X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=include%2Fvalidate.php;h=3821345822bcb266efd690c28c20e3910652e633;hp=79b1bd15a83780716b6e4673f17d51e4effb441f;hb=748ba6c04d400a0433b06dd90d4d6042d86478e2;hpb=de702cb865b94155232837b57206365e71aa44fe diff --git a/include/validate.php b/include/validate.php index 79b1bd15..38213458 100644 --- a/include/validate.php +++ b/include/validate.php @@ -3,7 +3,7 @@ /** * validate.php * -* Copyright (c) 1999-2002 The SquirrelMail Project Team +* Copyright (c) 1999-2003 The SquirrelMail Project Team * Licensed under the GNU GPL. For full terms see the file COPYING. * * $Id$ @@ -26,33 +26,37 @@ * ** Note this means that for the 1.3.2 release, we should probably * recommend that people set session.auto_start=0 to avoid this altogether. */ + session_write_close(); +/** + * Reset the $theme() array in case a value was passed via a cookie. + * This is until theming is rewritten. + */ +global $theme; +unset($theme); +$theme=array(); + /* SquirrelMail required files. */ require_once(SM_PATH . 'class/mime.class.php'); +require_once(SM_PATH . 'functions/global.php'); +require_once(SM_PATH . 'functions/strings.php'); +require_once(SM_PATH . 'config/config.php'); -session_start(); +/* set the name of the session cookie */ +if(isset($session_name) && $session_name) { + ini_set('session.name' , $session_name); +} else { + ini_set('session.name' , 'SQMSESSID'); +} + +sqsession_is_active(); require_once(SM_PATH . 'functions/i18n.php'); require_once(SM_PATH . 'functions/auth.php'); -require_once(SM_PATH . 'functions/strings.php'); -require_once(SM_PATH . 'functions/global.php'); is_logged_in(); -/* Remove all slashes for form values. */ -if (get_magic_quotes_gpc()) { - global $REQUEST_METHOD; - - if ($REQUEST_METHOD == 'POST') { - global $HTTP_POST_VARS; - RemoveSlashes($HTTP_POST_VARS); - } else if ($REQUEST_METHOD == 'GET') { - global $HTTP_GET_VARS; - RemoveSlashes($HTTP_GET_VARS); - } -} - /** * Auto-detection * @@ -75,25 +79,6 @@ if (isset($send) } } -/** -* Everyone needs stuff from config, and config needs stuff from -* strings.php, so include them both here. Actually, strings is -* included at the top now as the string array functions have -* been moved into it. -* -* Include them down here instead of at the top so that all config -* variables overwrite any passed in variables (for security). -*/ - -/** - * Reset the $theme() array in case a value was passed via a cookie. - * This is until theming is rewritten. - */ -global $theme; -unset($theme); -$theme=array(); - -require_once(SM_PATH . 'config/config.php'); require_once(SM_PATH . 'include/load_prefs.php'); require_once(SM_PATH . 'functions/page_header.php'); require_once(SM_PATH . 'functions/prefs.php'); @@ -103,8 +88,19 @@ global $username, $data_dir; set_up_language(getPref($data_dir, $username, 'language')); $timeZone = getPref($data_dir, $username, 'timezone'); + +/* Check to see if we are allowed to set the TZ environment variable. + * We are able to do this if ... + * safe_mode is disabled OR + * safe_mode_allowed_env_vars is empty (you are allowed to set any) OR + * safe_mode_allowed_env_vars contains TZ + */ +$tzChangeAllowed = (!ini_get('safe_mode')) || + !strcmp(ini_get('safe_mode_allowed_env_vars'),'') || + preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars')); + if ( $timeZone != SMPREF_NONE && ($timeZone != "") - && !ini_get("safe_mode")) { + && $tzChangeAllowed ) { putenv("TZ=".$timeZone); } ?>