X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=include%2Finit.php;h=a6eb383b5db0500b9c6200c100b568b0404baa88;hp=2755e08044c805d402b20c23ebb28f6b5bcbc16b;hb=209e24bb063cb116e8564e226e0a2687276cb9d5;hpb=8e1e2794267d9cb8d564154a4586c3229bb0abf9 diff --git a/include/init.php b/include/init.php index 2755e080..a6eb383b 100644 --- a/include/init.php +++ b/include/init.php @@ -20,49 +20,59 @@ error_reporting(E_ALL); /** * If register_globals are on, unregister globals. - * Code requires PHP 4.1.0 or newer. * Second test covers boolean set as string (php_value register_globals off). */ -if ((bool) @ini_get('register_globals') && +if ((bool) ini_get('register_globals') && strtolower(ini_get('register_globals'))!='off') { /** - * Remove all globals from $_GET, $_POST, and $_COOKIE. - */ - foreach ($_REQUEST as $key => $value) { - unset($GLOBALS[$key]); - } - /** - * Remove globalized $_FILES variables - * Before 4.3.0 $_FILES are included in $_REQUEST. - * Unglobalize them in separate call in order to remove dependency - * on PHP version. - */ - foreach ($_FILES as $key => $value) { - unset($GLOBALS[$key]); - // there are three undocumented $_FILES globals. - unset($GLOBALS[$key.'_type']); - unset($GLOBALS[$key.'_name']); - unset($GLOBALS[$key.'_size']); - } - /** - * Remove globalized environment variables. - */ - foreach ($_ENV as $key => $value) { - unset($GLOBALS[$key]); - } - /** - * Remove globalized server variables. + * Remove all globals that are not reserved by PHP + * 'value' and 'key' are used by foreach. Don't unset them inside foreach. */ - foreach ($_SERVER as $key => $value) { - unset($GLOBALS[$key]); + foreach ($GLOBALS as $key => $value) { + switch($key) { + case 'HTTP_POST_VARS': + case '_POST': + case 'HTTP_GET_VARS': + case '_GET': + case 'HTTP_COOKIE_VARS': + case '_COOKIE': + case 'HTTP_SERVER_VARS': + case '_SERVER': + case 'HTTP_ENV_VARS': + case '_ENV': + case 'HTTP_POST_FILES': + case '_FILES': + case '_REQUEST': + case 'HTTP_SESSION_VARS': + case '_SESSION': + case 'GLOBALS': + case 'key': + case 'value': + break; + case 'sInitLocation': + // FIXME: variable must be set only in src/login.php + break; + default: + unset($GLOBALS[$key]); + } } + // Unset variables used in foreach + unset($GLOBALS['key']); + unset($GLOBALS['value']); } +/** + * Used as a dummy value, e.g., for passing as an empty + * hook argument. + */ +global $null; +$null = NULL; + /** * [#1518885] session.use_cookies = off breaks SquirrelMail * - * When session cookies are not used, all http redirects, meta refreshes, - * src/download.php and javascript URLs are broken. Setting must be set + * When session cookies are not used, all http redirects, meta refreshes, + * src/download.php and javascript URLs are broken. Setting must be set * before session is started. */ if (!(bool)ini_get('session.use_cookies') || @@ -79,7 +89,12 @@ if (!(bool)ini_get('session.use_cookies') || if (isset($_SERVER['SCRIPT_NAME'])) { $a = explode('/',$_SERVER['SCRIPT_NAME']); } elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) { - $a = explode('/',$_SERVER['SCRIPT_NAME']); + $a = explode('/',$HTTP_SERVER_VARS['SCRIPT_NAME']); +} else { + $error = 'Unable to detect script environment. ' + .'Please test your PHP settings and send PHP core config, $_SERVER ' + .'and $HTTP_SERVER_VARS to SquirrelMail developers.'; + die($error); } $sSM_PATH = ''; for($i = count($a) -2;$i > -1; --$i) { @@ -126,10 +141,30 @@ $color[15] = '#002266'; /* (dark blue) Unselectable folders */ $color[16] = '#ff9933'; /* (orange) Highlight color */ require(SM_PATH . 'functions/global.php'); +require(SM_PATH . 'functions/arrays.php'); + +/* load default configuration */ +require(SM_PATH . 'config/config_default.php'); +/* reset arrays in default configuration */ +$ldap_server = array(); +$plugins = array(); +$fontsets = array(); +$aTemplateSet = array(); +$aTemplateSet[0]['ID'] = 'default'; +$aTemplateSet[0]['NAME'] = 'Default'; + +/* load site configuration */ require(SM_PATH . 