/**
* If register_globals are on, unregister globals.
- * Code requires PHP 4.1.0 or newer.
* Second test covers boolean set as string (php_value register_globals off).
*/
-if ((bool) @ini_get('register_globals') &&
+if ((bool) ini_get('register_globals') &&
strtolower(ini_get('register_globals'))!='off') {
/**
- * Remove all globals from $_GET, $_POST, and $_COOKIE.
- */
- foreach ($_REQUEST as $key => $value) {
- unset($GLOBALS[$key]);
- }
- /**
- * Remove globalized $_FILES variables
- * Before 4.3.0 $_FILES are included in $_REQUEST.
- * Unglobalize them in separate call in order to remove dependency
- * on PHP version.
- */
- foreach ($_FILES as $key => $value) {
- unset($GLOBALS[$key]);
- // there are three undocumented $_FILES globals.
- unset($GLOBALS[$key.'_type']);
- unset($GLOBALS[$key.'_name']);
- unset($GLOBALS[$key.'_size']);
- }
- /**
- * Remove globalized environment variables.
+ * Remove all globals that are not reserved by PHP
+ * 'value' and 'key' are used by foreach. Don't unset them inside foreach.
*/
- foreach ($_ENV as $key => $value) {
- unset($GLOBALS[$key]);
- }
- /**
- * Remove globalized server variables.
- */
- foreach ($_SERVER as $key => $value) {
- unset($GLOBALS[$key]);
+ foreach ($GLOBALS as $key => $value) {
+ switch($key) {
+ case 'HTTP_POST_VARS':
+ case '_POST':
+ case 'HTTP_GET_VARS':
+ case '_GET':
+ case 'HTTP_COOKIE_VARS':
+ case '_COOKIE':
+ case 'HTTP_SERVER_VARS':
+ case '_SERVER':
+ case 'HTTP_ENV_VARS':
+ case '_ENV':
+ case 'HTTP_POST_FILES':
+ case '_FILES':
+ case '_REQUEST':
+ case 'HTTP_SESSION_VARS':
+ case '_SESSION':
+ case 'GLOBALS':
+ case 'key':
+ case 'value':
+ break;
+ case 'sInitLocation':
+ // FIXME: variable must be set only in src/login.php
+ break;
+ default:
+ unset($GLOBALS[$key]);
+ }
}
+ // Unset variables used in foreach
+ unset($GLOBALS['key']);
+ unset($GLOBALS['value']);
}
+/**
+ * [#1518885] session.use_cookies = off breaks SquirrelMail
+ *
+ * When session cookies are not used, all http redirects, meta refreshes,
+ * src/download.php and javascript URLs are broken. Setting must be set
+ * before session is started.
+ */
+if (!(bool)ini_get('session.use_cookies') ||
+ ini_get('session.use_cookies') == 'off') {
+ ini_set('session.use_cookies','1');
+}
/**
* calculate SM_PATH and calculate the base_uri
if (isset($_SERVER['SCRIPT_NAME'])) {
$a = explode('/',$_SERVER['SCRIPT_NAME']);
} elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
- $a = explode('/',$_SERVER['SCRIPT_NAME']);
+ $a = explode('/',$HTTP_SERVER_VARS['SCRIPT_NAME']);
+} else {
+ $error = 'Unable to detect script environment. '
+ .'Please test your PHP settings and send PHP core config, $_SERVER '
+ .'and $HTTP_SERVER_VARS to SquirrelMail developers.';
+ die($error);
}
$sSM_PATH = '';
for($i = count($a) -2;$i > -1; --$i) {
*/
$bInit = true;
+/**
+ * This theme as a failsafe if no themes were found, or if we error
+ * out before anything could be initialised.
