May as well grab offset info too

[squirrelmail.git] / include / init.php

diff --git a/include/init.php b/include/init.php
index 2017640db2fe437d07f7ff35fd4bad0a0106d48d..e1bd3bbd050d9a95004122594f2eb7721f98f835 100644 (file)
--- a/include/init.php
+++ b/include/init.php
@@ -5,7 +5,7 @@
  *
  * File should be loaded in every file in src/ or plugins that occupate an entire frame
  *
- * @copyright 2006-2012 The SquirrelMail Project Team
+ * @copyright 2006-2017 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -223,15 +223,17 @@ if (file_exists(SM_PATH . 'config/config_local.php')) {
 
 /**
  * Set PHP error reporting level based on the SquirrelMail debug mode
+ * E_STRICT = 2048
+ * E_DEPRECATED = 8192
  */
 $error_level = 0;
 if ($sm_debug_mode & SM_DEBUG_MODE_SIMPLE)
     $error_level |= E_ERROR;
 if ($sm_debug_mode & SM_DEBUG_MODE_MODERATE
  || $sm_debug_mode & SM_DEBUG_MODE_ADVANCED)
-    $error_level |= E_ALL;
+    $error_level = ($error_level | E_ALL) & ~2048 & ~8192;
 if ($sm_debug_mode & SM_DEBUG_MODE_STRICT)
-    $error_level |= E_STRICT;
+    $error_level |= 2048 | 8192;
 error_reporting($error_level);
 
 
@@ -272,20 +274,20 @@ if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()) {
  * or
  * contrib/decrypt_headers.php/%22%20onmouseover=%22alert(%27hello%20world%27)%22%3E
  * because it doesn't bother with broken tags.
- * htmlspecialchars() is the preferred method.
+ * sm_encode_html_special_chars() is the preferred method.
  * QUERY_STRING also needs the same treatment since it is
  * used in php_self().
  * Update again: the encoding of ampersands that occurs
- * using htmlspecialchars() corrupts the query strings
+ * using sm_encode_html_special_chars() corrupts the query strings
  * in normal URIs, so we have to let those through.
 FIXME: will the de-sanitizing of ampersands create any security/XSS problems?
  */
 if (isset($_SERVER['REQUEST_URI']))
-    $_SERVER['REQUEST_URI'] = str_replace('&', '&', htmlspecialchars($_SERVER['REQUEST_URI']));
+    $_SERVER['REQUEST_URI'] = str_replace('&', '&', sm_encode_html_special_chars($_SERVER['REQUEST_URI']));
 if (isset($_SERVER['PHP_SELF']))
-    $_SERVER['PHP_SELF'] = str_replace('&', '&', htmlspecialchars($_SERVER['PHP_SELF']));
+    $_SERVER['PHP_SELF'] = str_replace('&', '&', sm_encode_html_special_chars($_SERVER['PHP_SELF']));
 if (isset($_SERVER['QUERY_STRING']))
-    $_SERVER['QUERY_STRING'] = str_replace('&', '&', htmlspecialchars($_SERVER['QUERY_STRING']));
+    $_SERVER['QUERY_STRING'] = str_replace('&', '&', sm_encode_html_special_chars($_SERVER['QUERY_STRING']));
 
 $PHP_SELF = php_self();
 
@@ -691,6 +693,9 @@ switch (PAGE_NAME) {
         $set_up_langage_after_template_setup = TRUE;
 
         $timeZone = getPref($data_dir, $username, 'timezone');
+        global $server_timezone, $server_timezone_offset, $server_timezone_offset_seconds;
+        list($server_timezone, $server_timezone_offset, $server_timezone_offset_seconds)
+            = explode('::', date('T::O::Z'));
 
         /* Check to see if we are allowed to set the TZ environment variable.
          * We are able to do this if ...