 /**
15 * This is a development version so in order to track programmer mistakes we
16 * set the error reporting to E_ALL
17 FIXME: disabling this for now, because we now have $sm_debug_mode, but the problem with that is that we don't know what it will be until we have loaded the config file, a good 175 lines below after several important files have been included, etc. For now, we'll trust that developers have turned on E_ALL in php.ini anyway, but this can be uncommented if not.
18 */
19 //error_reporting(E_ALL);
20
21
22 /**
23 * Make sure we have a page name
24 *
25 */
26 if ( !defined('PAGE_NAME') ) define('PAGE_NAME', NULL);
27
28
29 /**
30 * If register_globals are on, unregister globals.
31 * Second test covers boolean set as string (php_value register_globals off).
32 */
33 if ((bool) ini_get('register_globals') &&
34 strtolower(ini_get('register_globals'))!='off') {
35 /**
36 * Remove all globals that are not reserved by PHP
37 * 'value' and 'key' are used by foreach. Don't unset them inside foreach.
38 */
39 foreach ($GLOBALS as $key => $value) {
40 switch($key) {
41 case 'HTTP_POST_VARS':
42 case '_POST':
43 case 'HTTP_GET_VARS':
44 case '_GET':
45 case 'HTTP_COOKIE_VARS':
46 case '_COOKIE':
47 case 'HTTP_SERVER_VARS':
48 case '_SERVER':
49 case 'HTTP_ENV_VARS':
50 case '_ENV':
51 case 'HTTP_POST_FILES':
52 case '_FILES':
53 case '_REQUEST':
54 case 'HTTP_SESSION_VARS':
55 case '_SESSION':
56 case 'GLOBALS':
57 case 'key':
58 case 'value':
59 break;
60 default:
61 unset($GLOBALS[$key]);
62 }
63 }
64 // Unset variables used in foreach
65 unset($GLOBALS['key']);
66 unset($GLOBALS['value']);
67 }
68
69 /**
70 * Used as a dummy value, e.g., for passing as an empty
71 * hook argument (where the value is passed by reference,
72 * and therefore NULL itself is not acceptable).
73 */
74 global $null;
75 $null = NULL;
76
77 /**
78 * The global $server_os variable will be "windows" if
79 * we are working in a Windows environment or "*nix"
80 * otherwise.
81 */
82 global $server_os;
83 if (DIRECTORY_SEPARATOR == '\\') $server_os = 'windows'; else $server_os = '*nix';
84
85 /**
86 * [#1518885] session.use_cookies = off breaks SquirrelMail
87 *
88 * When session cookies are not used, all http redirects, meta refreshes,
89 * src/download.php and javascript URLs are broken. Setting must be set
90 * before session is started.
91 */
92 if (!(bool)ini_get('session.use_cookies') ||
93 ini_get('session.use_cookies') == 'off') {
94 ini_set('session.use_cookies','1');
95 }
96
97 /**
98 * Initialize seed of random number generator.
99 * We use a number of things to randomize input: current time in ms,
100 * info about the remote client, info about the current process, the
101 * randomness of uniqid and stat of the current file.
102 *
103 * We seed this here only once per init, not only to save cycles
104 * but also to make the result of mt_rand more random (it now also
105 * depends on the number of times mt_rand was called before in this
106 * execution.
107 */
108 $seed = microtime() . $_SERVER['REMOTE_PORT'] . $_SERVER['REMOTE_ADDR'] . getmypid();
109
110 if (function_exists('getrusage')) {
111 /* Avoid warnings with Win32 */
112 $dat = @getrusage();
113 if (isset($dat) && is_array($dat)) { $seed .= implode('', $dat); }
114 }
115
116 if(!empty($_SERVER['UNIQUE_ID'])) {
117 $seed .= $_SERVER['UNIQUE_ID'];
118 }
119
120 $seed .= uniqid(mt_rand(),TRUE);
121 $seed .= implode( '', stat( __FILE__) );
122
123 // mt_srand() uses an integer to seed, so we need to distill our
124 // very large seed to something useful (without taking a sub-string,
125 // the integer conversion of such a large number is always 0 on
126 // many systems, but strangely, 9 hex numbers - even if larger
127 // than a signed 32 bit integer - seem to be an acceptable "integer"
128 // seed (perhaps it is used as unsigned?)...