'config/config.php'); +/* load local configuration overrides */ +if (file_exists(SM_PATH . 'config/config_local.php')) { + require(SM_PATH . 'config/config_local.php'); +} + require(SM_PATH . 'functions/plugin.php'); require(SM_PATH . 'include/constants.php'); require(SM_PATH . 'include/languages.php'); +require(SM_PATH . 'class/template/Template.class.php'); +require(SM_PATH . 'class/error.class.php'); /** * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways. @@ -168,6 +203,7 @@ if (!isset($session_name) || !$session_name) { * if session.auto_start is On then close the session */ $sSessionAutostartName = session_name(); +$sCookiePath = null; if ((isset($sSessionAutostartName) || $sSessionAutostartName == '') && $sSessionAutostartName !== $session_name) { $sCookiePath = ini_get('session.cookie_path'); @@ -187,12 +223,63 @@ ini_set('session.name' , $session_name); session_set_cookie_params (0, $base_uri); sqsession_is_active(); +/** + * SquirrelMail version number -- DO NOT CHANGE + */ +$version = '1.5.2 [SVN]'; + +/** + * SquirrelMail internal version number -- DO NOT CHANGE + * $sm_internal_version = array (release, major, minor) + */ +$SQM_INTERNAL_VERSION = array(1,5,2); + + +/* if plugins are disabled only for one user and + * the current user is NOT that user, turn them + * back on + */ +sqgetGlobalVar('username',$username,SQ_SESSION); +if ($disable_plugins && !empty($disable_plugins_user) + && $username != $disable_plugins_user) { + $disable_plugins = false; +} + +/* remove all plugins if they are disabled */ +if ($disable_plugins) { + $plugins = array(); +} + + +/** + * Include Compatibility plugin if available. + */ +if (!$disable_plugins && file_exists(SM_PATH . 'plugins/compatibility/functions.php')) + include_once(SM_PATH . 'plugins/compatibility/functions.php'); + +/** + * MAIN PLUGIN LOADING CODE HERE + * On init, we no longer need to load all plugin setup files. + * Now, we load the statically generated hook registrations here + * and let the hook calls include only the plugins needed. + */ +$squirrelmail_plugin_hooks = array(); +if (!$disable_plugins && file_exists(SM_PATH . 'config/plugin_hooks.php')) { + require(SM_PATH . 'config/plugin_hooks.php'); +} + +/** + * allow plugins to override main configuration; hook is placed + * here to allow plugins to use session information to do their work + */ +do_hook('config_override', $null); + /** * DISABLED. * Remove globalized session data in rg=on setups - * + * * Code can be utilized when session is started, but data is not loaded. - * We have already loaded configuration and other important vars. Can't + * We have already loaded configuration and other important vars. Can't * clean session globals here. if ((bool) @ini_get('register_globals') && strtolower(ini_get('register_globals'))!='off') { @@ -204,17 +291,6 @@ if ((bool) @ini_get('register_globals') && sqsession_register(SM_BASE_URI,'base_uri'); -/** - * SquirrelMail version number -- DO NOT CHANGE - */ -$version = '1.5.2 [CVS]'; - -/** - * SquirrelMail internal version number -- DO NOT CHANGE - * $sm_internal_version = array (release, major, minor) - */ -$SQM_INTERNAL_VERSION = array(1,5,2); - /** * Retrieve the language cookie */ @@ -230,44 +306,48 @@ if (!isset($sInitLocation)) { $sInitLocation=NULL; } -/** - * MAIN PLUGIN LOADING CODE HERE - */ - -/** - * Include Compatibility plugin if available. - */ -if (file_exists(SM_PATH . 'plugins/compatibility/functions.php')) - include_once(SM_PATH . 'plugins/compatibility/functions.php'); -$squirrelmail_plugin_hooks = array(); +switch ($sInitLocation) { + case 'style': + + // need to get the right template set up + // + sqGetGlobalVar('templateid', $templateid, SQ_GET); + + // sanitize just in case... + // + $templateid = preg_replace('/(\.\.