X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fglobal.php;h=e1d9ec8e3754a5fa8dc5f3bf050dfbe09715c955;hp=1f560e89500cafa69f4420938ca146f64e80f5dc;hb=73ee0267d9c4cf950e5cf5a204c4baffbb9c624e;hpb=8442ecb9a9eb963c4ab2de6c09d115a46cbe9385 diff --git a/functions/global.php b/functions/global.php index 1f560e89..e1d9ec8e 100644 --- a/functions/global.php +++ b/functions/global.php @@ -85,6 +85,8 @@ function sqstripslashes(&$array) { /** * Squelch error output to screen (only) for the given function. + * If the SquirrelMail debug mode SM_DEBUG_MODE_ADVANCED is not + * enabled, error output will not go to the log, either. * * This provides an alternative to the @ error-suppression * operator where errors will not be shown in the interface @@ -110,9 +112,21 @@ function sqstripslashes(&$array) { * */ function sq_call_function_suppress_errors($function, $args=NULL) { + global $sm_debug_mode; + $display_errors = ini_get('display_errors'); ini_set('display_errors', '0'); + + // if advanced debug mode isn't enabled, don't log the error, either + // + if (!($sm_debug_mode & SM_DEBUG_MODE_ADVANCED)) + $error_reporting = error_reporting(0); + $ret = call_user_func_array($function, $args); + + if (!($sm_debug_mode & SM_DEBUG_MODE_ADVANCED)) + error_reporting($error_reporting); + ini_set('display_errors', $display_errors); return $ret; } @@ -334,6 +348,69 @@ function sqgetGlobalVar($name, &$value, $search = SQ_INORDER, $default = NULL, $ return $result; } +/** + * Get an immutable copy of a configuration variable if SquirrelMail + * is in "secured configuration" mode. This guarantees the caller + * gets a copy of the requested value as it is set in the main + * application configuration (including config_local overrides), and + * not what it might be after possibly having been modified by some + * other code (usually a plugin overriding configuration values for + * one reason or another). + * + * WARNING: Please use this function as little as possible, because + * every time it is called, it forcibly reloads the main configuration + * file(s). + * + * Caller beware that this function will do nothing if SquirrelMail + * is not in "secured configuration" mode per the $secured_config + * setting. + * + * @param string $var_name The name of the desired variable + * + * @return mixed The desired value + * + * @since 1.5.2 + * + */ +function get_secured_config_value($var_name) { + + static $return_values = array(); + + // if we can avoid it, return values that have + // already been retrieved (so we don't have to + // include the config file yet again) + // + if (isset($return_values[$var_name])) { + return $return_values[$var_name]; + } + + + // load site configuration + // + require(SM_PATH . 'config/config.php'); + + // load local configuration overrides + // + if (file_exists(SM_PATH . 'config/config_local.php')) { + require(SM_PATH . 'config/config_local.php'); + } + + // if SM isn't in "secured configuration" mode, + // just return the desired value from the global scope + // + if (!$secured_config) { + global $$var_name; + $return_values[$var_name] = $$var_name; + return $$var_name; + } + + // else we return what we got from the config file + // + $return_values[$var_name] = $$var_name; + return $$var_name; + +} + /** * Deletes an existing session, more advanced than the standard PHP * session_destroy(), it explicitly deletes the cookies and global vars. @@ -360,9 +437,8 @@ function sqsession_destroy() { global $base_uri, $_COOKIE, $_SESSION; - if (isset($_COOKIE[session_name()]) && session_name()) sqsetcookie(session_name(), '', 0, $base_uri); - if (isset($_COOKIE['username']) && $_COOKIE['username']) sqsetcookie('username','',0,$base_uri); - if (isset($_COOKIE['key']) && $_COOKIE['key']) sqsetcookie('key','',0,$base_uri); + if (isset($_COOKIE[session_name()]) && session_name()) sqsetcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri); + if (isset($_COOKIE['key']) && $_COOKIE['key']) sqsetcookie('key','SQMTRASH',1,$base_uri); $sessid = session_id(); if (!empty( $sessid )) { @@ -403,12 +479,19 @@ function sqsession_start() { // was: @session_start(); $session_id = session_id(); - // session_starts sets the sessionid cookie buth without the httponly var + // session_starts sets the sessionid cookie but without the httponly var // setting the cookie again sets the httponly cookie attribute - sqsetcookie(session_name(),$session_id,false,$base_uri); + // + // need to check if headers have been sent, since sqsession_is_active() + // has become just a passthru to this function, so the sqsetcookie() + // below is called every time, even after headers have already been sent + // + if (!headers_sent()) + sqsetcookie(session_name(),$session_id,false,$base_uri); } + /** * Set a cookie * @param string $sName The name of the cookie. @@ -461,13 +544,8 @@ function sqsetcookie($sName,$sValue='deleted',$iExpire=0,$sPath="",$sDomain="",$ * This code is borrowed from Gallery, session.php version 1.53.2.1 */ if (!function_exists('session_regenerate_id')) { - function make_seed() { - list($usec, $sec) = explode(' ', microtime()); - return (float)$sec + ((float)$usec * 100000); - } function php_combined_lcg() { - mt_srand(make_seed()); $tv = gettimeofday(); $lcg['s1'] = $tv['sec'] ^ (~$tv['usec']); $lcg['s2'] = mt_rand(); @@ -497,7 +575,7 @@ if (!function_exists('session_regenerate_id')) { if (ini_get('session.use_cookies')) { // at a later stage we use sqsetcookie. At this point just do // what session_regenerate_id would do - setcookie(session_name(), session_id(), NULL, $base_uri); + sqsetcookie(session_name(), session_id(), 0, $base_uri); } return TRUE; }