129 // we may want to revisit this and always force it to be less than
130 // 2,147,483,647
131 //
132 $seed = hexdec(substr(md5($seed), 0, 9));
133
134 // PHP 4.2 and up don't require seeding, but their used seed algorithm
135 // is of questionable quality, so we keep doing it ourselves. */
136 mt_srand($seed);
137
138 /**
139 * calculate SM_PATH and calculate the base_uri
140 * assumptions made: init.php is only called from plugins or from the src dir.
141 * files in the plugin directory may not be part of a subdirectory called "src"
142 *
143 */
144 if (isset($_SERVER['SCRIPT_NAME'])) {
145 $a = explode('/', $_SERVER['SCRIPT_NAME']);
146 } elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
147 $a = explode('/', $HTTP_SERVER_VARS['SCRIPT_NAME']);
148 } else {
149 $error = 'Unable to detect script environment. Please test your PHP '
150 . 'settings and send your PHP core configuration, $_SERVER and '
151 . '$HTTP_SERVER_VARS contents to the SquirrelMail developers.';
152 die($error);
153 }
154 $sSM_PATH = '';
155 for($i = count($a) -2; $i > -1; --$i) {
156 $sSM_PATH .= '../';
157 if ($a[$i] === 'src' || $a[$i] === 'plugins') {
158 break;
159 }
160 }
161
162 $base_uri = implode('/', array_slice($a, 0, $i)). '/';
163
164 define('SM_PATH',$sSM_PATH);
165 define('SM_BASE_URI', $base_uri);
166
167
168 /**
169 * global var $bInit is used to check if initialisation took place.
170 * At this moment it's a workarounf for the include of addrbook_search_html
171 * inside compose.php. If we found a better way then remove this. Do only use
172 * this var if you know for sure a page can be called stand alone and be included
173 * in another file.
174 */
175 $bInit = true;
176
177 /**
178 * This theme as a failsafe if no themes were found, or if we error
179 * out before anything could be initialised.
180 */
181 $color = array();
182 $color[0] = '#DCDCDC'; /* light gray TitleBar */
183 $color[1] = '#800000'; /* red */
184 $color[2] = '#CC0000'; /* light red Warning/Error Messages */
185 $color[3] = '#A0B8C8'; /* green-blue Left Bar Background */
186 $color[4] = '#FFFFFF'; /* white Normal Background */
187 $color[5] = '#FFFFCC'; /* light yellow Table Headers */
188 $color[6] = '#000000'; /* black Text on left bar */
189 $color[7] = '#0000CC'; /* blue Links */
190 $color[8] = '#000000'; /* black Normal text */
191 $color[9] = '#ABABAB'; /* mid-gray Darker version of #0 */
192 $color[10] = '#666666'; /* dark gray Darker version of #9 */
193 $color[11] = '#770000'; /* dark red Special Folders color */
194 $color[12] = '#EDEDED';
195 $color[13] = '#800000'; /* (dark red) Color for quoted text -- > 1 quote */
196 $color[14] = '#ff0000'; /* (red) Color for quoted text -- >> 2 or more */
197 $color[15] = '#002266'; /* (dark blue) Unselectable folders */
198 $color[16] = '#ff9933'; /* (orange) Highlight color */
199
200 require(SM_PATH . 'include/constants.php');
201 require(SM_PATH . 'functions/global.php');
202 require(SM_PATH . 'functions/strings.php');
203 require(SM_PATH . 'functions/arrays.php');
204 require(SM_PATH . 'functions/files.php');
205
206 /* load default configuration */
207 require(SM_PATH . 'config/config_default.php');
208 /* reset arrays in default configuration */
209 $ldap_server = array();
210 $plugins = array();
211 $fontsets = array();
212 $aTemplateSet = array();
213 $aTemplateSet[0]['ID'] = 'default';
214 $aTemplateSet[0]['NAME'] = 'Default';
215
216 /* load site configuration */
217 require(SM_PATH . 'config/config.php');
218 /* load local configuration overrides */
219 if (file_exists(SM_PATH . 'config/config_local.php')) {
220 require(SM_PATH . 'config/config_local.php');
221 }
222
223
224 /**
225 * Set PHP error reporting level based on the SquirrelMail debug mode
226 */
227 $error_level = 0;
228 if ($sm_debug_mode & SM_DEBUG_MODE_SIMPLE)
229 $error_level |= E_ERROR;
230 if ($sm_debug_mode & SM_DEBUG_MODE_MODERATE
231 || $sm_debug_mode & SM_DEBUG_MODE_ADVANCED)
232 $error_level |= E_ALL;
233 if ($sm_debug_mode & SM_DEBUG_MODE_STRICT)
234 $error_level |= E_STRICT;
235 error_reporting($error_level);
236
237
238 /**
239 * Detect SSL connections
240 */
241 $is_secure_connection = is_ssl_secured_connection();
242
243
244 require(SM_PATH . 'functions/plugin.php');
245 require(SM_PATH . 'include/languages.php');
246 require(SM_PATH . 'class/template/Template.class.php');
247 require(SM_PATH . 'class/error.class.php');
248
249 /**
250 * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
251 * Force magic_quotes_runtime off.
