fixed register_globals test. if configuration set with php_value, ini_get

returns 'off' string (boolean true).

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@11035 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/include/init.php b/include/init.php
index 3b056dc56b59283256e408e32ca3dba8d10101df..85b7b94d7d915a20e8efc48e011d675b59316015 100644 (file)
--- a/include/init.php
+++ b/include/init.php
@@ -21,8 +21,10 @@ error_reporting(E_ALL);
 /**
  * If register_globals are on, unregister globals.
  * Code requires PHP 4.1.0 or newer.
+ * Second test covers boolean set as string (php_value register_globals off).
  */
-if ((bool) @ini_get('register_globals')) {
+if ((bool) @ini_get('register_globals') && 
+    strtolower(ini_get('register_globals'))!='off') {
     /**
      * Remove all globals from $_GET, $_POST, and $_COOKIE.
      */
@@ -418,7 +420,6 @@ if (version_compare(PHP_VERSION, "4.3.0", ">=")) {
  * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see functions/constants.php})
  * @since 1.5.1
  */
-
 function checkForJavascript($reset = FALSE) {
   global $data_dir, $username, $javascript_on, $javascript_setting;
 

diff --git a/src/configtest.php b/src/configtest.php
index 7377d0c4eeb12c6627a59b2f5949c450ad9b7f9f..5b6436b27f86ab41b14be9b820c57fee198f5d1a 100644 (file)
--- a/src/configtest.php
+++ b/src/configtest.php
@@ -111,7 +111,9 @@ if(!check_php_version(4,1,0)) {
 }
 
 echo $IND . 'PHP version ' . PHP_VERSION . ' OK. (You have: ' . phpversion() . ". Minimum: 4.1.0)<br />\n";
-if ((bool) ini_get('register_globals')) {
+/* test for boolean false and any string that is not equal to 'off' */
+if ((bool) ini_get('register_globals') && 
+    strtolower(ini_get('register_globals'))!='off') {
        do_err('You have register_globals turned on.  This is not an error, but it CAN be a security hazard.  Consider turning register_globals off.', false);
 }
 $php_exts = array('session','pcre');