projects
/
squirrelmail.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
May as well grab offset info too
[squirrelmail.git]
/
include
/
init.php
diff --git
a/include/init.php
b/include/init.php
index 5efd61eaf946cb2c9eb24d33466cd190bc2ccdd5..e1bd3bbd050d9a95004122594f2eb7721f98f835 100644
(file)
--- a/
include/init.php
+++ b/
include/init.php
@@
-5,7
+5,7
@@
*
* File should be loaded in every file in src/ or plugins that occupate an entire frame
*
*
* File should be loaded in every file in src/ or plugins that occupate an entire frame
*
- * @copyright 2006-201
0
The SquirrelMail Project Team
+ * @copyright 2006-201
7
The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
@@
-223,15
+223,17
@@
if (file_exists(SM_PATH . 'config/config_local.php')) {
/**
* Set PHP error reporting level based on the SquirrelMail debug mode
/**
* Set PHP error reporting level based on the SquirrelMail debug mode
+ * E_STRICT = 2048
+ * E_DEPRECATED = 8192
*/
$error_level = 0;
if ($sm_debug_mode & SM_DEBUG_MODE_SIMPLE)
$error_level |= E_ERROR;
if ($sm_debug_mode & SM_DEBUG_MODE_MODERATE
|| $sm_debug_mode & SM_DEBUG_MODE_ADVANCED)
*/
$error_level = 0;
if ($sm_debug_mode & SM_DEBUG_MODE_SIMPLE)
$error_level |= E_ERROR;
if ($sm_debug_mode & SM_DEBUG_MODE_MODERATE
|| $sm_debug_mode & SM_DEBUG_MODE_ADVANCED)
- $error_level
|= E_ALL
;
+ $error_level
= ($error_level | E_ALL) & ~2048 & ~8192
;
if ($sm_debug_mode & SM_DEBUG_MODE_STRICT)
if ($sm_debug_mode & SM_DEBUG_MODE_STRICT)
- $error_level |=
E_STRICT
;
+ $error_level |=
2048 | 8192
;
error_reporting($error_level);
error_reporting($error_level);
@@
-272,20
+274,20
@@
if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()) {
* or
* contrib/decrypt_headers.php/%22%20onmouseover=%22alert(%27hello%20world%27)%22%3E
* because it doesn't bother with broken tags.
* or
* contrib/decrypt_headers.php/%22%20onmouseover=%22alert(%27hello%20world%27)%22%3E
* because it doesn't bother with broken tags.
- *
htmlspecial
chars() is the preferred method.
+ *
sm_encode_html_special_
chars() is the preferred method.
* QUERY_STRING also needs the same treatment since it is
* used in php_self().
* Update again: the encoding of ampersands that occurs
* QUERY_STRING also needs the same treatment since it is
* used in php_self().
* Update again: the encoding of ampersands that occurs
- * using
htmlspecial
chars() corrupts the query strings
+ * using
sm_encode_html_special_
chars() corrupts the query strings
* in normal URIs, so we have to let those through.
FIXME: will the de-sanitizing of ampersands create any security/XSS problems?
*/
if (isset($_SERVER['REQUEST_URI']))
* in normal URIs, so we have to let those through.
FIXME: will the de-sanitizing of ampersands create any security/XSS problems?
*/
if (isset($_SERVER['REQUEST_URI']))
- $_SERVER['REQUEST_URI'] = str_replace('&', '&',
htmlspecial
chars($_SERVER['REQUEST_URI']));
+ $_SERVER['REQUEST_URI'] = str_replace('&', '&',
sm_encode_html_special_
chars($_SERVER['REQUEST_URI']));
if (isset($_SERVER['PHP_SELF']))
if (isset($_SERVER['PHP_SELF']))
- $_SERVER['PHP_SELF'] = str_replace('&', '&',
htmlspecial
chars($_SERVER['PHP_SELF']));
+ $_SERVER['PHP_SELF'] = str_replace('&', '&',
sm_encode_html_special_
chars($_SERVER['PHP_SELF']));
if (isset($_SERVER['QUERY_STRING']))
if (isset($_SERVER['QUERY_STRING']))
- $_SERVER['QUERY_STRING'] = str_replace('&', '&',
htmlspecial
chars($_SERVER['QUERY_STRING']));
+ $_SERVER['QUERY_STRING'] = str_replace('&', '&',
sm_encode_html_special_
chars($_SERVER['QUERY_STRING']));
$PHP_SELF = php_self();
$PHP_SELF = php_self();
@@
-691,6
+693,9
@@
switch (PAGE_NAME) {
$set_up_langage_after_template_setup = TRUE;
$timeZone = getPref($data_dir, $username, 'timezone');
$set_up_langage_after_template_setup = TRUE;
$timeZone = getPref($data_dir, $username, 'timezone');
+ global $server_timezone, $server_timezone_offset, $server_timezone_offset_seconds;
+ list($server_timezone, $server_timezone_offset, $server_timezone_offset_seconds)
+ = explode('::', date('T::O::Z'));
/* Check to see if we are allowed to set the TZ environment variable.
* We are able to do this if ...
/* Check to see if we are allowed to set the TZ environment variable.
* We are able to do this if ...