252 * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this.
253 * If there's a better place, please let me know.
254 */
255 ini_set('magic_quotes_runtime','0');
256
257
258 /* if running with magic_quotes_gpc then strip the slashes
259 from POST and GET global arrays */
260 if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()) {
261 sqstripslashes($_GET);
262 sqstripslashes($_POST);
263 }
264
265
266 /**
267 * Strip any tags added to the url from PHP_SELF.
268 * This fixes hand crafted url XXS expoits for any
269 * page that uses PHP_SELF as the FORM action
270 * Update: strip_tags() won't catch something like
271 * src/right_main.php?sort=0&startMessage=1&mailbox=INBOX&xxx="><script>window.open("http://example.com")</script>
272 * or
273 * contrib/decrypt_headers.php/%22%20onmouseover=%22alert(%27hello%20world%27)%22%3E
274 * because it doesn't bother with broken tags.
275 * htmlspecialchars() is the preferred method.
276 * QUERY_STRING also needs the same treatment since it is
277 * used in php_self().
278 */
279 $_SERVER['PHP_SELF'] = htmlspecialchars($_SERVER['PHP_SELF']);
280 $_SERVER['QUERY_STRING'] = htmlspecialchars($_SERVER['QUERY_STRING']);
281
282 $PHP_SELF = php_self();
283
284 /**
285 * Initialize the session
286 */
287
288 /** set the name of the session cookie */
289 if (!isset($session_name) || !$session_name) {
290 $session_name = 'SQMSESSID';
291 }
292
293 /**
294 * When session.auto_start is On we want to destroy/close the session
295 */
296 $sSessionAutostartName = session_name();
297 $sSessionAutostartID = session_id();
298 if (!empty($sSessionAutostartID) && $sSessionAutostartName !== $session_name) {
299 $sCookiePath = ini_get('session.cookie_path');
300 $sCookieDomain = ini_get('session.cookie_domain');
301 // reset the cookie
302 sqsetcookie($sSessionAutostartName,'',1,$sCookiePath,$sCookieDomain);
303 @session_destroy();
304 session_write_close();
305 }
306
307 /**
308 * includes from classes stored in the session
309 */
310 require(SM_PATH . 'class/mime.class.php');
311
312 ini_set('session.name' , $session_name);
313 session_set_cookie_params (0, $base_uri);
314 sqsession_is_active();
315
316 /**
317 * When on login page, have to reset the user session, making
318 * sure to save session restore data first
319 */
320 if (PAGE_NAME == 'login') {
321 if (!sqGetGlobalVar('session_expired_post', $sep, SQ_SESSION))
322 $sep = '';
323 if (!sqGetGlobalVar('session_expired_location', $sel, SQ_SESSION))
324 $sel = '';
325 sqsession_destroy();
326 session_write_close();
327
328 /**
329 * in some rare instances, the session seems to stick
330 * around even after destroying it (!!), so if it does,
331 * we'll manually flatten the $_SESSION data
332 */
333 if (!empty($_SESSION))
334 $_SESSION = array();
335
336 /**
337 * Allow administrators to define custom session handlers
338 * for SquirrelMail without needing to change anything in
339 * php.ini (application-level).
