Move $theme reset (avoids theme cookie exploit) to top, before config.php is loaded...
authortassium <tassium@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Tue, 31 Dec 2002 16:24:58 +0000 (16:24 +0000)
committertassium <tassium@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Tue, 31 Dec 2002 16:24:58 +0000 (16:24 +0000)
Developers: Please review for security implications.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4339 7612ce4b-ef26-0410-bec9-ea0150e637f0

include/validate.php

index a471ce5..b399d7c 100644 (file)
 
 session_write_close();
 
+/**
+ * Reset the $theme() array in case a value was passed via a cookie.
+ * This is until theming is rewritten.
+ */
+global $theme;
+unset($theme);
+$theme=array();
+
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'class/mime.class.php');
 require_once(SM_PATH . 'functions/strings.php');
@@ -71,24 +79,6 @@ if (isset($send)
     }
 }
 
-/**
-* Everyone needs stuff from config, and config needs stuff from
-* strings.php, so include them both here. Actually, strings is
-* included at the top now as the string array functions have
-* been moved into it.
-*
-* Include them down here instead of at the top so that all config
-* variables overwrite any passed in variables (for security).
-*/
-
-/**
- * Reset the $theme() array in case a value was passed via a cookie.
- * This is until theming is rewritten.
- */
-global $theme;
-unset($theme);
-$theme=array();
-
 require_once(SM_PATH . 'include/load_prefs.php');
 require_once(SM_PATH . 'functions/page_header.php');
 require_once(SM_PATH . 'functions/prefs.php');