X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=include%2Finit.php;h=0cecb1b552ab58608c3e733cd99e2cfab2750e74;hp=e4ee4445ea15970dcc8c3266a50757f6c0979778;hb=1e7218745fd9a5d248bc896661b0d44fc23bcde5;hpb=867fed375310bddf80421e7ae711ec1f56402413 diff --git a/include/init.php b/include/init.php index e4ee4445..0cecb1b5 100644 --- a/include/init.php +++ b/include/init.php @@ -20,44 +20,58 @@ error_reporting(E_ALL); /** * If register_globals are on, unregister globals. - * Code requires PHP 4.1.0 or newer. * Second test covers boolean set as string (php_value register_globals off). */ -if ((bool) @ini_get('register_globals') && +if ((bool) ini_get('register_globals') && strtolower(ini_get('register_globals'))!='off') { /** - * Remove all globals from $_GET, $_POST, and $_COOKIE. - */ - foreach ($_REQUEST as $key => $value) { - unset($GLOBALS[$key]); - } - /** - * Remove globalized $_FILES variables - * Before 4.3.0 $_FILES are included in $_REQUEST. - * Unglobalize them in separate call in order to remove dependency - * on PHP version. - */ - foreach ($_FILES as $key => $value) { - unset($GLOBALS[$key]); - // there are three undocumented $_FILES globals. - unset($GLOBALS[$key.'_type']); - unset($GLOBALS[$key.'_name']); - unset($GLOBALS[$key.'_size']); - } - /** - * Remove globalized environment variables. - */ - foreach ($_ENV as $key => $value) { - unset($GLOBALS[$key]); - } - /** - * Remove globalized server variables. + * Remove all globals that are not reserved by PHP + * 'value' and 'key' are used by foreach. Don't unset them inside foreach. */ - foreach ($_SERVER as $key => $value) { - unset($GLOBALS[$key]); + foreach ($GLOBALS as $key => $value) { + switch($key) { + case 'HTTP_POST_VARS': + case '_POST': + case 'HTTP_GET_VARS': + case '_GET': + case 'HTTP_COOKIE_VARS': + case '_COOKIE': + case 'HTTP_SERVER_VARS': + case '_SERVER': + case 'HTTP_ENV_VARS': + case '_ENV': + case 'HTTP_POST_FILES': + case '_FILES': + case '_REQUEST': + case 'HTTP_SESSION_VARS': + case '_SESSION': + case 'GLOBALS': + case 'key': + case 'value': + break; + case 'sInitLocation': + // FIXME: variable must be set only in src/login.php + break; + default: + unset($GLOBALS[$key]); + } } + // Unset variables used in foreach + unset($GLOBALS['key']); + unset($GLOBALS['value']); } +/** + * [#1518885] session.use_cookies = off breaks SquirrelMail + * + * When session cookies are not used, all http redirects, meta refreshes, + * src/download.php and javascript URLs are broken. Setting must be set + * before session is started. + */ +if (!(bool)ini_get('session.use_cookies') || + ini_get('session.use_cookies') == 'off') { + ini_set('session.use_cookies','1'); +} /** * calculate SM_PATH and calculate the base_uri @@ -68,7 +82,12 @@ if ((bool) @ini_get('register_globals') && if (isset($_SERVER['SCRIPT_NAME'])) { $a = explode('/',$_SERVER['SCRIPT_NAME']); } elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) { - $a = explode('/',$_SERVER['SCRIPT_NAME']); + $a = explode('/',$HTTP_SERVER_VARS['SCRIPT_NAME']); +} else { + $error = 'Unable to detect script environment. ' + .'Please test your PHP settings and send PHP core config, $_SERVER ' + .'and $HTTP_SERVER_VARS to SquirrelMail developers.'; + die($error); } $sSM_PATH = ''; for($i = count($a) -2;$i > -1; --$i) { @@ -91,11 +110,55 @@ define('SM_BASE_URI', $base_uri); */ $bInit = true; +/** + * This theme as a failsafe if no themes were found, or if we error + * out before anything could be initialised. + */ +$color = array(); +$color[0] = '#DCDCDC'; /* light gray TitleBar */ +$color[1] = '#800000'; /* red */ +$color[2] = '#CC0000'; /* light red Warning/Error Messages */ +$color[3] = '#A0B8C8'; /* green-blue Left Bar Background */ +$color[4] = '#FFFFFF'; /* white Normal Background */ +$color[5] = '#FFFFCC'; /* light yellow Table Headers */ +$color[6] = '#000000'; /* black Text on left bar */ +$color[7] = '#0000CC'; /* blue Links */ +$color[8] = '#000000'; /* black Normal text */ +$color[9] = '#ABABAB'; /* mid-gray Darker version of #0 */ +$color[10] = '#666666'; /* dark gray Darker version of #9 */ +$color[11] = '#770000'; /* dark red Special Folders color */ +$color[12] = '#EDEDED'; +$color[13] = '#800000'; /* (dark red) Color for quoted text -- > 1 quote */ +$color[14] = '#ff0000'; /* (red) Color for quoted text -- >> 2 or more */ +$color[15] = '#002266'; /* (dark blue) Unselectable folders */ +$color[16] = '#ff9933'; /* (orange) Highlight color */ + require(SM_PATH . 'functions/global.php'); +require(SM_PATH . 'functions/arrays.php'); + +/* load default configuration */ +require(SM_PATH . 'config/config_default.php'); +/* reset arrays in default configuration */ +$ldap_server = array(); +$plugins = array(); +$fontsets = array(); +$theme = array(); +$theme[0]['PATH'] = SM_PATH . 'themes/default_theme.php'; +$theme[0]['NAME'] = 'Default'; +$aTemplateSet = array(); +$aTemplateSet[0]['ID'] = 'default'; +$aTemplateSet[0]['NAME'] = 'Default'; +/* load site configuration */ require(SM_PATH . 