340 *
341 * In config_local.php, admin needs to put:
342 *
343 * $custom_session_handlers = array(
344 * 'my_open_handler',
345 * 'my_close_handler',
346 * 'my_read_handler',
347 * 'my_write_handler',
348 * 'my_destroy_handler',
349 * 'my_gc_handler',
350 * );
351 * session_module_name('user');
352 * session_set_save_handler(
353 * $custom_session_handlers[0],
354 * $custom_session_handlers[1],
355 * $custom_session_handlers[2],
356 * $custom_session_handlers[3],
357 * $custom_session_handlers[4],
358 * $custom_session_handlers[5]
359 * );
360 *
361 * We need to replicate that code once here because PHP has
362 * long had a bug that resets the session handler mechanism
363 * when the session data is also destroyed. Because of this
364 * bug, even administrators who define custom session handlers
365 * via a PHP pre-load defined in php.ini (auto_prepend_file)
366 * will still need to define the $custom_session_handlers array
367 * in config_local.php.
368 */
369 global $custom_session_handlers;
370 if (!empty($custom_session_handlers)) {
371 $open = $custom_session_handlers[0];
372 $close = $custom_session_handlers[1];
373 $read = $custom_session_handlers[2];
374 $write = $custom_session_handlers[3];
375 $destroy = $custom_session_handlers[4];
376 $gc = $custom_session_handlers[5];
377 session_module_name('user');
378 session_set_save_handler($open, $close, $read, $write, $destroy, $gc);
379 }
380
381 sqsession_is_active();
382 session_regenerate_id();
383
384 // put session restore data back into session if necessary
385 if (!empty($sel)) {
386 sqsession_register($sel, 'session_expired_location');
387 if (!empty($sep))
388 sqsession_register($sep, 'session_expired_post');
389 }
390 }
391
392 /**
393 * SquirrelMail internal version number -- DO NOT CHANGE
394 * $sm_internal_version = array (release, major, minor)
395 */
396 $SQM_INTERNAL_VERSION = explode('.', SM_VERSION, 3);
397 $SQM_INTERNAL_VERSION[2] = intval($SQM_INTERNAL_VERSION[2]);
398
399
400 /* load prefs system; even when user not logged in, should be OK to do this here */
401 require(SM_PATH . 'functions/prefs.php');
402
403
404 /* if plugins are disabled only for one user and
405 * the current user is NOT that user, turn them
406 * back on
407 */
408 sqgetGlobalVar('username', $username, SQ_SESSION);
409 if ($disable_plugins && !empty($disable_plugins_user)
410 && $username != $disable_plugins_user) {
411 $disable_plugins = false;
412 }
413
414
415 /* remove all plugins if they are disabled */
416 if ($disable_plugins) {
417 $plugins = array();
418 }
419
420
421 /**
422 * Include Compatibility plugin if available.
423 */
424 if (!$disable_plugins && file_exists(SM_PATH . 'plugins/compatibility/functions.php'))
425 include_once(SM_PATH . 'plugins/compatibility/functions.php');
426
427
428 /**
429 * MAIN PLUGIN LOADING CODE HERE
430 * On init, we no longer need to load all plugin setup files.
431 * Now, we load the statically generated hook registrations here
432 * and let the hook calls include only the plugins needed.
433 */
434 $squirrelmail_plugin_hooks = array();
435 if (!$disable_plugins && file_exists(SM_PATH . 'config/plugin_hooks.php')) {
436 //FIXME: if we keep the plugin hooks array static like this, it seems like we should also keep the template files list in a static file too (when a new user session is started or the template set is changed, the code will dynamically iterate through the directory heirarchy of the template directory and catalog all the template files therein (and store the "catalog" in PHP session) -- instead, we could do that once at config-time and keep that static so SM can just include the file just like the line below)
437 require(SM_PATH . 'config/plugin_hooks.php');
438 }
439
440
441 /**
442 * Plugin authors note that the "config_override" hook used to be
443 * executed here, but please adapt your plugin to use this "prefs_backend"
444 * hook instead, making sure that it does NOT return anything, since
445 * doing so will interfere with proper prefs system functionality.
446 * Of course, otherwise, this hook may be used to do any configuration
447 * overrides as needed, as well as set up a custom preferences backend.
448 */
449 $prefs_backend = do_hook('prefs_backend', $null);
450 if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
451 require(SM_PATH . $prefs_backend);
452 } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
453 require(SM_PATH . 'functions/db_prefs.php');
454 } else {
455 require(SM_PATH . 'functions/file_prefs.php');
456 }
457
458
459
460 /**
461 * DISABLED.