+ */
+$color = array();
+$color[0] = '#DCDCDC'; /* light gray TitleBar */
+$color[1] = '#800000'; /* red */
+$color[2] = '#CC0000'; /* light red Warning/Error Messages */
+$color[3] = '#A0B8C8'; /* green-blue Left Bar Background */
+$color[4] = '#FFFFFF'; /* white Normal Background */
+$color[5] = '#FFFFCC'; /* light yellow Table Headers */
+$color[6] = '#000000'; /* black Text on left bar */
+$color[7] = '#0000CC'; /* blue Links */
+$color[8] = '#000000'; /* black Normal text */
+$color[9] = '#ABABAB'; /* mid-gray Darker version of #0 */
+$color[10] = '#666666'; /* dark gray Darker version of #9 */
+$color[11] = '#770000'; /* dark red Special Folders color */
+$color[12] = '#EDEDED';
+$color[13] = '#800000'; /* (dark red) Color for quoted text -- > 1 quote */
+$color[14] = '#ff0000'; /* (red) Color for quoted text -- >> 2 or more */
+$color[15] = '#002266'; /* (dark blue) Unselectable folders */
+$color[16] = '#ff9933'; /* (orange) Highlight color */
+
require(SM_PATH . 'functions/global.php');
+
+/* load default configuration */
+require(SM_PATH . 'config/config_default.php');
+/* reset arrays in default configuration */
+$ldap_server = array();
+$plugins = array();
+$fontsets = array();
+$theme = array();
+$theme[0]['PATH'] = SM_PATH . 'themes/default_theme.php';
+$theme[0]['NAME'] = 'Default';
+$aTemplateSet = array();
+$aTemplateSet[0]['PATH'] = SM_PATH . 'templates/default/';
+$aTemplateSet[0]['NAME'] = 'Default template';
+/* load site configuration */
require(SM_PATH . 'config/config.php');
+/* load local configuration overrides */
+if (file_exists(SM_PATH . 'config/config_local.php')) {
+ require(SM_PATH . 'config/config_local.php');
+}
+
require(SM_PATH . 'functions/plugin.php');
require(SM_PATH . 'include/constants.php');
require(SM_PATH . 'include/languages.php');
return;
}
+ /**
+ * Initialize the template object (logout_error uses it)
+ */
+ require(SM_PATH . 'class/template/template.class.php');
+ /*
+ * $sTplDir is not initialized when a user is not logged in, so we will use
+ * the config file defaults here. If the neccesary variables are net set,
+ * force a default value.
+ */
+ $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
+ $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );
+
+ $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
+ SM_PATH . 'templates/default/' :
+ $aTemplateSet[$templateset_default]['PATH'] );
+ $oTemplate = new Template($sTplDir);
+
set_up_language($squirrelmail_language, true);
logout_error( _("You must be logged in to access this page.") );
exit;
*/
require(SM_PATH . 'include/load_prefs.php');
-
// i do not understand the frames language cookie story
/**
* We'll need this to later have a noframes version
putenv("TZ=".$realTimeZone);
}
}
+
+ /**
+ * php 5.1.0 added time zone functions. Set time zone with them in order
+ * to prevent E_STRICT notices and allow time zone modifications in safe_mode.
+ */
+ if (function_exists('date_default_timezone_set')) {
+ if ($timeZone != SMPREF_NONE && $timeZone != "") {
+ date_default_timezone_set($timeZone);
+ } else {
+ // interface runs on server's time zone. Remove php E_STRICT complains
+ $default_timezone = @date_default_timezone_get();
+ date_default_timezone_set($default_timezone);
+ }
+ }
break;
}
* Initialize the template object
*/
require(SM_PATH . 'class/template/template.class.php');
+
/*
* $sTplDir is not initialized when a user is not logged in, so we will use
* the config file defaults here. If the neccesary variables are net set,
* force a default value.
+ *
+ * If the user is logged in, $sTplDir will be set in load_prefs.php, so we
+ * shouldn't change it here.
*/
-$aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
-$templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );
-
-$sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
- SM_PATH . 'templates/default/' :
- $aTemplateSet[$templateset_default]['PATH'] );
+if (!isset($sTplDir)) {
+ $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
+ $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );
+
+ $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
+ SM_PATH . 'templates/default/' :
+ $aTemplateSet[$templateset_default]['PATH'] );
+}
$oTemplate = new Template($sTplDir);
+// We want some variables to always be available to the template
+$always_include = array('sTplDir', 'icon_theme_path');
+foreach ($always_include as $var) {
+ $oTemplate->assign($var, (isset($$var) ? $$var : NULL));
+}
+
/**
* Initialize our custom error handler object
*/
/**
* Javascript support detection function
* @param boolean $reset recheck javascript support if set to true.
- * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see functions/constants.php})
+ * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see include/constants.php})
* @since 1.5.1
*/
function checkForJavascript($reset = FALSE) {
function sqm_baseuri() {
global $base_uri;
return $base_uri;
-}
\ No newline at end of file
+}
projects / squirrelmail.git / blobdiff