\/){1,}/', '', $templateid); + + // make sure given template actually is available + // + $found_templateset = false; + for ($i = 0; $i < count($aTemplateSet); ++$i) { + if ($aTemplateSet[$i]['ID'] == $templateid) { + $found_templateset = true; + break; + } + } -/* On init, register all plugins configured for use. */ -if (isset($plugins) && is_array($plugins)) { - // turn on output buffering in order to prevent output of new lines - ob_start(); - foreach ($plugins as $name) { - use_plugin($name); - } - // get output and remove whitespace - $output = trim(ob_get_contents()); - ob_end_clean(); - // if plugins output more than newlines and spacing, stop script execution. - if (!empty($output)) { - die($output); - } -} +// FIXME: do we need/want to check here for actual (physical) presence of template sets? + // selected template not available, fall back to default template + // + if (!$found_templateset) { + $sTemplateID = Template::get_default_template_set(); + } else { + $sTemplateID = $templateid; + } + session_write_close(); + break; -switch ($sInitLocation) { - case 'style': session_write_close(); sqsetcookieflush(); break; case 'redirect': /** * directory hashing functions are needed for all setups in case * plugins use own pref files. */ require(SM_PATH . 'functions/prefs.php'); + require(SM_PATH . 'functions/auth.php'); /* hook loads custom prefs backend plugins */ - $prefs_backend = do_hook_function('prefs_backend'); + $prefs_backend = do_hook('prefs_backend', $null); if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { require(SM_PATH . $prefs_backend); } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { @@ -280,6 +360,23 @@ switch ($sInitLocation) { require(SM_PATH . 'functions/display_messages.php' ); require(SM_PATH . 'functions/page_header.php'); require(SM_PATH . 'functions/html.php'); + + // reset template file cache + // + $sTemplateID = Template::get_default_template_set(); + Template::cache_template_file_hierarchy(TRUE); + + /** + * Make sure icon variables are setup for the login page. + */ + $icon_theme = $icon_themes[$icon_theme_def]['PATH']; + /* + * NOTE: The $icon_theme_path var should contain the path to the icon + * theme to use. If the admin has disabled icons, or the user has + * set the icon theme to "None," no icons will be used. + */ + $icon_theme_path = (!$use_icons || $icon_theme=='none') ? NULL : ($icon_theme == 'template' ? SM_PATH . Template::calculate_template_images_directory($sTemplateID) : $icon_theme); + /** * cleanup old cookies with a cookie path the same as the standard php.ini * cookie path. All previous SquirrelMail version used the standard php.ini @@ -291,7 +388,9 @@ switch ($sInitLocation) { * because they probably belong to other php apps */ if (ini_get('session.name') !== $sSessionAutostartName) { - sqsetcookie(ini_get('session.name'),'',0,$sCookiePath); + // This does not work. Sometimes the cookie with SQSESSID=deleted and path / + // is picked up in webmail.php => login will fail + //sqsetcookie(ini_get('session.name'),'',0,$sCookiePath); } } break; @@ -329,26 +428,22 @@ switch ($sInitLocation) { /** * Initialize the template object (logout_error uses it) */ - require(SM_PATH . 'class/template/template.class.php'); /* - * $sTplDir is not initialized when a user is not logged in, so we will use - * the config file defaults here. If the neccesary variables are net set, - * force a default value. + * $sTemplateID is not initialized when a user is not logged in, so we + * will use the config file defaults here. If the neccesary variables + * are net set, force a default value. */ - $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet ); - $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default ); - - $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ? - SM_PATH . 