462 * Remove globalized session data in rg=on setups
463 *
464 * Code can be utilized when session is started, but data is not loaded.
465 * We have already loaded configuration and other important vars. Can't
466 * clean session globals here, beside, the cleanout of globals at the
467 * top of this file will have removed anything this code would find anyway.
468 if ((bool) @ini_get('register_globals') &&
469 strtolower(ini_get('register_globals'))!='off') {
470 foreach ($_SESSION as $key => $value) {
471 unset($GLOBALS[$key]);
472 }
473 }
474 */
475
476 sqsession_register(SM_BASE_URI,'base_uri');
477
478 /**
479 * Retrieve the language cookie
480 */
481 if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) {
482 $squirrelmail_language = '';
483 }
484
485
486 /**
487 * In some cases, buffering all output allows more complex functionality,
488 * especially for plugins that want to add headers on hooks that are beyond
489 * the point of output having been sent to the browser otherwise.
490 *
491 * Note that we don't turn this on any earlier since we want to allow plugins
492 * to turn it on themselves via a configuration override on the prefs_backend
493 * hook.
494 *
495 */
496 if ($buffer_output) ob_start(!empty($buffered_output_handler) ? $buffered_output_handler : NULL);
497
498
499 /**
500 * Do something special for some pages. This is based on the PAGE_NAME constant
501 * set at the top of every page.
502 */
503 $set_up_langage_after_template_setup = FALSE;
504 switch (PAGE_NAME) {
505 case 'style':
506
507 // need to get the right template set up
508 //
509 sqGetGlobalVar('templateid', $templateid, SQ_GET);
510
511 // sanitize just in case...
512 //
513 $templateid = preg_replace('/(\.\.\/){1,}/', '', $templateid);
514
515 // make sure given template actually is available
516 //
517 $found_templateset = false;
518 for ($i = 0; $i < count($aTemplateSet); ++$i) {
519 if ($aTemplateSet[$i]['ID'] == $templateid) {
520 $found_templateset = true;
521 break;
522 }
523 }
524
525 // FIXME: do we need/want to check here for actual (physical) presence of template sets?
526 // selected template not available, fall back to default template
527 //
528 if (!$found_templateset) {
529 $sTemplateID = Template::get_default_template_set();
530 } else {
531 $sTemplateID = $templateid;
532 }
533
534 session_write_close();
535 break;
536
537 case 'mailto':
538 // nothing to do
539 break;
540
541 case 'redirect':
542 require(SM_PATH . 'functions/auth.php');
543 //nobreak;
544
545 case 'login':
546 require(SM_PATH . 'functions/display_messages.php' );
547 require(SM_PATH . 'functions/page_header.php');
548 require(SM_PATH . 'functions/html.php');
549
550 // reset template file cache
551 //
552 $sTemplateID = Template::get_default_template_set();
553 Template::cache_template_file_hierarchy($sTemplateID, TRUE);
554
555 /**
556 * Make sure icon variables are setup for the login page.
557 */
558 $icon_theme = $icon_themes[$icon_theme_def]['PATH'];
559 /*
560 * NOTE: The $icon_theme_path var should contain the path to the icon
561 * theme to use. If the admin has disabled icons, or the user has
562 * set the icon theme to "None," no icons will be used.
563 */
564 $icon_theme_path = (!$use_icons || $icon_theme=='none') ? NULL : ($icon_theme == 'template' ? SM_PATH . Template::calculate_template_images_directory($sTemplateID) : $icon_theme);
565
566 break;
567 default:
568 require(SM_PATH . 'functions/display_messages.php' );
569 require(SM_PATH . 'functions/page_header.php');
570 require(SM_PATH . 'functions/html.php');
571
572
573 /**
574 * Check if we are logged in
575 */
576 require(SM_PATH . 'functions/auth.php');
577
578 if ( !sqsession_is_registered('user_is_logged_in') ) {
579
580 // use $message to indicate what logout text the user
581 // will see... if 0, typical "You must be logged in"
582 // if 1, information that the user session was saved
583 // and will be resumed after (re)login
584 //
585 $message = 0;
586
587 // First we store some information in the new session to prevent
588 // information-loss.