'config/config.php'); +/* load local configuration overrides */ +if (file_exists(SM_PATH . 'config/config_local.php')) { + require(SM_PATH . 'config/config_local.php'); +} + require(SM_PATH . 'functions/plugin.php'); require(SM_PATH . 'include/constants.php'); require(SM_PATH . 'include/languages.php'); +require(SM_PATH . 'class/template/Template.class.php'); /** * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways. @@ -223,9 +286,48 @@ if (isset($plugins) && is_array($plugins)) { } } +/** + * Before 1.5.2 version hook was part of functions/constants.php. + * After init layout changes, hook had to be moved because include/constants.php is + * loaded before plugins are initialized. + * @since 1.2.0 + */ +do_hook('loading_constants'); switch ($sInitLocation) { - case 'style': session_write_close(); sqsetcookieflush(); break; + case 'style': + + // need to get the right template set up + // + sqGetGlobalVar('templateid', $templateid, SQ_GET); + + // sanitize just in case... + // + $templateid = preg_replace('/(\.\.\/){1,}/', '', $templateid); + + // make sure given template actually is available + // + $found_templateset = false; + for ($i = 0; $i < count($aTemplateSet); ++$i) { + if ($aTemplateSet[$i]['ID'] == $templateid) { + $found_templateset = true; + break; + } + } + +// FIXME: do we need/want to check here for actual presence of template sets? + // selected template not available, fall back to default template + // + if (!$found_templateset) { + $sTemplateID = Template::get_default_template_set(); + } else { + $sTemplateID = $templateid; + } + + session_write_close(); + sqsetcookieflush(); + break; + case 'redirect': /** * directory hashing functions are needed for all setups in case @@ -246,6 +348,12 @@ switch ($sInitLocation) { require(SM_PATH . 'functions/display_messages.php' ); require(SM_PATH . 'functions/page_header.php'); require(SM_PATH . 'functions/html.php'); + + // reset template file cache + // + $sTemplateID = Template::get_default_template_set(); + Template::cache_template_file_hierarchy(TRUE); + /** * cleanup old cookies with a cookie path the same as the standard php.ini * cookie path. All previous SquirrelMail version used the standard php.ini @@ -292,6 +400,17 @@ switch ($sInitLocation) { return; } + /** + * Initialize the template object (logout_error uses it) + */ + /* + * $sTemplateID is not initialized when a user is not logged in, so we + * will use the config file defaults here. If the neccesary variables + * are net set, force a default value. + */ + $sTemplateID = Template::get_default_template_set(); + $oTemplate = Template::construct_template($sTemplateID); + set_up_language($squirrelmail_language, true); logout_error( _("You must be logged in to access this page.") ); exit; @@ -312,7 +431,7 @@ switch ($sInitLocation) { $prefs_cache = false; //array(); } - /* see 'redirect' switch */ + /* see 'redirect' case */ require(SM_PATH . 'functions/prefs.php'); $prefs_backend = do_hook_function('prefs_backend'); @@ -329,7 +448,6 @@ switch ($sInitLocation) { */ require(SM_PATH . 'include/load_prefs.php'); - // i do not understand the frames language cookie story /** * We'll need this to later have a noframes version @@ -409,22 +527,25 @@ switch ($sInitLocation) { break; } -/** - * Initialize the template object - */ -require(SM_PATH . 'class/template/template.class.php'); /* - * $sTplDir is not initialized when a user is not logged in, so we will use - * the config file defaults here. If the neccesary variables are net set, - * force a default value. + * $sTemplateID is not initialized when a user is not logged in, so we + * will use the config file defaults here. If the neccesary variables + * are not set, force a default value. + * + * If the user is logged in, $sTemplateID will be set in load_prefs.php, + * so we shouldn't change it here. */ -$aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet ); -$templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default ); +if (!isset($sTemplateID)) { + $sTemplateID = Template::get_default_template_set(); + $icon_theme_path = !$use_icons ? NULL : Template::calculate_template_images_directory($sTemplateID); +} +$oTemplate = Template::construct_template($sTemplateID); -$sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ? - SM_PATH . 'templates/default/' : - $aTemplateSet[$templateset_default]['PATH'] ); -$oTemplate = new Template($sTplDir); +// We want some variables to always be available to the template +$always_include = array('sTemplateID', 'icon_theme_path'); +foreach ($always_include as $var) { + $oTemplate->assign($var, (isset($$var) ? $$var : NULL)); +} /** * Initialize our custom error handler object @@ -472,4 +593,4 @@ function checkForJavascript($reset = FALSE) { function sqm_baseuri() { global $base_uri; return $base_uri; -} \ No newline at end of file +}