X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=src%2Fconfigtest.php;h=45822902a5b496f33b5000e2f50ad68e9f7a9896;hp=0d6be68a1ada3e5b4648eb9d990a87402698b288;hb=8459a9bbb8f2c312111cc119e1a727f7716b5008;hpb=fd72907b14fc668e47f413d4fcc58e1a4a0f045d diff --git a/src/configtest.php b/src/configtest.php index 0d6be68a..45822902 100644 --- a/src/configtest.php +++ b/src/configtest.php @@ -17,8 +17,54 @@ // This script could really use some restructuring as it has grown quite rapidly // but is not very 'clean'. Feel free to get some structure into this thing. -$warnings = 0; +/** force verbose error reporting and turn on display of errors */ +error_reporting(E_ALL); +ini_set('display_errors',1); + +/** Blockcopy from init.php. Cleans globals. */ +if ((bool) ini_get('register_globals') && + strtolower(ini_get('register_globals'))!='off') { + /** + * Remove all globals that are not reserved by PHP + * 'value' and 'key' are used by foreach. Don't unset them inside foreach. + */ + foreach ($GLOBALS as $key => $value) { + switch($key) { + case 'HTTP_POST_VARS': + case '_POST': + case 'HTTP_GET_VARS': + case '_GET': + case 'HTTP_COOKIE_VARS': + case '_COOKIE': + case 'HTTP_SERVER_VARS': + case '_SERVER': + case 'HTTP_ENV_VARS': + case '_ENV': + case 'HTTP_POST_FILES': + case '_FILES': + case '_REQUEST': + case 'HTTP_SESSION_VARS': + case '_SESSION': + case 'GLOBALS': + case 'key': + case 'value': + break; + default: + unset($GLOBALS[$key]); + } + } + // Unset variables used in foreach + unset($GLOBALS['key']); + unset($GLOBALS['value']); +} + + +/** + * Displays error messages and warnings + * @param string $str message + * @param boolean $fatal fatal error or only warning + */ function do_err($str, $fatal = TRUE) { global $IND, $warnings; $level = $fatal ? 'FATAL ERROR:' : 'WARNING:'; @@ -31,25 +77,57 @@ function do_err($str, $fatal = TRUE) { } } -$IND = str_repeat(' ',4); - ob_implicit_flush(); /** @ignore */ define('SM_PATH', '../'); +/** load minimal function set */ +require(SM_PATH . 'functions/global.php'); +require(SM_PATH . 'functions/strings.php'); -/* set default value in order to block remote access to script */ +/** set default value in order to block remote access */ $allow_remote_configtest=false; -/* - * Load config before output begins. functions/strings.php depends on - * functions/globals.php. functions/global.php needs to be run before - * any html output starts. If config.php is missing, error will be displayed - * later. - */ +/** Load all configuration files before output begins */ + +/* load default configuration */ +require(SM_PATH . 'config/config_default.php'); +/* reset arrays in default configuration */ +$ldap_server = array(); +$plugins = array(); +$fontsets = array(); +$theme = array(); +$theme[0]['PATH'] = SM_PATH . 'themes/default_theme.php'; +$theme[0]['NAME'] = 'Default'; +$aTemplateSet = array(); +$aTemplateSet[0]['ID'] = 'default'; +$aTemplateSet[0]['NAME'] = 'Default'; +/* load site configuration */ if (file_exists(SM_PATH . 'config/config.php')) { - include(SM_PATH . 'config/config.php'); - include(SM_PATH . 'functions/strings.php'); + require(SM_PATH . 'config/config.php'); +} +/* load local configuration overrides */ +if (file_exists(SM_PATH . 'config/config_local.php')) { + require(SM_PATH . 'config/config_local.php'); } + +/** Load plugins */ +global $disable_plugins; +$squirrelmail_plugin_hooks = array(); +if (!$disable_plugins && file_exists(SM_PATH . 'config/plugin_hooks.php')) { + require(SM_PATH . 'config/plugin_hooks.php'); +} + +/** Warning counter */ +$warnings = 0; + +/** indent */ +$IND = str_repeat(' ',4); + +/** + * get_location starts session and must be run before output is started. + */ +$test_location = get_location(); + ?> @@ -98,7 +176,7 @@ echo "

\n\n
SquirrelMail version:" . $version . "< "
\n

\n\n"; /* check $config_version */ -if ($config_version!='1.4.0') { +if ($config_version!='1.5.0') { do_err('Configuration file version does not match required version. Please update your configuration file.'); } @@ -109,7 +187,11 @@ if(!check_php_version(4,1,0)) { } echo $IND . 'PHP version ' . PHP_VERSION . ' OK. (You have: ' . phpversion() . ". Minimum: 4.1.0)
\n"; - +/* test for boolean false and any string that is not equal to 'off' */ +if ((bool) ini_get('register_globals') && + strtolower(ini_get('register_globals'))!='off') { + do_err('You have register_globals turned on. This is not an error, but it CAN be a security hazard. Consider turning register_globals off.', false); +} $php_exts = array('session','pcre'); $diff = array_diff($php_exts, get_loaded_extensions()); if(count($diff)) { @@ -193,6 +275,9 @@ if($data_dir == $attachment_dir) { /* check plugins and themes */ +//FIXME: check requirements given in plugin _info() function, such +// as required PHP extensions, Pear packages, other plugins, SM version, etc +// see development docs for list of returned info from that function $bad_plugins = array( 'attachment_common', // Integrated into SquirrelMail 1.2 core 'auto_prune_sent', // Obsolete: See Proon Automatic Folder Pruning plugin @@ -233,7 +318,32 @@ if (isset($plugins[0])) { do_err('You have enabled the '.$plugin.' plugin, which causes problems with this version of SquirrelMail. Please check the ReleaseNotes or other documentation for more information.', false); } } - echo $IND . "Plugins OK.