589 //
590 $session_expired_post = $_POST;
591 $session_expired_location = PAGE_NAME;
592 if (!sqsession_is_registered('session_expired_post')) {
593 sqsession_register($session_expired_post,'session_expired_post');
594 }
595 if (!sqsession_is_registered('session_expired_location')) {
596 sqsession_register($session_expired_location,'session_expired_location');
597 if ($session_expired_location == 'compose')
598 $message = 1;
599 }
600 // signout page will deal with users who aren't logged
601 // in on its own; don't show error here
602 //
603 if ( PAGE_NAME == 'signout' ) {
604 return;
605 }
606
607 /**
608 * Initialize the template object (logout_error uses it)
609 */
610 /*
611 * $sTemplateID is not initialized when a user is not logged in, so we
612 * will use the config file defaults here. If the neccesary variables
613 * are not set, force a default value.
614 */
615 if (PAGE_NAME == 'squirrelmail_rpc') {
616 $sTemplateID = Template::get_rpc_template_set();
617 } else {
618 $sTemplateID = Template::get_default_template_set();
619 }
620 $oTemplate = Template::construct_template($sTemplateID);
621
622 set_up_language($squirrelmail_language, true);
623 if (!$message)
624 logout_error( _("You must be logged in to access this page.") );
625 else
626 logout_error( _("Your session has expired, but will be resumed after logging in again.") );
627 exit;
628 }
629
630 sqgetGlobalVar('authz',$authz,SQ_SESSION);
631
632 /**
633 * Setting the prefs backend
634 */
635 sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION );
636 sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION );
637
638 if ( !sqsession_is_registered('prefs_are_cached') ||
639 !isset( $prefs_cache) ||
640 !is_array( $prefs_cache)) {
641 $prefs_are_cached = false;
642 $prefs_cache = false; //array();
643 }
644
645 /**
646 * initializing user settings
647 */
648 require(SM_PATH . 'include/load_prefs.php');
649
650 /**
651 * We'll need this to later have a noframes version
652 *
653 * Check if the user has a language preference, but no cookie.
654 * Send him a cookie with his language preference, if there is
655 * such discrepancy.
656 */
657 $my_language = getPref($data_dir, $username, 'language');
658 if ($my_language != $squirrelmail_language) {
659 sqsetcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri);
660 }
661
662 $set_up_langage_after_template_setup = TRUE;
663
664 $timeZone = getPref($data_dir, $username, 'timezone');
665
666 /* Check to see if we are allowed to set the TZ environment variable.
667 * We are able to do this if ...
668 * safe_mode is disabled OR
669 * safe_mode_allowed_env_vars is empty (you are allowed to set any) OR
670 * safe_mode_allowed_env_vars contains TZ
671 */
672 $tzChangeAllowed = (!ini_get('safe_mode')) ||
673 !strcmp(ini_get('safe_mode_allowed_env_vars'),'') ||
674 preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars'));
675
676 if ( $timeZone != SMPREF_NONE && ($timeZone != "")
677 && $tzChangeAllowed ) {
678
679 // get time zone key, if strict or custom strict timezones are used
680 if (isset($time_zone_type) &&
681 ($time_zone_type == 1 || $time_zone_type == 3)) {
682 /* load time zone functions */
683 require(SM_PATH . 'include/timezones.php');
684 $realTimeZone = sq_get_tz_key($timeZone);
685 } else {
686 $realTimeZone = $timeZone;
687 }
688
689 // set time zone
690 if ($realTimeZone) {
691 putenv("TZ=".$realTimeZone);
692 }
693 }
694
695 /**
696 * php 5.1.0 added time zone functions. Set time zone with them in order
697 * to prevent E_STRICT notices and allow time zone modifications in safe_mode.
698 */
699 if (function_exists('date_default_timezone_set')) {
700 if ($timeZone != SMPREF_NONE && $timeZone != "") {
701 date_default_timezone_set($timeZone);
702 } else {
703 // interface runs on server's time zone. Remove php E_STRICT complains
704 $default_timezone = @date_default_timezone_get();
705 date_default_timezone_set($default_timezone);
706 }
707 }
708 break;
709 }
710
711 /*
712 * $sTemplateID is not initialized when a user is not logged in, so we
713 * will use the config file defaults here. If the neccesary variables
714 * are not set, force a default value.
