X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=include%2Fvalidate.php;h=3821345822bcb266efd690c28c20e3910652e633;hp=bbcd99919f8d84ef33cae9a7cfe386cd68a096a4;hb=748ba6c04d400a0433b06dd90d4d6042d86478e2;hpb=08185f2a7631c3a12cb1ac085fec3be471b56b00 diff --git a/include/validate.php b/include/validate.php index bbcd9991..38213458 100644 --- a/include/validate.php +++ b/include/validate.php @@ -3,7 +3,7 @@ /** * validate.php * -* Copyright (c) 1999-2002 The SquirrelMail Project Team +* Copyright (c) 1999-2003 The SquirrelMail Project Team * Licensed under the GNU GPL. For full terms see the file COPYING. * * $Id$ @@ -11,33 +11,52 @@ /* include the mime class before the session start ! otherwise we can't store * messages with a session_register. + * + * From http://www.php.net/manual/en/language.oop.serialization.php: + * In case this isn't clear: + * In 4.2 and below: + * session.auto_start and session objects are mutually exclusive. + * + * We need to load the classes before the session is started, + * except that the session could be started automatically + * via session.auto_start. So, we'll close the session, + * then load the classes, and reopen the session which should + * make everything happy. + * + * ** Note this means that for the 1.3.2 release, we should probably + * recommend that people set session.auto_start=0 to avoid this altogether. */ - + +session_write_close(); + +/** + * Reset the $theme() array in case a value was passed via a cookie. + * This is until theming is rewritten. + */ +global $theme; +unset($theme); +$theme=array(); + /* SquirrelMail required files. */ require_once(SM_PATH . 'class/mime.class.php'); +require_once(SM_PATH . 'functions/global.php'); +require_once(SM_PATH . 'functions/strings.php'); +require_once(SM_PATH . 'config/config.php'); + +/* set the name of the session cookie */ +if(isset($session_name) && $session_name) { + ini_set('session.name' , $session_name); +} else { + ini_set('session.name' , 'SQMSESSID'); +} -session_start(); +sqsession_is_active(); require_once(SM_PATH . 'functions/i18n.php'); require_once(SM_PATH . 'functions/auth.php'); -require_once(SM_PATH . 'functions/strings.php'); -require_once(SM_PATH . 'functions/global.php'); is_logged_in(); -/* Remove all slashes for form values. */ -if (get_magic_quotes_gpc()) { - global $REQUEST_METHOD; - - if ($REQUEST_METHOD == 'POST') { - global $HTTP_POST_VARS; - RemoveSlashes($HTTP_POST_VARS); - } else if ($REQUEST_METHOD == 'GET') { - global $HTTP_GET_VARS; - RemoveSlashes($HTTP_GET_VARS); - } -} - /** * Auto-detection * @@ -60,25 +79,6 @@ if (isset($send) } } -/** -* Everyone needs stuff from config, and config needs stuff from -* strings.php, so include them both here. Actually, strings is -* included at the top now as the string array functions have -* been moved into it. -* -* Include them down here instead of at the top so that all config -* variables overwrite any passed in variables (for security). -*/ - -/** - * Reset the $theme() array in case a value was passed via a cookie. - * This is until theming is rewritten. - */ -global $theme; -unset($theme); -$theme=array(); - -require_once(SM_PATH . 'config/config.php'); require_once(SM_PATH . 'include/load_prefs.php'); require_once(SM_PATH . 'functions/page_header.php'); require_once(SM_PATH . 'functions/prefs.php'); @@ -88,8 +88,19 @@ global $username, $data_dir; set_up_language(getPref($data_dir, $username, 'language')); $timeZone = getPref($data_dir, $username, 'timezone'); + +/* Check to see if we are allowed to set the TZ environment variable. + * We are able to do this if ... + * safe_mode is disabled OR + * safe_mode_allowed_env_vars is empty (you are allowed to set any) OR + * safe_mode_allowed_env_vars contains TZ + */ +$tzChangeAllowed = (!ini_get('safe_mode')) || + !strcmp(ini_get('safe_mode_allowed_env_vars'),'') || + preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars')); + if ( $timeZone != SMPREF_NONE && ($timeZone != "") - && !ini_get("safe_mode")) { + && $tzChangeAllowed ) { putenv("TZ=".$timeZone); } ?>