X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=include%2Finit.php;h=e1bd3bbd050d9a95004122594f2eb7721f98f835;hp=5efd61eaf946cb2c9eb24d33466cd190bc2ccdd5;hb=cf039c515cde0bf2e1d23e1ee4c803c4bc3babe1;hpb=b837b30fd26691c62fd8cb39a3e9888fc32c6184 diff --git a/include/init.php b/include/init.php index 5efd61ea..e1bd3bbd 100644 --- a/include/init.php +++ b/include/init.php @@ -5,7 +5,7 @@ * * File should be loaded in every file in src/ or plugins that occupate an entire frame * - * @copyright 2006-2010 The SquirrelMail Project Team + * @copyright 2006-2017 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -223,15 +223,17 @@ if (file_exists(SM_PATH . 'config/config_local.php')) { /** * Set PHP error reporting level based on the SquirrelMail debug mode + * E_STRICT = 2048 + * E_DEPRECATED = 8192 */ $error_level = 0; if ($sm_debug_mode & SM_DEBUG_MODE_SIMPLE) $error_level |= E_ERROR; if ($sm_debug_mode & SM_DEBUG_MODE_MODERATE || $sm_debug_mode & SM_DEBUG_MODE_ADVANCED) - $error_level |= E_ALL; + $error_level = ($error_level | E_ALL) & ~2048 & ~8192; if ($sm_debug_mode & SM_DEBUG_MODE_STRICT) - $error_level |= E_STRICT; + $error_level |= 2048 | 8192; error_reporting($error_level); @@ -272,20 +274,20 @@ if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()) { * or * contrib/decrypt_headers.php/%22%20onmouseover=%22alert(%27hello%20world%27)%22%3E * because it doesn't bother with broken tags. - * htmlspecialchars() is the preferred method. + * sm_encode_html_special_chars() is the preferred method. * QUERY_STRING also needs the same treatment since it is * used in php_self(). * Update again: the encoding of ampersands that occurs - * using htmlspecialchars() corrupts the query strings + * using sm_encode_html_special_chars() corrupts the query strings * in normal URIs, so we have to let those through. FIXME: will the de-sanitizing of ampersands create any security/XSS problems? */ if (isset($_SERVER['REQUEST_URI'])) - $_SERVER['REQUEST_URI'] = str_replace('&', '&', htmlspecialchars($_SERVER['REQUEST_URI'])); + $_SERVER['REQUEST_URI'] = str_replace('&', '&', sm_encode_html_special_chars($_SERVER['REQUEST_URI'])); if (isset($_SERVER['PHP_SELF'])) - $_SERVER['PHP_SELF'] = str_replace('&', '&', htmlspecialchars($_SERVER['PHP_SELF'])); + $_SERVER['PHP_SELF'] = str_replace('&', '&', sm_encode_html_special_chars($_SERVER['PHP_SELF'])); if (isset($_SERVER['QUERY_STRING'])) - $_SERVER['QUERY_STRING'] = str_replace('&', '&', htmlspecialchars($_SERVER['QUERY_STRING'])); + $_SERVER['QUERY_STRING'] = str_replace('&', '&', sm_encode_html_special_chars($_SERVER['QUERY_STRING'])); $PHP_SELF = php_self(); @@ -691,6 +693,9 @@ switch (PAGE_NAME) { $set_up_langage_after_template_setup = TRUE; $timeZone = getPref($data_dir, $username, 'timezone'); + global $server_timezone, $server_timezone_offset, $server_timezone_offset_seconds; + list($server_timezone, $server_timezone_offset, $server_timezone_offset_seconds) + = explode('::', date('T::O::Z')); /* Check to see if we are allowed to set the TZ environment variable. * We are able to do this if ...