715 *
716 * If the user is logged in, $sTemplateID will be set in load_prefs.php,
717 * so we shouldn't change it here.
718 */
719 if (!isset($sTemplateID)) {
720 if (PAGE_NAME == 'squirrelmail_rpc') {
721 $sTemplateID = Template::get_rpc_template_set();
722 } else {
723 $sTemplateID = Template::get_default_template_set();
724 }
725 $icon_theme_path = !$use_icons ? NULL : Template::calculate_template_images_directory($sTemplateID);
726 }
727
728 // template object may have already been constructed in load_prefs.php
729 //
730 if (empty($oTemplate)) {
731 $oTemplate = Template::construct_template($sTemplateID);
732 }
733
734 // We want some variables to always be available to the template
735 //
736 $oTemplate->assign('javascript_on',
737 (sqGetGlobalVar('user_is_logged_in', $user_is_logged_in, SQ_SESSION)
738 ? checkForJavascript() : 0));
739 $oTemplate->assign('base_uri', sqm_baseuri());
740 $always_include = array('sTemplateID', 'icon_theme_path');
741 foreach ($always_include as $var) {
742 $oTemplate->assign($var, (isset($$var) ? $$var : NULL));
743 }
744
745 // A few output elements are used often, so just get them once here
746 //
747 $nbsp = $oTemplate->fetch('non_breaking_space.tpl');
748 $br = $oTemplate->fetch('line_break.tpl');
749
750
751 /**
752 * Set up the language.
753 *
754 * This code block corresponds to the *default* block of the switch
755 * statement above, but the language cannot be set up until after the
756 * template is instantiated, so we set $set_up_langage_after_template_setup
757 * above and do the linguistic stuff now.
758 */
759 if ($set_up_langage_after_template_setup) {
760 $err=set_up_language(getPref($data_dir, $username, 'language'));
761
762 // Japanese translation used without mbstring support
763 if ($err==2) {
764 $sError = "<p>Your administrator needs to have PHP installed with the multibyte string extension enabled (using configure option --enable-mbstring).</p>\n"
765 . "<p>This system has assumed that you accidently switched to Japanese and has reverted your language preference to English.</p>\n"
766 . "<p>Please refresh this page in order to continue using your webmail.</p>\n";
767 error_box($sError);
768 }
769 }
770
771
772 /**
773 * Initialize our custom error handler object
774 */
775 $oErrorHandler = new ErrorHandler($oTemplate,'error_message.tpl');
776
777
778 /**
779 * Activate custom error handling
780 */
781 if (version_compare(PHP_VERSION, "4.3.0", ">=")) {
782 $oldErrorHandler = set_error_handler(array($oErrorHandler, 'SquirrelMailErrorhandler'));
783 } else {
784 $oldErrorHandler = set_error_handler('SquirrelMailErrorhandler');
785 }
786
787
788 // ============================================================================
789 // ================= End of Live Code, Beginning of Functions =================
790 // ============================================================================
791
792
793 /**
794 * Javascript support detection function
795 * @param boolean $reset recheck javascript support if set to true.
796 * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see include/constants.php})
797 * @since 1.5.1
798 */
799 function checkForJavascript($reset = FALSE) {
800 global $data_dir, $username, $javascript_on, $javascript_setting;
801
802 if ( !$reset && sqGetGlobalVar('javascript_on', $javascript_on, SQ_SESSION) )
803 return $javascript_on;
804
805 //FIXME: this isn't used anywhere else in this function; can we remove it? why is it here?
806 $user_is_logged_in = FALSE;
807 if ( $reset || !isset($javascript_setting) )
808 $javascript_setting = getPref($data_dir, $username, 'javascript_setting', SMPREF_JS_AUTODETECT);
809
810 if ( !sqGetGlobalVar('new_js_autodetect_results', $js_autodetect_results) &&
811 !sqGetGlobalVar('js_autodetect_results', $js_autodetect_results) )
812 $js_autodetect_results = SMPREF_JS_OFF;
813
814 if ( $javascript_setting == SMPREF_JS_AUTODETECT )
815 $javascript_on = $js_autodetect_results;
816 else
817 $javascript_on = $javascript_setting;
818
819 sqsession_register($javascript_on, 'javascript_on');
820 return $javascript_on;
821 }
822
823 function sqm_baseuri() {
824 global $base_uri;
825 return $base_uri;
826 }