*
* File should be loaded in every file in src/ or plugins that occupate an entire frame
*
- * @copyright 2006-2012 The SquirrelMail Project Team
+ * @copyright 2006-2019 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
* or
* contrib/decrypt_headers.php/%22%20onmouseover=%22alert(%27hello%20world%27)%22%3E
* because it doesn't bother with broken tags.
- * htmlspecialchars() is the preferred method.
+ * sm_encode_html_special_chars() is the preferred method.
* QUERY_STRING also needs the same treatment since it is
* used in php_self().
* Update again: the encoding of ampersands that occurs
- * using htmlspecialchars() corrupts the query strings
+ * using sm_encode_html_special_chars() corrupts the query strings
* in normal URIs, so we have to let those through.
FIXME: will the de-sanitizing of ampersands create any security/XSS problems?
*/
if (isset($_SERVER['REQUEST_URI']))
- $_SERVER['REQUEST_URI'] = str_replace('&', '&', htmlspecialchars($_SERVER['REQUEST_URI']));
+ $_SERVER['REQUEST_URI'] = str_replace('&', '&', sm_encode_html_special_chars($_SERVER['REQUEST_URI']));
if (isset($_SERVER['PHP_SELF']))
- $_SERVER['PHP_SELF'] = str_replace('&', '&', htmlspecialchars($_SERVER['PHP_SELF']));
+ $_SERVER['PHP_SELF'] = str_replace('&', '&', sm_encode_html_special_chars($_SERVER['PHP_SELF']));
if (isset($_SERVER['QUERY_STRING']))
- $_SERVER['QUERY_STRING'] = str_replace('&', '&', htmlspecialchars($_SERVER['QUERY_STRING']));
+ $_SERVER['QUERY_STRING'] = str_replace('&', '&', sm_encode_html_special_chars($_SERVER['QUERY_STRING']));
$PHP_SELF = php_self();
$set_up_langage_after_template_setup = TRUE;
$timeZone = getPref($data_dir, $username, 'timezone');
+ global $server_timezone, $server_timezone_offset, $server_timezone_offset_seconds;
+ list($server_timezone, $server_timezone_offset, $server_timezone_offset_seconds)
+ = explode('::', date('T::O::Z'));
/* Check to see if we are allowed to set the TZ environment variable.
* We are able to do this if ...