\n"; + // load plugin functions + include_once(SM_PATH . 'functions/plugin.php'); + // turn on output buffering in order to prevent output of new lines + ob_start(); + foreach ($plugins as $name) { + use_plugin($name); + } + // get output and remove whitespace + $output = trim(ob_get_contents()); + ob_end_clean(); + // if plugins output more than newlines and spacing, stop script execution. + if (!empty($output)) { + $plugin_load_error = 'Some output is produced when plugins are loaded.' + .' Usually it means error. Output said: '.htmlspecialchars($output); + do_err($plugin_load_error); + } + /** + * This hook was added in 1.5.2. Each plugins should print an error + * message and return TRUE if there are any errors in its setup/configuration. + */ + $plugin_err = boolean_hook_function('configtest', $null); + if($plugin_err) { + do_err('Some plugin tests failed.'); + } else { + echo $IND . "Plugins OK.
\n"; + } } else { echo $IND . "Plugins are not enabled in config.
\n"; } @@ -265,7 +375,9 @@ if ( $squirrelmail_default_language != 'en_US' ) { echo $IND . "Default language OK.
\n"; } -echo $IND . "Base URL detected as: " . htmlspecialchars(get_location()) . "
\n"; +echo $IND . "Base URL detected as: " . htmlspecialchars($test_location) . + " (location base " . (empty($config_location_base) ? 'autodetected' : 'set to ' . + htmlspecialchars($config_location_base)."") . ")
\n"; /* check minimal requirements for other security options */ @@ -466,6 +578,27 @@ if($imap_auth_mech == 'login' && stristr($capline, 'LOGINDISABLED') !== FALSE) { 'in the SquirrelMail configuration.', FALSE); } +if (stristr($capline, 'XMAGICTRASH') !== false) { + $magic_trash = 'It looks like IMAP_MOVE_EXPUNGE_TO_TRASH option is turned on ' + .'in your Courier IMAP configuration. Courier does not provide tools that ' + .'allow to detect folder used for Trash or commands are not documented. ' + .'SquirrelMail can\'t detect special trash folder. SquirrelMail manages ' + .'all message deletion or move operations internally and ' + .'IMAP_MOVE_EXPUNGE_TO_TRASH option can cause errors in message and ' + .'folder management operations. Please turn off IMAP_MOVE_EXPUNGE_TO_TRASH ' + .'option in Courier imapd configuration.'; + do_err($magic_trash,false); +} + +/* add warning about IMAP delivery */ +if (stristr($capline, 'XCOURIEROUTBOX') !== false) { + $courier_outbox = 'OUTBOX setting is enabled in your Courier imapd ' + .'configuration. SquirrelMail uses standard SMTP protocol or sendmail ' + .'binary to send emails. Courier IMAP delivery method is not supported' + .' and can create duplicate email messages.'; + do_err($courier_outbox,false); +} + /** OK, close connection */ fputs($stream, "A004 LOGOUT\r\n"); fclose($stream); @@ -479,7 +612,7 @@ if (function_exists('gettext')) { /* optional setlocale() tests. Should work only on glibc systems. */ if (sqgetGlobalVar('testlocales',$testlocales,SQ_GET)) { - include_once(SM_PATH . 'functions/i18n.php'); + include_once(SM_PATH . 'include/languages.php'); echo $IND . $IND . 'Testing translations:
'; foreach ($languages as $lang_code => $lang_data) { /* don't test aliases */ @@ -552,9 +685,9 @@ if (function_exists('iconv')) { } else { echo "Iconv functions are unavailable.
\n"; } -// same test as in include/validate.php +// same test as in include/init.php + date_default_timezone_set check echo "$IND timezone - "; -if ( (!ini_get('safe_mode')) || +if ( (!ini_get('safe_mode')) || function_exists('date_default_timezone_set') || !strcmp(ini_get('safe_mode_allowed_env_vars'),'') || preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars')) ) { echo "Webmail users can change their time zone settings. \n"; @@ -689,4 +822,4 @@ if ($warnings) { EOF; echo $footer; } -?> \ No newline at end of file +?>