'templates/default/' : - $aTemplateSet[$templateset_default]['PATH'] ); - $oTemplate = new Template($sTplDir); + $sTemplateID = Template::get_default_template_set(); + $oTemplate = Template::construct_template($sTemplateID); set_up_language($squirrelmail_language, true); logout_error( _("You must be logged in to access this page.") ); exit; } +//FIXME: remove next line if the placement of the copy of this line above does not prove to be problematic sqgetGlobalVar('username',$username,SQ_SESSION); + sqgetGlobalVar('authz',$authz,SQ_SESSION); /** * Setting the prefs backend @@ -363,10 +458,10 @@ switch ($sInitLocation) { $prefs_cache = false; //array(); } - /* see 'redirect' switch */ + /* see 'redirect' case */ require(SM_PATH . 'functions/prefs.php'); - $prefs_backend = do_hook_function('prefs_backend'); + $prefs_backend = do_hook('prefs_backend', $null); if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { require(SM_PATH . $prefs_backend); } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { @@ -380,7 +475,6 @@ switch ($sInitLocation) { */ require(SM_PATH . 'include/load_prefs.php'); - // i do not understand the frames language cookie story /** * We'll need this to later have a noframes version @@ -399,8 +493,6 @@ switch ($sInitLocation) { * Set up the language. */ $err=set_up_language(getPref($data_dir, $username, 'language')); - /* this is the last cookie we set so flush it. */ - sqsetcookieflush(); // Japanese translation used without mbstring support if ($err==2) { @@ -454,33 +546,42 @@ switch ($sInitLocation) { } else { // interface runs on server's time zone. Remove php E_STRICT complains $default_timezone = @date_default_timezone_get(); - date_default_timezone_set($default_timezone); + date_default_timezone_set($default_timezone); } } break; } -/** - * Initialize the template object - */ -require(SM_PATH . 'class/template/template.class.php'); /* - * $sTplDir is not initialized when a user is not logged in, so we will use - * the config file defaults here. If the neccesary variables are net set, - * force a default value. + * $sTemplateID is not initialized when a user is not logged in, so we + * will use the config file defaults here. If the neccesary variables + * are not set, force a default value. + * + * If the user is logged in, $sTemplateID will be set in load_prefs.php, + * so we shouldn't change it here. */ -$aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet ); -$templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default ); +if (!isset($sTemplateID)) { + $sTemplateID = Template::get_default_template_set(); + $icon_theme_path = !$use_icons ? NULL : Template::calculate_template_images_directory($sTemplateID); +} + +// template object may have already been constructed in load_prefs.php +// +if (empty($oTemplate)) { + $oTemplate = Template::construct_template($sTemplateID); +} -$sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ? - SM_PATH . 'templates/default/' : - $aTemplateSet[$templateset_default]['PATH'] ); -$oTemplate = new Template($sTplDir); +// We want some variables to always be available to the template +$oTemplate->assign('javascript_on', checkForJavascript()); +$oTemplate->assign('base_uri', sqm_baseuri()); +$always_include = array('sTemplateID', 'icon_theme_path'); +foreach ($always_include as $var) { + $oTemplate->assign($var, (isset($$var) ? $$var : NULL)); +} /** * Initialize our custom error handler object */ -require(SM_PATH . 'class/error.class.php'); $oErrorHandler = new ErrorHandler($oTemplate,'error_message.tpl'); /** @@ -504,7 +605,12 @@ function checkForJavascript($reset = FALSE) { if ( !$reset && sqGetGlobalVar('javascript_on', $javascript_on, SQ_SESSION) ) return $javascript_on; - if ( $reset || !isset($javascript_setting) ) + if ( ( $reset || !isset($javascript_setting) ) + // getPref() not defined (nor is it meaningful) when user not + // logged in, but that begs the question if $javascript_on is + // not in the session in that case, where do we get it from? + && ( sqGetGlobalVar('user_is_logged_in', $user_is_logged_in, SQ_SESSION) + && $user_is_logged_in) ) $javascript_setting = getPref($data_dir, $username, 'javascript_setting', SMPREF_JS_AUTODETECT); if ( !sqGetGlobalVar('new_js_autodetect_results', $js_autodetect_results) &&